Skip to main content

FTBFS fixes and other patches available for your package!

Wheeze is planned to release very soon! There is still a fair amount of work to push the release out, but it does mean that a lot of fun can begin for jessie.

Over the past cycle in Ubuntu, many packages where synced from experimental, many fixes were applied and many packages were upgraded ahead of debian version strings.

If one goes to your package PTS page at:

packages.qa.debian.org/$SCRPACKAGENAME

One can find the following box titled "ubuntu" in it:


Please click on "patches for VERSION STRING" to find:
  • Useless irrelevant changes =) oh well, it happens
  • FTBFS fixes due to GCC 4.8 (*)
  • FTBFS fixes due to new GlibC
  • FTBFS fixes due to multiarched Python2.7 and Python3.3
  • FTBFS fixes due to multiarched Tcl/Tk
  • FTBFS fixes due to Python hash randomisation enabled
  • FTBFS fixes due to Boost 1.53 (*)
  • Fixes to minimise dependencies when bootstrapping packages
  • Fixes to multiarch more and more libraries
  • Fixes to enable package cross-building
  • Updates to new upstream releases
  • Usage of pybuild
  • Completed migration away from guile1.6
(*) more of those will be available after S-series opens in ubuntu, from April the 29th onwards

Some of the above patches were submitted to debian, with majority of submitted patches have not been applied, simply because none of them were appropriate during freeze and could have been disruptive to Wheezy release.

Please check useful patches available on your PTS!

Please take those patches!

Not taking Ubuntu patches results in more duplicate work in Ubuntu (i.e. rebasing those patches), thus reducing total dev-time available to work to fix other issues.

I myself uploaded a few of those patches into Ubuntu. And in the beginning I was filing BTS bugs with a patch against relevant packages in Debian. Very quickly I realised that since Debian is frozen a lot of those patches would just bitrot in BTS. I of course wished that they would all be instantly applied and uploaded into Experimental, but that did not happen. At the moment there are still 8 bugs open with patches I submitted, with oldest one opened on 6th of July 2012. So that's the reason why I stopped pushing patches to BTS, because well they are not reviewed nor applied in a timely manner =) where my expectation of timely manner is less than 6 months to be uploaded into Experimental or reviewed/rejected/commented on. Not uploading patches because they don't apply to Debian yet, is silly as they will apply to Debian eventually. Unapplied patches continue to generate more work on a more universal scope (e.g. requiring those patches to be rebased in ubuntu, thus many developers spending their time doing that, instead of writting fixes for new issues).

Comments

Popular posts from this blog

Achieving actually full disk encryption of UEFI ESP at rest with TCG OPAL, FIPS, LUKS

Achieving full disk encryption using FIPS, TCG OPAL and LUKS to encrypt UEFI ESP on bare-metal and in VMs Many security standards such as CIS and STIG require to protect information at rest. For example, NIST SP 800-53r5 SC-28 advocate to use cryptographic protection, offline storage and TPMs to enhance protection of information confidentiality and/or integrity. Traditionally to satisfy such controls on portable devices such as laptops one would utilize software based Full Disk Encryption - Mac OS X FileVault , Windows Bitlocker , Linux cryptsetup LUKS2 . In cases when FIPS cryptography is required, additional burden would be placed onto these systems to operate their kernels in FIPS mode. Trusted Computing Group  works on establishing many industry standards and specifications, which are widely adopted to improve safety and security of computing whilst keeping it easy to use. One of their most famous specifications them is TCG  TPM 2.0 (Trusted Platform Module). TPMs are now...

Security-only OpenSSL tarball releases for CVE-2026-2673

On Friday May the 13th OpenSSL project has published advisory details for  CVE-2026-2673 . The CVE is treated as non-important by the project. The patches are only provided as commits on the stable branches. No git tag, no precise fixed version, and no source tarballs provided. The patches that were merged to openssl-3.5 and openssl-3.6 branches were not based on top of the last stable point release and did not split code changes & documentation updates. It means that cherry-picking the commits referenced in the advisory will always lead to conflicts requiring manual resolution. It is not clear if support is provided for snapshot builds off the openssl-3.5 and openssl-3.6 branches. As the builds from the stable branches declare themselves as dev builds of the next unreleased point release. For example, in contrast to projects such as vim and glibc, with every commit to stable branches explicitly recommended for distributors to ship and is supported. I have requested OpenSSL ups...

Encrypt all the things

xkcd #538: Security Went into blogger settings and enabled TLS on my custom domain blogger blog. So it is now finally a https://blog.surgut.co.uk  However, I do use feedburner and syndicate that to the planet. I am not sure if that is end-to-end TLS connections, thus I will look into removing feedburner between my blog and the ubuntu/debian planets. My experience with changing feeds in the planets is that I end up spamming everyone. I wonder, if I should make a new tag and add that one, and add both feeds to the planet config to avoid spamming old posts. Next up went into gandi LiveDNS platform and enabled DNSSEC on my domain. It propagated quite quickly, but I believe my domain is now correctly signed with DNSSEC stuff. Next up I guess, is to fix DNSSEC with captive portals. I guess what we really want to have on "wifi" like devices, is to first connect to wifi and not set it as default route. Perform captive portal check, potentially with a reduced DNS server capabil...