Debian Bug Squashing Party, Brooklyn, NY, 2018-06-24 ==================================================== *** NOTE *** This document is being maintained at https://etherpad.net/p/bsp-nyc-0624 instead How to view this document: https://gobby.debian.org/export/BSP/2018/06-Brooklyn How to edit this document: # apt install gobby $ gobby infinote://gobby.debian.org/BSP/2018/06-Brooklyn Uncheck "Allow remote users to edit local documents", and pick a username ^ If the above fails with an error "Failed to open document", click on File > Connect to Server... and enter "gobby.debian.org". You can browse to find the document in the lefthand Document Browser. See also https://wiki.debian.org/BSP/2018/06/us/NYC Debian Bug Squashing Party, Brooklyn, NY, 2018-06-24 See also https://wiki.debian.org/BSP/2018/06/us/NYC Wifi: 61 Local Public WiFi / 61bergen Alt wifi: 61 Local Event WiFi / eatlocal Scroll to the end of this document for a glossary and useful links and more. BUGS Open (start here!) Write your name next to a bug if you're working on it. I've marked a few high-impact ones with stars; there are also a few quick ones that are good places to start if you're new to Debian. If you don't see any interesting ones, Geoffrey has a bunch more to categorize.... https://bugs.debian.org/901327 (package src:tigervnc) tigervnc: FTBFS: Hunk #1 FAILED The patch does not apply - figure out what the maintainer meant to do. Note that cdbs patchsys is being used even though the source is 3.0 (quilt). https://bugs.debian.org/901318 (package mkdocs) mkdocs: package contains broken symlink to font-awesome.ttf Font Awesome (a font for symbols) changed its layout and usage pattern significantly between versions 4 and 5. There are two options here: 1. Upgrade Debian packages like mkdocs that use Font Awesome to work with Font Awesome 5 (this is the right long-term solution) 2. Package Font Awesome 4 in Debian - see also https://bugs.debian.org/899124 The fonts-font-awesome maintainer is busy but prepared a simple packaging of fonts-font-awesome4 (https://salsa.debian.org/fonts-team/fonts-font-awesomev4, see the last comment in #899124) and is fine with other people uploading it. Test it out along with a modified mkdocs package, and if it works, get a DD to sponsor fonts-font-awesome4 and send a patch to the mkdocs bug, as well as other affected packages. https://bugs.debian.org/901208 (package libvlfeat-doc) libvlfeat-doc: removal of libvlfeat-doc makes files disappear from libvlfeat-dev The new version of libvlfeat-doc includes files that overwrite files in the old version of libvlfeat-dev, and there's no Breaks: setting to manage the change. Test and send in a patch. https://bugs.debian.org/901110 (package src:libgdamm5.0) libgdamm5.0: FTBFS when built with dpkg-buildpackage -A It appears that it compiles some architecture-dependent files anyway. Take a look at the packaging and send in a patch. https://bugs.debian.org/901043 (package vkd3d-demos) vkd3d-demos: /usr/bin/triangle is already shipped by the triangle-bin package "I don't think a -demos package should ship binaries with generic names in /usr/bin - and maybe not in /usr/bin at all." Send in a patch to move them elsewhere. https://bugs.debian.org/900997 (package print-manager) *** [print-manager] sends password to remote cups server This is a KDE package for configuring printers. The UI for adding a printer that requires a login does not make it clear whether it's actually asking for a _local_ admin password to configure printers. Figure out a UI change, but also, see if this bug has been reported with KDE (it's not Debian-specific) and report it there, perhaps with a suggestion or a patch. https://bugs.debian.org/900902 (package src:predict) predict does not trap build command errors (policy 4.6) debian/rules is not robust. Send in a patch, but - maybe the best way to clean up debian/rules is to convert it to modern Debian style and send in a patch to do that. No maintainer upload since 2010 (but uploader is active), chat with a DD about whether this is wishlist or you can do something more aggressive. https://bugs.debian.org/900897 (package ladvd) missing dependency on pciutils Send in a patch adding the dependency, but also, it seems bad to segfault if a file is missing? Send in a patch for that to the upstream ladvd project. Also take a look at the mention of /var/run/ladvd missing: on Debian /var/run is permitted to be a tmpfs, so packages can't package a directory there, they have to either create it when needed or use systemd-tmpfiles or something to create it each boot. https://bugs.debian.org/900855 (package qtquickcontrols2-opensource-src) [qtquickcontrols2-opensource-src] Bundles fontello.ttf which is not properly rebuilt from source Bug report is not clear, but the reporter is a Debian developer who is creating a proper package for fontello. This is mostly a BTS maintenance task: find the ITP for fontello and block this bug on that one, and add a version that it affects. (Possibly see if you can make this not cause an autoremoval) https://bugs.debian.org/900854 (package bulk-media-downloader) [bulk-media-downloader] FTBFS: missing source This is the same as above. Please at least rename the bug (this isn't an FTBFS) and do the related cleanup. https://bugs.debian.org/900821 (package src:linux) linux-image-4.9.0-6-amd64: apache reads wrong data over cifs filesystems served by samba This is a straight-up kernel bug - if you're interested, Geoffrey can help you with setting up an environment. The interesting task is probably to reproduce it without requiring Apache on top, so you can see exactly what system calls are happening. https://bugs.debian.org/900773 (package src:lua-torch-cutorch) lua-torch-cutorch: build-depends on GCC 6 Test the build, send in a patch. https://bugs.debian.org/900772 (package src:cakephp) cakephp: depends on php-mcrypt which is no longer available in php7.2 Figure out why mcrypt was removed and what the package is using mcrypt for - there might be a fix upstream, or this might be a sign that the upstream package isn't maintained enough to be in Debian. Or maybe this is a straightforward fix to contribute to the upstream project. https://bugs.debian.org/900771 (package yubikey-ksm) yubikey-ksm: depends on php-mcrypt which is no longer available in php7.2 Same as above. https://bugs.debian.org/900623 (package cl-interpol) missing dependency on cl-unicode Seems straightforward, test it and get a patch sponsored. https://bugs.debian.org/900603 (package src:kino) [src:kino] Lena non free image So, potentially what's happening here is that there's an old version of ffmpeg inside the kino source? That seems like the actual problem to fix. See if you can get kino to build without the bundled copy - if so, there's a way to automatically repack tarballs without vendored dependencies using debian/watch, ask a Debian person (also see Geoffrey's package python-pymssql, debian/copyright and debian/rules) and send in a patch to do that. https://bugs.debian.org/900596 (package chromium-browser) *** [chromium-browser] unicode non free license There are two versions of a UTF-8 conversion routine in the package. One has been relicensed to a free-software license; the other is the older version that prohibits modification. See if the second one can be replaced with the first, and preferably send the fixes upstream (we get it from Chrome, who gets it from swiftshader, who gets it from LLVM). Perhaps in the meantime, send in a patch to use the repacking technique (see comments on #900603) to remove the non-free source file from the tarball, and modify debian/rules to copy the free source file in its place. https://bugs.debian.org/900544 (package flowblade) flowblade: Segfaults on startup Segfault in C code, might be because of a dependency upgraded. See if it's reproducible or if the upstream bug tracker has a solution; if not try to find a solution. https://bugs.debian.org/900533 (package chromium) *** chromium 67.0.3396.62-1: youtube video, gif's, html5, and movies no longer work Something is wrong with ffmpeg. Maintainer believed it was fixed, but it wasn't. Probably pretty involved but also very high impact! https://bugs.debian.org/900486 (package src:python-pydap) python-pydap: FTBFS and Debci failure with NumPy 1.14 Looks like a NumPy deprecation error, see if it's been fixed upstream, if not, fix it and send the fix upstream and the patch to Debian. https://bugs.debian.org/900485 (package src:python-pbcore) python-pbcore: FTBFS and Debci failure with NumPy 1.14 Test case failing because 0 != 0L and new NumPy changed what it returned. Bug report filed upstream, see if it's been fixed. https://bugs.debian.org/900441 (package bwbar) Misses executable, possible candidate for removal? No reason to keep this package and it's orphaned anyway. Reassign to ftp.debian.org, retitle as "RM: bwbar, RoQA". Everyone's a member of the QA group! https://bugs.debian.org/900431 (package src:python-hdf5storage) python-hdf5storage: FTBFS and Debci failure with NumPy 1.14 Tests failing because two types aren't equal. Track it down, report it upstream if necessary or send in a patch. https://bugs.debian.org/900419 (package src:h5py) h5py: Now emitting warnings, breaking pbgenomicconsensus tests Package the new version and test it, and send in a patch to the packaging. https://bugs.debian.org/900399 (package memtest86+) memtest86+: very probably kills system controller on Lenovo Thinkpad T500 laptop Possibly, memtest86+ accidentally writes to memory-mapped registers in the embedded controller of this Thinkpad (perhaps because the BIOS doesn't mark that memory as reserved?). This doesn't make a whole lot of sense but it's pretty bad if true. If hardware bugs and datasheets are up your alley, this is probably a good bug to explore. It probably involves reading and Googling and (hopefully) not sacrificing a Thinkpad. https://bugs.debian.org/900395 (package xserver-xorg-input-all) xserver-xorg-input-all: keyboard no longer working after dist-upgrade This person did an upgrade and got xserver-xorg-input-all uninstalled. Not clear why. Maybe send them another email saying "Hi, I'm at a bug squashing party and saw this" + instructions on how to get some logs (portions of /var/log/apt/terminal.log are probably useful)? https://bugs.debian.org/900375 (package hg-fast-export) hg-fast-export: Incompatible with mercurial 4.6 Package is super old - see if you can package the new version and send the maintainer a patch. (Maintainer is often active on IRC) https://bugs.debian.org/900311 (package recoll) recoll: FTBFS when built with dpkg-buildpackage -A Perhaps send in a patch modernizing the debian/rules file. https://bugs.debian.org/900302 (package src:gitit) FTBFS: bitrot This one is terse but was filed by Clint, who's here today and is on the Haskell team, ask him if you can help. He says the upstream project needs active development. https://bugs.debian.org/900300 (package src:nvidia-cuda-toolkit) nvidia-cuda-toolkit: depends on openjdk-8 Might just be a matter of switching the build-dependency and testing the build? Talk to Elana, she knows a few things about Java packaging and the JDK upgrade. https://bugs.debian.org/900265 (package src:jaxrs-api) jaxrs-api: FTBFS with Java 9 due to javax.xml.bind removal Tests are failing. See if it's been fixed upstream, or patch the test. https://bugs.debian.org/900110 (package src:xserver-xorg-video-r128) xserver-xorg-video-r128: FTBFS with xserver 1.20 Failing with "error: unknown type name 'uint32_t'", this is probably just a missing #include. Maybe there's a new upstream version of this? https://bugs.debian.org/900109 (package xserver-xorg-video-savage) xserver-xorg-video-savage: FTBFS with xserver 1.20 "struct _ScrnInfoRec" has changed. Maybe this is easy. Maybe there's a new upstream version of this? https://bugs.debian.org/900051 (package libgnupg-interface-perl) *** libgnupg-interface-perl: t/get_public_keys.t fails with gnupg2/2.2.7-1 The original test in this bug has a patch, but there's one other failure that needs to be tracked down. https://bugs.debian.org/897496 (package src:python-pathlib) python-pathlib: FTBFS: dh_auto_test: pybuild --test -i python{version} -p 2.7 returned exit code 13 A handful of test cases failing. Hopefully known upstream - find it and get the patch to Debian. https://bugs.debian.org/897489 (package src:python-whoosh) python-whoosh: FTBFS: dh_auto_test: pybuild --test --test-pytest -i python{version} -p 3.6 returned exit code 14 One test case failing, bug filed upstream. Maybe try to fix it. https://bugs.debian.org/897475 (package src:sparql-wrapper-python) sparql-wrapper-python: FTBFS: dh_auto_test: pybuild --test --test-nose -i python{version} -p 3.6 returned exit code 13 There's some lulzy sed to handle Python 2/3 compatibility that isn't working right. Make it work. https://bugs.debian.org/897473 (package src:libappindicator) libappindicator: FTBFS: app-indicator.c:2188:28: error: assignment from incompatible pointer type [-Werror=incompatible-pointer-types] Potentially known upstream, look for a bug, but this is probably a simple C patch - check with someone who's worked with Gtk/GLib before (e.g. Geoffrey) if you need to write the patch. https://bugs.debian.org/897471 (package src:python-magic) python-magic: FTBFS: dh_auto_test: pybuild --test -i python{version} -p 2.7 returned exit code 13 Test case is failing, track it down. https://bugs.debian.org/896635 (package src:python-scipy) FTBFS with sphinx 1.7.2: exception: cannot import name 'Directive' This one and the next two are the same: "sphinx.util.compat.Directive class is now deprecated. Please use instead docutils.parsers.rst.Directive". Send in patches to these projects in the unlikely event it's not fixed upstream, and get the patches into Debian. https://bugs.debian.org/896630 (package src:python-click) FTBFS with sphinx 1.7.2: exception: cannot import name 'Directive' As above. https://bugs.debian.org/896627 (package src:pygments) FTBFS with sphinx 1.7.2: exception: cannot import name 'Directive' As above. Security See Vorlon's notes (below) about whether these are worth working on. https://bugs.debian.org/900929 (package cgminer) CVE-2018-10057 CVE-2018-10058 https://bugs.debian.org/900868 (package src:node-growl) node-growl: CVE-2017-16042: Does not properly sanitize input before passing it to exec https://bugs.debian.org/900708 (package src:wireshark) wireshark: CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Ready for review or sponsorship (i.e., there's already a patch, or you've found / written a patch, and you need someone to upload it; alternatively you think it should be recategorized / closed and want a Debian person to double-check) Fixed! Other Projects May be of interest. They'll take longer than one day but today is a good day to get started! - Write better documentation for the bug tracking system (BTS) and how to interact with it via email. - Write a web interface for Gobby, so you don't need the Gobby application installed. Gobby uses the Infinote protocol, which has an unmaintained JS implementation at https://github.com/sveith/jinfinote See also https://github.com/gobby/gobby/wiki/Development https://github.com/gobby/gobby/issues/9 Glossary: FTBFS: "Fails to build from source". It usually means that something has changed such that the package no longer builds, but it might just mean that the maintainer uploaded an invalid source package. dpkg-buildpackage -A: This command is supposed to build only the architecture-independent packages. Many Debian packages with older packaging don't properly work when you ask it to build just a subset of the packages. RC: release-critical. A bug with severity "serious" or higher is considered release-critical, and will cause the package to get removed from Debian testing if not addressed within a couple of weeks. NMU: Non-maintainer upload. Debian generally frowns on non-maintainer uploads, but RC bugs open for more than two weeks are fine. If a package's recent uploads are all NMUs, it may be a sign that the package should be orphaned. Useful links https://hashman.ca/nyc-bsp/ https://people.debian.org/~vorlon/rc-bugsquashing.html https://wiki.debian.org/BSP/BeginnersHOWTO https://tracker.debian.org/ https://sources.debian.net/ Progress Elana: - filed bugs against upstream repos to update dependencies, which are breaking the Debian builds due to other dep upgrades - uploaded new versions of clojure and clojure1.8 to fix the alternatives bug (reuploaded clojure due to Vcs derp) - fixed Vcs error on libjava-jdbc & uploaded - fixed Vcs warning on clojure-maven-plugin & uploaded Clint: - was hateful in #901327 (tigervnc) - uploaded a fix for #902279 (youtube-dl) to DELAYED/3-day - sent a patch for #902318 (monkeysphere) - was less hateful in #899060 (monkeysphere) Lincoln: - Got my environment setup to work on packages again \o/ - Played with 901318 for a while but didn't really make progress because it seems to be a long discussion so its bad for a newcomer - Was indeed more successful on the python lands. Opened the following PRs - https://github.com/Kronuz/pyScss/pull/374 - https://github.com/ionelmc/pytest-benchmark/pull/114 - Now working on uploading the patches to python-pyscss & python-pytest-benchmark packages removing the dependency on python-pathlib. dkg: - worked on debugging/diagnosing enigmail in preparation for making it DFSG-free again (see https://bugs.debian.org/901556 ) - got pointers from Lincoln about understanding flow control in asynchronous javascript for debugging the failing autopkgtest suites - got pointers from Elana on emulating ci.debian.net's autopkgtest infrastructure so i have a better chance of replicating the failures seen on that platform Simon - Moved python-requests-oauthlib to salsa (https://salsa.debian.org/simonft-guest/python-requests-oauthlib) - Updated it to 1.0 (new release), pending a couple final checks. Geoffrey: - Worked with Lincoln on both bugs - Opened https://bugs.debian.org/902323 about removing python-pathlib - Working on new pymssql upstream release / restoring it to unstable Self-reported new contributors Haven't contributed to Debian or attended a BSP - Jesse S. - Da X. - Mark P. Haven't contributed to Debian - Hashem N. Haven't attended a BSP - Lincoln C.