Debian Bug report logs - #938924
zziplib: Python2 removal in sid/bullseye

version graph

Package: src:zziplib; Maintainer for src:zziplib is Scott Howard <showard@debian.org>;

Reported by: Matthias Klose <doko@debian.org>

Date: Fri, 30 Aug 2019 10:03:20 UTC

Severity: normal

Tags: fixed-upstream, sid

Found in version zziplib/0.13.62-3.2

Fixed in version zziplib/0.13.72+dfsg.1-1

Done: Lukas Märdian <luk@slyon.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to Scott Howard <showard@debian.org>:
Bug#938924; Package src:zziplib. (Fri, 30 Aug 2019 10:03:24 GMT) (full text, mbox, link).

Acknowledgement sent to Matthias Klose <doko@debian.org>:
New Bug report received and forwarded. Copy sent to Scott Howard <showard@debian.org>. (Fri, 30 Aug 2019 10:03:24 GMT) (full text, mbox, link).

Message #5 received at maintonly@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>
To: maintonly@bugs.debian.org
Subject: zziplib: Python2 removal in sid/bullseye
Date: Fri, 30 Aug 2019 08:00:27 +0000
Package: src:zziplib
Version: 0.13.62-3.2
Severity: normal
Tags: sid bullseye
User: debian-python@lists.debian.org
Usertags: py2removal

Python2 becomes end-of-live upstream, and Debian aims to remove
Python2 from the distribution, as discussed in
https://lists.debian.org/debian-python/2019/07/msg00080.html

Your package either build-depends, depends on Python2, or uses Python2
in the autopkg tests.  Please stop using Python2, and fix this issue
by one of the following actions.

- Convert your Package to Python3. This is the preferred option.  In
  case you are providing a Python module foo, please consider dropping
  the python-foo package, and only build a python3-foo package.  Please
  don't drop Python2 modules, which still have reverse dependencies,
  just document them.
  
  This is the preferred option.

- If the package is dead upstream, cannot be converted or maintained
  in Debian, it should be removed from the distribution.  If the
  package still has reverse dependencies, raise the severity to
  "serious" and document the reverse dependencies with the BTS affects
  command.  If the package has no reverse dependencies, confirm that
  the package can be removed, reassign this issue to ftp.debian.org,
  make sure that the bug priority is set to normal and retitle the
  issue to "RM: PKG -- removal triggered by the Python2 removal".

- If the package has still many users (popcon >= 300), or is needed to
  build another package which cannot be removed, document that by
  adding the "py2keep" user tag (not replacing the py2remove tag),
  using the debian-python@lists.debian.org user.  Also any
  dependencies on an unversioned python package (python, python-dev)
  must not be used, same with the python shebang.  These have to be
  replaced by python2/python2.7 dependencies and shebang.

  This is the least preferred option.

If the conversion or removal needs action on another package first,
please document the blocking by using the BTS affects command, like

  affects <bug number of blocking py2removal bug> + src:zziplib

If there is no py2removal bug for that reverse-dependency, please file
a bug on this package (similar to this bug report).

If there are questions, please refer to the wiki page for the removal:
https://wiki.debian.org/Python/2Removal, or ask for help on IRC
#debian-python, or the debian-python@lists.debian.org mailing list.

Added indication that bug 938924 blocks 937695 Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Mon, 21 Oct 2019 23:24:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Scott Howard <showard@debian.org>:
Bug#938924; Package src:zziplib. (Sat, 06 Jun 2020 21:33:02 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Scott Howard <showard@debian.org>. (Sat, 06 Jun 2020 21:33:02 GMT) (full text, mbox, link).

Message #12 received at 938924@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>
To: showard@debian.org
Cc: 938924@bugs.debian.org, control@bugs.debian.org
Subject: Re: zziplib: Python2 removal in sid/bullseye
Date: Sat, 6 Jun 2020 23:28:34 +0200
tags 938924 fixed-upstream
thanks

On Fri, Aug 30, 2019 at 08:00:27AM +0000, Matthias Klose wrote:
> Package: src:zziplib
> Version: 0.13.62-3.2
> Severity: normal
> Tags: sid bullseye
> User: debian-python@lists.debian.org
> Usertags: py2removal
> 
> Python2 becomes end-of-live upstream, and Debian aims to remove
> Python2 from the distribution, as discussed in
> https://lists.debian.org/debian-python/2019/07/msg00080.html

This has been fixed in 0.13.71, with that version it's just a matter
of switching the build dep to python3.

Cheers,
        Moritz

Added tag(s) fixed-upstream. Request was from Moritz Mühlenhoff <jmm@inutil.org> to control@bugs.debian.org. (Sat, 06 Jun 2020 21:33:03 GMT) (full text, mbox, link).

Severity set to 'serious' from 'normal' Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Wed, 08 Jul 2020 06:39:46 GMT) (full text, mbox, link).

Severity set to 'normal' from 'serious' Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Wed, 08 Jul 2020 07:03:43 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Scott Howard <showard@debian.org>:
Bug#938924; Package src:zziplib. (Thu, 10 Jun 2021 14:51:02 GMT) (full text, mbox, link).

Acknowledgement sent to Lukas Märdian <slyon@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Scott Howard <showard@debian.org>. (Thu, 10 Jun 2021 14:51:03 GMT) (full text, mbox, link).

Message #23 received at 938924@bugs.debian.org (full text, mbox, reply):

From: Lukas Märdian <slyon@ubuntu.com>
To: 938924@bugs.debian.org
Subject: Re: zziplib: Python2 removal in sid/bullseye
Date: Thu, 10 Jun 2021 16:39:03 +0200
Hi!

> This has been fixed in 0.13.71, with that version it's just a matter
> of switching the build dep to python3.

Yes. But this is quite a version bump: Last update was a few years ago, 
the old Debian git repo does not exist anymore and the zzip project 
switched its build system from automake to cmake.

I started packaging the latest 0.13.72 release here: 
https://github.com/slyon/zziplib-debian

A refresh of the patches and double-check of the test system still needs 
to be done. But if somebody already wants to do a brief review, I'd 
appreciate any comments!

My dfsg tarball can be found here (removing some Windows binaries from 
the source, as documented in debian/copyright): 
http://people.ubuntu.com/~slyon/zzip/


Cheers, Lukas

Information forwarded to debian-bugs-dist@lists.debian.org, Scott Howard <showard@debian.org>:
Bug#938924; Package src:zziplib. (Fri, 18 Jun 2021 14:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Lukas Märdian <slyon@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Scott Howard <showard@debian.org>. (Fri, 18 Jun 2021 14:57:03 GMT) (full text, mbox, link).

Message #28 received at 938924@bugs.debian.org (full text, mbox, reply):

From: Lukas Märdian <slyon@ubuntu.com>
To: showard@debian.org
Cc: 938924@bugs.debian.org
Subject: Re: zziplib: Python2 removal in sid/bullseye
Date: Fri, 18 Jun 2021 16:45:21 +0200
Hi!

> > This has been fixed in 0.13.71, with that version it's just a matter
> > of switching the build dep to python3.
> 
> Yes. But this is quite a version bump: Last update was a few years ago, 
> the old Debian git repo does not exist anymore and the zzip project 
> switched its build system from automake to cmake.
> 
> I started packaging the latest 0.13.72 release here: 
> https://github.com/slyon/zziplib-debian
> 
> A refresh of the patches and double-check of the test system still needs 
> to be done. But if somebody already wants to do a brief review, I'd 
> appreciate any comments!

I've now updated the package to have it properly tested and 
refreshed/dropped the patches. Also, I moved the project to Salsa:

  https://salsa.debian.org/slyon/zzip

I'm now looking for review & sponsoring.

> My dfsg tarball can be found here (removing some Windows binaries from 
> the source, as documented in debian/copyright): 
> http://people.ubuntu.com/~slyon/zzip/

Regards,
  Lukas

Reply sent to Lukas Märdian <luk@slyon.de>:
You have taken responsibility. (Mon, 21 Jun 2021 11:06:04 GMT) (full text, mbox, link).

Notification sent to Matthias Klose <doko@debian.org>:
Bug acknowledged by developer. (Mon, 21 Jun 2021 11:06:05 GMT) (full text, mbox, link).

Message #33 received at 938924-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 938924-close@bugs.debian.org
Subject: Bug#938924: fixed in zziplib 0.13.72+dfsg.1-1
Date: Mon, 21 Jun 2021 11:04:18 +0000
Source: zziplib
Source-Version: 0.13.72+dfsg.1-1
Done: Lukas Märdian <luk@slyon.de>

We believe that the bug you reported is fixed in the latest version of
zziplib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 938924@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lukas Märdian <luk@slyon.de> (supplier of updated zziplib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 18 Jun 2021 15:57:44 +0200
Source: zziplib
Architecture: source
Version: 0.13.72+dfsg.1-1
Distribution: unstable
Urgency: medium
Maintainer: Scott Howard <showard@debian.org>
Changed-By: Lukas Märdian <luk@slyon.de>
Closes: 938924
Changes:
 zziplib (0.13.72+dfsg.1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #938924)
     + switch to CMake
     + drop .la libtool files
     + refresh d/p/zziplib-unzipcat-NULL-name.patch
     + drop d/p/Avoid-memory-leak-from-__zzip_parse_root_directory-1.patch
        and d/p/Avoid-memory-leak-from-__zzip_parse_root_directory-2.patch
        and d/p/One-more-free-to-avoid-memory-leak.patch:
       applied upstream in 0e1dadb, d2e5d5c and 9411bde
     + drop patches applied upstream:
       debian/patches/merge-CVE-2018-6381.patch-from-jmoellers-12.patch
       debian/patches/zziplib-CVE-2017-5974.patch
       debian/patches/zziplib-CVE-2017-5975.patch
       debian/patches/zziplib-CVE-2017-5976.patch
       debian/patches/zziplib-CVE-2017-5978.patch
       debian/patches/zziplib-CVE-2017-5979.patch
       debian/patches/zziplib-CVE-2017-5981.patch
       debian/patches/need-to-check-on-endbuf-for-stored-files-15.patch
       debian/patches/Reject-the-ZIP-file-and-report-it-as-corrupt-if-the-.patch
       debian/patches/check-rootseek-after-correction-41.patch
       debian/patches/check-rootseek-and-rootsize-to-be-positive-27.patch
       debian/patches/check-zlib-space-to-be-within-buffer-39.patch
       debian/patches/fix-for-zz_rootsize-41.patch
       debian/patches/need-to-check-on-endbuf-for-stored-files-15.patch
Checksums-Sha1:
 7b10eb46a27e35961aaff2b0493cda21a52a318f 2109 zziplib_0.13.72+dfsg.1-1.dsc
 266587872486c8c7c41146041924a7722a590f68 546608 zziplib_0.13.72+dfsg.1.orig.tar.xz
 393da34ee343348fa36477c581f8d572476929f3 11884 zziplib_0.13.72+dfsg.1-1.debian.tar.xz
 6e26678505766d35515c090f858222bd4ee8c4be 7418 zziplib_0.13.72+dfsg.1-1_source.buildinfo
Checksums-Sha256:
 0c4beeddda74385b1afc25474798ecaf1c748f77baf8d18f0a35f0fae0ac2410 2109 zziplib_0.13.72+dfsg.1-1.dsc
 f338a751cd4289a53e68d74135e55cc0a90afe83bbdefe52d180b737338017f4 546608 zziplib_0.13.72+dfsg.1.orig.tar.xz
 797a4555fda7af662b4cfa607854109055852506d1e970deac15bea28a1e8eaf 11884 zziplib_0.13.72+dfsg.1-1.debian.tar.xz
 a99b4177e5f2065b3bb6a3107c67cddef47cdf6f57df5fe4ec44efd0ddd48630 7418 zziplib_0.13.72+dfsg.1-1_source.buildinfo
Files:
 aae3eb47376cbc4c1a348dcc08115966 2109 libs optional zziplib_0.13.72+dfsg.1-1.dsc
 3c54757149657cc6245db8e6d971d45a 546608 libs optional zziplib_0.13.72+dfsg.1.orig.tar.xz
 e40d58f71fe7acade141573dda38e384 11884 libs optional zziplib_0.13.72+dfsg.1-1.debian.tar.xz
 1e77bdc802f901b8e73738d683eb77e3 7418 libs optional zziplib_0.13.72+dfsg.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmDQa3MQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9biGD/0fyYzQtaRqq1BZcWGMz0R1DGMSrn8C4jI9
ZMJcbnUxP41eSbmUIWwaC09lXFGwFTdsbl9+yjy81ma+D2QYBUwCA0VLoAsFHgz3
Z4kseVP64R4ZH6iv/UaFkhMdjZUFSN4ZZTZgbgNOR2Kup5+o9G8EM4DSUMv/uoy0
5gXZWJ3s4J+s2tKe/XFaubdoO5Io+oP5zqwZgAVopFuQ+bDsEEXnB0zCEGwwLYum
s/OC4494Oa6nONLiFN273gg5G8S1qMYZbi+5SDWibgpS7En8YEFB7ARyhWDXpyi5
VPmVXJ7YWjAerjPMXAAjRKk31w7K3FwPutEdECjYEINvFJcNA5BpgMvXtb9gUMTS
Hp1o3WBYnBwwJZECUiK+pL0ZstmSaLoTJJDHMQ70F12MCnMxUkSz7JcWSTpbpY/M
X5eiMMWr6KDpGSgvh6ctwVl8VMWuiXU1fXaGy3rhi+YUZ7TW0ni/ultyNucz/i+V
w/WCjNxc08D5ESv+BC3tvUXvnmkLJXasxuyeAAP51amoKNgHuJPPNV43UFTdd0GJ
UsfxSh+8U5OM0kEpCUMBdDsVCkUGCZl58ovGfXt6g06/C0C8hu/iQx5raHHubTQo
a3mL2brqtFlWX1SAd5en7sv3a0ctzYMUSzh6/a+8f0FjQ7dImBtbHTkpT/fO/Hr4
RZEL6fKiCA==
=sN/e
-----END PGP SIGNATURE-----

Removed tag(s) bullseye. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Mon, 11 Apr 2022 08:03:17 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 10 May 2022 07:25:41 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Mar 10 03:45:28 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.