severity 1042532 normal
tags 1042532 wontfix
thanks
Hi,
On 7/31/23 07:23, roucaries bastien wrote:
> hi,
> Le lun. 31 juil. 2023 à 08:27, Kunal Mehta <legoktm(a)debian.org> a écrit :
>> These are in the preferred form for modification so I don't think
>> there's any issue here, but please correct me if I'm wrong. MediaWiki
>> often patches these libraries (e.g. jquery.ui) in this format hence IMO
>> meeting the "preferred form of the work for making modifications to it"
>> requirement of the GPL.
>
> No https://sources.debian.org/src/mediawiki/1%3A1.39.4-2/resources/lib/pako/
> is webpacked in order to be transformed in es5.... No source available
> before webpack
IANAL, but as I understand it, there are two licenses to consider here:
pako's MIT license (aka Expat) and MediaWiki's GPL v2 or later license.
The pako_deflate.es5.js file contains the MIT license
information/attribution, so we're in compliance for that.
MediaWiki's GPL v2 requires source code to be in "preferred form of the
work for making modifications to it". In the context of MediaWiki, this
is in the preferred form, since that's how we plan to (and do) modify
it. If you want to patch MediaWiki, having the pre-transpiled sources is
going to be way more work than the source we're providing right now. And
the proof is that (AFAIK) MediaWiki devs will just patch these sources
directly, they don't go to the upstream sources, adjust those, and then
generate a patch. So I don't see a DFSG issue.
> And do not stick to lastest jquery is a security problem. Are you sure
> you have closed all the CVE ?
The ones that affect MediaWiki, I believe so. Upstream MediaWiki has at
least one or two jQuery team members as core developers who follow that
not to mention the Wikimedia Foundation's security team.
> with my javascript hat, I believe that working with upstream to
> improve the testing (using if needed selenium) will improve the
> security of mediawiki by using packaged and up to date js
There is already upstream selenium-based testing, but using the latest
version of everything isn't always a feature.
> In all the case it decrease the burden from a security point of view
No, it really doesn't, it just shifts it elsewhere. The more deviations
Debian makes, the less we can rely on upstream's QA processes for
ensuring we're shipping working software, which will more likely slow
down security updates. Since bundling is permitted by policy, we plan to
continue doing it.
-- Kunal
Source: wikidiff2
Version: 1.14.1-1
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> --------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package wikidiff2
> dpkg-buildpackage: info: source version 1.14.1-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Taavi V����n��nen <hi(a)taavi.wtf>
> dpkg-source --before-build .
> debian/rules clean
> dh clean --with php
> debian/rules override_dh_auto_clean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> /usr/bin/phpize --clean
> Cleaning..
> dh_auto_clean
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_clean
> dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: verifying ./wikidiff2_1.14.1.orig.tar.gz.asc
> gpgv: Signature made Tue Jul 4 10:32:40 2023 UTC
> gpgv: using RSA key F64EBF5F20996AB514F198A873F146FECF9D333C
> gpgv: Can't check signature: No public key
> dpkg-source: warning: cannot verify upstream tarball signature for ./wikidiff2_1.14.1.orig.tar.gz: no acceptable signature found
> dpkg-source: info: building wikidiff2 using existing ./wikidiff2_1.14.1.orig.tar.gz
> dpkg-source: info: building wikidiff2 using existing ./wikidiff2_1.14.1.orig.tar.gz.asc
> dpkg-source: error: cannot represent change to src/.libs/php_wikidiff2.o: binary file contents changed
> dpkg-source: error: add src/.libs/php_wikidiff2.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/Formatter.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/Formatter.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/InlineFormatter.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/InlineFormatter.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/InlineJSONFormatter.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/InlineJSONFormatter.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/LineDiffProcessor.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/LineDiffProcessor.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/TableFormatter.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/TableFormatter.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/TextUtil.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/TextUtil.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/Wikidiff2.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/Wikidiff2.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/WordDiffCache.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/WordDiffCache.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/WordDiffSegmenter.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/WordDiffSegmenter.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to src/lib/.libs/WordDiffStats.o: binary file contents changed
> dpkg-source: error: add src/lib/.libs/WordDiffStats.o in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: unrepresentable changes to source
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 1
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/wikidiff2_1.14.1-1_unstable.log
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Source: uprightdiff
Version: 1.4.0-1
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> -----------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package uprightdiff
> dpkg-buildpackage: info: source version 1.4.0-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Kunal Mehta <legoktm(a)debian.org>
> dpkg-source --before-build .
> debian/rules clean
> dh clean
> dh_auto_clean
> make -j8 distclean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> test -z "uprightdiff" || rm -f uprightdiff
> rm -f *.o
> rm -f *.tab.c
> test -z "" || rm -f
> rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
> test . = "." || test -z "" || rm -f
> rm -f cscope.out cscope.in.out cscope.po.out cscope.files
> rm -f config.status config.cache config.log configure.lineno config.status.lineno
> rm -f ./.deps/BlockMotionSearch.Po
> rm -f ./.deps/UprightDiff.Po
> rm -f ./.deps/main.Po
> rm -f Makefile
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_autoreconf_clean
> dh_clean
> dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building uprightdiff using existing ./uprightdiff_1.4.0.orig.tar.gz
> dpkg-source: error: cannot represent change to test: binary file contents changed
> dpkg-source: error: add test in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: warning: executable mode 0755 of 'test' will not be represented in diff
> dpkg-source: error: unrepresentable changes to source
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 1
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/uprightdiff_1.4.0-1_unstable.log
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Source: poolcounter
Version: 1.1.3-2
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> -----------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package poolcounter
> dpkg-buildpackage: info: source version 1.1.3-2
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Kunal Mehta <legoktm(a)debian.org>
> dpkg-source --before-build .
> debian/rules clean
> dh clean
> dh_auto_clean
> make -j8 clean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> rm -f poolcounterd *.o prototypes.h
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_clean
> dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building poolcounter using existing ./poolcounter_1.1.3.orig.tar.xz
> dpkg-source: info: using patch list from debian/patches/series
> dpkg-source: warning: file poolcounter-1.1.3/.pytest_cache/v/cache/nodeids has no final newline (either original or modified version)
> dpkg-source: warning: file poolcounter-1.1.3/.pytest_cache/v/cache/stepwise has no final newline (either original or modified version)
> dpkg-source: error: cannot represent change to tests/__pycache__/conftest.cpython-311-pytest-7.4.0.pyc: binary file contents changed
> dpkg-source: error: add tests/__pycache__/conftest.cpython-311-pytest-7.4.0.pyc in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to tests/__pycache__/test_errors.cpython-311-pytest-7.4.0.pyc: binary file contents changed
> dpkg-source: error: add tests/__pycache__/test_errors.cpython-311-pytest-7.4.0.pyc in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to tests/__pycache__/test_single_client.cpython-311-pytest-7.4.0.pyc: binary file contents changed
> dpkg-source: error: add tests/__pycache__/test_single_client.cpython-311-pytest-7.4.0.pyc in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to tests/__pycache__/test_stats.cpython-311-pytest-7.4.0.pyc: binary file contents changed
> dpkg-source: error: add tests/__pycache__/test_stats.cpython-311-pytest-7.4.0.pyc in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: cannot represent change to tests/__pycache__/test_two_clients.cpython-311-pytest-7.4.0.pyc: binary file contents changed
> dpkg-source: error: add tests/__pycache__/test_two_clients.cpython-311-pytest-7.4.0.pyc in debian/source/include-binaries if you want to store the modified binary in the debian tarball
> dpkg-source: error: unrepresentable changes to source
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 1
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/poolcounter_1.1.3-2_unstable.log
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Source: php-luasandbox
Version: 4.1.0-1
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> -----------------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package php-luasandbox
> dpkg-buildpackage: info: source version 4.1.0-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Kunal Mehta <legoktm(a)debian.org>
> dpkg-source --before-build .
> debian/rules clean
> dh clean --with php
> debian/rules override_dh_auto_clean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> /usr/bin/phpize --clean
> Cleaning..
> dh_auto_clean
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_clean
> dpkg-source -b .
> dpkg-source: warning: upstream signing key but no upstream tarball signature
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building php-luasandbox using existing ./php-luasandbox_4.1.0.orig.tar.xz
> dpkg-source: info: using patch list from debian/patches/series
> dpkg-source: info: local changes detected, the modified files are:
> php-luasandbox-4.1.0/alloc.dep
> php-luasandbox-4.1.0/data_conversion.dep
> php-luasandbox-4.1.0/library.dep
> php-luasandbox-4.1.0/luasandbox.dep
> php-luasandbox-4.1.0/luasandbox_lstrlib.dep
> php-luasandbox-4.1.0/timer.dep
> dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/php-luasandbox_4.1.0-1.diff.qNYt7Y
> dpkg-source: info: Hint: make sure the version in debian/changelog matches the unpacked source tree
> dpkg-source: info: you can integrate the local changes with dpkg-source --commit
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/php-luasandbox_4.1.0-1_unstable.log
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Source: php-excimer
Version: 1.1.1-1
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> -----------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package php-excimer
> dpkg-buildpackage: info: source version 1.1.1-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Kunal Mehta <legoktm(a)debian.org>
> dpkg-source --before-build .
> debian/rules clean
> dh clean --with php
> debian/rules override_dh_auto_clean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> /usr/bin/phpize --clean
> Cleaning..
> dh_auto_clean
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_clean
> dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building php-excimer using existing ./php-excimer_1.1.1.orig.tar.xz
> dpkg-source: info: local changes detected, the modified files are:
> php-excimer-1.1.1/excimer.dep
> php-excimer-1.1.1/excimer_log.dep
> php-excimer-1.1.1/excimer_timer.dep
> dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/php-excimer_1.1.1-1.diff.xmI0zb
> dpkg-source: info: Hint: make sure the version in debian/changelog matches the unpacked source tree
> dpkg-source: info: you can integrate the local changes with dpkg-source --commit
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/php-excimer_1.1.1-1_unstable.log
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.
Source: php-wmerrors
Version: 2.0.0~git20221212.631dedd-1
Severity: minor
Tags: trixie sid ftbfs
User: lucas(a)debian.org
Usertags: ftbfs-sab-20230813 ftbfs-source-after-build
User: debian-qa(a)lists.debian.org
Usertags: qa-doublebuild
Hi,
This package fails to build a source package after a successful build
(dpkg-buildpackage ; dpkg-buildpackage -S).
This is probably a clear violation of Debian Policy section 4.9 (clean target),
but this is filed as severity:minor for now, because a discussion on
debian-devel showed that we might want to revisit the requirement of a working
'clean' target.
More information about this class of issues, included common problems and
solutions, is available at
https://wiki.debian.org/qa.debian.org/FTBFS/SourceAfterBuild
Relevant part of the build log:
> cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
> dpkg-buildpackage: info: source package php-wmerrors
> dpkg-buildpackage: info: source version 2.0.0~git20221212.631dedd-1
> dpkg-buildpackage: info: source distribution unstable
> dpkg-buildpackage: info: source changed by Kunal Mehta <legoktm(a)debian.org>
> dpkg-source --before-build .
> debian/rules clean
> dh clean --with php
> debian/rules override_dh_auto_clean
> make[1]: Entering directory '/<<PKGBUILDDIR>>'
> /usr/bin/phpize --clean
> Cleaning..
> dh_auto_clean
> make[1]: Leaving directory '/<<PKGBUILDDIR>>'
> dh_clean
> dpkg-source -b .
> dpkg-source: info: using source format '3.0 (quilt)'
> dpkg-source: info: building php-wmerrors using existing ./php-wmerrors_2.0.0~git20221212.631dedd.orig.tar.xz
> dpkg-source: info: local changes detected, the modified files are:
> php-wmerrors-2.0.0~git20221212.631dedd/wmerrors.dep
> dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/php-wmerrors_2.0.0~git20221212.631dedd-1.diff.qupS9u
> dpkg-source: info: Hint: make sure the version in debian/changelog matches the unpacked source tree
> dpkg-source: info: you can integrate the local changes with dpkg-source --commit
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2
>
> E: Command 'cd /<<PKGBUILDDIR>> && runuser -u user42 -- dpkg-buildpackage --sanitize-env -us -uc -rfakeroot -S' failed to run.
The full build log is available from:
http://qa-logs.debian.net/2023/08/13/php-wmerrors_2.0.0~git20221212.631dedd…
If you reassign this bug to another package, please mark it as 'affects'-ing
this package. See https://www.debian.org/Bugs/server-control#affects
If you fail to reproduce this, please provide a build log and diff it with mine
so that we can identify if something relevant changed in the meantime.