Your message dated Tue, 18 Nov 2025 15:36:00 +0000
with message-id <[email protected]>
and subject line Bug#1113469: fixed in rlottie 0.1+dfsg-4.3
has caused the Debian Bug report #1113469,
regarding rlottie: FTBFS with CMake 4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1113469: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113469
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rlottie
Version: 0.1+dfsg-4.2
Severity: serious
User: [email protected]
Usertags: cmake-4
Tags: ftbfs, forky, sid
Dear maintainer,
During a test rebuild for CMake 4, rlottie failed to rebuild.
Log Summary:
-------------------------------------------------------------------------------
[...]
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying Fix-stb-include.patch
dpkg-source: info: applying Custom-IterativeReader.patch
dpkg-source: info: applying Cache-compatibility.patch
dpkg-source: info: applying Bump-soversion.patch
dpkg-source: info: applying No-cyclic-layers.patch
dpkg-source: info: applying Check-buffer-length.patch
dpkg-source: info: applying Fix-crash-in-malformed-animations.patch
dpkg-source: info: applying Fix-crash-on-invalid-data.patch
dpkg-source: info: applying Fortify-FreeType-raster.patch
dpkg-source: info: applying Fortify-lottie-parser.patch
dpkg-source: info: applying Extend-mDash-array.patch
dpkg-source: info: applying Include-limits-header.patch
dpkg-source: info: applying Avoid-nullptr-in-solidColor.patch
dpkg-source: info: applying Empty-animation-data.patch
dpkg-source: info: applying Finite-loop-in-VBezier-tAtLength.patch
dpkg-source: info: applying Reject-reversed-frames.patch
dpkg-source: info: applying Ignore-unspecified-type.patch
dpkg-source: info: applying Improve-rendering-performance.patch
dpkg-source: info: applying Init-keyframe.patch
dpkg-source: info: applying Check-empty-frames.patch
dpkg-source: info: applying No-cyclic-structures.patch
dpkg-source: info: applying Positive-points.patch
dpkg-source: info: applying Stop-VBezier-length-overflow.patch
dpkg-source: info: applying Avoid-assertion-failures.patch
dpkg-source: info: applying No-deadlock.patch
dpkg-source: info: applying Atomic-render.patch
dpkg-source: info: applying fix-static-variable-delete.patch
Check disk space
----------------
Sufficient free space for build
User Environment
----------------
APT_CONFIG=/var/lib/sbuild/apt.conf
HOME=/sbuild-nonexistent
LANG=C.UTF-8
LC_ALL=C.UTF-8
LOGNAME=sbuild
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
SHELL=/bin/sh
USER=sbuild
dpkg-buildpackage
-----------------
Command: dpkg-buildpackage --sanitize-env -us -uc -b
dpkg-buildpackage: info: source package rlottie
dpkg-buildpackage: info: source version 0.1+dfsg-4.2
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Matthias Klose <[email protected]>
dpkg-source --before-build .
dpkg-buildpackage: info: host architecture arm64
debian/rules clean
dh clean
dh_clean
debian/rules binary
dh binary
dh_update_autotools_config
dh_autoreconf
debian/rules override_dh_auto_configure
make[1]: Entering directory '/build/reproducible-path/rlottie-0.1+dfsg'
dh_auto_configure --
-DLOTTIE_MODULE_PATH=/usr/lib/aarch64-linux-gnu/rlottie/image-loader.so
-DLIB_INSTALL_DIR=/usr/lib/aarch64-linux-gnu -DLOTTIE_TEST=ON
cd obj-aarch64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb
PKG_CONFIG=/usr/bin/pkg-config cmake -DCMAKE_INSTALL_PREFIX=/usr
-DCMAKE_BUILD_TYPE=None -DCMAKE_INSTALL_SYSCONFDIR=/etc
-DCMAKE_INSTALL_LOCALSTATEDIR=/var -DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON
-DCMAKE_FIND_USE_PACKAGE_REGISTRY=OFF
-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON
-DFETCHCONTENT_FULLY_DISCONNECTED=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run
-DCMAKE_SKIP_INSTALL_ALL_DEPENDENCY=ON "-GUnix Makefiles"
-DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/aarch64-linux-gnu
-DLOTTIE_MODULE_PATH=/usr/lib/aarch64-linux-gnu/rlottie/image-loader.so
-DLIB_INSTALL_DIR=/usr/lib/aarch64-linux-gnu -DLOTTIE_TEST=ON ..
CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
Compatibility with CMake < 3.5 has been removed from CMake.
Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
to tell CMake that the project requires at least <min> but has been updated
to work with policies introduced by <max> or earlier.
Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
-- Configuring incomplete, errors occurred!
cd obj-aarch64-linux-gnu && tail -v -n \+0 CMakeCache.txt
==> CMakeCache.txt <==
# This is the CMakeCache file.
# For build in directory:
/build/reproducible-path/rlottie-0.1+dfsg/obj-aarch64-linux-gnu
# It was generated by CMake: /usr/bin/cmake
# You can edit this file to change values found and used by cmake.
# If you do not want to change any of the values, simply exit the editor.
# If you do want to change a value, simply edit, save, and exit the editor.
# The syntax for the file is as follows:
# KEY:TYPE=VALUE
# KEY is the name of a variable in the cache.
# TYPE is a hint to GUIs for the type of VALUE, DO NOT EDIT TYPE!.
# VALUE is the current value for the KEY.
########################
# EXTERNAL cache entries
########################
//No help, variable specified on the command line.
CMAKE_BUILD_TYPE:UNINITIALIZED=None
//No help, variable specified on the command line.
CMAKE_EXPORT_NO_PACKAGE_REGISTRY:UNINITIALIZED=ON
//No help, variable specified on the command line.
CMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY:UNINITIALIZED=ON
//Value Computed by CMake.
CMAKE_FIND_PACKAGE_REDIRECTS_DIR:STATIC=/build/reproducible-path/rlottie-0.1+dfsg/obj-aarch64-linux-gnu/CMakeFiles/pkgRedirects
//No help, variable specified on the command line.
CMAKE_FIND_USE_PACKAGE_REGISTRY:UNINITIALIZED=OFF
//No help, variable specified on the command line.
CMAKE_INSTALL_LIBDIR:UNINITIALIZED=lib/aarch64-linux-gnu
//No help, variable specified on the command line.
CMAKE_INSTALL_LOCALSTATEDIR:UNINITIALIZED=/var
//No help, variable specified on the command line.
CMAKE_INSTALL_PREFIX:UNINITIALIZED=/usr
//No help, variable specified on the command line.
CMAKE_INSTALL_RUNSTATEDIR:UNINITIALIZED=/run
//No help, variable specified on the command line.
CMAKE_INSTALL_SYSCONFDIR:UNINITIALIZED=/etc
//No help, variable specified on the command line.
CMAKE_SKIP_INSTALL_ALL_DEPENDENCY:UNINITIALIZED=ON
//No help, variable specified on the command line.
CMAKE_VERBOSE_MAKEFILE:UNINITIALIZED=ON
//No help, variable specified on the command line.
FETCHCONTENT_FULLY_DISCONNECTED:UNINITIALIZED=ON
//No help, variable specified on the command line.
LIB_INSTALL_DIR:UNINITIALIZED=/usr/lib/aarch64-linux-gnu
//No help, variable specified on the command line.
LOTTIE_MODULE_PATH:UNINITIALIZED=/usr/lib/aarch64-linux-gnu/rlottie/image-loader.so
//No help, variable specified on the command line.
LOTTIE_TEST:UNINITIALIZED=ON
########################
# INTERNAL cache entries
########################
//This is the directory where this CMakeCache.txt was created
CMAKE_CACHEFILE_DIR:INTERNAL=/build/reproducible-path/rlottie-0.1+dfsg/obj-aarch64-linux-gnu
//Major version of cmake used to create the current loaded cache
CMAKE_CACHE_MAJOR_VERSION:INTERNAL=4
//Minor version of cmake used to create the current loaded cache
CMAKE_CACHE_MINOR_VERSION:INTERNAL=1
//Patch version of cmake used to create the current loaded cache
CMAKE_CACHE_PATCH_VERSION:INTERNAL=1
//Path to CMake executable.
CMAKE_COMMAND:INTERNAL=/usr/bin/cmake
//Path to cpack program executable.
CMAKE_CPACK_COMMAND:INTERNAL=/usr/bin/cpack
//Path to ctest program executable.
CMAKE_CTEST_COMMAND:INTERNAL=/usr/bin/ctest
//Name of external makefile project generator.
CMAKE_EXTRA_GENERATOR:INTERNAL=
//Name of generator.
CMAKE_GENERATOR:INTERNAL=Unix Makefiles
//Generator instance identifier.
CMAKE_GENERATOR_INSTANCE:INTERNAL=
//Name of generator platform.
CMAKE_GENERATOR_PLATFORM:INTERNAL=
//Name of generator toolset.
CMAKE_GENERATOR_TOOLSET:INTERNAL=
//Source directory with the top level CMakeLists.txt file for this
// project
CMAKE_HOME_DIRECTORY:INTERNAL=/build/reproducible-path/rlottie-0.1+dfsg
//Name of CMakeLists files to read
CMAKE_LIST_FILE_NAME:INTERNAL=CMakeLists.txt
//number of local generators
CMAKE_NUMBER_OF_MAKEFILES:INTERNAL=1
//Path to CMake installation.
CMAKE_ROOT:INTERNAL=/usr/share/cmake-4.1
dh_auto_configure: error: cd obj-aarch64-linux-gnu &&
DEB_PYTHON_INSTALL_LAYOUT=deb PKG_CONFIG=/usr/bin/pkg-config cmake
-DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=None
-DCMAKE_INSTALL_SYSCONFDIR=/etc -DCMAKE_INSTALL_LOCALSTATEDIR=/var
-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON -DCMAKE_FIND_USE_PACKAGE_REGISTRY=OFF
-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=ON
-DFETCHCONTENT_FULLY_DISCONNECTED=ON -DCMAKE_INSTALL_RUNSTATEDIR=/run
-DCMAKE_SKIP_INSTALL_ALL_DEPENDENCY=ON "-GUnix Makefiles"
-DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_INSTALL_LIBDIR=lib/aarch64-linux-gnu
-DLOTTIE_MODULE_PATH=/usr/lib/aarch64-linux-gnu/rlottie/image-loader.so
-DLIB_INSTALL_DIR=/usr/lib/aarch64-linux-gnu -DLOTTIE_TEST=ON .. returned exit
code 1
make[1]: *** [debian/rules:25: override_dh_auto_configure] Error 2
make[1]: Leaving directory '/build/reproducible-path/rlottie-0.1+dfsg'
make: *** [debian/rules:22: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------
Build finished at 2025-08-30T17:04:51Z
-------------------------------------------------------------------------------
The above is just how the build ends and not necessarily the most relevant part.
If required, the full build log is available here (for the next 30 days):
https://debusine.debian.net/artifact/2410188/
The most likely cause of build failures is the removed backwards compatibility
for
CMake versions earlier than 3.5. You can find additional information in my
debian-devel announcement:
https://lists.debian.org/debian-devel/2025/04/msg00310.html
About the archive rebuild: The build was made on debusine.debian.net,
using sbuild.
You can find the build task here:
https://debusine.debian.net/work-request/154739/
If this is really a bug in one of the build-depends, please use
reassign and affects, so that this is still visible in the BTS web
page for this package.
Thanks,
Timo
--- End Message ---
--- Begin Message ---
Source: rlottie
Source-Version: 0.1+dfsg-4.3
Done: Thorsten Alteholz <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rlottie, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated rlottie package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 18 Nov 2025 12:05:10 +0100
Source: rlottie
Architecture: source
Version: 0.1+dfsg-4.3
Distribution: unstable
Urgency: medium
Maintainer: Nicholas Guriev <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Closes: 1109341 1113469
Changes:
rlottie (0.1+dfsg-4.3) unstable; urgency=medium
.
* Non-maintainer upload.
* add cmake4.patch (Closes: #1113469)
* CVE-2025-0634 (Closes: #1109341)
CVE-2025-53074
CVE-2025-53075
Most patches to fix these issues are already part of:
Fix-crash-on-invalid-data.patch
The remaining boundary check is left in:
CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch
For the sake of completeness, the whole upstream patch
for these CVEs is added in:
CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org
Checksums-Sha1:
91f9725dd560c47c2856946ebf3b6c78139b612f 2190 rlottie_0.1+dfsg-4.3.dsc
b5c6a1fbed15d57b45f8321aa2fd9fa10dd376f9 2899072 rlottie_0.1+dfsg.orig.tar.xz
df95145390aa9de6b7fea74789c209cb08494e89 23340
rlottie_0.1+dfsg-4.3.debian.tar.xz
bdc80109f5b3adfe7da37c885f6aaad6ca3d0b10 7770
rlottie_0.1+dfsg-4.3_amd64.buildinfo
Checksums-Sha256:
f2f88d3e9690165b46aff3c8208f0831d19366b53f86d6f0f0657ab9dac00048 2190
rlottie_0.1+dfsg-4.3.dsc
23ef230681bfec7ed6f2d1e3918fed9456874392594297f9a5b70e0bc58a80eb 2899072
rlottie_0.1+dfsg.orig.tar.xz
2bd62071470d57d401676981136a1add828a36abf138ddb85e7b0b249eaecb67 23340
rlottie_0.1+dfsg-4.3.debian.tar.xz
171d90bc083bfed207c5dabdc5cc0648178a723bcf35173acd689902e01960f0 7770
rlottie_0.1+dfsg-4.3_amd64.buildinfo
Files:
17b9990249ab33226da650ef8f3c5c99 2190 libs optional rlottie_0.1+dfsg-4.3.dsc
4a1a9402dd50e0f917b01b762c98a7c8 2899072 libs optional
rlottie_0.1+dfsg.orig.tar.xz
ee29b980deb5c0ec087b35b87204ef39 23340 libs optional
rlottie_0.1+dfsg-4.3.debian.tar.xz
c7072e61279d6f8d6ca5b0f307acf376 7770 libs optional
rlottie_0.1+dfsg-4.3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmkcjJBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwMhD/4vvhox6ZlLjCzIO69Qc7KKILYFy0SI
hnK5ueZgHtAE3/avX1mGZTArOO/Fh+zPFKiOVrSpjXB9SgTIjuAbZV9J6K0oht+8
MYhVB+iRnfTgNc9J4hYNlG1SNtYKOLRzqxWQk3AeRo7r/Yse3xyY61F9l5Qmp2Tm
m8/HrYrXO10qCGImT3C7fnoJ7EBSA7LBlk+86TVCN4Tk0XJaLgDTUPqM4xWMVx/6
4T3G1EcndBN09YaPyFmXQyW6zG/RKedwz8LnADXE3+sp2YvDySIxvI/hUAI7MzQE
hRNrxAzAXd8TBAKrE6jg332uNgIjR3QR1CKxkdubjkqF9uZ3jsK+yL4LIbsjhmcH
XoaG8N6lI2WQUCq+qmim638XC57LINGZGSTXySex1I2FHQ0cZYEqOD0KLVuS5jOU
L6mDt2jgBWYzIBrE5bdHxE3t+L+uC929WiEox81eGLI8RNa18nqL/AVxVgFAwDTY
Dlra8GP3VuCVhrcgS7Hsu8g1d9ZlBv6cplUKbx4s+VSiYjAWO6p7l31qm8CEGZcQ
eJNlRYgICtfE1V4B2HJYY4NZoQ5qf9wLJ8EIFgxOPXsliQUz8UFnmt2a8dKFhegI
fJ2yjKNDahax1a2w04OTfm/tcA/RzK7nm9TgC/Ka/yf7dpRUSfP9LKjK6Y0iCL/D
gas46wq/5bKnCg==
=PgqH
-----END PGP SIGNATURE-----
pgppGqrzfWwE2.pgp
Description: PGP signature
--- End Message ---
