Bug#990074: unblock: auto-apt-proxy/13.3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package auto-apt-proxy

This updates fixes a autopkgtest regression (#989776).

Starting with debci 3.0, the test beds have auto-apt-proxy preinstalled
in them, what breaks some assumptions of the tests, in special that the
apt usage in them is the first time auto-apt-proxy is being used. By
setting AUTO_APT_PROXY_NO_CACHE, we avoid auto-apt-proxy caching any
results from invocations prior to the test run itself.

This brings no risk to end users as the only changes are to the test
suite.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock auto-apt-proxy/13.3
diff --git a/debian/changelog b/debian/changelog
index 2ebd205..7d6e40d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+auto-apt-proxy (13.3) unstable; urgency=medium
+
+  * autopkgtest: cope with auto-apt-proxy being pre-installed (Closes: #989776)
+
+ -- Antonio Terceiro   Fri, 18 Jun 2021 22:51:34 -0300
+
 auto-apt-proxy (13.2) unstable; urgency=medium
 
   [ Antonio Terceiro ]
diff --git a/debian/tests/apt-cacher-ng.txt b/debian/tests/apt-cacher-ng.txt
index 20f0936..0b169a5 100644
--- a/debian/tests/apt-cacher-ng.txt
+++ b/debian/tests/apt-cacher-ng.txt
@@ -1,2 +1,3 @@
+$ export AUTO_APT_PROXY_NO_CACHE=1
 $ auto-apt-proxy 
 http://127.0.0.1:3142
diff --git a/debian/tests/apt-integration b/debian/tests/apt-integration
index ea29484..dfdc2fe 100755
--- a/debian/tests/apt-integration
+++ b/debian/tests/apt-integration
@@ -5,6 +5,7 @@ set -eu
 cd ${AUTOPKGTEST_TMP:-/tmp}
 unset no_proxy
 
+export AUTO_APT_PROXY_NO_CACHE=1
 apt-get source auto-apt-proxy
 
 grep auto-apt-proxy /var/log/apt-cacher-ng/apt-cacher.log


signature.asc
Description: PGP signature

Re: careless upload of Erlang v24 without a transition tracking with the release team (was: rabbitmq-server fails to start after erlang v24 update)

[Antonio Terceiro]

On Sun, Aug 22, 2021 at 07:14:30PM +0300, Sergei Golovan wrote:
> Hi Thomas,
> 
> On Sun, Aug 22, 2021 at 6:55 PM Thomas Goirand  wrote:
> >
> > Hi Damir, Sergei, the release team,
> >
> > First of all, thanks for your bug report, Damir.
> >
> > Debian Bullseye was released on the 14th of Aug. Then Erlang v24 was
> > uploaded on the 17th. Looking at:
> >
> > https://release.debian.org/transitions/
> >
> > I cannot see any transition thingy opened for Erlang. This means that
> > Erlang was carelessly uploaded to Unstable:
> 
> Uploading new major version of Erlang does not require a transition.
> No application needs to be rebuilt against it, and only a minority
> breaks (those which use removed deprecated features, and they have to
> be updated or patched anyway). I'm sorry that elixir and rabbit-mq
> break.
> 
> >
> > 1/ Without informing the release team, and defining a schedule for the
> > Erlang transition
> 
> I insist that a transition is not necessary.

It's OK to break things, and you do not have to wait forever, but you
need to give people enough time to react before the packages they
work/depend on become instantly broken.

One thing that happens when you do this type of change without
coordination is that all CI pipelines on unstable where rabbitmq-server
is installed are now broken. For example all merge requests against
debci at the moment have their tests in "failed" status. This creates
unnecessary noise for a lot of people.

> > 2/ Without rebuilding any reverse dependency, and more specifically,
> > without caring about RabbitMQ which is kind of a high profile server
> > application.
> >
> > Now, we have Erlang v24 in Unstable which looks like a good target for
> > RabbitMQ 3.9.4, however, this new version needs a new Elixir release, as
> > it has a bound of ">= 1.10.4 and < 1.13.0". Elixir as in unstable (ie:
> > 1.10.3) doesn't work, even when trying to convince RabbitMQ it's ok.
> 
> Well, I would say that Elixir in Debian is not in a good shape. It
> lags way behind upstream (which is already 1.12.2, quite a few
> releases ahead).
> 
> >
> > There isn't much I can do now. I'm opening a bug against Elixir, and
> > I'll have to wait for it to be solved...
> >
> > This isn't the first time something like this happen. Could we please
> > bring some sanity in the way we do things? Sergei, could you please
> > revert your upload of Erlang v24 in Unstable, and open a release team
> > bug to get a transition tracker thingy, which is the only sane way to do
> > things in Debian?
> >
> > Not amused...
> 
> I've uploaded Erlang 24 to experimental months ago. If you know that
> your software breaks on Erlang upgrade, you could do something
> already.

experimental is not a communication channel. You need to tell
maintainers of your reverse dependencies that this breakage is coming
via bug reports in advance, it's not reasonable to expect people to
monitor experimental.


signature.asc
Description: PGP signature

Bug#986366: unblock: ruby-kramdown/2.3.0-5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-kramdown

[ Reason ]
Fixes a CVE and RC bug #985569

[ Tests ]
all autopkgtests of reverse dependencies passed.

[ Risks ]
The change should not cause regressions on non-malicious code.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock ruby-kramdown/2.3.0-5
commit b80244870c477d90090305f569eea39f7bd2b3f5
Author: Antonio Terceiro 
Date:   Sat Apr 3 10:40:54 2021 -0300

Add upstream patch to fix arbitrary code execution vulnerability

This is CVE-2021-28834

Closes: #985569

diff --git a/debian/changelog b/debian/changelog
index 088c244..012d553 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-kramdown (2.3.0-5) unstable; urgency=medium
+
+  * Team upload.
+  * Add upstream patch to fix arbitrary code execution vulnerability
+[CVE-2021-28834] (Closes: #985569)
+
+ -- Antonio Terceiro   Sat, 03 Apr 2021 10:39:28 -0300
+
 ruby-kramdown (2.3.0-4) unstable; urgency=medium
 
   * Recommend ruby-rouge, for out-of-the-box syntax highlighting
diff --git a/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch b/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch
new file mode 100644
index 000..68457a6
--- /dev/null
+++ b/debian/patches/0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch
@@ -0,0 +1,69 @@
+From: Stan Hu 
+Date: Sun, 14 Mar 2021 11:21:00 -0700
+Subject: Restrict Rouge formatters to Rouge::Formatters namespace
+
+ff0218a added support for specifying custom Rouge formatters with the
+constraint that the formatter be in theRouge::Formatters namespace, but
+it did not actually enforce this constraint. For example, this is valid:
+
+```ruby
+Rouge::Formatters.const_get('CSV')
+=> CSV
+```
+
+Adding the `false` parameter to `const_get` prevents this:
+
+```ruby
+Rouge::Formatters.const_get('CSV', false)
+NameError: uninitialized constant Rouge::Formatters::CSV
+```
+---
+ lib/kramdown/converter/syntax_highlighter/rouge.rb |  2 +-
+ test/test_files.rb | 18 +++---
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/lib/kramdown/converter/syntax_highlighter/rouge.rb b/lib/kramdown/converter/syntax_highlighter/rouge.rb
+index c799526..ed6a4f8 100644
+--- a/lib/kramdown/converter/syntax_highlighter/rouge.rb
 b/lib/kramdown/converter/syntax_highlighter/rouge.rb
+@@ -70,7 +70,7 @@ module Kramdown::Converter::SyntaxHighlighter
+   when Class
+ formatter
+   when /\A[[:upper:]][[:alnum:]_]*\z/
+-::Rouge::Formatters.const_get(formatter)
++::Rouge::Formatters.const_get(formatter, false)
+   else
+ # Available in Rouge 2.0 or later
+ ::Rouge::Formatters::HTMLLegacy
+diff --git a/test/test_files.rb b/test/test_files.rb
+index 82ff6b0..3517e55 100644
+--- a/test/test_files.rb
 b/test/test_files.rb
+@@ -21,16 +21,20 @@ begin
+   end
+ 
+   # custom formatter for tests
+-  class RougeHTMLFormatters < Kramdown::Converter::SyntaxHighlighter::Rouge.formatter_class
++  module Rouge
++module Formatters
++  class RougeHTMLFormatters < Kramdown::Converter::SyntaxHighlighter::Rouge.formatter_class
+ 
+-tag 'rouge_html_formatters'
++tag 'rouge_html_formatters'
+ 
+-def stream(tokens, &b)
+-  yield %()
+-  super
+-  yield %()
+-end
++def stream(tokens, &b)
++  yield %()
++  super
++  yield %()
++end
+ 
++  end
++end
+   end
+ rescue LoadError, SyntaxError, NameError
+ end
diff --git a/debian/patches/series b/debian/patches/series
index 7d4b5b1..f8d5d26 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 fix_manpage_warnings.patch
+0002-Restrict-Rouge-formatters-to-Rouge-Formatters-namesp.patch


signature.asc
Description: PGP signature

Bug#986742: unblock: ruby2.7/2.7.3-1

[Antonio Terceiro]

On Sun, 11 Apr 2021 03:04:42 +0530 Utkarsh Gupta  wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: debian-r...@lists.debian.org
> 
> Hello,
> 
> Upstream has recently released a bug-fix only release after a
> vulnerability, CVE-2021-28965, was discovered.
> 
> Upstream release note:
> https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
> Upstream git logs b/w 2.7.2 and 2.7.3:
> https://github.com/ruby/ruby/compare/v2_7_2...v2_7_3
> 
> This is clearly a bug-fix only release and it'd be *really great* to
> have this included in Bullseye. (I'd be sad not to but..) I understand
> it's your call to make after analyzing so attaching the debdiff for
> your reference and help (snipping ChangeLog entries for noise
> reduction).
> 
> Hopefully, it'd be OK to get this included and have an even nicer
> ruby2.7 for Bullseye. Thanks.

 99 files changed, 39552 insertions(+), 23134 deletions(-)

The debian diff looks very big because of 3 generated files: ChangeLog,
parse.c, and ext/ripper/ripper.c (the last two being bison/yacc
generated parsers). If you filter those out, the result is a lot more
palatable:

 96 files changed, 3761 insertions(+), 886 deletions(-)

Roughtly 1/3 of the insertions are test cases:

 32 files changed, 1150 insertions(+), 97 deletions(-)

I have reviewed the upstream patches and compared the upstream diff with
the debian diff, and indeed all the changes are bug fixes.

There was one marked as a "Feature" in the commit message, but it was
really a follwup to fix an inconsistency in a feature that has been
added in the 2.7 series already. It will cause formerly invalid syntax
to be valid, but won't break any currently working code.

I think the risk with this update is low, and releasing with the latest
available ruby bugfix release will make it easier to provide stable
support in bullseye.

Full disclosure: I am trying to get ruby into new hands, but I'm still a
comaintainer and care a lot about it, so I'm not an uninterested party
here.


signature.asc
Description: PGP signature

Bug#986742: unblock: ruby2.7/2.7.3-1

[Antonio Terceiro]

On Sun, Apr 18, 2021 at 09:43:41PM +0200, Sebastian Ramacher wrote:
> On 2021-04-17 22:10:19 +0530, Utkarsh Gupta wrote:
> > Hi Sebastian,
> > 
> > On Sat, Apr 17, 2021 at 3:08 PM Sebastian Ramacher  
> > wrote:
> > > Thanks, please go ahead and remove the moreinfo tag once the version is
> > > available in unstable.
> > 
> > Uploaded to unstable, thanks. And removed the tag as well.
> 
> The builds on armel and armhf failed:
> https://buildd.debian.org/status/fetch.php?pkg=ruby2.7&arch=armel&ver=2.7.3-1&stamp=1618744303&raw=0

I just uploaded -2 with the following fix:

----8<8<8<- 
From: Antonio Terceiro 
Date: Mon, 19 Apr 2021 17:50:12 +
Subject: Revert "Make host_* values consistent with target_*"

See https://bugs.ruby-lang.org/issues/17021 for the original request.

This breaks the build on the 32-bit Debian ARM architectures. Maybe this
is specific to the Debian packaging, so this has not been reported
upstream yet.
---
 configure.ac | 7 +--
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index da22ab6..73ce534 100644
--- a/configure.ac
+++ b/configure.ac
@@ -309,14 +309,9 @@ AC_SUBST(CC_VERSION_MESSAGE, $cc_version_message)
 : ${DLDFLAGS="$LDFLAGS"}
 
 RUBY_UNIVERSAL_ARCH
-AS_IF([test "$target_cpu" != "$host_cpu" -a "$GCC" = yes -a "$cross_compiling" 
= no -a "${universal_binary:-no}" = no], [
+AS_IF([test "$target_cpu" != "$host_cpu" -a "$GCC" = yes -a "$cross_compiling" 
= no -a "$universal_binary" = no], [
 RUBY_DEFAULT_ARCH("$target_cpu")
 ])
-host_os=$target_os
-host_vendor=$target_vendor
-host_cpu=$target_cpu
-host=$target
-host_alias=$target_alias
 
 AS_CASE(["$target_os"], [darwin*], [
 if libtool 2>&1 | grep no_warning_for_no_symbols > /dev/null; then
8<8<8<- 


signature.asc
Description: PGP signature

Re: careless upload of Erlang v24 without a transition tracking with the release team (was: rabbitmq-server fails to start after erlang v24 update)

[Antonio Terceiro]

On Fri, Aug 27, 2021 at 10:26:39PM +0200, Paul Gevers wrote:
> Hi,
> 
> Sorry my previous message was weird.
> 
> On 27-08-2021 22:11, Paul Gevers wrote:
> > On 27-08-2021 21:58, Antonio Terceiro wrote:
> >> One thing that happens when you do this type of change without
> >> coordination is that all CI pipelines on unstable where rabbitmq-server
> >> is installed are now broken. For example all merge requests against
> >> debci at the moment have their tests in "failed" status. This creates
> >> unnecessary noise for a lot of people.
> > 
> > rabbitmq-server already got an update, so unstable should be fine (if
> > not, shout (or better, file bugs)). I expect you mean testing, as I
> > think that the point is that erlang already migrated before the issue
> > was detected, otherwise an RC bug would have prevented the migration.
> > 
> > That's why it was suggested earlier that rabbitmq-server should grow an
> > autopkgtest as that have would prevented the migration.
> 
> What I should have said:
> we could have prevented migration of erlang until the reverse
> dependencies were ready by having an RC bug on erlang. That would have
> been totally appropriate if it would have lasted an reasonable time. I
> *think* rabbitmq-server has problems migrating now *because* erlang
> migrated, but that should clear up once the references are tested again.
> However, it *also* has issues with being uninstallable.

FWIW, I just did that: I made a new rabbitmq-server upload adding a
superficial autopkgtest to rabbitmq-server that just checks if the
service is running after installation. This should avoid testing being
broken because erlang migrated before rabbitmq-server has been fixed.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

We would like to add support for ruby3.0 in ruby-defaults.

Ben file:

title = "ruby3.0-add";
is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
/^(ruby2.7|ruby3.0|ruby-defaults)$/);
is_good = .depends ~ /ruby3.0/;
is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;

We already did a mass rebuild some time ago, and the results don't look
bad. We should be doing a new one soon, and will come up with a list of
binNMUs


signature.asc
Description: PGP signature

Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
ruby-httpclient uses a vendored copy of a CA certificate bundle, and
that is a ticking time bomb. This update fixes that by removing that
vendored copy and making it use the system CA certificate bundle by
default.

[ Impact ]
The main package affected by this is apt-listbugs, which stopped being
able to download bug data information from bugs.debian.org due to the
recent expiration of the old Let's Encrypt root certificate.

[ Tests ]
The added autopkgtest test fails without the patch and passes without
it. apt-listbugs is now able to fetch bug data information again.

[ Risks ]
The changes are simple enough and this is a low risk update.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

The changes are simple enough that I feel copy-pasting from the
changelog is enough:

* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
diff --git a/debian/changelog b/debian/changelog
index a164bb1..e6d96d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-httpclient (2.8.3-3+deb10u1) buster; urgency=medium
+
+  * Add simple autopkgtest to check a basic SSL connection
+  * Add patch to use the system certificate store (Closes: #995448)
+  * debian/rules: remove embedded CA certificate store
+  * Add dependency on ca-certificates
+
+ -- Antonio Terceiro   Sun, 10 Oct 2021 09:24:03 -0300
+
 ruby-httpclient (2.8.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/control b/debian/control
index e50868f..e38581d 100644
--- a/debian/control
+++ b/debian/control
@@ -21,6 +21,7 @@ Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ruby-http-cookie (>= 1.0),
+ ca-certificates,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: HTTP client library for ruby
diff --git a/debian/patches/0008-Use-system-CA-certificate-store.patch b/debian/patches/0008-Use-system-CA-certificate-store.patch
new file mode 100644
index 000..3ec8820
--- /dev/null
+++ b/debian/patches/0008-Use-system-CA-certificate-store.patch
@@ -0,0 +1,33 @@
+From: Antonio Terceiro 
+Date: Wed, 6 Oct 2021 10:03:32 -0300
+Subject: Use system CA certificate store
+
+---
+ lib/httpclient/ssl_config.rb | 7 +--
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/lib/httpclient/ssl_config.rb b/lib/httpclient/ssl_config.rb
+index f6e7ce9..d4e48f2 100644
+--- a/lib/httpclient/ssl_config.rb
 b/lib/httpclient/ssl_config.rb
+@@ -249,7 +249,7 @@ class HTTPClient
+ # Loads default trust anchors.
+ # Calling this method resets all existing sessions.
+ def load_trust_ca
+-  load_cacerts(@cert_store)
++  set_default_paths
+   change_notify
+ end
+ 
+@@ -413,11 +413,6 @@ class HTTPClient
+   nil
+ end
+ 
+-# Use 2048 bit certs trust anchor
+-def load_cacerts(cert_store)
+-  file = File.join(File.dirname(__FILE__), 'cacert.pem')
+-  add_trust_ca_to_store(cert_store, file)
+-end
+   end
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index f1a4a0e..3764163 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 0004-Add-upstream-changelog.patch
 0005-tweak-test-dep-change.patch
 disable-test-proxy-ssl.patch
+0008-Use-system-CA-certificate-store.patch
diff --git a/debian/rules b/debian/rules
index 118221b..bdf2c5b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,3 +6,8 @@ export LANG=C.UTF-8
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
+
+
+override_dh_auto_install:
+	dh_auto_install
+	rm --verbose $(CURDIR)/debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/*.pem
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..d5b55a2
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: ssl-smoke-test
+Restrictions: needs-internet, allow-stderr
diff --git a/debian/tests/ssl-smoke-test b/debian/tests/ssl-smoke-test
new file mode 100644
index 000..ce81ca0
--- /dev/null
+++ b/debian/tests/ssl-smoke-test
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -exu
+
+httpclient get https://bugs.debian.org/


signature.asc
Description: PGP signature

Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)

[ Reason ]
ruby-httpclient uses a vendored copy of a CA certificate bundle, and
that is a ticking time bomb. This update fixes that by removing that
vendored copy and making it use the system CA certificate bundle by
default.

[ Impact ]
The main package affected by this is apt-listbugs, which stopped being
able to download bug data information from bugs.debian.org due to the
recent expiration of the old Let's Encrypt root certificate.

[ Tests ]
The added autopkgtest test fails without the patch and passes without
it. apt-listbugs is now able to fetch bug data information again.

[ Risks ]
The changes are simple enough and this is a low risk update.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]

The changes are simple enough that I feel copy-pasting from the
changelog is enough:

* Add simple autopkgtest to check a basic SSL connection
* Add patch to use the system certificate store (Closes: #995448)
* debian/rules: remove embedded CA certificate store
* Add dependency on ca-certificates
diff --git a/debian/changelog b/debian/changelog
index a164bb1..3708b17 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-httpclient (2.8.3-3+deb11u1) bullseye; urgency=medium
+
+  * Add simple autopkgtest to check a basic SSL connection
+  * Add patch to use the system certificate store (Closes: #995448)
+  * debian/rules: remove embedded CA certificate store
+  * Add dependency on ca-certificates
+
+ -- Antonio Terceiro   Sun, 10 Oct 2021 09:24:03 -0300
+
 ruby-httpclient (2.8.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/control b/debian/control
index e50868f..e38581d 100644
--- a/debian/control
+++ b/debian/control
@@ -21,6 +21,7 @@ Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ruby-http-cookie (>= 1.0),
+ ca-certificates,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: HTTP client library for ruby
diff --git a/debian/patches/0008-Use-system-CA-certificate-store.patch b/debian/patches/0008-Use-system-CA-certificate-store.patch
new file mode 100644
index 000..3ec8820
--- /dev/null
+++ b/debian/patches/0008-Use-system-CA-certificate-store.patch
@@ -0,0 +1,33 @@
+From: Antonio Terceiro 
+Date: Wed, 6 Oct 2021 10:03:32 -0300
+Subject: Use system CA certificate store
+
+---
+ lib/httpclient/ssl_config.rb | 7 +--
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/lib/httpclient/ssl_config.rb b/lib/httpclient/ssl_config.rb
+index f6e7ce9..d4e48f2 100644
+--- a/lib/httpclient/ssl_config.rb
 b/lib/httpclient/ssl_config.rb
+@@ -249,7 +249,7 @@ class HTTPClient
+ # Loads default trust anchors.
+ # Calling this method resets all existing sessions.
+ def load_trust_ca
+-  load_cacerts(@cert_store)
++  set_default_paths
+   change_notify
+ end
+ 
+@@ -413,11 +413,6 @@ class HTTPClient
+   nil
+ end
+ 
+-# Use 2048 bit certs trust anchor
+-def load_cacerts(cert_store)
+-  file = File.join(File.dirname(__FILE__), 'cacert.pem')
+-  add_trust_ca_to_store(cert_store, file)
+-end
+   end
+ 
+ 
diff --git a/debian/patches/series b/debian/patches/series
index f1a4a0e..3764163 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 0004-Add-upstream-changelog.patch
 0005-tweak-test-dep-change.patch
 disable-test-proxy-ssl.patch
+0008-Use-system-CA-certificate-store.patch
diff --git a/debian/rules b/debian/rules
index 118221b..bdf2c5b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,3 +6,8 @@ export LANG=C.UTF-8
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
+
+
+override_dh_auto_install:
+	dh_auto_install
+	rm --verbose $(CURDIR)/debian/ruby-httpclient/usr/lib/ruby/vendor_ruby/httpclient/*.pem
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..d5b55a2
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: ssl-smoke-test
+Restrictions: needs-internet, allow-stderr
diff --git a/debian/tests/ssl-smoke-test b/debian/tests/ssl-smoke-test
new file mode 100644
index 000..ce81ca0
--- /dev/null
+++ b/debian/tests/ssl-smoke-test
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -exu
+
+httpclient get https://bugs.debian.org/


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Hi,

On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> We would like to add support for ruby3.0 in ruby-defaults.
> 
> Ben file:
> 
> title = "ruby3.0-add";
> is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> is_good = .depends ~ /ruby3.0/;
> is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> 
> We already did a mass rebuild some time ago, and the results don't look
> bad. We should be doing a new one soon, and will come up with a list of
> binNMUs

This is a friendly ping. We would like to make the switch in unstable
soon and start doing binNMUs.

We have these bugs related to this transition:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org

Most of those bugs are for leaf libraries. We already started fixing the
ones that block a lof of other (e.g. the ones with C extensions that
FTBFS with ruby3.0) so they are ready to be binNMUed.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Control: tag -1 - moreinfo

On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 moreinfo
> 
> On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > 
> > > We would like to add support for ruby3.0 in ruby-defaults.
> > > 
> > > Ben file:
> > > 
> > > title = "ruby3.0-add";
> > > is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> > > /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> > > is_good = .depends ~ /ruby3.0/;
> > > is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> > > 
> > > We already did a mass rebuild some time ago, and the results don't look
> > > bad. We should be doing a new one soon, and will come up with a list of
> > > binNMUs
> > 
> > This is a friendly ping. We would like to make the switch in unstable
> > soon and start doing binNMUs.
> > 
> > We have these bugs related to this transition:
> > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> > 
> > Most of those bugs are for leaf libraries. We already started fixing the
> > ones that block a lof of other (e.g. the ones with C extensions that
> > FTBFS with ruby3.0) so they are ready to be binNMUed.
> 
> ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> So let's at least wait until it migrated.

ruby3.0 is now in testing. Can we go ahead with this?


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Wed, Oct 20, 2021 at 03:12:17PM +0200, Sebastiaan Couwenberg wrote:
> On 10/20/21 2:45 PM, Antonio Terceiro wrote:
> > On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> >> On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> >>> On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> >>>> Package: release.debian.org
> >>>> Severity: normal
> >>>> User: release.debian@packages.debian.org
> >>>> Usertags: transition
> >>>>
> >>>> We would like to add support for ruby3.0 in ruby-defaults.
> >>>>
> >>>> Ben file:
> >>>>
> >>>> title = "ruby3.0-add";
> >>>> is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source ~ 
> >>>> /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> >>>> is_good = .depends ~ /ruby3.0/;
> >>>> is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> >>>>
> >>>> We already did a mass rebuild some time ago, and the results don't look
> >>>> bad. We should be doing a new one soon, and will come up with a list of
> >>>> binNMUs
> >>>
> >>> This is a friendly ping. We would like to make the switch in unstable
> >>> soon and start doing binNMUs.
> >>>
> >>> We have these bugs related to this transition:
> >>> https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> >>>
> >>> Most of those bugs are for leaf libraries. We already started fixing the
> >>> ones that block a lof of other (e.g. the ones with C extensions that
> >>> FTBFS with ruby3.0) so they are ready to be binNMUed.
> >>
> >> ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> >> So let's at least wait until it migrated.
> > 
> > ruby3.0 is now in testing. Can we go ahead with this?
> 
> There are 169 packages affected by the transition according to the
> tracker, the ruby3.0 usertag has 152 unresolved ftbfs bugreports.
>
> Does it really make sense to start this transition when most rdeps fail
> to build?

Yes.

Those two sets of packages are more or less distinct. The only
intersection is of packages that have C extensions (and thus a
dependency on the specific ruby versions it was build against) *and* to
build against ruby3.0.

Most of the FTBFS bugs are against pure-Ruby packages that fail against
ruby3.0, and are not even listed in the transition tracker.

A good part of the packages that *are* listed in the transition will be
good after a binNMU. To fix those we need to have ruby3.0 as a supported
version in unstable in the first place.

Also as we are "just" adding ruby3.0 support, this has little effect on
users since ruby2.7 is still the default.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Thu, Oct 28, 2021 at 11:34:28PM +0200, Sebastian Ramacher wrote:
> Control: tags -1 confirmed
> 
> On 2021-10-20 09:45:10 -0300, Antonio Terceiro wrote:
> > Control: tag -1 - moreinfo
> > 
> > On Sat, Oct 16, 2021 at 03:46:11PM +0200, Sebastian Ramacher wrote:
> > > Control: tags -1 moreinfo
> > > 
> > > On 2021-10-15 06:44:36 -0300, Antonio Terceiro wrote:
> > > > Hi,
> > > > 
> > > > On Sat, Oct 02, 2021 at 03:14:39PM -0300, Antonio Terceiro wrote:
> > > > > Package: release.debian.org
> > > > > Severity: normal
> > > > > User: release.debian@packages.debian.org
> > > > > Usertags: transition
> > > > > 
> > > > > We would like to add support for ruby3.0 in ruby-defaults.
> > > > > 
> > > > > Ben file:
> > > > > 
> > > > > title = "ruby3.0-add";
> > > > > is_affected = (.depends ~ /ruby2.7 | .depends ~ /ruby3.0/) & !.source 
> > > > > ~ /^(ruby2.7|ruby3.0|ruby-defaults)$/);
> > > > > is_good = .depends ~ /ruby3.0/;
> > > > > is_bad = .depends ~ /ruby2.7/ & !.depends ~ /ruby3.0/;
> > > > > 
> > > > > We already did a mass rebuild some time ago, and the results don't 
> > > > > look
> > > > > bad. We should be doing a new one soon, and will come up with a list 
> > > > > of
> > > > > binNMUs
> > > > 
> > > > This is a friendly ping. We would like to make the switch in unstable
> > > > soon and start doing binNMUs.
> > > > 
> > > > We have these bugs related to this transition:
> > > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=ruby3.0;users=debian-r...@lists.debian.org
> > > > 
> > > > Most of those bugs are for leaf libraries. We already started fixing the
> > > > ones that block a lof of other (e.g. the ones with C extensions that
> > > > FTBFS with ruby3.0) so they are ready to be binNMUed.
> > > 
> > > ruby3.0 isn't in testing yet - it currently fails to build on ppc64el.
> > > So let's at least wait until it migrated.
> > 
> > ruby3.0 is now in testing. Can we go ahead with this?
> 
> Yes, please go ahead

Thanks, we will upload ruby-defaults shortly.

Note that we do not necessarily want/need to block involved packages
from migrating, as adding ruby3.0 support does not break anything since
the default is still unchanged.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

On Sat, Oct 30, 2021 at 11:43:35AM +0200, Sebastian Ramacher wrote:
> Those have been scheduled. Note that a bunch of them have only built and
> installed the extension for the default ruby version, e.g.,
> ruby-debug-inspector and libprelude.

Yes. Please amend the ben file like this:

is_affected = (.depends ~ /ruby2.7/ | .depends ~ /ruby3.0/) & ! .source ~ 
/^(ruby2\.7|ruby3\.0|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit)$/


signature.asc
Description: PGP signature

Bug#996584: (some kind of) transition: add python3.10 as a supported python3 version

[Antonio Terceiro]

On Thu, Nov 18, 2021 at 10:01:17AM +0100, Sebastiaan Couwenberg wrote:
> On 11/18/21 09:49, Matthias Klose wrote:
> > On 11/18/21 06:51, Sebastiaan Couwenberg wrote:
> > > On 11/16/21 14:23, Matthias Klose wrote:
> > > > I'm planning to upload python3-defaults later tonight, adding 3.10 as a
> > > > supported Python version.  Packages are able to migrate on their own, 
> > > > there are
> > > > no blockages introduced on other transitions.
> > > 
> > > numpy rdeps (e.g. pyproj) are a bit problematic, they fail with the 3.10 
> > > as long
> > > as numpy is not built with it yet.
> > 
> > numpy is in stage6 of the transition. so please be a bit patient until all 
> > the
> > binNMUs up to stage6 are built.
> 
> There has been no communication about this transition outside this
> bugreport, you should probably follow the example for perl transitions to
> alert the developer base about the expected ImportError issues with the new
> version until the rebuilds are completed.

This Python transition is different from the Perl transitions. Python
has multiple simultaneously supported versions, in this case 3.9 and
3.10. The transition involves rebuilding the packages with C extensions
so that they carry the associated binary files compiled for both support
Python versions. Any errors due to missing support in dependencies
affect only people building Python packages.

The default Python is still Python 3.9, so users using Python programs
are not affected during this transition.

Perl, on the other hand, has only a single version at the archive at any
time. This is why during the Perl transition, it's possible that users
running Perl programs are affected by missing C extensions during the
time it takes to rebuild all packages for the new Perl version.


signature.asc
Description: PGP signature

Bug#996024: buster-pu: package ruby-httpclient/2.8.3-3+deb10u1

[Antonio Terceiro]

On Sat, Dec 04, 2021 at 05:31:52PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-10-10 at 09:58 -0300, Antonio Terceiro wrote:
> > ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> > that is a ticking time bomb. This update fixes that by removing that
> > vendored copy and making it use the system CA certificate bundle by
> > default.
> > 
> > [ Impact ]
> > The main package affected by this is apt-listbugs, which stopped
> > being
> > able to download bug data information from bugs.debian.org due to the
> > recent expiration of the old Let's Encrypt root certificate.
> > 
> 
> Please go ahead, thanks.

Uploaded.


signature.asc
Description: PGP signature

Bug#996026: bullseye-pu: package ruby-httpclient/2.8.3-3+deb11u1

[Antonio Terceiro]

On Fri, Dec 03, 2021 at 04:39:06PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2021-10-10 at 09:40 -0300, Antonio Terceiro wrote:
> > ruby-httpclient uses a vendored copy of a CA certificate bundle, and
> > that is a ticking time bomb. This update fixes that by removing that
> > vendored copy and making it use the system CA certificate bundle by
> > default.
> > 
> > [ Impact ]
> > The main package affected by this is apt-listbugs, which stopped
> > being
> > able to download bug data information from bugs.debian.org due to the
> > recent expiration of the old Let's Encrypt root certificate.
> > 
> 
> Please go ahead, thanks.

Uploaded.


signature.asc
Description: PGP signature

Bug#995587: transition: ruby3.0-add

[Antonio Terceiro]

Hi,

On Sat, 2 Oct 2021 15:14:39 -0300 Antonio Terceiro  wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> We would like to add support for ruby3.0 in ruby-defaults.

This can now be closed. There are 4 unfixed packages in the tracker, but
they are all out of testing. Some of them probably need to be removed
from the archive entirely, but we will look at them later and give
someone who cares a chance to fix them before that.


signature.asc
Description: PGP signature

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
This update fixes the download of container images using the "download"
template. pool.sks-keyservers.net is not active anymore, so the patch
(already included in the upstream release present in sid/bookworm)
changes that to keyserver.ubuntu.com.

[ Impact ]
Creating containers with the lxc-download template (`-t download`) does
not work because the key that signs the images cannot be retrieved.

[ Tests ]
This has been tested on lxc and was verified to fix the issue. The patch
is trivial.

[ Risks ]
None.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Replace pool.sks-keyservers.net with keyserver.ubuntu.com.
diff --git a/debian/changelog b/debian/changelog
index 6a5c2db..e6bcbc6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lxc (1:4.0.6-2+deb11u1) bullseye; urgency=medium
+
+  * lxc-download: Switch GPG server.
+The default server used to download gpg keys from has ben deprecated,
+and therefore creating containers using the `download` template is now
+broken. This is fixed with an upstream patch by Stéphane Graber that
+points to a valid server. (Closes: #991615)
+
+ -- Antonio Terceiro   Thu, 13 Jan 2022 16:57:39 -0300
+
 lxc (1:4.0.6-2) unstable; urgency=medium
 
   * d/contrib/lxc-net: Add a commented dnsmasq reference for the users to be
diff --git a/debian/patches/0005-lxc-download-Switch-GPG-server.patch b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
new file mode 100644
index 000..ac7074c
--- /dev/null
+++ b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
@@ -0,0 +1,30 @@
+From: =?utf-8?q?St=C3=A9phane_Graber?= 
+Date: Sun, 27 Jun 2021 23:42:52 -0400
+Subject: lxc-download: Switch GPG server
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Stéphane Graber 
+---
+ templates/lxc-download.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/templates/lxc-download.in b/templates/lxc-download.in
+index d688b8f..2f6cf2a 100644
+--- a/templates/lxc-download.in
 b/templates/lxc-download.in
+@@ -56,11 +56,11 @@ LXC_PATH=
+ LXC_ROOTFS=
+ 
+ if [ -z "${DOWNLOAD_KEYSERVER:-}" ]; then
+-  DOWNLOAD_KEYSERVER="hkp://pool.sks-keyservers.net"
++  DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com"
+ 
+   # Deal with GPG over http proxy
+   if [ -n "${http_proxy:-}" ]; then
+-DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"
++DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"
+ DOWNLOAD_GPG_PROXY="--keyserver-options http-proxy=\"${http_proxy}\""
+   fi
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index f952766..d98fa8f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 0005-lxc.service-Starts-after-remote-fs.target.patch
 0006-lxc.pc.in-removes-DLOG_LIBS-which-is-not-expanded-up.patch
 0007-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
+0005-lxc-download-Switch-GPG-server.patch


signature.asc
Description: PGP signature

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.8.0-1+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Version 0.8.0-1 contains a bug caused by extra whitespace in src=""
attributes of  tags that search to be broken.

[ Impact ]
Documentation generated with sphinx and this theme has a broken search
functionality.

[ Tests ]
I confirmed the fix against the lava package, which generates
documentation using sphinx-bootstrap-theme.

[ Risks ]
None. The only functional changes are the exact bug fixes, which are
basically deleting 1 extra space in a few lines.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  (for your convenience I'm also attaching the patch itself, since
  it's easier to read the diff-in-diff in the debdiff)
  [*] the issue is verified as fixed in unstable

[ Changes ]
The fix is simple and consists of removing the extra spaces that were
breaking the reference to the Javascript files.

[ Other info ]
Nothing.
</pre><pre>diff --git a/debian/changelog b/debian/changelog
index 450e76e..0b40199 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sphinx-bootstrap-theme (0.8.0-1+deb11u1) bullseye; urgency=medium
+
+  * Fix search functionality
+Add a combined backport of 2 upstream commits that remove 1 extra spaces
+off of a few lines.
+
+ -- Antonio Terceiro <terce...@debian.org>  Thu, 10 Feb 2022 11:38:38 -0300
+
 sphinx-bootstrap-theme (0.8.0-1) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff --git a/debian/patches/0002-Fix-search-functionality.patch b/debian/patches/0002-Fix-search-functionality.patch
new file mode 100644
index 000..d587944
--- /dev/null
+++ b/debian/patches/0002-Fix-search-functionality.patch
@@ -0,0 +1,50 @@
+From: Antonio Terceiro <terce...@debian.org>
+Date: Thu, 10 Feb 2022 11:36:03 -0300
+Subject: Fix search functionality
+
+The extra spaces at the end of the src="" attibute of those <script>
+tags caused search to be broken on generated documentation. This is a
+combined backport of the following upstream commits
+0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
+search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
+space in script urls").
+---
+ sphinx_bootstrap_theme/bootstrap/layout.html | 8 
+ sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
+index 303472d..d29ca4f 100644
+--- a/sphinx_bootstrap_theme/bootstrap/layout.html
 b/sphinx_bootstrap_theme/bootstrap/layout.html
+@@ -52,10 +52,10 @@
+ <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
+ <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
+ <meta name="apple-mobile-web-app-capable" content="yes">
+-<script type="text/javascript" src="{{ pathto('_static/js/jquery-1.12.4.min.js', 1) }} ">
+-
+-
+-
++
++
++
++
+ {% endblock %}
+ 
+ {# Silence the sidebar's, relbar's #}
+diff --git a/sphinx_bootstrap_theme/bootstrap/search.html b/sphinx_bootstrap_theme/bootstrap/search.html
+index 60a6601..cca744a 100644
+--- a/sphinx_bootstrap_theme/bootstrap/search.html
 b/sphinx_bootstrap_theme/bootstrap/search.html
+@@ -10,8 +10,9 @@
+ {%- extends "layout.html" %}
+ {% set title = _('Search') %}
+ {% block extrahead %}
+-  
+-  
++  
++  
++  
+   {# this is used when loading the search index using $.ajax fails,
+  such as on Chrome for documents on localhost #}
+   
diff --git a/debian/patches/series b/debian/patches/series
index 391ae29..30e0b22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 privacy_breach.patch
+0002-Fix-search-functionality.patch
From: Antonio Terceiro 
Date: Thu, 10 Feb 2022 11:36:03 -0300
Subject: Fix search functionality

The extra spaces at the end of the src="" attibute of those 
tags caused search to be broken on generated documentation. This is a
combined backport of the following upstream commits
0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
space in script urls").
---
 sphinx_bootstrap_theme/bootstrap/layout.html | 8 
 sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
index 303472d..d29ca4f 100644
--- a/sphinx_bootstrap_theme/bootstrap/layout.html
+++ b/sphinx_bootstrap_theme/bootstrap/layout.html
@@ -52,

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

Hi,

On Thu, Feb 03, 2022 at 11:59:30AM -0300, Lucas Kanashiro wrote:
> Package: release.debian.org
> Severity: normal
> User:release.debian@packages.debian.org
> Usertags: transition
> 
> Hi,
> 
> We would like to add ruby3.0 as the default and remove ruby2.7 support.
> 
> Ben file:
> 
> title = "ruby2.7-rm";
> is_affected = (.depends ~ /ruby2.7/ | .depends ~ /ruby3.0/) & !.source ~ 
> /^(ruby2.7|ruby3.0|ruby-defaults)$/;
> is_good = ! .depends ~ /ruby2.7/;
> is_bad = .depends ~ /ruby2.7/;
> 
> 
> This part of the transition was already done in Ubuntu, so I do not expect
> any blocker, this is the transition tracker page there:
> 
> https://people.canonical.com/~ubuntu-archive/transitions/html/ruby2.7-rm.html
> 
> ruby-defaults/1:3.0~exp1 is already in experimental (which makes ruby3.0 the
> default and remove ruby2.7), I'll be waiting for your acknowledgement to
> upload it to unstable.

ping. :)

I saw that this was already added to the list of planned transitions,
thanks for that. according to
https://release.debian.org/transitions/html/ruby2.7-rm.html the
conflicts seem to be small enough to be easily manageable. Or am I
missing something?


signature.asc
Description: PGP signature

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

[Antonio Terceiro]

Control: reopen -1

> On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: bullseye
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > [ Reason ]
> > Version 0.8.0-1 contains a bug caused by extra whitespace in src=""
> > attributes of  tags that search to be broken.
> > 
> > [ Impact ]
> > Documentation generated with sphinx and this theme has a broken search
> > functionality.
> > 
> > [ Tests ]
> > I confirmed the fix against the lava package, which generates
> > documentation using sphinx-bootstrap-theme.
> > 
> > [ Risks ]
> > None. The only functional changes are the exact bug fixes, which are
> > basically deleting 1 extra space in a few lines.
> > 
> > [ Checklist ]
> >   [*] *all* changes are documented in the d/changelog
> >   [*] I reviewed all changes and I approve them
> >   [*] attach debdiff against the package in (old)stable
> >   (for your convenience I'm also attaching the patch itself, since
> >   it's easier to read the diff-in-diff in the debdiff)
> >   [*] the issue is verified as fixed in unstable
> > 
> > [ Changes ]
> > The fix is simple and consists of removing the extra spaces that were
> > breaking the reference to the Javascript files.
> > 
> > [ Other info ]
> > Nothing.
> 
> Sorry, I made this update against the version that was then in testing
> instead of the one in stable. I rebased the changes on stable, but it
> seems they are not enough to fix the issue in that case. I'm closing
> this now and will open a new PU request if and when I am able to fix it.

It turns out my backport was broken; now I got it right and was able to
test that the bug is indeed fixed. All the info above in my original bug
report still applies, with the attached patches.
</pre><pre>diff --git a/debian/changelog b/debian/changelog
index 6ebc402..53beb21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sphinx-bootstrap-theme (0.7.1-1+deb11u1) bullseye; urgency=medium
+
+  * Fix search functionality
+Add a combined backport of 2 upstream commits that remove 1 extra spaces
+off of a few lines.
+
+ -- Antonio Terceiro <terce...@debian.org>  Tue, 15 Feb 2022 19:18:53 -0300
+
 sphinx-bootstrap-theme (0.7.1-1) unstable; urgency=low
 
   [ Debian Janitor ]
diff --git a/debian/patches/Fix-search-functionality.patch b/debian/patches/Fix-search-functionality.patch
new file mode 100644
index 000..7794c08
--- /dev/null
+++ b/debian/patches/Fix-search-functionality.patch
@@ -0,0 +1,50 @@
+From: Antonio Terceiro <terce...@debian.org>
+Date: Thu, 10 Feb 2022 11:36:03 -0300
+Subject: Fix search functionality
+
+The extra spaces at the end of the src="" attibute of those <script>
+tags caused search to be broken on generated documentation. This is a
+combined backport of the following upstream commits
+0d80bffe488da6d5b7b575b964f92adde5026e3e ("BUG: Fix for Sphinx 3.4+
+search") and 19e69c8c46dff011ce24e1718e034decdf319f28 ("Drop spirious
+space in script urls").
+---
+ sphinx_bootstrap_theme/bootstrap/layout.html | 8 
+ sphinx_bootstrap_theme/bootstrap/search.html | 5 +++--
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/sphinx_bootstrap_theme/bootstrap/layout.html b/sphinx_bootstrap_theme/bootstrap/layout.html
+index c21e441..f6d3bfc 100644
+--- a/sphinx_bootstrap_theme/bootstrap/layout.html
 b/sphinx_bootstrap_theme/bootstrap/layout.html
+@@ -52,10 +52,10 @@
+ <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
+ <meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
+ <meta name="apple-mobile-web-app-capable" content="yes">
+-<script type="text/javascript" src="{{ pathto('_static/js/jquery-1.11.0.min.js', 1) }} ">
+-
+-
+-
++
++
++
++
+ {% endblock %}
+ 
+ {# Silence the sidebar's, relbar's #}
+diff --git a/sphinx_bootstrap_theme/bootstrap/search.html b/sphinx_bootstrap_theme/bootstrap/search.html
+index 60a6601..92444cc 100644
+--- a/sphinx_bootstrap_theme/bootstrap/search.html
 b/sphinx_bootstrap_theme/bootstrap/search.html
+@@ -10,8 +10,9 @@
+ {%- extends "layout.html" %}
+ {% set title = _('Search') %}
+ {% block extrahead %}
+-  
+-  
++  
++  
++  
+   {# this is used when loading the search index using $.ajax fails,
+  such as on Chrome for documents on localhost #}
+   
diff --git a/debian/patches/series b/debian/patches/series
index 391ae29..134cab0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@

Bug#1005288: bullseye-pu: package sphinx-bootstrap-theme/0.7.1-1+deb11u1

[Antonio Terceiro]

On Sat, Feb 19, 2022 at 05:41:40PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2022-02-15 at 21:33 -0300, Antonio Terceiro wrote:
> > Control: reopen -1
> > 
> > > On Thu, Feb 10, 2022 at 11:44:24AM -0300, Antonio Terceiro wrote:
> > > > [ Reason ]
> > > > Version 0.8.0-1 contains a bug caused by extra whitespace in
> > > > src=""
> > > > attributes of 

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

On Sat, Feb 19, 2022 at 06:53:52PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> > This update fixes the download of container images using the
> > "download"
> > template. pool.sks-keyservers.net is not active anymore, so the patch
> > (already included in the upstream release present in sid/bookworm)
> > changes that to keyserver.ubuntu.com.
> > 
> 
> +  * lxc-download: Switch GPG server.
> +The default server used to download gpg keys from has ben deprecated,
> 
> s/ben/been/
> 
> Please go ahead.

Uploaded with that typo fixed. Thanks.


signature.asc
Description: PGP signature

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

On Sun, Feb 20, 2022 at 02:30:15PM +0100, Paul Gevers wrote:
> Hi,
> 
> On 18-02-2022 21:23, Paul Gevers wrote:
> > > > Also the autopkgtest regressions don't look pretty yet, did you
> > > > already have a look:
> > > > https://qa.debian.org/excuses.php?package=ruby-defaults
> > > I'll try to take a look at this list and see what's going on.
> 
> coderay seems to have a patch to fix this in Ubuntu:
>  https://patches.ubuntu.com/c/coderay/coderay_1.1.3-5ubuntu1.patch
> 
> diaspora-installer can just be removed, it's already on the autoremoval
> list.

also fails without the new ruby-defaults. I retried all the migration
reference tests; they will fail and this will stop being a regression
from the POV of britney.

> jekyll apparently is fixed in unstable, but is on the autoremoval list.
> Shall I remove it or are you going to fix ruby-pathutil shortly?

I don't see it anymore as a regression so I guess this was already done.

> ruby-certificate-authority is a key package, bug #1005448 looks related.

I fixed this on the weekend.

> ruby-eventmachine is a key package, you'll need to investigate: NameError:
> uninitialized constant TestIOStreamer::StreamServer::StringIO

I fixed this today.

> ruby-jwt, is a key package, you'll need to fix bug #1005426.

I fixed this today.

> ruby-rack will migrate soon, I removed ruby-rack-mount.

This has happened since.


signature.asc
Description: PGP signature

Bug#1004915: transition: ruby2.7-rm

[Antonio Terceiro]

On Thu, Feb 24, 2022 at 08:56:49AM +0100, Paul Gevers wrote:
> Hi Antonio,
> 
> Thanks for taking care.
> 
> On 24-02-2022 02:43, Antonio Terceiro wrote:
> > > diaspora-installer can just be removed, it's already on the autoremoval
> > > list.
> > 
> > also fails without the new ruby-defaults.
> 
> I'm not seeing that. The 2022-02-24 01:38:19 UTC reference run on amd64
> passed.

Yes. I investigated this today and it is an issue that makes
diaspora-installer incompatible with ruby3.0:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006547

The fix for that is probably non-trivial, so IMO we should remove
diaspora-installer from testing to let the transition complete.

Yesterday I also uploaded NMUs for all remaining packages that are in
testing.
https://release.debian.org/transitions/html/ruby3.0-default.html is now
empty when one checks "ignore packages that are not in testing".



signature.asc
Description: PGP signature

Bug#1029632: unblock: ruby3.1/3.1.2-5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby...@packages.debian.org
Control: affects -1 + src:ruby3.1

Please unblock package ruby3.1

This is a trivial bug fix, and even though there is no real block hint
in place, this bug report is to save you the time from wondering about
the changes.

[ Reason ]
3.1.2-4 had a regression. ./configure was being about an explicit
pkg-config binary, but pkg-config was not a build dependency. So
the pkg-config binary was not really there, so ./configure set the
corresponding configuration variable to an empty string making the
pkg-config bindings in mkmf.rb not really work.

[ Impact ]
This makes some packages fail to build from source, namely ruby-augeas
and ruby-libvirt.

[ Tests ]
An autopkgtest to catch similar issues in the future has been added, and
it passes while it failed with 3.1.2.4.

[ Risks ]
None.

[ Checklist ]
  [✓] all changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in testing

[ Other info ]
n/a

unblock ruby3.1/3.1.2-5
diff --git a/debian/changelog b/debian/changelog
index 59fe6c8a1..8e43cb693 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+ruby3.1 (3.1.2-5) unstable; urgency=medium
+
+  * Add autopkgtest to test pkg_config
+  * Add build dependency on pkg-config from pkgconf.
+The absence of this build dependency made the check for whether
+pkg-config works fail (because it was not there) at the ./configure
+stage, making RbConfig::CONFIG["PKG_CONFIG"] empty, and therefore broke
+the usage of pkg_config() in extconf.rb scripts.
+This was noticed by Lucas Kanashiro (thanks!) in Ubuntu while rebuilding
+all Ruby packages to add ruby3.1 support, where ruby-augeas and
+ruby-libvirt failed to build.
+
+ -- Antonio Terceiro   Wed, 25 Jan 2023 14:46:18 -0300
+
 ruby3.1 (3.1.2-4) unstable; urgency=medium
 
   * Replace cross pkg-config patch with patches applied upstream
diff --git a/debian/control b/debian/control
index 2d6602a40..9802975c0 100644
--- a/debian/control
+++ b/debian/control
@@ -19,6 +19,7 @@ Build-Depends: bison,
libyaml-dev,
netbase ,
openssl ,
+   pkg-config (>= 1.8.0-7~),
procps ,
ruby3.1:native ,
rubygems-integration (>= 1.6) ,
diff --git a/debian/tests/control b/debian/tests/control
index 2b0bab840..bd3c7127a 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,3 +1,3 @@
-Tests: run-all bundled-gems builtin-extensions rubyconfig
-Depends: @
+Tests: run-all bundled-gems builtin-extensions rubyconfig pkg-config
+Depends: @, libffi-dev
 Restrictions: allow-stderr
diff --git a/debian/tests/pkg-config b/debian/tests/pkg-config
new file mode 100755
index 0..ce2bd6e23
--- /dev/null
+++ b/debian/tests/pkg-config
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -eu
+
+ruby="${1:-ruby3.1}"
+cd "${AUTOPKGTEST_TMP:-/tmp}"
+
+set -x
+$ruby -rmkmf -e 'pkg_config("libffi") or raise "pkg_config does not work"'


signature.asc
Description: PGP signature

Re: Shim and secure boot status, leading up to bookworm

[Antonio Terceiro]

On Wed, Jan 25, 2023 at 06:11:45PM +, Steve McIntyre wrote:
> Hey all!
> 
> Here's a status update and plans for SB and shim. If any of this is
> unclear or you have doubts, please say!
> 
> We currently have *signed* shim *15.4* packages in the archive, for
> all of buster, bullseye, bookworm and sid. That works OK at the
> moment, but is getting old (July 2021) and needs updating soonish.
> 
> I uploaded shim *15.6* in July 2022 and we attempted to get that
> signed too. Reviews were positive, but due to process problems around
> Microsoft uploads and then a long delay on getting a needed EV
> certificate renewed we never managed to get that signed. :-(
> 
> The MS and cert issues are now both resolved, and I'm now working on a
> shim *15.7* upload. There's a little more work and testing to do, but
> I'm not far off. Yay?

Have the issues with arm64 been fixed? Will this release provide a
signed arm64 shim?


signature.asc
Description: PGP signature

Bug#1029728: bullseye-pu: package passenger/5.0.30-1.2+deb11u1

[Antonio Terceiro]

On Sat, Feb 04, 2023 at 06:19:57PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2023-01-26 at 16:40 -0300, Antonio Terceiro wrote:
> > This updates makes it possible for users to use NodeJS binaries newer
> > than the ones provided in bullseye.
> > 
> > [ Impact ]
> > Users using a NodeJS version can't get passenger to work because it
> > fails to start due to use of an invalid global variable.
> > 
> 
> For some reason this bug never made it to debian-release.
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1030987: bullseye-pu: package vagrant/2.2.14+dfsg-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: vagr...@packages.debian.org
Control: affects -1 + src:vagrant

[ Reason ]
Since VirtualBox is not in stable, people will install it either from
upstream, and from Fasttrack (https://fasttrack.debian.net/). When a new
version of VirtualBox comes out, vagrant needs change to work with it.

[ Impact ]
stable users can't use vagrant with the latest VirtualBox (7.0).

[ Tests ]
The full testsuite passes, plus I got one real user to test on theur
system and confirm it works for them.

[ Risks ]
This is a direct cherry pick, with only 1 line change, from the upstream
patch that added VirtualBox 7.0 support. I don't see significant risk.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

I also attached the actual patch so it's easier to read than the
diff-in-diff in the debdiff.

[ Changes ]
The patch adds a new driver for VirtualBox 7.0, plus unit tests for it.

[ Other info ]
n/a
diff --git a/debian/changelog b/debian/changelog
index fc3cfcf..a28263d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vagrant (2.2.14+dfsg-2) bullseye; urgency=medium
+
+  * Add support for VirtualBox 7.0 (Closes: #1026227)
+
+ -- Antonio Terceiro   Tue, 07 Feb 2023 10:33:52 +0100
+
 vagrant (2.2.14+dfsg-1) unstable; urgency=medium
 
   * New upstream version 2.2.14+dfsg
diff --git a/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch b/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch
new file mode 100644
index 000..431a3b5
--- /dev/null
+++ b/debian/patches/0007-Add-support-for-VirtualBox-7.0.patch
@@ -0,0 +1,264 @@
+From: Chris Roberts 
+Date: Fri, 14 Oct 2022 10:44:49 -0700
+Subject: Add support for VirtualBox 7.0
+
+Signed-off-by: Antonio Terceiro 
+Changes from the original patch:
+
+- replace `require "rexml"` with `require "rexml/document"` to work with with
+  the rexml shipped with Ruby 2.7
+
+---
+ lib/vagrant/errors.rb  |   4 +
+ plugins/providers/virtualbox/driver/meta.rb|   1 +
+ plugins/providers/virtualbox/driver/version_7_0.rb |  67 +
+ plugins/providers/virtualbox/plugin.rb |   1 +
+ templates/locales/en.yml   |   5 +
+ .../virtualbox/driver/version_7_0_test.rb  | 109 +
+ 6 files changed, 187 insertions(+)
+ create mode 100644 plugins/providers/virtualbox/driver/version_7_0.rb
+ create mode 100644 test/unit/plugins/providers/virtualbox/driver/version_7_0_test.rb
+
+diff --git a/lib/vagrant/errors.rb b/lib/vagrant/errors.rb
+index 782615b..4329d29 100644
+--- a/lib/vagrant/errors.rb
 b/lib/vagrant/errors.rb
+@@ -940,6 +940,10 @@ module Vagrant
+   error_key(:virtualbox_broken_version_040214)
+ end
+ 
++class VirtualBoxConfigNotFound < VagrantError
++  error_key(:virtualbox_config_not_found)
++end
++
+ class VirtualBoxDisksDefinedExceedLimit < VagrantError
+   error_key(:virtualbox_disks_defined_exceed_limit)
+ end
+diff --git a/plugins/providers/virtualbox/driver/meta.rb b/plugins/providers/virtualbox/driver/meta.rb
+index c3be8c8..04c130c 100644
+--- a/plugins/providers/virtualbox/driver/meta.rb
 b/plugins/providers/virtualbox/driver/meta.rb
+@@ -65,6 +65,7 @@ module VagrantPlugins
+ "5.2" => Version_5_2,
+ "6.0" => Version_6_0,
+ "6.1" => Version_6_1,
++"7.0" => Version_7_0,
+   }
+ 
+   if @@version.start_with?("4.2.14")
+diff --git a/plugins/providers/virtualbox/driver/version_7_0.rb b/plugins/providers/virtualbox/driver/version_7_0.rb
+new file mode 100644
+index 000..d94e66b
+--- /dev/null
 b/plugins/providers/virtualbox/driver/version_7_0.rb
+@@ -0,0 +1,67 @@
++require "rexml/document"
++require File.expand_path("../version_6_1", __FILE__)
++
++module VagrantPlugins
++  module ProviderVirtualBox
++module Driver
++  # Driver for VirtualBox 7.0.x
++  class Version_7_0 < Version_6_1
++def initialize(uuid)
++  super
++
++  @logger = Log4r::Logger.new("vagrant::provider::virtualbox_7_0")
++end
++
++# The initial VirtualBox 7.0 release has an issue with displaying port
++# forward information. When a single port forward is defined, the forwarding
++# information can be found in the `showvminfo` output. Once more than a
++# single port forward is defined, no forwarding information is provided
++# in the `showvminfo` output. To work around this we grab the VM configuration
++# file from the `showvminfo` output and extract the port 

Bug#1030987: bullseye-pu: package vagrant/2.2.14+dfsg-2

[Antonio Terceiro]

On Sun, Feb 19, 2023 at 06:54:45PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2023-02-10 at 09:58 +0100, Antonio Terceiro wrote:
> > Since VirtualBox is not in stable, people will install it either from
> > upstream, and from Fasttrack (https://fasttrack.debian.net/). When a
> > new
> > version of VirtualBox comes out, vagrant needs change to work with
> > it.
> > 
> > [ Impact ]
> > stable users can't use vagrant with the latest VirtualBox (7.0).
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1033573: unblock: ruby3.1/3.1.2-7

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby...@packages.debian.org
Control: affects -1 + src:ruby3.1

Please unblock package ruby3.1

[ Reason ]
This release updates the openssl bindings, fixing a few regressions that
have been identified.

[ Impact ]
Without these changes, at least gitlab doesn't work correctly.

[ Tests ]
I had uploaded this to experimental some time ago, and the pseudo
excuses against unstable showed no regressions.

[ Risks ]
The changes are contained to the implementatin of a few openssl methods.
I think the risk is low. I had also tried updating to the new upstream
release 3.1.3, which includes this change, but thought that contained
too many non-critical changes.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
I'm also attaching the actual patch included in this upload as it is
easier to read than the diff-in-diff in the debdiff.

unblock ruby3.1/3.1.2-7
diff --git a/debian/changelog b/debian/changelog
index c6bd035fc..54e474d21 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+ruby3.1 (3.1.2-7) unstable; urgency=medium
+
+  * Upload to unstable
+
+ -- Antonio Terceiro   Sat, 25 Mar 2023 14:20:34 -0300
+
+ruby3.1 (3.1.2-7~exp) experimental; urgency=medium
+
+  * Update openssl extension to to 3.0.1 (Closes: #1032070)
+
+ -- Antonio Terceiro   Sun, 05 Mar 2023 17:13:36 -0300
+
 ruby3.1 (3.1.2-6) unstable; urgency=medium
 
   * Add missing dependencies for pkg-config test
diff --git a/debian/patches/openssl-3.0.1.patch b/debian/patches/openssl-3.0.1.patch
new file mode 100644
index 0..0762cb65e
--- /dev/null
+++ b/debian/patches/openssl-3.0.1.patch
@@ -0,0 +1,495 @@
+From: Antonio Terceiro 
+Date: Sun, 5 Mar 2023 17:09:05 -0300
+Subject: openssl 3.0.1
+
+This is a combination of several patches for openssl extension that fix
+bugs in its version 3.0.0.
+
+Forwarded: not-needed
+---
+ ext/openssl/History.md | 40 +
+ ext/openssl/extconf.rb |  5 +++--
+ ext/openssl/lib/openssl/pkey.rb|  8 +++
+ ext/openssl/lib/openssl/version.rb |  2 +-
+ ext/openssl/openssl.gemspec|  2 +-
+ ext/openssl/ossl_hmac.c|  8 +++
+ ext/openssl/ossl_pkey.c| 46 +++---
+ ext/openssl/ossl_pkey_ec.c |  4 
+ ext/openssl/ossl_x509cert.c|  6 ++---
+ ext/openssl/ossl_x509crl.c |  6 ++---
+ ext/openssl/ossl_x509req.c |  6 ++---
+ ext/openssl/ossl_x509revoked.c |  6 ++---
+ test/openssl/test_hmac.rb  |  8 +++
+ test/openssl/test_pkey_dsa.rb  | 19 
+ test/openssl/test_pkey_ec.rb   | 25 +
+ test/openssl/test_pkey_rsa.rb  |  5 +
+ test/openssl/test_ssl.rb   |  6 +
+ 17 files changed, 183 insertions(+), 19 deletions(-)
+
+diff --git a/ext/openssl/History.md b/ext/openssl/History.md
+index 479ec3b..a4f6bd7 100644
+--- a/ext/openssl/History.md
 b/ext/openssl/History.md
+@@ -1,3 +1,27 @@
++Version 3.0.1
++=
++
++Merged changes in 2.1.4 and 2.2.2. Additionally, the following issues are fixed
++by this release.
++
++Bug fixes
++-
++
++* Add missing type check in OpenSSL::PKey::PKey#sign's optional parameters.
++  [[GitHub #531]](https://github.com/ruby/openssl/pull/531)
++* Work around OpenSSL 3.0's HMAC issues with a zero-length key.
++  [[GitHub #538]](https://github.com/ruby/openssl/pull/538)
++* Fix a regression in OpenSSL::PKey::DSA.generate's default of 'q' size.
++  [[GitHub #483]](https://github.com/ruby/openssl/issues/483)
++  [[GitHub #539]](https://github.com/ruby/openssl/pull/539)
++* Restore OpenSSL::PKey.read's ability to decode "openssl ecparam -genkey"
++  output when linked against OpenSSL 3.0.
++  [[GitHub #535]](https://github.com/ruby/openssl/pull/535)
++  [[GitHub #540]](https://github.com/ruby/openssl/pull/540)
++* Restore error checks in OpenSSL::PKey::EC#{to_der,to_pem}.
++  [[GitHub #541]](https://github.com/ruby/openssl/pull/541)
++
++
+ Version 3.0.0
+ =
+ 
+@@ -100,6 +124,12 @@ Notable changes
+ [[GitHub #342]](https://github.com/ruby/openssl/issues/342)
+ 
+ 
++Version 2.2.2
++=
++
++Merged changes in 2.1.4.
++
++
+ Version 2.2.1
+ =
+ 
+@@ -194,6 +224,16 @@ Notable changes
+   [[GitHub #297]](https://github.com/ruby/openssl/pull/297)
+ 
+ 
++Version 2.1.4
++=
++
++Bug fixes
++-
++
++* Do not use pkg-config if --with-openssl-dir option is specified.
++ [[GitHub #486]](https://github.com/ruby/openssl/pull/486)
++
++
+ Version 2.1.3
+ =
+ 
+diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
+index fedcb93..d2d7893 100644
+--- a/ext/openssl/extconf.rb
 b/ext/

Bug#928940: unblock: ruby2.5/2.5.5-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5. The latest uploaded fixes the one
pending RC bug. The fix is pretty simple, just putting 2 files in the
correct location.

the diff:

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index 370de1ed..5cab009b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby2.5 (2.5.5-2) unstable; urgency=medium
+
+  * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
+network availability, by moving the existing excludes files to the correct
+location. (Closes: #927122)
+
+ -- Antonio Terceiro   Mon, 13 May 2019 10:55:06 -0300
+
 ruby2.5 (2.5.5-1) unstable; urgency=medium
 
   * New upstream version 2.5.5. Includes a series of bug fixes, most notably
diff --git a/debian/tests/excludes/any/TestRingFinger.rb 
b/debian/tests/excludes/any/Rinda/TestRingFinger.rb
similarity index 100%
rename from debian/tests/excludes/any/TestRingFinger.rb
rename to debian/tests/excludes/any/Rinda/TestRingFinger.rb
diff --git a/debian/tests/excludes/any/TestRingServer.rb 
b/debian/tests/excludes/any/Rinda/TestRingServer.rb
similarity index 100%
rename from debian/tests/excludes/any/TestRingServer.rb
rename to debian/tests/excludes/any/Rinda/TestRingServer.rb
8<8<8<-


unblock ruby2.5/2.5.5-2

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#929899: unblock: ruby2.5/2.5.5-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5

2.5.5-3 contains just a patch to make it build on ia64.

the diff against the package in testing is attached.

unblock ruby2.5/2.5.5-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 5cab009b..d6eaca0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ruby2.5 (2.5.5-3) unstable; urgency=medium
+
+  * ia64: Don't clear register_stack_start (Closes: #928068)
+
+ -- Antonio Terceiro   Sun, 02 Jun 2019 10:16:57 -0300
+
 ruby2.5 (2.5.5-2) unstable; urgency=medium
 
   * debian/tests/excludes/: fix exclusion of Rinda tests that depend on
diff --git a/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch b/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch
new file mode 100644
index ..ed43e467
--- /dev/null
+++ b/debian/patches/0011-ia64-Don-t-clear-register_stack_start.patch
@@ -0,0 +1,25 @@
+From: James Clarke 
+Date: Fri, 26 Apr 2019 23:32:46 +0100
+Subject: ia64: Don't clear register_stack_start
+
+r59829 stopped clearing stack_start and enabled the code for
+!FIBER_USE_NATIVE, but we need to do the same for register_stack_start
+on ia64, otherwise we end up with NULL in cont_save_machine_stack.
+
+Closes: https://github.com/ruby/ruby/pull/2155
+---
+ cont.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/cont.c b/cont.c
+index 7b6864a..8ad8207 100644
+--- a/cont.c
 b/cont.c
+@@ -543,7 +543,6 @@ cont_save_thread(rb_context_t *cont, rb_thread_t *th)
+ sec->machine.stack_end = NULL;
+ 
+ #ifdef __ia64
+-sec->machine.register_stack_start = NULL;
+ sec->machine.register_stack_end = NULL;
+ #endif
+ }
diff --git a/debian/patches/series b/debian/patches/series
index e0cb0602..a6319c31 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@
 0008-Disable-tests-failing-on-Ubuntu-builders.patch
 0009-test-test_pair-fix-deadlock-in-test_connect_accept_n.patch
 0010-test-use-larger-keys-for-SSL-tests.patch
+0011-ia64-Don-t-clear-register_stack_start.patch


signature.asc
Description: PGP signature

Bug#929214: release.debian.org - Add package constraint for cloud images

[Antonio Terceiro]

On Wed, Jun 12, 2019 at 09:03:04PM +0200, Paul Gevers wrote:
> Hi Bastian,
> 
> [CC adding debian-ci@l.d.o, please drop the bug in the next reply as it
> starts to become off-topic there.]
> 
> On 12-06-2019 20:52, Bastian Blank wrote:
> > On Wed, Jun 12, 2019 at 08:42:27PM +0200, Paul Gevers wrote:
> >> On 12-06-2019 20:01, Bastian Blank wrote:
> >>> I'm also not sure if the Debian autopkgtest infrastructure would be able
> >>> to do that and build images.  The actual testing runs via the Gitlab
> >>> CI.[1]
> >> You could very probably do it. Depending on how long such a build takes,
> > 
> > One build takes 3 minutes if it runs native and 13 minutes if it runs
> > via qemu-user.  However it needs awefull amount of network and disk IO.
> 
> I don't believe that should be a problem if that is an *or*. However,
> qemu will not work properly, right Antonio?

qemu-user probably works; qemu-system might work, but not with kvm
acceleration.

> > Does the Debian autopkgtest instance support "needs-root" and
> > "breaks-testbed"?
> 
> Yes and yes. The only thing we currently do not support *yet* is
> isolation-machine.
> 
> > The image build uses loop devices, hence
> > "needs-root", which can't be cleaned up properly, hence
> > "breaks-testbed".
> 
> That's no problem at all.

mounting loop devices would not work. (these tests probably also need
isolation-machine)


signature.asc
Description: PGP signature

Bug#1009363: bullseye-pu: package ruby-net-ssh/1:6.1.0-2+deb11u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm, and
that breaks clients that do not support stronger algorithms, which is
the case of the ruby-net-ssh version in bullseye.

[ Impact ]
Users of vagrant and capistrano, for example, are not able to connect
to hosts running OpenSSH 8.8, which includes Debian bookworm but also
other distributions where OpenSSH 8.8. is already available.

[ Tests ]
All the included unit tests, includind the new ones added by the
included patches, pass both during the package build and autopkgtest.

This updates was also tested manually on stable by Lucas Nussbaum (see
#1008541), who confirmed the fix works.

[ Risks ]
I don't see much risk in this update.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patches are backports of the relevant upstream patches. The first
adds support for client authentication with RSA + SHA-2. The second adds
support for RSA+SHA-2 in host keys.

[ Other info ]
I'm also attaching the patches themselves, because they are easier to
read than the diff-in-diff in the debdiff.
diff --git a/debian/changelog b/debian/changelog
index a1f8837f..763e6086 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-net-ssh (1:6.1.0-2+deb11u1) bullseye; urgency=medium
+
+  * Backport upstream patches to fix authentication against hosts using
+OpenSSH 8.8, including but not limited to Debian bookworm
+(Closes: #1009155, #1008541)
+
+ -- Antonio Terceiro   Fri, 08 Apr 2022 10:06:46 -0300
+
 ruby-net-ssh (1:6.1.0-2) unstable; urgency=medium
 
   [ Cédric Boutillier ]
diff --git a/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch b/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch
new file mode 100644
index ..ae350e52
--- /dev/null
+++ b/debian/patches/0001-Added-support-for-RSA-client-authentication-with-SHA.patch
@@ -0,0 +1,394 @@
+From: Zdenek Zambersky 
+Date: Thu, 6 May 2021 13:50:20 +0200
+Subject: Added support for RSA client authentication with SHA-2
+
+Source: https://github.com/net-ssh/net-ssh/pull/838
+Backported-By: Antonio Terceiro 
+---
+ lib/net/ssh/authentication/certificate.rb   |  4 +-
+ lib/net/ssh/authentication/ed25519.rb   |  2 +-
+ lib/net/ssh/authentication/key_manager.rb   | 22 ++--
+ lib/net/ssh/authentication/methods/abstract.rb  | 10 
+ lib/net/ssh/authentication/methods/publickey.rb | 66 ++-
+ lib/net/ssh/authentication/session.rb   |  5 +-
+ lib/net/ssh/transport/openssl.rb| 16 --
+ test/authentication/methods/test_publickey.rb   | 71 ++---
+ test/authentication/test_session.rb |  6 ++-
+ 9 files changed, 169 insertions(+), 33 deletions(-)
+
+diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb
+index 82e37e9..95b01ff 100644
+--- a/lib/net/ssh/authentication/certificate.rb
 b/lib/net/ssh/authentication/certificate.rb
+@@ -65,8 +65,8 @@ module Net
+   ).to_s
+ end
+ 
+-def ssh_do_sign(data)
+-  key.ssh_do_sign(data)
++def ssh_do_sign(data, sig_alg = nil)
++  key.ssh_do_sign(data, sig_alg)
+ end
+ 
+ def ssh_do_verify(sig, data)
+diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb
+index 0c5530c..1989d1f 100644
+--- a/lib/net/ssh/authentication/ed25519.rb
 b/lib/net/ssh/authentication/ed25519.rb
+@@ -167,7 +167,7 @@ module Net
+ PubKey.new(@pk)
+   end
+ 
+-  def ssh_do_sign(data)
++  def ssh_do_sign(data, sig_alg = nil)
+ @sign_key.sign(data)
+   end
+ 
+diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb
+index 242d5d5..3624550 100644
+--- a/lib/net/ssh/authentication/key_manager.rb
 b/lib/net/ssh/authentication/key_manager.rb
+@@ -159,7 +159,7 @@ module Net
+ # Regardless of the identity's origin or who does the signing, this
+ # will always return the signature in an SSH2-specified "signature
+ # blob" format.
+-def sign(identity, data)
++def sign(identity, data, sig_alg = nil)
+   info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager"
+ 
+   if info[:key].nil? && info[:from] == :file
+@@ -171,13 +171,27 @@ module Net
+   end
+ 
+   if info[:key]
+-return Net::SSH::Buffer.from(:string, identity.ssh_signature_type,
+-  :mstring, info[:key].ssh_do_sign(da

Bug#1009363: bullseye-pu: package ruby-net-ssh/1:6.1.0-2+deb11u1

[Antonio Terceiro]

On Sat, May 28, 2022 at 08:47:53PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2022-04-12 at 09:40 -0300, Antonio Terceiro wrote:
> > OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm,
> > and
> > that breaks clients that do not support stronger algorithms, which is
> > the case of the ruby-net-ssh version in bullseye.
> > 
> > [ Impact ]
> > Users of vagrant and capistrano, for example, are not able to connect
> > to hosts running OpenSSH 8.8, which includes Debian bookworm but also
> > other distributions where OpenSSH 8.8. is already available.
> > 
> [...]
> > The patches are backports of the relevant upstream patches. The first
> > adds support for client authentication with RSA + SHA-2. The second
> > adds
> > support for RSA+SHA-2 in host keys.
> > 
> 
> Please go ahead.

Uploaded.


signature.asc
Description: PGP signature

Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1

[Antonio Terceiro]

On Fri, Jul 01, 2022 at 07:13:24PM +0100, Adam D. Barratt wrote:
> On Sun, 2022-02-20 at 19:38 -0300, Antonio Terceiro wrote:
> > On Sat, Feb 19, 2022 at 06:53:52PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + confirmed
> > > 
> > > On Thu, 2022-01-27 at 21:32 -0300, Antonio Terceiro wrote:
> > > > This update fixes the download of container images using the
> > > > "download"
> > > > template. pool.sks-keyservers.net is not active anymore, so the
> > > > patch
> > > > (already included in the upstream release present in
> > > > sid/bookworm)
> > > > changes that to keyserver.ubuntu.com.
> > > > 
> > > 
> > > +  * lxc-download: Switch GPG server.
> > > +The default server used to download gpg keys from has ben
> > > deprecated,
> > > 
> > > s/ben/been/
> > > 
> > > Please go ahead.
> > 
> > Uploaded with that typo fixed. Thanks.
> 
> I was just looking through some older p-u bugs, and realised that this
> was still open. Looking further, the package never seems to have made
> it to stable-new.
> 
> I can't find any mention of the upload in the dak logs on ftp-master,
> and all I can see on the upload host is:
> 
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1_source.changes
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1_source.changes
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1.dsc
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1.dsc
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1.debian.tar.xz
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1.debian.tar.xz
> Feb 20 21:55:04 > rm --searchdirs lxc_4.0.6-2+deb11u1_source.buildinfo
> Feb 20 21:55:04 Files removed: lxc_4.0.6-2+deb11u1_source.buildinfo

Weird. I do have local logs of it being uploaded. Anyway, I have just
uploaded again.


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

Hi,

On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> Tags: moreinfo
> 
> Hi,
> 
> We would like to add support for ruby3.1 in ruby-defaults in unstable
> soon. The ben file was already added to the transition tracker as
> planned by elbrus.

I would like to start this transition, by uploading ruby-defaults
enabling building against ruby3.1 to unstable. All the packages listed
in the transition page build correctly, except a few ones. They all have
bugs reported, and I just raised their severity to serious:

https://bugs.debian.org/1015305
https://bugs.debian.org/1015309
https://bugs.debian.org/1015310
https://bugs.debian.org/1015322
https://bugs.debian.org/1015327
https://bugs.debian.org/1015328
https://bugs.debian.org/1015329
https://bugs.debian.org/1015334

The following binNMUs can be done right after the ruby-defaults is
uploaded and built:

level 1
===

libselinux mecab qdbm raspell protobuf remctl ruby-atomic ruby-augeas
rrdtool ruby-bcrypt-pbkdf ruby-bcrypt ruby-bindex ruby-bert
ruby-binding-ninja ruby-byebug ruby-cairo ruby-character-set ruby-cbor
passenger ruby-charlock-holmes ignition-math ruby-concurrent
ruby-cool.io ruby-damerau-levenshtein ruby-curses
ruby-dataobjects-sqlite3 ruby-debian ruby-dataobjects-postgres ruby-curb
ruby-debug-inspector ruby-ed25519 ruby-eb ruby-enumerable-statistics
ruby-escape-utils ruby-exif ruby-fast-blank ruby-fast-stemmer
ruby-fast-xs ruby-fcgi ruby-eventmachine ruby-ffi-yajl ruby-filesystem
ruby-ffi ruby-fusefs ruby-god ruby-gpgme ruby-gd ruby-hiredis
ruby-gitlab-pg-query ruby-jaro-winkler ruby-hitimes ruby-json
ruby-levenshtein ruby-ldap ruby-liquid-c ruby-libxml ruby-mmap2
ruby-murmurhash3 ruby-narray ruby-nfc ruby-ncurses ruby-libvirt
ruby-odbc ruby-kgio ruby-nio4r ruby-oily-png ruby-pcaprub ruby-ox
ruby-posix-spawn ruby-oj ruby-pg ruby-prometheus-client-mmap
ruby-nokogiri ruby-rblineprof ruby-raindrops ruby-rbtree ruby-rdiscount
ruby-re2 ruby-redcarpet ruby-regexp-property-values ruby-redcloth
ruby-rinku ruby-rpam-ruby19 ruby-rjb ruby-ruby-magic-static ruby-sdbm
ruby-rpatricia ruby-sequel-pg ruby-rugged ruby-serialport ruby-shadow
ruby-rmagick ruby-sigar ruby-sdl ruby-strptime ruby-termios ruby-thrift
ruby-timfel-krb5-auth ruby-uconv ruby-unf-ext ruby-tokyocabinet
ruby-tioga ruby-unicode ruby-version-sorter ruby-websocket-driver
ruby-vmstat ruby-xmlhash ruby-xmlparser ruby-yajl ruby-zoom stfl spglib
unicorn-engine xapian-bindings

level 2
===

libsemanage ruby-fftw3 ruby-commonmarker ruby-github-linguist
ruby-github-markdown ruby-grib ruby-gsl ruby-hamlit ruby-hdfeos5
ruby-gnome ruby-http-parser.rb ruby-mpi ruby-msgpack ruby-multibitnums
ruby-nokogumbo ruby-password ruby-sqlite3 thin libguestfs ruby-lapack
unicorn grpc

level 3
===

ruby-bootsnap
ruby-rbtrace

8<8<8<-

There are still bugs to be reported about arch:all packages that FTBFS,
and I will be doing that next.


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

On Mon, Sep 19, 2022 at 09:07:50AM +0200, Sebastian Ramacher wrote:
> Control: tags -1 = confirmed
> 
> On 2022-09-12 15:28:38 -0300, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > Tags: moreinfo
> > > 
> > > Hi,
> > > 
> > > We would like to add support for ruby3.1 in ruby-defaults in unstable
> > > soon. The ben file was already added to the transition tracker as
> > > planned by elbrus.
> > 
> > I would like to start this transition, by uploading ruby-defaults
> > enabling building against ruby3.1 to unstable. All the packages listed
> > in the transition page build correctly, except a few ones. They all have
> > bugs reported, and I just raised their severity to serious:
> 
> Please go ahead

Just uploaded. I have a few notes to the list of binNMUs below.

> > level 1
> > ===
> > 
> > libselinux mecab qdbm raspell protobuf remctl ruby-atomic ruby-augeas
> > rrdtool ruby-bcrypt-pbkdf ruby-bcrypt ruby-bindex ruby-bert
> > ruby-binding-ninja ruby-byebug ruby-cairo ruby-character-set ruby-cbor
> > passenger ruby-charlock-holmes ignition-math ruby-concurrent
> > ruby-cool.io ruby-damerau-levenshtein ruby-curses
> > ruby-dataobjects-sqlite3 ruby-debian ruby-dataobjects-postgres ruby-curb
> > ruby-debug-inspector ruby-ed25519 ruby-eb ruby-enumerable-statistics
> > ruby-escape-utils ruby-exif ruby-fast-blank ruby-fast-stemmer
> > ruby-fast-xs ruby-fcgi ruby-eventmachine ruby-ffi-yajl ruby-filesystem
> > ruby-ffi ruby-fusefs ruby-god ruby-gpgme ruby-gd ruby-hiredis
> > ruby-gitlab-pg-query ruby-jaro-winkler ruby-hitimes ruby-json
> > ruby-levenshtein ruby-ldap ruby-liquid-c ruby-libxml ruby-mmap2
> > ruby-murmurhash3 ruby-narray ruby-nfc ruby-ncurses ruby-libvirt
> > ruby-odbc ruby-kgio ruby-nio4r ruby-oily-png ruby-pcaprub ruby-ox
> > ruby-posix-spawn ruby-oj ruby-pg ruby-prometheus-client-mmap
> > ruby-nokogiri ruby-rblineprof ruby-raindrops ruby-rbtree ruby-rdiscount
> > ruby-re2 ruby-redcarpet ruby-regexp-property-values ruby-redcloth
> > ruby-rinku ruby-rpam-ruby19 ruby-rjb ruby-ruby-magic-static ruby-sdbm
> > ruby-rpatricia ruby-sequel-pg ruby-rugged ruby-serialport ruby-shadow
> > ruby-rmagick ruby-sigar ruby-sdl ruby-strptime ruby-termios ruby-thrift
> > ruby-timfel-krb5-auth ruby-uconv ruby-unf-ext ruby-tokyocabinet
> > ruby-tioga ruby-unicode ruby-version-sorter ruby-websocket-driver
> > ruby-vmstat ruby-xmlhash ruby-xmlparser ruby-yajl ruby-zoom stfl spglib
> > unicorn-engine xapian-bindings

Add ruby-prof here, since it was recently fixed.

> > level 2
> > ===
> > 
> > libsemanage ruby-fftw3 ruby-commonmarker ruby-github-linguist
> > ruby-github-markdown ruby-grib ruby-gsl ruby-hamlit ruby-hdfeos5
> > ruby-gnome ruby-http-parser.rb ruby-mpi ruby-msgpack ruby-multibitnums
> > ruby-nokogumbo ruby-password ruby-sqlite3 thin libguestfs ruby-lapack
> > unicorn grpc


Add ruby-bson here, also recently fixed.

Thanks.


signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

On Tue, Sep 20, 2022 at 09:04:11AM -0300, Antonio Terceiro wrote:
> On Mon, Sep 19, 2022 at 09:07:50AM +0200, Sebastian Ramacher wrote:
> > Control: tags -1 = confirmed
> > 
> > On 2022-09-12 15:28:38 -0300, Antonio Terceiro wrote:
> > > Hi,
> > > 
> > > On Sun, Jul 17, 2022 at 02:08:14PM -0300, Lucas Kanashiro wrote:
> > > > Package: release.debian.org
> > > > Severity: normal
> > > > User: release.debian@packages.debian.org
> > > > Usertags: transition
> > > > Tags: moreinfo
> > > > 
> > > > Hi,
> > > > 
> > > > We would like to add support for ruby3.1 in ruby-defaults in unstable
> > > > soon. The ben file was already added to the transition tracker as
> > > > planned by elbrus.
> > > 
> > > I would like to start this transition, by uploading ruby-defaults
> > > enabling building against ruby3.1 to unstable. All the packages listed
> > > in the transition page build correctly, except a few ones. They all have
> > > bugs reported, and I just raised their severity to serious:
> > 
> > Please go ahead
> 
> Just uploaded. I have a few notes to the list of binNMUs below.

Thanks for the initial round of binNMUs. I'm going through the failures
and either fixing them or reporting bugs.

Please update the transition tracker with the attached patch.
From 45cd37e15c3e478e979dada18a7a5d8fe2dfeaab Mon Sep 17 00:00:00 2001
From: Antonio Terceiro 
Date: Thu, 22 Sep 2022 18:59:16 -0300
Subject: [PATCH] ruby3.1-add: ignore new package that builds only for the
 default ruby

---
 ongoing/ruby3.1-add.ben | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ongoing/ruby3.1-add.ben b/ongoing/ruby3.1-add.ben
index 5cf29c4..4eeb7a3 100644
--- a/ongoing/ruby3.1-add.ben
+++ b/ongoing/ruby3.1-add.ben
@@ -1,5 +1,5 @@
 title = "ruby3.1-add";
-is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & ! .source ~ /^(ruby3\.0|ruby3\.1|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit)$/;
+is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & ! .source ~ /^(ruby3\.0|ruby3\.1|ruby-defaults|dislocker|epic5|graphviz|hivex|kamailio|klayout|kross-interpreters|libprelude|marisa|ngraph-gtk|notmuch|obexftp|redland-bindings|rubyluabridge|ruby-standalone|subtle|subversion|uwsgi|vim-command-t|weechat|robot-testing-framework|treil|vim|nbdkit|ignition-math|)$/;
 is_good = .depends ~ /ruby3.1/;
 is_bad = .depends ~ /ruby3.0/ & !.depends ~ /ruby3.1/;
 notes = "#1015207 ";
-- 
2.35.1



signature.asc
Description: PGP signature

Bug#1015207: transitions: ruby3.1-add

[Antonio Terceiro]

Hi,

please binNMU:

puma
thin
ruby-bootsnap

These failed to build before, but that was probably due to something
else down the stack. All three build fine in unstable at the moment.

The only missing piece is ruby-mysql2, which I will work on next.


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition

Hi, I would like to plan the ruby 3.1 transition. As soon as we have the
tracker I will perform all the test rebuilds necessary and report any
bugs.

Ben file:

title = "ruby3.1 as default";
is_affected = (.depends ~ /ruby3.0/ | .depends ~ /ruby3.1/) & !.source ~ 
/^(ruby3.0|ruby3.1|ruby-defaults)$/;
is_good = .depends ~ "ruby3.1" | .depends ~ "libruby3.1" | ! (.depends ~ 
"ruby3.0" | .depends ~ "libruby3.0");
is_bad = ! (.depends ~ "ruby3.1" | .depends ~ "libruby3.1") & (.depends ~ 
"ruby3.0" | .depends ~ "libruby3.0");


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

On Tue, Nov 22, 2022 at 11:00:57PM +0100, Sebastian Ramacher wrote:
> On 2022-11-22 21:53:31 +0100, Paul Gevers wrote:
> > Hi Lucas,
> > 
> > On 22-11-2022 17:03, Lucas Kanashiro wrote:
> > > After discussing with Antonio, since our deadline to finish the
> > > transition is approaching, we decided to already enable ruby3.1 as the
> > > default and remove ruby3.0 in a single step.
> > 
> > I may be remembering wrong (it's a bit late), but isn't the change of the
> > default a forward rebuild, while removal is a backward rebuild (I mean in
> > the dependency tree)? If that's true, I think doing it in two steps is
> > easier to manage, as packages can then migrate on their own and don't need a
> > lock step migration.
> 
> That's correct. I'd prefer to handle this with two trackers.

Fair enough. I will update ruby-defaults accordingly. Is it OK for us to
start the transition in unstable?


signature.asc
Description: PGP signature

Bug#1023495: transition: ruby3.1

[Antonio Terceiro]

On Wed, Nov 23, 2022 at 05:35:18PM +0100, Sebastian Ramacher wrote:
> Hi Antonio
> 
> On 2022-11-23 13:13:37 -0300, Antonio Terceiro wrote:
> > On Tue, Nov 22, 2022 at 11:00:57PM +0100, Sebastian Ramacher wrote:
> > > On 2022-11-22 21:53:31 +0100, Paul Gevers wrote:
> > > > Hi Lucas,
> > > > 
> > > > On 22-11-2022 17:03, Lucas Kanashiro wrote:
> > > > > After discussing with Antonio, since our deadline to finish the
> > > > > transition is approaching, we decided to already enable ruby3.1 as the
> > > > > default and remove ruby3.0 in a single step.
> > > > 
> > > > I may be remembering wrong (it's a bit late), but isn't the change of 
> > > > the
> > > > default a forward rebuild, while removal is a backward rebuild (I mean 
> > > > in
> > > > the dependency tree)? If that's true, I think doing it in two steps is
> > > > easier to manage, as packages can then migrate on their own and don't 
> > > > need a
> > > > lock step migration.
> > > 
> > > That's correct. I'd prefer to handle this with two trackers.
> > 
> > Fair enough. I will update ruby-defaults accordingly. Is it OK for us to
> > start the transition in unstable?
> 
> I'd like protobuf to migrate first which is currently doing its own
> transition. Afer that, we can go ahead with the switch to 3.1 as
> default.

protobuf migrate a few days ago, so I just uploaded ruby-defaults.
Please binNMU these packages:

epic5
graphviz
ignition-math
kamailio
klayout
kross-interpreters
libprelude
marisa
ngraph-gtk
notmuch
obexftp
redland-bindings
subtle
subversion
vim-command-t
weechat
xapian-bindings


signature.asc
Description: PGP signature

Bug#1026890: transition: ruby3.0-rm

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: ruby-defau...@packages.debian.org
Control: affects -1 + src:ruby-defaults

Please create a tracker for removing ruby3.0 as a supported version.

Ben file (based on ruby2.7-rm from the transition-data repository):

title = "ruby3.0-rm";
is_affected = (.depends ~ "ruby3.0" | .depends ~ "libruby3.0") & !.source ~ 
/^(ruby3.0)$/;
is_good = false;
is_bad = .depends ~ "ruby3.0" | .depends ~ "libruby3.0";


signature.asc
Description: PGP signature

Bug#965334: buster-pu: package ruby-ronn/0.8.0-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
It was discovered that ronn fails to process input that contains UTF-8
characters due to a programming error

[ Impact ]
Not having this fix makes it impossible to process input with UTF-8.

[ Tests ]
I have add an autopkgtest that exposes the issue (fails without this
patch, passes with it)

[ Risks ]
Very low

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The fix is just removing the "s" flag from a regular expression. It was
obtained from upstream at https://github.com/apjanke/ronn-ng/pull/35

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-1-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 0cf8d08..fd7e234 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-ronn (0.8.0-2+deb10u1) buster; urgency=medium
+
+  * Team upload.
+  * Add an autopkgtest that exposes problem in processing UTF-8 input
+  * Fix handling of UTF-8 content in manpages (Closes: #965294)
+
+ -- Antonio Terceiro   Sun, 19 Jul 2020 13:50:53 -0300
+
 ruby-ronn (0.8.0-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/fix-utf8-content.patch b/debian/patches/fix-utf8-content.patch
new file mode 100644
index 000..9f62756
--- /dev/null
+++ b/debian/patches/fix-utf8-content.patch
@@ -0,0 +1,24 @@
+From 0dc86b83ee27a20d8a9d7bd85f7022a2db403f2f Mon Sep 17 00:00:00 2001
+From: Matteo Bernardini 
+Date: Sun, 6 Oct 2019 19:04:04 +0200
+Subject: [PATCH] Fix regex encoding: don't assume Windows-31J encoding
+
+Source: https://github.com/apjanke/ronn-ng/pull/35
+
+---
+ lib/ronn/roff.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ronn/roff.rb b/lib/ronn/roff.rb
+index 7c56d2c..f313a95 100644
+--- a/lib/ronn/roff.rb
 b/lib/ronn/roff.rb
+@@ -351,7 +351,7 @@ def quote(text)
+ def write(text)
+   return if text.nil? || text.empty?
+   # lines cannot start with a '.'. insert zero-width character before.
+-  text = text.gsub(/\n\\\./s, "\n&\\.")
++  text = text.gsub(/\n\\\./, "\n&\\.")
+   buf_ends_in_newline = @buf.last && @buf.last[-1] == "\n"
+   @buf << '\&' if text[0, 2] == '\.' && buf_ends_in_newline
+   @buf << text
diff --git a/debian/patches/series b/debian/patches/series
index 701d377..ae4940f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ relax-dependencies.patch
 rename-to-ronn.patch
 fix-ordered-lists.patch
 fix-url-hyphenation.patch
+fix-utf8-content.patch
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..9f8c752
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,2 @@
+Tests: utf8
+Restrictions: superficial, allow-stderr
diff --git a/debian/tests/utf8 b/debian/tests/utf8
new file mode 100644
index 000..913cd36
--- /dev/null
+++ b/debian/tests/utf8
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -eu
+
+cd ${AUTOPKGTEST_TMP:-/tmp}
+
+cat >> utf8.7.ronn <

signature.asc
Description: PGP signature

Bug#965334: buster-pu: package ruby-ronn/0.8.0-2

[Antonio Terceiro]

On Sat, Jul 25, 2020 at 05:01:52PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2020-07-19 at 15:26 -0300, Antonio Terceiro wrote:
> > It was discovered that ronn fails to process input that contains UTF-
> > 8 characters due to a programming error
> > 
> 
> Please go ahead.

Uploaded, thanks.


signature.asc
Description: PGP signature

Re: Podman 3.0 and Debian bullseye

[Antonio Terceiro]

On Sun, Jan 24, 2021 at 08:02:26PM -0500, Reinhard Tartler wrote:
> Dear release-team,
> 
> I'm proposing to have podman 3.0 in debian/bullseye. As maintainer of the
> package, I'm convinced this is a good step for Debian because:
> 
>  - podman 3.0 will be included in RHEL 8.4, which will be released in May
> 2021. I expect security support for podman in Debian to become
> significantly simpler than let's say podman 2.2
>  - users have expressed interest in podman 2.2 or late (cf. #978650 and
> others)
>  - podman 3.0 implements enough of docker's REST API to support
> docker-compose (cf. https://www.redhat.com/sysadmin/podman-docker-compose)
>  - the salsa team has expressed interest in exploring podman to facilitate
> gitlab maintenance. I'd expect this update to make their lives
> significantly easier if included in the next stable release
> 
> Current concerns/risk:
> 
>  - Podman 3.0.0~rc1 was only just released, but I expect it to be released
> soon. After all, RHEL 8.4 is scheduled for May 2021
>  - Podman 3 drops the legacy varlink interface. To the best of my
> knowledge, there are no packages in debian/testing that would require
> varlink (please correct me if I'm wrong here). Not having to support
> varlink in Debian seems a support benefit, there is little to no love
> for it upstream.
>  - I've just uploaded podman 3.0 to debian/experimental, and is ready for
> wider testing. Uploading to unstable requires a couple of additional
> package updates in sid:
>- golang-github-containers-storage
>- golang-github-containers-image
>- golang-github-containers-common
>- golang-github-containers-buildah
> 
> I'm not really sure if this update required formal approval by the release
> team, but I'd really appreciate your input in any case.

FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
and haven't noticed anything wrong with it. I hope we can have that
version in bullseye.


signature.asc
Description: PGP signature

Re: Podman 3.0 and Debian bullseye

[Antonio Terceiro]

On Sat, Jan 30, 2021 at 05:29:37PM -0500, Reinhard Tartler wrote:
> On Sat, Jan 30, 2021 at 5:03 PM Antonio Terceiro 
> wrote:
> 
> > FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
> > and haven't noticed anything wrong with it. I hope we can have that
> > version in bullseye.
> >
> 
> 
> Me too.
> 
> Dear release team, do you have any opinion on this topic?

Based on previous similar discussions I have seem in the past, my guess
is that the RT doesn't care either way, as long as it doesn't' affect
the rest of the archive and that the maintainer(s) think it's the best
option for the stable release.


signature.asc
Description: PGP signature

Re: ruby-vcr: DFSG violation (Hippocratic license)

[Antonio Terceiro]

On Sun, Mar 07, 2021 at 11:01:16PM +0530, Pirate Praveen wrote:
> [adding release team]
> 
> On Sun, Mar 7, 2021 at 10:49 pm, Utkarsh Gupta  wrote:
> > Hi Praveen,
> > 
> > On Sun, Mar 7, 2021 at 10:15 PM Pirate Praveen
> >  wrote:
> > >  It looks like we will have to remove ruby-vcr and we will have to
> > >  disable tests for the following packages. I don't think there is
> > >  another way, thoughts?
> > 
> > Maybe worth opening an issue upstream and discuss the cons of this
> > change or something? Or if that doesn't work out
> > and we need this
> 
> I doubt discussing with upstream will yield any possitive outcome as this is
> a specific philosophical movement.
> 
> See https://github.com/vcr/vcr/pull/792
> and
> https://github.com/vcr/vcr/issues/804
> 
> > package or something, would forking be an option?
> 
> https://github.com/vcr/vcr/blob/master/CHANGELOG.md#510-feb-5-2020
> 
> We will have to go back to 5.0 and someone will have to maintain it
> independently.
> 
> Hi Release team,
> 
> Do you think this needs to be fixed before bullseye? If yes, do you agree to
> change the reverse dependencies listed in my previous message to this bug?

I don't think that will be needed. I reverted to 5.0.0 locally, added a
few patches, and at least all of our reverse dependencies seem to pass
their tests with it:


=  Testing reverse (build) dependencies


rebuild  nanoc   ... PASS
rebuild  ruby-coveralls  ... PASS
autopkgtest  ruby-faraday... PASS
rebuild  ruby-graphlient ... PASS
rebuild  ruby-mixlib-install ... PASS
rebuild  ruby-octokit... PASS

So in principle we could fix this issue without touching anything else.


signature.asc
Description: PGP signature

Re: ruby-vcr: DFSG violation (Hippocratic license)

[Antonio Terceiro]

On Mon, Mar 08, 2021 at 02:50:18PM +0530, Pirate Praveen wrote:
> 
> 
> On 2021, മാർച്ച് 8 1:24:48 AM IST, Antonio Terceiro  
> wrote:
[...]
> >I don't think that will be needed. I reverted to 5.0.0 locally, added a
> >few patches, and at least all of our reverse dependencies seem to pass
> >their tests with it:
> >
> >
> >=  Testing reverse (build) dependencies
> >
> >
> >rebuild  nanoc   ... PASS
> >rebuild  ruby-coveralls  ... PASS
> >autopkgtest  ruby-faraday... PASS
> >rebuild  ruby-graphlient ... PASS
> >rebuild  ruby-mixlib-install ... PASS
> >rebuild  ruby-octokit... PASS
> >
> >So in principle we could fix this issue without touching anything else.
> 
> Thanks. Are you waiting for an ack from release team to upload it?

No, I will upload it soon™.


signature.asc
Description: PGP signature

Bug#950655: buster-pu: package rubygems-integration/1.11+deb10u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Hello,

This update is part of a collaboration with upstream on their handling
of deprecations in the rubygems codebase. See
https://github.com/rubygems/rubygems/issues/3068 and the thread starting
at https://lists.debian.org/debian-ruby/2020/01/msg00015.html for
context.

In short: going forward, they want to only deprecate code on rubygems on
new releases of the ruby interpreter (~ once a year). But for this time,
there was a release where these warnings reached end users.

This is fixed by this update (patch attached). As you can see the patch
is pretty simple and harmless.
diff --git a/debian/changelog b/debian/changelog
index 272a6dc..b2d099a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+rubygems-integration (1.11+deb10u1) buster; urgency=medium
+
+  * Replace usage of Gem::ConfigMap with RbConfig::CONFIG
+
+ -- Antonio Terceiro   Tue, 04 Feb 2020 14:11:57 +0100
+
 rubygems-integration (1.11) unstable; urgency=medium
 
   [ Cédric Boutillier ]
diff --git a/lib/rubygems/defaults/operating_system.rb b/lib/rubygems/defaults/operating_system.rb
index 461cfe4..f68f029 100644
--- a/lib/rubygems/defaults/operating_system.rb
+++ b/lib/rubygems/defaults/operating_system.rb
@@ -7,7 +7,7 @@ class << Gem
 
   alias :upstream_default_dir :default_dir
   def default_dir
-File.join('/', 'var', 'lib', 'gems', Gem::ConfigMap[:ruby_version])
+File.join('/', 'var', 'lib', 'gems', RbConfig::CONFIG["ruby_version"])
   end
 
   alias :upstream_default_bindir :default_bindir
@@ -26,8 +26,8 @@ class << Gem
   extra_path = File.join('/usr/share/rubygems-integration', '2.2')
 end
 
-arch = Gem::ConfigMap[:arch]
-api_version = Gem::ConfigMap[:ruby_version]
+arch = RbConfig::CONFIG["arch"]
+api_version = RbConfig::CONFIG["ruby_version"]
 
 upstream_default_path + [
   "/usr/lib/#{arch}/rubygems-integration/#{api_version}",


signature.asc
Description: PGP signature

Bug#952792: RM: chef/13.8.7-6

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-CC: stefa...@debian.org, debian-r...@lists.debian.org

Please remove chef from testing. It's marked for autoremoval due to a RC
bug; fixing the RC bug will take a while (needs a new upstream release
which needs a few new dependencies to be packaged), it's blocking other
stuff from migrating to testing.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#952792: closed by Ivo De Decker (remove chef)

[Antonio Terceiro]

Control: reopen -1

> Date: Sat, 29 Feb 2020 13:25:33 +
> From: Ivo De Decker 
> To: 952792-d...@bugs.debian.org
> Subject: remove chef
> Message-Id: 
> 
> Added removal hint for chef.

Hello,

I just noticed that I failed to check for reverse (build) dependencies.
So please also remove the following packages from testing:

foodcritic
ohai
ruby-cheffish
ruby-knife-acl
ruby-ridley

These are all part of the chef ecosystem, so we are not breaking
unrelated software.


signature.asc
Description: PGP signature

Bug#950655: #950655: buster-pu: package rubygems-integration/1.11+deb10u1

[Antonio Terceiro]

On Tue, Feb 04, 2020 at 02:44:28PM +0100, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hello,
> 
> This update is part of a collaboration with upstream on their handling
> of deprecations in the rubygems codebase. See
> https://github.com/rubygems/rubygems/issues/3068 and the thread starting
> at https://lists.debian.org/debian-ruby/2020/01/msg00015.html for
> context.
> 
> In short: going forward, they want to only deprecate code on rubygems on
> new releases of the ruby interpreter (~ once a year). But for this time,
> there was a release where these warnings reached end users.
> 
> This is fixed by this update (patch attached). As you can see the patch
> is pretty simple and harmless.

> diff --git a/debian/changelog b/debian/changelog
> index 272a6dc..b2d099a 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +rubygems-integration (1.11+deb10u1) buster; urgency=medium
> +
> +  * Replace usage of Gem::ConfigMap with RbConfig::CONFIG
> +
> + -- Antonio Terceiro   Tue, 04 Feb 2020 14:11:57 +0100
> +
>  rubygems-integration (1.11) unstable; urgency=medium
>  
>[ Cédric Boutillier ]
> diff --git a/lib/rubygems/defaults/operating_system.rb 
> b/lib/rubygems/defaults/operating_system.rb
> index 461cfe4..f68f029 100644
> --- a/lib/rubygems/defaults/operating_system.rb
> +++ b/lib/rubygems/defaults/operating_system.rb
> @@ -7,7 +7,7 @@ class << Gem
>  
>alias :upstream_default_dir :default_dir
>def default_dir
> -File.join('/', 'var', 'lib', 'gems', Gem::ConfigMap[:ruby_version])
> +File.join('/', 'var', 'lib', 'gems', RbConfig::CONFIG["ruby_version"])
>end
>  
>alias :upstream_default_bindir :default_bindir
> @@ -26,8 +26,8 @@ class << Gem
>extra_path = File.join('/usr/share/rubygems-integration', '2.2')
>  end
>  
> -arch = Gem::ConfigMap[:arch]
> -api_version = Gem::ConfigMap[:ruby_version]
> +arch = RbConfig::CONFIG["arch"]
> +api_version = RbConfig::CONFIG["ruby_version"]
>  
>  upstream_default_path + [
>"/usr/lib/#{arch}/rubygems-integration/#{api_version}",

ping


signature.asc
Description: PGP signature

Bug#844161: jessie-pu: package redmine/3.0~20140825-8~deb8u4

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi,

I would like to update redmine in jessie.

redmine (3.0~20140825-8~deb8u4) jessie; urgency=medium

  * debian/postinst: handle dependency check failure when triggered, to avoid
breaking in the middle of dist-upgrades.
  * gemfile-adjustments.patch: avoid opening database configuration that are
not readable (Closes: #826663)

 -- Antonio Terceiro   Sat, 12 Nov 2016 19:00:15 -0200

full diff attached

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index ec0e42a..9a894b7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+redmine (3.0~20140825-8~deb8u4) jessie; urgency=medium
+
+  * debian/postinst: handle dependency check failure when triggered, to avoid
+breaking in the middle of dist-upgrades.
+  * gemfile-adjustments.patch: avoid opening database configuration that are
+not readable (Closes: #826663)
+
+ -- Antonio Terceiro   Sat, 12 Nov 2016 19:00:15 -0200
+
 redmine (3.0~20140825-8~deb8u3) jessie; urgency=medium
 
   * gemfile-adjustments.patch: load all database drivers for all Redmine
diff --git a/debian/patches/gemfile-adjustments.patch b/debian/patches/gemfile-adjustments.patch
index 0db0aa3..f38d5e3 100644
--- a/debian/patches/gemfile-adjustments.patch
+++ b/debian/patches/gemfile-adjustments.patch
@@ -45,7 +45,7 @@
 -if File.exist?(database_file)
 +seen_adapters = {}
 +Dir['{config,/etc/redmine/*}/database.yml'].select do |f|
-+  File.exists?(f)
++  File.readable?(f)
 +end.each do |database_file|
database_config = YAML::load(ERB.new(IO.read(database_file)).result)
adapters = database_config.values.map {|c| c['adapter']}.compact.uniq
diff --git a/debian/postinst b/debian/postinst
index 0abb494..2990058 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -12,7 +12,25 @@ RAKE_VERBOSE=false
 
 # update Gemfile.lock, always
 rm -f /var/lib/redmine/Gemfile.lock
-(cd /usr/share/redmine && bundle --local --quiet)
+cd /usr/share/redmine
+if ! bundle --local --quiet; then
+  if [ "$1" = "triggered" ]; then
+# probably triggered in the middle of an system upgrade; ignore failure
+# but abort here
+echo "#"
+echo "# Failed to detect redmine dependencies; if you are in the middle of an #"
+echo "# upgrade, this is probably fine, there will be another attempt later.  #"
+echo "#   #"
+echo "# If you are NOT in the middle of an upgrade, there is probably a real  #"
+echo "# issue. Please report a bug.   #"
+echo "#"
+exit 0
+  else
+# something is really broken
+exit 1
+  fi
+fi
+cd - >/dev/null
 chown www-data:www-data /var/lib/redmine/Gemfile.lock
 
 # remove and purge old instances each time postinst is called


signature.asc
Description: PGP signature

Bug#844161: jessie-pu: package redmine/3.0~20140825-8~deb8u4

[Antonio Terceiro]

On Sun, Nov 13, 2016 at 09:47:05AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2016-11-12 at 19:05 -0200, Antonio Terceiro wrote:
> > redmine (3.0~20140825-8~deb8u4) jessie; urgency=medium
> > 
> >   * debian/postinst: handle dependency check failure when triggered, to 
> > avoid
> > breaking in the middle of dist-upgrades.
> >   * gemfile-adjustments.patch: avoid opening database configuration that are
> > not readable (Closes: #826663)
> 
> Please go ahead.

Uploaded, thanks


signature.asc
Description: PGP signature

Bug#845564: jessie-pu: package lxc/1:1.0.6-6+deb8u5

[Antonio Terceiro]

On Sat, Dec 10, 2016 at 09:46:38PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Thu, 2016-11-24 at 17:59 +0100, Evgeni Golov wrote:
> > even if lxc/1:1.0.6-6+deb8u4 did not reach stable yet (see #844150),
> > we would like to fix another bug in stable:
> >  #845465 aka CVE-2016-8649: attach: do not send procfd to attached process
> > it was marked as non-dsa by the security team as it is not exploitable
> > in the default config we ship in Jessie, yet it would be nice to have it 
> > fixed.
> 
> Please go ahead.

Just uploaded.


signature.asc
Description: PGP signature

Re: Let autopkgtests be gating for testing migration in Buster: heads-up and brain-dump

[Antonio Terceiro]

On Tue, Dec 20, 2016 at 09:20:34PM +0100, Paul Gevers wrote:
> Hi all,
> 
> I already started this discussion on IRC (in both #debci and
> #debian-release), but for future reference, and some brain-dump I want
> to continue on the lists.
> 
> As most of you have probably noticed by now, I have taken up the task to
> have Debian let debci/autopkgtest results be gating for
> unstable-to-testing migration (very similar to what Ubuntu already does
> for -proposed-to- migration). I would really love to
> see this happen early in the Buster release cycle. I have started a wiki
> page¹ to document the requirements and the (outcome of the) discussions.
> I'll try to keep that up-to-date with as we progress. As it is a wiki,
> feel free to contribute anything that isn't controversial.
> 
> As I currently see it, from discussion with multiple of you, there are
> three pieces that need to play together in Debian:
> 1) autopkgtest: the testing platform
> 2) debci: the Debian CI worker
> 3) britney: where the migration policy is implemented and enforced
> 
> Currently debci is testing packages in unstable. But similar to what
> Ubuntu is doing, I think that for this purpose we actually want to test
> in testing with only the possible candidate (and if needed it's
> dependencies) from unstable. Luckily, autopkgtest is nearly able to do
> that, except it needs to support Debian suites instead of only Ubuntu's
> "pockets".
> 
> Apart from testing testing (no typo), and again copying Ubuntu, I think
> we want to run the test suites of the candidate *and* of all the reverse
> dependencies that have test suites. This way, you'll see when a
> candidate deteriorates testing. For this, debci need some changes: it
> needs a testing suite environment and it needs to call autopkgtest with
> the additional arguments. To enable debci to know *what* should be
> tested, britney must communicate to debci.
> 
> Finally, of course, britney needs to be aware of debci results and take
> them into account during judgment.
> 
> I think the logical order to for me to tackle (I mean, create the code)
> this is:
> 0) figure out how to test all of this without breaking the real
> instances (hints more than welcome).
> 1) fix autopkgtest to enable --apt-suite (next to the current --apt-pocket)
> In parallel:
> 2a) getting a testing suite up for debci and extend debci to be aware of
> the additional arguments for autopkgtest
> 2b) let britney generate a list of tests it would like to perform
> 2c) align on the transfer mechanism between britney(1) and debci
> 3) enable debci to swallow the commands from britney
> 4) enable the policy in britney
> 
> Opinions? Other ideas?
> 
> If not too many objections, I'll start with 0 and 1. And I sincerely
> hope that Antonio wants to help with 2a, but I'd like to hear his
> thoughts first.

Sure. My main concern here is knowing exactly what the interface between
britney and debci is going to be. Obviously we don't want a circular
dependency, so it seems that you are going towards britney knowing how
to deal with debci, and not the other way around.

On the debci side, we would need:

- when testing to see if package X can be let into testing, britney
  needs a way to say a) "test package X from unstable on a testing base"
  and b) "test package Y from testing with X from unstable".

  there would be one Y for each of the reverse dependencies of X, and
  that list would be generated by britney, I assume.

- a way for britney to "inject" these test requests, and a way for it to
  get their results back. This would probably require having some sort
  of identifier generated by britney that can be used by later to match
  the request to the results.

Does that make sense?


signature.asc
Description: PGP signature

Bug#854072: unblock: vagrant-mutate/1.2.0-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package vagrant-mutate

This update fixes a RC bug, adds a DEP-8 smoke test, and adds a missing
dependency on vagrant. the debdiff against the version currently in
testing is attached.

unblock vagrant-mutate/1.2.0-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru vagrant-mutate-1.2.0/debian/changelog vagrant-mutate-1.2.0/debian/changelog
--- vagrant-mutate-1.2.0/debian/changelog	2016-09-24 15:27:25.0 -0300
+++ vagrant-mutate-1.2.0/debian/changelog	2017-02-02 11:47:08.0 -0200
@@ -1,3 +1,12 @@
+vagrant-mutate (1.2.0-3) unstable; urgency=medium
+
+  * Team upload.
+  * debian/rules: install using the Rubygems layout (Closes: #853962)
+  * Add dependency on vagrant
+  * Add DEP-8 smoke test
+
+ -- Antonio Terceiro   Thu, 02 Feb 2017 11:47:08 -0200
+
 vagrant-mutate (1.2.0-2) unstable; urgency=medium
 
   * requires qemu-img from qemu-utils to work
diff -Nru vagrant-mutate-1.2.0/debian/control vagrant-mutate-1.2.0/debian/control
--- vagrant-mutate-1.2.0/debian/control	2016-09-24 15:22:21.0 -0300
+++ vagrant-mutate-1.2.0/debian/control	2017-02-02 11:47:08.0 -0200
@@ -19,6 +19,7 @@
 XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  qemu-utils,
+ vagrant,
  ${misc:Depends},
  ${shlibs:Depends}
 Description: convert vagrant boxes to work with different providers
diff -Nru vagrant-mutate-1.2.0/debian/rules vagrant-mutate-1.2.0/debian/rules
--- vagrant-mutate-1.2.0/debian/rules	2016-09-05 15:31:29.0 -0300
+++ vagrant-mutate-1.2.0/debian/rules	2017-02-02 11:47:08.0 -0200
@@ -3,6 +3,7 @@
 include /usr/share/dpkg/default.mk
 
 export GEM2DEB_TEST_RUNNER = --check-dependencies
+export DH_RUBY = --gem-install
 
 %:
 	dh $@ --buildsystem=ruby --with ruby
diff -Nru vagrant-mutate-1.2.0/debian/tests/control vagrant-mutate-1.2.0/debian/tests/control
--- vagrant-mutate-1.2.0/debian/tests/control	1969-12-31 21:00:00.0 -0300
+++ vagrant-mutate-1.2.0/debian/tests/control	2017-02-02 11:47:08.0 -0200
@@ -0,0 +1,2 @@
+Tests: virtualbox2libvirt
+Depends: @, distro-info
diff -Nru vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt
--- vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt	1969-12-31 21:00:00.0 -0300
+++ vagrant-mutate-1.2.0/debian/tests/virtualbox2libvirt	2017-02-02 11:47:08.0 -0200
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+exec 2>&1
+set -exu
+
+release=$(debian-distro-info --stable)
+box=debian/${release}64
+
+if [ -z "${ADTTMP:-}" ]; then
+  ADTTMP=$(mktemp -d)
+  trap "rm -rf $ADTTMP" INT TERM EXIT
+fi
+
+vagrant plugin list
+vagrant global-status
+
+vagrant box add --force --provider virtualbox $box
+vagrant mutate $box libvirt


signature.asc
Description: PGP signature

Bug#815356: jessie-pu: package ruby-standalone/0.5+deb8u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

I would like to upload a stable update for ruby-standalone, that makes
it work correctly with bundler, which is a very important use case.

For unstable, this has been fixed in 0.6.

The diff is attached.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro 
diff --git a/Makefile b/Makefile
index dfe3f10..edb210b 100644
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,7 @@ else
 	PREFIX = /usr
 	RUBYLIB = $(shell ruby -e 'puts RbConfig::CONFIG["vendordir"]')
 endif
+RUBY_INSTALL_NAME = $(shell ruby -e 'puts RbConfig::CONFIG["ruby_install_name"]')
 BINSTUBS := $(shell dpkg -L ruby | grep /usr/bin/ | xargs -n 1 basename)
 BINSTUBS := $(subst ruby,,$(BINSTUBS))
 BINARIES = ruby $(BINSTUBS)
@@ -49,6 +50,7 @@ install: all
 	install -d $(DESTDIR)$(RUBYLIB)
 	install -d $(DESTDIR)$(PREFIX)/share/man/man1
 	install -m 0755 $(BINARIES) $(EXTRA_BINARIES) $(DESTDIR)$(PREFIX)/lib/ruby-standalone/bin
+	ln -sfT ruby $(DESTDIR)$(PREFIX)/lib/ruby-standalone/bin/$(RUBY_INSTALL_NAME)
 	install -m 0755 ruby-standalone $(DESTDIR)/$(PREFIX)/bin
 	install -m 0644 debian_ruby_standalone.rb $(DESTDIR)$(RUBYLIB)
 	install -m 0644 debian_ruby_standalone_config.rb $(DESTDIR)$(RUBYLIB)
diff --git a/debian/changelog b/debian/changelog
index 721b8ac..2004b22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+ruby-standalone (0.5+deb8u1) jessie; urgency=medium
+
+  * Install `rubyX.Y` as a link to `ruby` so that binaries installed by
+bundler work. (Bundler forces Rubygems to use a shebang like `/usr/bin/env
+rubyX.Y`).
+
+ -- Antonio Terceiro   Sat, 20 Feb 2016 21:41:13 -0200
+
 ruby-standalone (0.5) unstable; urgency=medium
 
   * Force shebang of installed scripts to use the ruby from ruby-standalone


signature.asc
Description: PGP signature

Bug#815356: jessie-pu: package ruby-standalone/0.5+deb8u1

[Antonio Terceiro]

On Sun, Feb 21, 2016 at 10:36:34AM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2016-02-20 at 22:05 -0200, Antonio Terceiro wrote:
> > I would like to upload a stable update for ruby-standalone, that makes
> > it work correctly with bundler, which is a very important use case.
> 
> Please go ahead.

just uploaded; thanks.


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

On Tue, Feb 02, 2016 at 06:56:27PM +0100, Emilio Pozuelo Monfort wrote:
> On 30/01/16 19:18, Antonio Terceiro wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > 
> > Hi,
> > 
> > We want to ship ruby2.3 in stretch, so we must start the transition now.
> > The Ruby transitions are done in phases, as described in
> > 
> > https://wiki.debian.org/Teams/Ruby/InterpreterTransitions
> > 
> > We are now in phase 1: I have just uploaded ruby-defaults enabling
> > builds against ruby2.3 (besides ruby2.2) to experimental, and we will
> > start test rebuilds ASAP. I am filing this bug now to keep this
> > transition under the radar of both the Release and Ruby teams.
> > 
> > Ben file:
> > 
> > title = "ruby2.3";
> > is_affected = .depends ~ "libruby2.2" | .depends ~ "libruby2.3";
> > is_good = .depends ~ "libruby2.3";
> > is_bad = ! .depends ~ "libruby2.3";
> > 
> > Note about the ben file statements above: at this stage, packages will
> > gain ruby2.3 support but won't lose support for ruby2.2, so "bad"
> > packages are indeed just the ones that don't have ruby2.3 support yet.
> > 
> > I will let you know when we are ready to begin rebuilds on unstable, but
> > before even uploading ruby-defaults enabling ruby2.3 builds there.
> 
> OK.
> 
> I have created a tracker for you at:
> 
> https://release.debian.org/transitions/html/ruby2.3.html

I would like to add support for building for ruby2.3 in unstable. That
means uploading the version of ruby-defaults in experimental to
unstable.

The number of FTBFS in arch:any packages against ruby2.3 support is fairly 
small:

libguestfs
remctl
ruby-blockenspiel
ruby-fssm
ruby-gsl
ruby-kakasi-ffi
ruby-monkey-lib
ruby-mysql2
ruby-oj
ruby-rjb
ruby-zoom
zeroc-ice

I'll make sure to report bugs against those packages before uploading
ruby-defaults. Once ruby-defaults is uploaded, I already have a list of
packages to binNMU.

Also, could you please drop the "lib" prefixes from the ben file? I
noted that some packages depend directly on the interpreter packages
("rubyX.Y"), so we also need to track those.

For the Ruby team: I am tracking these rebuilds at
https://pkg-ruby-extras.alioth.debian.org/rebuilds/ruby2.3/


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

Hi,

On Wed, Feb 24, 2016 at 06:44:52PM +0100, Emilio Pozuelo Monfort wrote:
> Control: tags -1 confirmed
> 
> On 24/02/16 11:38, Antonio Terceiro wrote:
[...]
> > I would like to add support for building for ruby2.3 in unstable. That
> > means uploading the version of ruby-defaults in experimental to
> > unstable.
> 
> Let's do that.

Just uploaded.

Nice people of the Ruby team: we will now start to see a few FTBFS
issues. I have been doing test rebuilds, and a list of packages that
currenly fail can be seen at the following address:

  https://pkg-ruby-extras.alioth.debian.org/rebuilds/ruby2.3/#FAIL

I will appreciate if anyone can help with proper bug reporting for those
issues (which are now RC). If you can help, please let me know so we
don't duplicate efforts.

> > The number of FTBFS in arch:any packages against ruby2.3 support is fairly 
> > small:
> > 
> > libguestfs
> > remctl
> > ruby-blockenspiel
> > ruby-fssm
> > ruby-gsl
> > ruby-kakasi-ffi
> > ruby-monkey-lib
> > ruby-mysql2
> > ruby-oj
> > ruby-rjb
> > ruby-zoom
> > zeroc-ice
> > 
> > I'll make sure to report bugs against those packages before uploading
> > ruby-defaults. Once ruby-defaults is uploaded, I already have a list of
> > packages to binNMU.
> 
> Cool.

Some of the failures above have already been fixed. Please binNMU the
following packages:

qdbm
raspell
rrdtool
ruby-allocations
ruby-atomic
ruby-augeas
ruby-bcrypt
ruby-bdb
ruby-bert
ruby-bluecloth
ruby-bson-ext
ruby-byebug
ruby-cairo
ruby-charlock-holmes
ruby-curb
ruby-dataobjects-mysql
ruby-dataobjects-postgres
ruby-dataobjects-sqlite3
ruby-debian
ruby-debug-inspector
ruby-defaults
ruby-eb
ruby-escape-utils
ruby-eventmachine
ruby-exif
ruby-fast-stemmer
ruby-fast-xs
ruby-fcgi
ruby-ferret
ruby-ffi
ruby-ffi-yajl
ruby-filesystem
ruby-fusefs
ruby-gd
ruby-god
ruby-gpgme
ruby-hiredis
ruby-hitimes
ruby-json
ruby-kgio
ruby-kyotocabinet
ruby-ldap
ruby-levenshtein
ruby-libvirt
ruby-libxml
ruby-mecab
ruby-multimap
ruby-mysql2
ruby-narray
ruby-ncurses
ruby-nfc
ruby-nio4r
ruby-nokogiri
ruby-odbc
ruby-oily-png
ruby-ox
ruby-pcaprub
ruby-pg
ruby-posix-spawn
ruby-rdiscount
ruby-re2
ruby-redcarpet
ruby-redcloth
ruby-rinku
ruby-rjb
ruby-rmagick
ruby-rpatricia
ruby-rugged
ruby-sdl
ruby-sequel-pg
ruby-serialport
ruby-shadow
ruby-sigar
ruby-termios
ruby-timfel-krb5-auth
ruby-tioga
ruby-tokyocabinet
ruby-uconv
ruby-unf-ext
ruby-unicode
ruby-version-sorter
ruby-websocket-driver
ruby-xmlhash
ruby-xmlparser
ruby-yajl
stfl
weechat
xmms2

> > Also, could you please drop the "lib" prefixes from the ben file? I
> > noted that some packages depend directly on the interpreter packages
> > ("rubyX.Y"), so we also need to track those.
> 
> Done. Only one package was added though (ruby-standalone).

Thanks. That was exactly the one that motivated the request, and TBH
it being the only one is very good news. :)


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

Hi,

On Fri, Feb 26, 2016 at 04:27:09PM +0100, Emilio Pozuelo Monfort wrote:
> On 26/02/16 00:47, Antonio Terceiro wrote:
> > Some of the failures above have already been fixed. Please binNMU the
> > following packages:
> 
> Scheduled.

Thanks. All of the builds seem to have finished, but for some reason the
transtion page still lists several of the packages in an "unknown"
state, even though the rebuilt packages are already in the archive for a
while. Any idea why is that?

The next round of binNMUs is:

hyperestraier
remctl
ruby-dep-selector
ruby-fftw3
ruby-gherkin
ruby-github-markdown
ruby-gnome2
ruby-grib
ruby-hdfeos5
ruby-hpricot
ruby-http-parser.rb
ruby-lapack
ruby-mpi
ruby-msgpack
ruby-multibitnums
ruby-netcdf
ruby-nokogumbo
ruby-password
ruby-raindrops
ruby-rpam-ruby19
ruby-sqlite3
thin


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

On Sun, Feb 28, 2016 at 10:19:51PM +0100, Emilio Pozuelo Monfort wrote:
> On 28/02/16 16:26, Antonio Terceiro wrote:
> > Hi,
> > 
> > On Fri, Feb 26, 2016 at 04:27:09PM +0100, Emilio Pozuelo Monfort wrote:
> >> On 26/02/16 00:47, Antonio Terceiro wrote:
> >>> Some of the failures above have already been fixed. Please binNMU the
> >>> following packages:
> >>
> >> Scheduled.
> > 
> > Thanks. All of the builds seem to have finished, but for some reason the
> > transtion page still lists several of the packages in an "unknown"
> > state, even though the rebuilt packages are already in the archive for a
> > while. Any idea why is that?
> 
> Those "?!" are supposed to mean both is_good and is_bad match. Taking ruby-god
> for example:
> 
> The "god" package has:
> 
> Depends: ruby-god
> 
> That matches is_bad
> 
> The "ruby-god" package has:
> 
> Depends: libc6 (>= 2.4), libgmp10, libruby2.2 (>= 2.2.0~1) | libruby2.3 (>=
> 2.3.0~preview2), ruby (>= 1:2.2) | ruby (>= 1:2.3~0)
> 
> That matches is_good.
> 
> Hence both is_good and is_bad match.

ah right, that makes sense.

> This could be solved in this tracker by changing is_bad to:
> 
> is_bad = .depends ~ /ruby2.2/ & ! .depends ~ /ruby2.3/;
> 
> I've done that, the tracker looks better now.

thanks, I have documented in the "ruby transition howto"¹ the correct
ben parameters to do it right from the start next time. :)

¹ https://wiki.debian.org/Teams/Ruby/InterpreterTransitions

> > The next round of binNMUs is:
[...]
> 
> Scheduled.

cool, I will keep an eye there.

-- 
Antonio Terceiro 


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3: another round of binNMUs

[Antonio Terceiro]

Hi,

Please binNMU the following packages:

unicorn
ruby-oj
passenger

I will now test the switch to ruby2.3 as default in experimental, and
test rebuilding all the missing packages, which are supposed to only
link against the default Ruby.

-- 
Antonio Terceiro 


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

On Mon, Feb 29, 2016 at 11:48:12PM +0100, Emilio Pozuelo Monfort wrote:
> On 29/02/16 15:50, Christian Hofstaedtler wrote:
> > Emilio,
> > 
> > * Emilio Pozuelo Monfort  [160224 19:03]:
> > 
> >>> ruby-zoom
> > 
> > Could you try a g-b on mipsel for this?
> 
> Done.

Thanks; can you also please binNMU mapserver on amd64?


signature.asc
Description: PGP signature

Bug#813237: transition: ruby2.3

[Antonio Terceiro]

On Wed, Mar 02, 2016 at 05:10:54PM +0100, Emilio Pozuelo Monfort wrote:
> On 02/03/16 13:25, Christian Hofstaedtler wrote:
> > Emilio,
> > 
> > I think we're quite close to be able to drop 2.2 - it's already in
> > experimental, we're quite confident it works, etc.
> > 
> > Right now we know that uwsgi and weechat will need manual fixing and
> > there are open bugs against them (#816315, #816312).
> > 
> > When do you think it would be ok for us to drop 2.2? We'll need
> > another round of binNMUs for all the packages listed on the tracker.
> > (We're running another test rebuild of those right now.)
> 
> You can go ahead.

So I have uploaded ruby-defaults making the switch on unstable earlier
today. Please binNMU the following packages:

broccoli-ruby
geos
graphviz
marisa
ngraph-gtk
notmuch
qtruby
redland-bindings
ruby-standalone
rubyluabridge
subversion
treil
vim
vim-command-t
libguestfs

-- 
Antonio Terceiro 


signature.asc
Description: PGP signature

Bug#819933: jessie-pu: package redmine/3.0~20140825-8~deb8u3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

This fixes an issue when upgrading from 3.0~20140825-5 (original version
release with jessie) to any of the later stable updates, when there are
multiple redmine instances or when the `default` has been removed.

This has been fixed in unstable on 3.2.1-2. The diff for jessie is
attached.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro 
diff --git a/debian/changelog b/debian/changelog
index c4db2f7..ec0e42a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+redmine (3.0~20140825-8~deb8u3) jessie; urgency=medium
+
+  * gemfile-adjustments.patch: load all database drivers for all Redmine
+instances (Closes: #819815)
+
+ -- Antonio Terceiro   Sun, 03 Apr 2016 20:47:00 -0300
+
 redmine (3.0~20140825-8~deb8u2) jessie-security; urgency=high
 
   * Security update. Includes fixes for the following vulnerabilities:
diff --git a/debian/patches/gemfile-adjustments.patch b/debian/patches/gemfile-adjustments.patch
index 3a2f6e1..0db0aa3 100644
--- a/debian/patches/gemfile-adjustments.patch
+++ b/debian/patches/gemfile-adjustments.patch
@@ -37,24 +37,33 @@
end
  end
  
-@@ -46,8 +46,11 @@ end
+@@ -46,12 +46,16 @@ end
  # configuration file
  require 'erb'
  require 'yaml'
 -database_file = File.join(File.dirname(__FILE__), "config/database.yml")
 -if File.exist?(database_file)
-+# FIXME duplicating logic in config/application.rb
-+ENV['X_DEBIAN_SITEID'] ||= 'default'
-+ENV['RAILS_ETC'] = "/etc/redmine/#{ENV['X_DEBIAN_SITEID']}"
-+database_file = File.join(ENV['RAILS_ETC'], "database.yml")
-+if File.readable?(database_file)
++seen_adapters = {}
++Dir['{config,/etc/redmine/*}/database.yml'].select do |f|
++  File.exists?(f)
++end.each do |database_file|
database_config = YAML::load(ERB.new(IO.read(database_file)).result)
adapters = database_config.values.map {|c| c['adapter']}.compact.uniq
if adapters.any?
-@@ -78,21 +81,6 @@ else
-   warn("Please configure your config/database.yml first")
- end
- 
+ adapters.each do |adapter|
++  next if seen_adapters[adapter]
++  seen_adapters[adapter] = true
+   case adapter
+   when 'mysql2'
+ gem "mysql2", "~> 0.3.11", :platforms => [:mri, :mingw]
+@@ -74,23 +78,6 @@ if File.exist?(database_file)
+   else
+ warn("No adapter found in config/database.yml, please configure it first")
+   end
+-else
+-  warn("Please configure your config/database.yml first")
+-end
+-
 -group :development do
 -  gem "rdoc", ">= 2.4.2"
 -  gem "yard"
@@ -68,8 +77,6 @@
 -  # For running UI tests
 -  gem "capybara", "~> 2.1.0"
 -  gem "selenium-webdriver"
--end
--
+ end
+ 
  local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
- if File.exists?(local_gemfile)
-   eval_gemfile local_gemfile


signature.asc
Description: PGP signature

Bug#819933: jessie-pu: package redmine/3.0~20140825-8~deb8u3

[Antonio Terceiro]

On Wed, Apr 06, 2016 at 09:37:34PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2016-04-03 at 21:17 -0300, Antonio Terceiro wrote:
> > This fixes an issue when upgrading from 3.0~20140825-5 (original version
> > release with jessie) to any of the later stable updates, when there are
> > multiple redmine instances or when the `default` has been removed.
> > 
> > This has been fixed in unstable on 3.2.1-2. The diff for jessie is
> > attached.
> 
> Please go ahead.

Just uploaded.


signature.asc
Description: PGP signature

Bug#827781: jessie-pu: package lxc/1:1.0.6-6+deb8u3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

After init 1.34 dropped the `Essential: yes` bit, debootstrap will
produce systems that by default do not have /sbin/init (as intended).
This makes, however, lxc from jessie not able to produce a working
stretch/sid container.

This has been fixed in 1:2.0.1-2 on unstable.

Patch attached.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Antonio Terceiro 
diff --git a/debian/changelog b/debian/changelog
index e7a2e1f..3902cc0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lxc (1:1.0.6-6+deb8u3) jessie; urgency=medium
+
+  * 0023-lxc-debian-make-sure-init-is-installed.patch: make sure stretch/sid
+containers have an init system, after init 1.34 dropped the `Essential:
+    yes` header.
+
+ -- Antonio Terceiro   Mon, 20 Jun 2016 16:58:05 -0300
+
 lxc (1:1.0.6-6+deb8u2) jessie-security; urgency=high
 
   * CVE-2015-1335: prevent local container administrator from escaping
diff --git a/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch b/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch
new file mode 100644
index 000..4e55f91
--- /dev/null
+++ b/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch
@@ -0,0 +1,22 @@
+From 55bd6688ec22f55f895cde1dfd060132b7e12b28 Mon Sep 17 00:00:00 2001
+From: Antonio Terceiro 
+Date: Fri, 17 Jun 2016 19:00:56 -0300
+Subject: [PATCH] lxc-debian: make sure init is installed
+
+init 1.34 is not "Essential" anymore, in order to make it not required
+on minimal chroots, docker containers, etc. Because of that we know need
+to manually include it on systems that are expected to boot.
+---
+ templates/lxc-debian.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -207,6 +207,7 @@ cleanup()
+ download_debian()
+ {
+ packages=\
++init,\
+ ifupdown,\
+ locales,\
+ libui-dialog-perl,\
diff --git a/debian/patches/series b/debian/patches/series
index 0f054c0..11f5062 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,4 @@
 0020-CVE-2015-1335.patch
 0021-CVE-2015-1335-2.patch
 0022-CVE-2015-1335-3.patch
+0023-lxc-debian-make-sure-init-is-installed.patch


signature.asc
Description: PGP signature

Bug#827781: jessie-pu: package lxc/1:1.0.6-6+deb8u3

[Antonio Terceiro]

On Tue, Jun 28, 2016 at 12:16:21PM +0200, Julien Cristau wrote:
> Control: tag -1 confirmed
> 
> On Mon, Jun 20, 2016 at 17:26:33 -0300, Antonio Terceiro wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > Tags: jessie
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > After init 1.34 dropped the `Essential: yes` bit, debootstrap will
> > produce systems that by default do not have /sbin/init (as intended).
> > This makes, however, lxc from jessie not able to produce a working
> > stretch/sid container.
> > 
> > This has been fixed in 1:2.0.1-2 on unstable.
> > 
> > Patch attached.
> > 
> Ack.  Please go ahead.

Hi, actually I was just made aware of a regression: including `init` in
the package list breaks the creation of wheezy containers because `init`
did not exist then. The regression was fixed in 1:2.0.1-3 just uploaded
to unstable.

The updated diff is attached.

the included patch is the same as the current version in unstable, only
adding `squeeze` to the special cases since the lxc version in jessie
still supports creating squeeze containers, while the one in unstable
has dropped support for squeeze a while ago.
diff --git a/debian/changelog b/debian/changelog
index e7a2e1f..3902cc0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+lxc (1:1.0.6-6+deb8u3) jessie; urgency=medium
+
+  * 0023-lxc-debian-make-sure-init-is-installed.patch: make sure stretch/sid
+    containers have an init system, after init 1.34 dropped the `Essential:
+yes` header.
+
+ -- Antonio Terceiro   Mon, 20 Jun 2016 16:58:05 -0300
+
 lxc (1:1.0.6-6+deb8u2) jessie-security; urgency=high
 
   * CVE-2015-1335: prevent local container administrator from escaping
diff --git a/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch b/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch
new file mode 100644
index 000..35480bf
--- /dev/null
+++ b/debian/patches/0023-lxc-debian-make-sure-init-is-installed.patch
@@ -0,0 +1,31 @@
+From 55bd6688ec22f55f895cde1dfd060132b7e12b28 Mon Sep 17 00:00:00 2001
+From: Antonio Terceiro 
+Date: Fri, 17 Jun 2016 19:00:56 -0300
+Subject: [PATCH] lxc-debian: make sure init is installed
+
+init 1.34 is not "Essential" anymore, in order to make it not required
+on minimal chroots, docker containers, etc. Because of that we know need
+to manually include it on systems that are expected to boot.
+---
+ templates/lxc-debian.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -206,7 +206,16 @@ cleanup()
+ 
+ download_debian()
+ {
++case "$release" in
++  squeeze|wheezy)
++init=sysvinit
++;;
++  *)
++init=init
++;;
++esac
+ packages=\
++$init,\
+ ifupdown,\
+ locales,\
+ libui-dialog-perl,\
diff --git a/debian/patches/series b/debian/patches/series
index 0f054c0..11f5062 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,4 @@
 0020-CVE-2015-1335.patch
 0021-CVE-2015-1335-2.patch
 0022-CVE-2015-1335-3.patch
+0023-lxc-debian-make-sure-init-is-installed.patch


signature.asc
Description: PGP signature

Bug#827781: jessie-pu: package lxc/1:1.0.6-6+deb8u3

[Antonio Terceiro]

On Tue, Jul 12, 2016 at 09:57:40PM +0100, Adam D. Barratt wrote:
> On Wed, 2016-06-29 at 16:54 -0300, Antonio Terceiro wrote:
> > On Tue, Jun 28, 2016 at 12:16:21PM +0200, Julien Cristau wrote:
> [...]
> > > Ack.  Please go ahead.
> > 
> > Hi, actually I was just made aware of a regression: including `init` in
> > the package list breaks the creation of wheezy containers because `init`
> > did not exist then. The regression was fixed in 1:2.0.1-3 just uploaded
> > to unstable.
> > 
> > The updated diff is attached.
> 
> Please go ahead.

Just uploaded, thanks.


signature.asc
Description: PGP signature

Re: Bug#831447: firefox-branding-iceweasel 0.4.0 MIGRATED to testing

[Antonio Terceiro]

On Tue, Jul 19, 2016 at 04:56:05PM +, Gianfranco Costamagna wrote:
> there might be users that wants their name back, not sure who they
> are, I don't want to have to answer here, but I still think giving
> users the choice is something sane that might avoid troubles or
> complains.

To me not having firefox proper was a long-standing bug, and now that it
has been finally fixed, you want to provide a way for people who got
used to the bug to have it back. That's very weird to me.


signature.asc
Description: PGP signature

Re: Bug#831447: firefox-branding-iceweasel 0.4.0 MIGRATED to testing

[Antonio Terceiro]

On Wed, Jul 20, 2016 at 10:59:01AM +, Holger Levsen wrote:
> On Wed, Jul 20, 2016 at 07:44:54AM -0300, Antonio Terceiro wrote:
> > To me not having firefox proper was a long-standing bug, and now that it
> > has been finally fixed, you want to provide a way for people who got
> > used to the bug to have it back. That's very weird to me.
> 
> That might seem weird to you, but to others a changing computer is a
> very weird and hostile thing. Often these people are amongst the
> elderly, but not always… :)
> 
> And while I applaud and understand why firefox-esr has replaced
> iceweasel in stable, I was also surprised. And I also saw Debian Edu
> stable break because of this… and we're still fixing it, waiting for
> 8.6 to bring these fixes to our users.
> 
> (The latter is not related to this bug report except that they are
> caused by the same change. We are fixing Debian Edu to use firefox-esr.)

I understand, but we would have to cope with the change at some point,
unless we were to keep the broken situation forever. Dealing with it now
is not worse than dealing with it later.


signature.asc
Description: PGP signature

Bug#861407: unblock: nanoc/4.4.7-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package nanoc

this release fixes a FTBFS on some timezones

debdiff attached

unblock nanoc/4.4.7-3

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru nanoc-4.4.7/debian/changelog nanoc-4.4.7/debian/changelog
--- nanoc-4.4.7/debian/changelog	2017-01-10 11:47:00.0 -0200
+++ nanoc-4.4.7/debian/changelog	2017-04-27 19:09:59.0 -0300
@@ -1,3 +1,11 @@
+nanoc (4.4.7-3) unstable; urgency=medium
+
+  * Team upload.
+  * debian/rules: export TZ=UTC to make sure the tests pass regardless of the
+local timezone (Closes: #861119)
+
+ -- Antonio Terceiro   Thu, 27 Apr 2017 19:09:59 -0300
+
 nanoc (4.4.7-2) unstable; urgency=medium
 
   * Depend on asciidoc-base instead of asciidoc (Closes: #850357)
diff -Nru nanoc-4.4.7/debian/rules nanoc-4.4.7/debian/rules
--- nanoc-4.4.7/debian/rules	2017-01-10 11:47:00.0 -0200
+++ nanoc-4.4.7/debian/rules	2017-04-27 19:09:59.0 -0300
@@ -1,6 +1,7 @@
 #!/usr/bin/make -f
 
 export GEM2DEB_TEST_RUNNER = --check-dependencies
+export TZ = UTC
 
 %:
 	dh $@ --buildsystem=ruby --with ruby


signature.asc
Description: PGP signature

Re: Bug#860747: dh_ruby: please inject versioned dependency on ruby metapackage

[Antonio Terceiro]

On Mon, May 01, 2017 at 01:12:19PM +0200, Julien Cristau wrote:
> On Wed, Apr 19, 2017 at 13:42:39 -0400, Aaron M. Ucko wrote:
> 
> > Package: gem2deb
> > Version: 0.33.1
> > Severity: normal
> > 
> > Please have compiled Ruby extensions depend on compatible versions of
> > the ruby metapackage; for instance, an extension built only for 2.3
> > would depend on ruby (>= 2.3), ruby (<< 2.4), and an extension built
> > for both 2.3 and 2.4 would depend on ruby (>= 2.3), ruby (<< 2.5).
> > (Python packaging settled on an analogous approach some time ago.)
> > Ideally, this dependency would go to a dedicated ${ruby:Depends}
> > substvar, but adding it to ${misc:Depends} would allow for much faster
> > adoption.
> > 
> > As it stands, we can get situations like #860512, in which the m68k
> > build of telegram-desktop failed because ruby 2.3 wound up paired with
> > a ruby-fast-xs installation that only covered 2.2.  (The 0.8.0-3+b2
> > m68k binNMU was intended to add 2.3 support, but accidentally picked
> > up old metapackages.)  With an explicit versioned dependency in place,
> > generic automated tools would have caught this problem.
> > 
> As this allows broken package combinations, it seems to me the severity
> should be serious, not normal.

fair enough. Can it algo be ignored for stretch? I reallt don't think we
should change that this late.


signature.asc
Description: PGP signature

Re: autopkgtest gating migration, nearly there. But ...

[Antonio Terceiro]

On Fri, Sep 14, 2018 at 10:39:36PM +0200, Paul Gevers wrote:
> Dear all,
> 
> We are nearly there to enable migration being gated by autopkgtest
> results. Unfortunately I recently realized (after implementation and
> deployment of what I thought would be the solution) that the current
> situation is possibly not good enough yet. I'd like to solicit for your
> help on determining the way forward.
> 
> This e-mail is basically a follow-up of my earlier e-mail [1] about
> needed improvements. Before I start with my real issue, let me note that
>  needs-recommends is now deprecated (it is still supported, but the docs
> and lintian warn against it). So I don't bother about it anymore, except
> somebody (me) still has to fix autodep8 to not emit it.
> 
> Let me describe the problem and the current status. The migration
> software (britney2) is now taking versioned dependencies, breaks and
> conflicts of the binary packages from the source package that wants to
> migrate into account when requesting the tests. It will add versioned
> dependencies that are not in testing and it will add packages from
> unstable when their version in testing is broken by (or conflicts with)
> anything needed from unstable (recursively). However, it is not having
> enough information to do this well (at least, I fear), because of the
> following:
> 
> 1) it only knows the Testsuite-Triggers, but it is missing possible
> version information of test dependencies. (Possibly fixable by
> dpkg-source, but that will take time to propagate and then the
> Testsuite-Trigger field changes syntax and meaning).
>
> 2) @builddeps@ is not resolved by dpkg-source, so the migration software
> doesn't know if build-depends should be evaluated for the list
> (currently the migration software doesn't add them). (Possibly "fixable"
> by always evaluating them, or possibly fixable by enhancing dpkg-source).
> 
> 3) test dependencies generated by autodep8 are fully unknown to the
> migration software. It seems (but I haven't verified properly) that e.g.
> with r packages the test dependencies can be versioned as well.

maybe debci could cache the actual test dependencies considered for a
given package, including expansion @builddeps@ and stuff produced by
autodep8, so that britney2 can query that information to calculate its
required tests?

a simple action plan would be:

- make autopkgtst output the "expanded" control file considered for each
  test
- make debci store that data in the database and expose it via the API
  (exact format TBD)
- make britney2 query that API


signature.asc
Description: PGP signature

Bug#909119: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hello,

vagrant from stretch currently refuses to work with VirtualBox 5.2 from
stretch-backports. This update just backports the few changes needed to
make it work. The changes are pretty trivial.

VirtualBox is not in stretch, so users are getting it either from
stretch-backports or from upstream's .deb package; without this update
vagrant will most likely be broken for most VirtualBox users. It would
be nice if we can release this update.

diff against the version in stretch is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 48bff55..04885d8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vagrant (1.9.1+dfsg-1+deb9u2) stretch; urgency=medium
+
+  * Backport support for VirtualBox 5.2 (available in stretch-backports)
+(Closes: #908826)
+
+ -- Antonio Terceiro   Sat, 15 Sep 2018 09:23:23 -0300
+
 vagrant (1.9.1+dfsg-1+deb9u1) stretch; urgency=medium
 
   * 0008-Convert-atlas-references-to-vagrant-cloud.patch: backport upstream
diff --git a/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch b/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch
new file mode 100644
index 000..46ec4a9
--- /dev/null
+++ b/debian/patches/0009-Backport-support-for-VirtualBox-5.2.patch
@@ -0,0 +1,58 @@
+From: Antonio Terceiro 
+Date: Sat, 15 Sep 2018 09:22:39 -0300
+Subject: Backport support for VirtualBox 5.2
+
+Signed-off-by: Antonio Terceiro 
+---
+ plugins/providers/virtualbox/driver/meta.rb|  1 +
+ plugins/providers/virtualbox/driver/version_5_2.rb | 16 
+ plugins/providers/virtualbox/plugin.rb |  1 +
+ 3 files changed, 18 insertions(+)
+ create mode 100644 plugins/providers/virtualbox/driver/version_5_2.rb
+
+diff --git a/plugins/providers/virtualbox/driver/meta.rb b/plugins/providers/virtualbox/driver/meta.rb
+index 0dd186d..ec457a8 100644
+--- a/plugins/providers/virtualbox/driver/meta.rb
 b/plugins/providers/virtualbox/driver/meta.rb
+@@ -62,6 +62,7 @@ module VagrantPlugins
+ "4.3" => Version_4_3,
+ "5.0" => Version_5_0,
+ "5.1" => Version_5_1,
++"5.2" => Version_5_2,
+   }
+ 
+   if @@version.start_with?("4.2.14")
+diff --git a/plugins/providers/virtualbox/driver/version_5_2.rb b/plugins/providers/virtualbox/driver/version_5_2.rb
+new file mode 100644
+index 000..cd6c0b6
+--- /dev/null
 b/plugins/providers/virtualbox/driver/version_5_2.rb
+@@ -0,0 +1,16 @@
++require File.expand_path("../version_5_1", __FILE__)
++
++module VagrantPlugins
++  module ProviderVirtualBox
++module Driver
++  # Driver for VirtualBox 5.2.x
++  class Version_5_2 < Version_5_1
++def initialize(uuid)
++  super
++
++  @logger = Log4r::Logger.new("vagrant::provider::virtualbox_5_2")
++end
++  end
++end
++  end
++end
+diff --git a/plugins/providers/virtualbox/plugin.rb b/plugins/providers/virtualbox/plugin.rb
+index 399747a..090bc50 100644
+--- a/plugins/providers/virtualbox/plugin.rb
 b/plugins/providers/virtualbox/plugin.rb
+@@ -57,6 +57,7 @@ module VagrantPlugins
+   autoload :Version_4_3, File.expand_path("../driver/version_4_3", __FILE__)
+   autoload :Version_5_0, File.expand_path("../driver/version_5_0", __FILE__)
+   autoload :Version_5_1, File.expand_path("../driver/version_5_1", __FILE__)
++  autoload :Version_5_2, File.expand_path("../driver/version_5_2", __FILE__)
+ end
+ 
+ module Model
diff --git a/debian/patches/series b/debian/patches/series
index 102bab3..86a1757 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 0006-Relax-dependency-resolution.patch
 0007-Update-command.rb.patch
 0008-Convert-atlas-references-to-vagrant-cloud.patch
+0009-Backport-support-for-VirtualBox-5.2.patch


signature.asc
Description: PGP signature

Bug#910371: stretch-pu: package lxcfs/2.0.7-1.1

[Antonio Terceiro]

On Sat, 6 Oct 2018 14:21:45 +0200 Michael Banck  wrote:
> On Fri, Oct 05, 2018 at 05:18:51PM +0200, Michael Banck wrote:
> > Package: release.debian.org
> > Severity: normal
> > Tags: stretch
> > User: release.debian@packages.debian.org
> > Usertags: pu
> > 
> > Hi,
> > 
> > I would like to upload a lxcfs NMU to stable, fixing Bug #885542. This
> > would be useful for ci.debian.net autopkgtest, as ci.debian.net
> > currenlty runs lxc from stable.
> 
> PFA the debdiff.

ACK from my part as well.


signature.asc
Description: PGP signature

Bug#909119: stretch-pu: package vagrant/1.9.1+dfsg-1+deb9u1

[Antonio Terceiro]

On Sat, Oct 06, 2018 at 05:50:33PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2018-09-18 at 10:22 -0700, Antonio Terceiro wrote:
> > vagrant from stretch currently refuses to work with VirtualBox 5.2
> > from
> > stretch-backports. This update just backports the few changes needed
> > to
> > make it work. The changes are pretty trivial.
> > 
> > VirtualBox is not in stretch, so users are getting it either from
> > stretch-backports or from upstream's .deb package; without this
> > update
> > vagrant will most likely be broken for most VirtualBox users. It
> > would
> > be nice if we can release this update.
> > 
> 
> Please go ahead.

Just uploaded, thanks.


signature.asc
Description: PGP signature

Re: Proposal: Repository for fast-paced package backports

[Antonio Terceiro]

On Wed, Dec 26, 2018 at 01:04:44PM +0530, Pirate Praveen wrote:
> If it has to be completely separate from -backports, it means some packages 
> will need to be maintained twice, even when they meet the criteria for 
> backports fully, just because a package in volatile declare a dependency on 
> them.

There is nothing that stops you, or whoever wants to maintain this newn
repository from doing it in a way that 1) reuses what's already in
backports, even automatically and 2) adds the bits that are not deemed
appropriate for backports.


signature.asc
Description: PGP signature

chef and ruby-cheffish in buster

[Antonio Terceiro]

Hi,

The ci.debian.net nodes are managed with chef, and during the weekend I
realized that it was not in testing. There was an RC bug against chef
(FTBFS, 3 tests broken by an update to the test framework, package just
worked nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I
fixed both, and uploaded ruby-cheffish Saturday night and chef Sunday
morning.

ruby-cheffish migrated to testing before the freeze, but chef didn't
even though they have a pathological circular build dependency, so
ruby-cheffish can't be built in buster at the moment:

The following packages have unmet dependencies:
 builddeps:ruby-cheffish : Depends: chef but it is not installable
E: Unable to correct problems, you have held broken packages.'

Maybe this a bug in britney; it should have migrated either both or none
of them, but not one without the other.

This needs to be fixed somehow. I would very much prefer to have chef
migrate, since 1) that would make my life maintaining ci.debian.net much
easier and 2) it will save a lot of Debian users the pain of not having
chef in stable. OTOH I realize chef was fixed too late, so if it's
unacceptable to have it in buster, ruby-cheffish needs to be removed.

Thanks in advance.


signature.asc
Description: PGP signature

Re: chef and ruby-cheffish in buster

[Antonio Terceiro]

On Tue, Feb 12, 2019 at 10:11:21PM -0200, Antonio Terceiro wrote:
> Hi,
> 
> The ci.debian.net nodes are managed with chef, and during the weekend I
> realized that it was not in testing. There was an RC bug against chef
> (FTBFS, 3 tests broken by an update to the test framework, package just
> worked nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I
> fixed both, and uploaded ruby-cheffish Saturday night and chef Sunday
> morning.

FWIW I just double checked and the actual uploads were both done Sunday
morning (11:53:21 + and 12:34:15 +)

https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/


signature.asc
Description: PGP signature

Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Hello,

Please unblock package chef

Hi,

The ci.debian.net nodes are managed with chef, and during the weekend I
realized that it was not in testing. There was an RC bug against chef (FTBFS, 3
tests broken by an update to the test framework, package just worked
nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I fixed both, and
they were ACCEPTED in unstable Sunday morning within less than one hour of each
other (ruby-cheffish at 11:53:21 + and chef at 12:34:15 +)

https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/

ruby-cheffish migrated to testing before the freeze, but chef didn't
even though they have a pathological circular build dependency. So
ruby-cheffish can't be built in buster at the moment:

The following packages have unmet dependencies:
 builddeps:ruby-cheffish : Depends: chef but it is not installable
E: Unable to correct problems, you have held broken packages.'

Maybe this a bug in britney; it should have migrated either both or none
of them, but not one without the other.

I would very much prefer to have this fixed by having chef migrate, since 1)
that would make my life maintaining ci.debian.net much easier and 2) it will
save a lot of Debian users the pain of not having chef in stable. OTOH I
realize chef that the fixes came in late, so if it's unacceptable to have it in
buster, ruby-cheffish needs to be removed.

So I would ask you to

unblock chef/13.8.7-3
unstable ohai/13.8.0-1

(ohai also has a circular dependency with chef and was removed from testing
because of chef)

OR

remove ruby-cheffish/13.1.0-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi

this update fixes 2 FTBFS bugs on stretch. All of the changes are in the
test suite, so there are no functional changes.

 debian/changelog  |  11 +++
 test/net/imap/cacert.pem  |  86 
++
 test/net/imap/server.crt  | 110 
--
 test/net/imap/server.key  |  43 ---
 test/ruby/test_gc.rb  |   2 +-
 test/ruby/test_time_tz.rb |  38 --
 6 files changed, 166 insertions(+), 124 deletions(-)

Changelog:

ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium

  * Backport upstream patches to fix FTBFS due to expired SSL certificate and
timezone changes (Closes: #91)
- imap: update test certificate
- timezone changes for Japan and Kiritimati
  * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
unpredictably on buildds (Closes: #912740)

 -- Antonio Terceiro   Sat, 23 Feb 2019 18:31:45 -0300

The full diff is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index cb2d07df..76f1e87f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
+
+  * Backport upstream patches to fix FTBFS due to expired SSL certificate and
+timezone changes (Closes: #91)
+- imap: update test certificate
+- timezone changes for Japan and Kiritimati
+  * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
+    unpredictably on buildds (Closes: #912740)
+
+ -- Antonio Terceiro   Sat, 23 Feb 2019 18:31:45 -0300
+
 ruby2.3 (2.3.3-1+deb9u4) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/test/net/imap/cacert.pem b/test/net/imap/cacert.pem
index 70733878..f623bd62 100644
--- a/test/net/imap/cacert.pem
+++ b/test/net/imap/cacert.pem
@@ -1,66 +1,24 @@
-Certificate:
-Data:
-Version: 3 (0x2)
-Serial Number:
-b9:90:a2:bf:62:69:17:9c
-Signature Algorithm: sha1WithRSAEncryption
-Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-Validity
-Not Before: Jan  3 01:34:17 2014 GMT
-Not After : Jan  2 01:34:17 2019 GMT
-Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-Subject Public Key Info:
-Public Key Algorithm: rsaEncryption
-RSA Public Key: (1024 bit)
-Modulus (1024 bit):
-00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
-bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
-9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
-9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
-b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
-0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
-a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
-af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
-d0:fc:d6:eb:fc:06:82:10:fb
-Exponent: 65537 (0x10001)
-X509v3 extensions:
-X509v3 Subject Key Identifier: 
-E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
-X509v3 Authority Key Identifier: 
-keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
-DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=secur...@ruby-lang.org
-serial:B9:90:A2:BF:62:69:17:9C
-
-X509v3 Basic Constraints: 
-CA:TRUE
-Signature Algorithm: sha1WithRSAEncryption
-8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95:
-f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8:
-61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56:
-d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a:
-08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e:
-84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e:
-35:03:ea:0a:65:5a:33:

Bug#922300: unblock: chef/13.8.7-3, ohai/13.8.0-1

[Antonio Terceiro]

On Thu, Feb 14, 2019 at 09:42:42AM -0200, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> Please unblock package chef
> 
> Hi,
> 
> The ci.debian.net nodes are managed with chef, and during the weekend I
> realized that it was not in testing. There was an RC bug against chef (FTBFS, 
> 3
> tests broken by an update to the test framework, package just worked
> nevertheless) and ruby-cheffish (broken by openssl 1.1.1). I fixed both, and
> they were ACCEPTED in unstable Sunday morning within less than one hour of 
> each
> other (ruby-cheffish at 11:53:21 + and chef at 12:34:15 +)
> 
> https://tracker.debian.org/news/1029431/accepted-chef-1387-3-source-into-unstable/
> https://tracker.debian.org/news/1029425/accepted-ruby-cheffish-1310-2-source-into-unstable/

FWIW today I noticed a new item in the chef migration excuses that was
not there when I opened this bug, a piuparts regression. I made a new
upload with a trivial patch fixing only that.


signature.asc
Description: PGP signature

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

On Sat, Mar 09, 2019 at 01:56:02PM +, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Sun, 2019-02-24 at 21:27 -0300, Antonio Terceiro wrote:
> > this update fixes 2 FTBFS bugs on stretch. All of the changes are in
> > the test suite, so there are no functional changes.
> [...]
> > ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
> > 
> >   * Backport upstream patches to fix FTBFS due to expired SSL
> > certificate and
> > timezone changes (Closes: #91)
> > - imap: update test certificate
> > - timezone changes for Japan and Kiritimati
> >   * test/ruby/test_gc.rb: skip entirely; some tests in there can fail
> > unpredictably on buildds (Closes: #912740)
> 
> Does this resolve all of the FTBFS issues that are currently keeping
> 2.3.3-1+deb9u4 from being accepted into stable-new? (I'm hoping that's
> what the #912740 does, but would like to be sure.)

Yes


signature.asc
Description: PGP signature

Bug#923202: stretch-pu: package ruby2.3/2.3.3-1+deb9u5

[Antonio Terceiro]

On Sat, Mar 09, 2019 at 02:12:26PM +, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
> 
> On Sat, 2019-03-09 at 11:01 -0300, Antonio Terceiro wrote:
> > On Sat, Mar 09, 2019 at 01:56:02PM +, Adam D. Barratt wrote:
> > > Control: tags -1 + moreinfo
> > > 
> > > On Sun, 2019-02-24 at 21:27 -0300, Antonio Terceiro wrote:
> > > > this update fixes 2 FTBFS bugs on stretch. All of the changes are
> > > > in
> > > > the test suite, so there are no functional changes.
> > > 
> > > [...]
> > > > ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
> > > > 
> > > >   * Backport upstream patches to fix FTBFS due to expired SSL
> > > > certificate and
> > > > timezone changes (Closes: #91)
> > > > - imap: update test certificate
> > > > - timezone changes for Japan and Kiritimati
> > > >   * test/ruby/test_gc.rb: skip entirely; some tests in there can
> > > > fail
> > > > unpredictably on buildds (Closes: #912740)
> > > 
> > > Does this resolve all of the FTBFS issues that are currently
> > > keeping
> > > 2.3.3-1+deb9u4 from being accepted into stable-new? (I'm hoping
> > > that's
> > > what the #912740 does, but would like to be sure.)
> > 
> > Yes
> 
> Thanks for the quick response; please go ahead.

Uploaded


signature.asc
Description: PGP signature

Bug#924497: unblock: bundler/1.17.3-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package bundler

This update fixes a bug that affects other packages that use bundler.
Changelog:

bundler (1.17.3-3) unstable; urgency=medium

  * Add test for locating bundler binaries
  * Switch to Rubygems installation layout (Closes: #914771)
* 0003-Do-not-add-system-path-to-RUBYLIB.patch: dropped, not necessary
  anymore
  * 0001-replace-call-to-git-ls-files-with-Dir.glob.patch: fix file listing
  * debian/install: removed, not necessary anymore

 -- Antonio Terceiro   Sat, 09 Mar 2019 08:41:37 -0300

A diff against the version in testing is attached.

unblock bundler/1.17.3-3

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 63563bc..1cc4472 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+bundler (1.17.3-3) unstable; urgency=medium
+
+  * Add test for locating bundler binaries
+  * Switch to Rubygems installation layout (Closes: #914771)
+* 0003-Do-not-add-system-path-to-RUBYLIB.patch: dropped, not necessary
+  anymore
+  * 0001-replace-call-to-git-ls-files-with-Dir.glob.patch: fix file listing
+  * debian/install: removed, not necessary anymore
+
+ -- Antonio Terceiro   Sat, 09 Mar 2019 08:41:37 -0300
+
 bundler (1.17.3-2) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/install b/debian/install
deleted file mode 100644
index be41aee..000
--- a/debian/install
+++ /dev/null
@@ -1 +0,0 @@
-lib/bundler/templates/newgem/travis.yml.tt /usr/lib/ruby/vendor_ruby/bundler/templates/newgem
diff --git a/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch b/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
index 6d52c06..c470fd5 100644
--- a/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
+++ b/debian/patches/0001-replace-call-to-git-ls-files-with-Dir.glob.patch
@@ -24,7 +24,7 @@ index 26fc322..b68627f 100644
 -  # we don't check in man pages, but we need to ship them because
 -  # we use them to generate the long-form help for each command.
 -  s.files += Dir.glob("man/**/*")
-+  s.files = Dir.glob("lib/**") + Dir.glob("exe/*") + Dir.glob("*.md") + Dir.glob("man/*")
++  s.files = Dir.glob('**/*') - Dir.glob('debian/**/*')
# Include the CHANGELOG.md, LICENSE.md, README.md manually
s.files += %w[CHANGELOG.md LICENSE.md README.md]
# include the gemspec itself because warbler breaks w/o it
diff --git a/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch b/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch
deleted file mode 100644
index 7735a6f..000
--- a/debian/patches/0003-Do-not-add-system-path-to-RUBYLIB.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: Christian Hofstaedtler 
-Date: Wed, 13 Jul 2016 15:51:52 +
-Subject: Do not add system path to RUBYLIB
-
-Bundler adds it's own installation path in front of RUBYLIB, but when
-this is the system ruby path, this causes system-wide installed gems
-to be used before bundler-installed gems.
-
-Closes: #830958
-Forwarded: not-needed
-Origin: vendor

- lib/bundler.rb| 6 --
- lib/bundler/shared_helpers.rb | 3 ---
- 2 files changed, 9 deletions(-)
-
-diff --git a/lib/bundler.rb b/lib/bundler.rb
-index 1cb3b4f..942f862 100644
 a/lib/bundler.rb
-+++ b/lib/bundler.rb
-@@ -296,12 +296,6 @@ EOF
- env["RUBYOPT"] = env["RUBYOPT"].sub "-rbundler/setup", ""
-   end
- 
--  if env.key?("RUBYLIB")
--rubylib = env["RUBYLIB"].split(File::PATH_SEPARATOR)
--rubylib.delete(File.expand_path("..", __FILE__))
--env["RUBYLIB"] = rubylib.join(File::PATH_SEPARATOR)
--  end
--
-   env
- end
- 
-diff --git a/lib/bundler/shared_helpers.rb b/lib/bundler/shared_helpers.rb
-index 3e2fe24..06c1c78 100644
 a/lib/bundler/shared_helpers.rb
-+++ b/lib/bundler/shared_helpers.rb
-@@ -339,9 +339,6 @@ module Bundler
- end
- 
- def set_rubylib
--  rubylib = (ENV["RUBYLIB"] || "").split(File::PATH_SEPARATOR)
--  rubylib.unshift bundler_ruby_lib
--  Bundler::SharedHelpers.set_env "RUBYLIB", rubylib.uniq.join(File::PATH_SEPARATOR)
- end
-

Bug#863725: unblock: autodep8/0.9

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package autodep8

This release adds support for Go packages, but otherwise contains no
changes to the existing functionality. I know this is not exactly the
kind of thing we want during the freeze, but autodep8 is part of the CI
infrastructure, and it will be really useful to have this version in
stretch (as well as in jessie-backports).

debdiff attached

unblock autodep8/0.9

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64
 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru autodep8-0.8/debian/changelog autodep8-0.9/debian/changelog
--- autodep8-0.8/debian/changelog	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/debian/changelog	2017-05-26 07:42:20.0 -0300
@@ -1,3 +1,10 @@
+autodep8 (0.9) unstable; urgency=medium
+
+  [ Martín Ferrari ]
+  * Add support for Go package testsuites run by dh_golang_autopkgtest.
+
+ -- Antonio Terceiro   Fri, 26 May 2017 07:42:20 -0300
+
 autodep8 (0.8) unstable; urgency=medium
 
   [ Sean Whitton ]
diff -Nru autodep8-0.8/examples.in autodep8-0.9/examples.in
--- autodep8-0.8/examples.in	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/examples.in	2017-05-26 07:42:20.0 -0300
@@ -2,6 +2,7 @@
 #   ---
 dkmskpatch
 elpaflycheck
+go  prometheus
 nodejs  node-tar
 perllibtest-most-perl
 python  python-flaky
diff -Nru autodep8-0.8/examples.md autodep8-0.9/examples.md
--- autodep8-0.8/examples.md	2016-08-25 20:36:02.0 -0300
+++ autodep8-0.9/examples.md	2017-05-26 07:42:20.0 -0300
@@ -11,6 +11,12 @@
 Depends: @, @builddeps@
 Restrictions: rw-build-tree
 
+## go (prometheus)
+
+Test-Command: /usr/bin/dh_golang_autopkgtest
+Depends: @builddeps@, dh-golang
+Restrictions: rw-build-tree, allow-stderr
+
 ## nodejs (node-tar)
 
 Test-Command: cd $ADTTMP && nodejs -e "require('"'"'tar'"'"');"
diff -Nru autodep8-0.8/support/go/detect autodep8-0.9/support/go/detect
--- autodep8-0.8/support/go/detect	1969-12-31 21:00:00.0 -0300
+++ autodep8-0.9/support/go/detect	2017-05-26 07:42:20.0 -0300
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+grep-dctrl --quiet -FBuild-Depends,Build-Depends-Indep,Depends \
+-e '(^|\s|,)golang-(go|any)($|\s|,)' debian/control
diff -Nru autodep8-0.8/support/go/generate autodep8-0.9/support/go/generate
--- autodep8-0.8/support/go/generate	1969-12-31 21:00:00.0 -0300
+++ autodep8-0.9/support/go/generate	2017-05-26 07:42:20.0 -0300
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Stderr is required because many go tools output status info to stderr.
+cat <= 2:1.4) || golang-go (>= 2:1.4)'
+  check_run autodep8
+}
+
+test_detect_bdepends_nomatch() {
+  has 'debian/control' 'Build-Depends: golang-goNOPE'
+  run autodep8
+  assertEquals 1 "$exitstatus"
+  assertEquals "" "$(cat stdout stderr)"
+}
+
+test_detect_depends_golang_go() {
+  has 'debian/control' 'Depends: golang-go'
+  check_run autodep8
+}
+
+test_detect_depends_golang_any() {
+  has 'debian/control' 'Depends: golang-any'
+  check_run autodep8
+}
+
+test_detect_bdependsi_golang_go() {
+  has 'debian/control' 'Build-Depends-Indep: golang-go'
+  check_run autodep8
+}
+
+test_detect_bdependsi_golang_any() {
+  has 'debian/control' 'Build-Depends-Indep: golang-any'
+  check_run autodep8
+}
+
+. shunit2


signature.asc
Description: PGP signature

Bug#880020: stretch-pu: package lxc/1:2.0.7-2+deb9u1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu

Hi, this update brings two changes, both needed for ci.debian.net:

lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium

  * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
hardcode list of valid Debian release. Allows creating stable, buster,
testing, and unstable containers.
  * 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch: don't
insert C.* locales into /etc/locale.gen (Closes: #879595)

 -- Antonio Terceiro   Fri, 27 Oct 2017 15:13:31 -0200

The first will allow to create containers with our "symlink" release
names, i.e. stable, testing, etc, and also removes the need to make a
new change after buster is released to add support for creting bullseye
containers.

The second fixes an issue where the C.UTF-8 locale, used by debci, in
injected into /etc/locale.gen in containers, causing warnings that can
cause bogus test failures under autopkgtest.

The diff is attached.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index d7d10c1..512a09d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium
+
+  * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
+hardcode list of valid Debian release. Allows creating stable, buster,
+testing, and unstable containers.
+  * 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch: don't
+insert C.* locales into /etc/locale.gen (Closes: #879595)
+
+ -- Antonio Terceiro   Fri, 27 Oct 2017 15:13:31 -0200
+
 lxc (1:2.0.7-2) unstable; urgency=high
 
   * use bash-completion's pkg-config support and don't move files around
diff --git a/debian/patches/0003-lxc-debian-don-t-hardcode-valid-releases.patch b/debian/patches/0003-lxc-debian-don-t-hardcode-valid-releases.patch
new file mode 100644
index 000..b57c3be
--- /dev/null
+++ b/debian/patches/0003-lxc-debian-don-t-hardcode-valid-releases.patch
@@ -0,0 +1,51 @@
+From: Antonio Terceiro 
+Date: Thu, 26 Oct 2017 20:42:49 -0200
+Subject: lxc-debian: don't hardcode valid releases
+
+This avoids the dance of updating the list of valid releases every time
+Debian makes a new release.
+
+It also fixes the following bug: even though lxc-debian will default to
+creating containers of the latest stable by querying the archive, it
+won't allow you to explicitly request `stable` because the current list
+of valid releases don't include it.
+
+Last, but not least, avoid hitting the mirror in the case the desired
+release is one of the ones we know will always be there, i.e. stable,
+testing, sid, and unstable.
+
+Signed-off-by: Antonio Terceiro 
+
+
+
+This is a combination of upstream commits
+61fa13293d735d922ba6e5ceb66f6d8718f1a829 and
+dba285d5dfa7e9f3452dc180e64158d9bedfb410
+---
+ templates/lxc-debian.in | 13 +++--
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
+index 54ada05..f6dbd4f 100644
+--- a/templates/lxc-debian.in
 b/templates/lxc-debian.in
+@@ -623,12 +623,13 @@ if [ "$(id -u)" != "0" ]; then
+ exit 1
+ fi
+ 
+-current_release=$(wget "${MIRROR}/dists/stable/Release" -O - 2> /dev/null | head |awk '/^Codename: (.*)$/ { print $2; }')
+-release=${release:-${current_release}}
+-valid_releases=('wheezy' 'jessie' 'stretch' 'sid')
+-if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]; then
+-echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}"
+-exit 1
++release=${release:-stable}
++permanent_releases=('stable' 'testing' 'sid' 'unstable')
++if [[ ! "${permanent_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]; then
++if ! wget "${MIRROR}/dists/${release}/Release" -O /dev/null 2> /dev/null; then
++	echo "Invalid release ${release} (not found in mirror)"
++	exit 1
++fi
+ fi
+ 
+ # detect rootfs
diff --git a/debian/patches/0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch b/debian/patches/0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch
new file mode 100644
index 000..dfcb4d

Bug#880020: stretch-pu: package lxc/1:2.0.7-2+deb9u1

[Antonio Terceiro]

Hi,

On Sat, Oct 28, 2017 at 11:14:04AM -0200, Antonio Terceiro wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> Hi, this update brings two changes, both needed for ci.debian.net:
> 
> lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium

Another alternative would be you allowing us to use the upstream 2.0
branch for stable updates, currently at 2.0.9.

LXC 2.0 is an LTS branch upstream, and will be supported until June 1st
2021. It would be really nice if we could use that instead of manually
backporting patches to 2.0.7. What would be the requirements for us
doing that for strecth?


signature.asc
Description: PGP signature

Bug#925923: unblock: ruby2.5/2.5.5-1

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby2.5. This is a maintainance-only new upstream
release that includes fixes for important bugs, and 6 security bugs.

Changelog:

 ruby2.5 (2.5.5-1) unstable; urgency=medium
 .
   * New upstream version 2.5.5. Includes a series of bug fixes, most notably
 for 6 security bugs discovered in Rubygems:
 - CVE-2019-8320: Delete directory using symlink when decompressing tar
 - CVE-2019-8321: Escape sequence injection vulnerability in verbose
 - CVE-2019-8322: Escape sequence injection vulnerability in gem owner
 - CVE-2019-8323: Escape sequence injection vulnerability in API response
   handling
 - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
   execution
 - CVE-2019-8325: Escape sequence injection vulnerability in errors
   * Rebase patches. The following patches were applied upstream and dropped
 from the Debian package:
 - 0011-Update-for-tzdata-2018f.patch
 - 0012-test-update-test-certificate.patch

The full diff against the version in testing is attached. It's a bit
big, but I have reviewed the changes and there is nothing worrysome from
my POV. You will notice that a few functions are renamed, but they are
not part of the API or the ABI since they are not exported in the -dev
header files. Having this version in buster will make the maintainance
in stable a lot easier.

unblock ruby2.5/2.5.5-1

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Re: Summary of the Arm ports BoF at DC18

[Antonio Terceiro]

On Sun, Apr 14, 2019 at 11:25:47PM +0200, Mattia Rizzolo wrote:
> Hi,
> 
> On Sun, Apr 14, 2019 at 09:20:51PM +0200, Paul Gevers wrote:
> > On 07-11-2018 20:15, Steve McIntyre wrote:
> > >> Currently all the amd64 CI nodes are VM's on Amazon EC2. There is
> > >> currently no arrangement for hosting actual hardware.
> > > 
> > > Right. I didn't realise that. In that case for arm*, would VMs on
> > > packet.net or similar work for us then?
> > 
> > While I was at the BSP in Paris, you promised ivodd that you would pass
> > us credentials for (I assume) packet.net. I assume you either didn't
> > have time yet, or forgot. In the latter case consider this a polite ping.
> 
> I'm assuming you are talking about the packet.net stuff that has been
> provided to debian.  TBOMK  nothing is using those credits atm.  I have
> admin access to the project and the team, so I can add you
> (incidentally, I don't see Steve in the least, so I wouldn't know how he
> would do it; there is only zumbi as an "owner", me as an "admin" and a
> few other people as "collaborator", including terceiro - so I expected
> you as a Debian CI to already have access).
> 
> Could you please check with terceiro?  He should have been CCed in a
> private thread back then, otherwise feel free to get in touch with me.

can you please add Paul? I signed up, but never had the bandwidth to
actually do anything, and now with DebConf getting closer I will have
even less time.

BTW Amazon also has arm64 instances now so maybe it would be easier to
use those instead.


signature.asc
Description: PGP signature

Bug#927127: unblock: ruby-websocket/1.2.8-2

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-websocket

This fixes a file conflict with another package that invades its
namespace. The changes are trivial:

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index dc5fdfc..d49bace 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ruby-websocket (1.2.8-2) unstable; urgency=medium
+
+  * Team upload
+  * Add Breaks/Replaces against ruby-websocker-parser (Closes: #926254)
+
+ -- Antonio Terceiro   Sun, 14 Apr 2019 20:23:47 -0300
+
 ruby-websocket (1.2.8-1) unstable; urgency=medium
 
   * New upstream release 
diff --git a/debian/control b/debian/control
index 27f764d..2304613 100644
--- a/debian/control
+++ b/debian/control
@@ -20,6 +20,8 @@ XB-Ruby-Versions: ${ruby:Versions}
 Depends: ruby | ruby-interpreter,
  ${misc:Depends},
  ${shlibs:Depends}
+Breaks: ruby-websocket-parser (<= 1.0.0-1)
+Replaces: ruby-websocket-parser (<= 1.0.0-1)
 Description: Universal Ruby library to handle WebSocket protocol
  This library focuses on providing abstraction layer over
  WebSocket API instead of providing server or client
8<8<8<-

unblock ruby-websocket/1.2.8-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#927241: unblock: ruby-concurrent/1.0.5-3

[Antonio Terceiro]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package ruby-concurrent

This fixes an autopkgtest failure (this is useful if we want to test
stable updates after buster is out). the change is trivial and has no
effect on the binaries produced.

8<8<8<-
diff --git a/debian/changelog b/debian/changelog
index bc70f4c..ee87263 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ruby-concurrent (1.0.5-3) unstable; urgency=medium
+
+  * Team upload.
+  * debian/control: drop `Testsuite: autopkgtest-pkg-ruby` to let autopkgtest
+run only the explicit debian/tests/control in this package, and not also
+run the default test produced by autodep8 (Closes: #926782)
+
+ -- Antonio Terceiro   Mon, 15 Apr 2019 12:52:29 -0300
+
 ruby-concurrent (1.0.5-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/control b/debian/control
index 5629f73..2f274b3 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,6 @@ Standards-Version: 4.0.0
 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-concurrent.git
 Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-concurrent
 Homepage: http://www.concurrent-ruby.com
-Testsuite: autopkgtest-pkg-ruby
 XS-Ruby-Versions: all
 
 Package: ruby-concurrent
8<8<8<-

unblock ruby-concurrent/1.0.5-3

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_CRAP
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled


signature.asc
Description: PGP signature

Bug#880020: stretch-pu: package lxc/1:2.0.7-2+deb9u1

[Antonio Terceiro]

On Sat, Nov 18, 2017 at 05:59:33PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sat, 2017-10-28 at 11:14 -0200, Antonio Terceiro wrote:
> > lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium
> > 
> >   * 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
> > hardcode list of valid Debian release. Allows creating stable,
> > buster,
> > testing, and unstable containers.
> >   * 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch:
> > don't
> > insert C.* locales into /etc/locale.gen (Closes: #879595)
> 
> Please go ahead.

uploaded, thanks.


signature.asc
Description: PGP signature