Bug#1071159: glib2.0 2.74.6-2+deb12u3 flagged for acceptance
package release.debian.org tags 1071159 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glib2.0 Version: 2.74.6-2+deb12u3 Explanation: fix a (rare) memory leak
Bug#1070856: riseup-vpn 0.21.11+ds1-5+deb12u1 flagged for acceptance
package release.debian.org tags 1070856 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: riseup-vpn Version: 0.21.11+ds1-5+deb12u1 Explanation: use system certificate bundle by default, restoring ability to connect to an endpoint using LetsEncrypt certificate
Bug#1070801: qemu 7.2+dfsg-7+deb12u6 flagged for acceptance
package release.debian.org tags 1070801 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qemu Version: 7.2+dfsg-7+deb12u6 Explanation: new upstream stable release; security fixes [CVE-2024-26327 CVE-2024-26328 CVE-2024-3446 CVE-2024-3447]
Bug#1069881: systemd 252.25-1~deb12u1 flagged for acceptance
package release.debian.org tags 1069881 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.25-1~deb12u1 Explanation: new upstream stable release
Bug#1069881: systemd 252.24-1~deb12u1 flagged for acceptance
package release.debian.org tags 1069881 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.24-1~deb12u1 Explanation: new upstream stable release
Bug#1069720: dpdk 22.11.5-1~deb12u1 flagged for acceptance
package release.debian.org tags 1069720 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dpdk Version: 22.11.5-1~deb12u1 Explanation: new upstream stable release
Bug#1066965: bookworm-pu: package newlib/3.3.0-2
Control: tags -1 + confirmed On Sat, 2024-03-16 at 09:09 +0100, Petter Reinholdtsen wrote: > +newlib (3.3.0-2) bookworm; urgency=medium > As Salvatore already noted, that's not a conventional version number for a stable upload, but can be used iff no such version has ever been used for a package uploaded to Debian (or included as a changelog stanza in d/changelog for any package uploaded to Debian) in the past. > + > + * QA upload. > + * Orphan package to reflect status in Unstable. Although this is harmless, note that it's also mostly redundant, as nothing actually looks at / acts on the maintainer fields of packages in stable (or older). Please go ahead. Regards, Adam
Bug#1071161: glib2.0 2.66.8-1+deb11u4 flagged for acceptance
On Tue, 2024-05-21 at 11:23 +0100, Simon McVittie wrote: > On Mon, 20 May 2024 at 20:12:24 +, Adam D Barratt wrote: > > The upload referenced by this bug report has been flagged for > > acceptance > > into the proposed-updates queue for Debian bullseye. > ... > > Package: glib2.0 > > Version: 2.66.8-1+deb11u4 > > Explanation: fix a (rare) memory leak > > Thanks for reviewing this change. Please consider also accepting > #1071159 into bookworm-p-u (same change, different base version) to > preserve the property that bookworm has no regressions when compared > with bullseye, which I assume is something we want to be able to > treat as an invariant. Yep, that's the plan. I just ran out of time on yesterday's run through the queues before I got to handling the bookworm upload. Regards, Adam
Bug#1071266: software-properties 0.99.30-4.1~deb12u1 flagged for acceptance
package release.debian.org tags 1071266 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: software-properties Version: 0.99.30-4.1~deb12u1 Explanation: software-properties-qt: Add Conflicts+Replaces: software-properties-kde for smoother upgrades from bullseye
Bug#1071161: glib2.0 2.66.8-1+deb11u4 flagged for acceptance
package release.debian.org tags 1071161 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: glib2.0 Version: 2.66.8-1+deb11u4 Explanation: fix a (rare) memory leak
Bug#1070799: rustc-web 1.70.0+dfsg1-7~deb11u1 flagged for acceptance
package release.debian.org tags 1070799 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.70.0+dfsg1-7~deb11u1 Explanation: support firefox-esr and thunderbird in bullseye for LTS
Bug#1070232: python3.11 3.11.2-6+deb12u2 flagged for acceptance
package release.debian.org tags 1070232 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: python3.11 Version: 3.11.2-6+deb12u2 Explanation: protect zipfile from "quoted-overlap" zipbomb [CVE-2024-0450]; tempfile.TemporaryDirectory: fix symlink bug in cleanup [CVE-2023-6597]; fix "os.path.normpath(): Path truncation at null bytes" [CVE-2023-41105]; avoid bypass of TLS handshake protections on closed sockets [CVE-2023-40217]; strip C0 control and space characters in urlsplit [CVE-2023-24329]; avoid a potential null pointer dereference in filleutils
Bug#1069933: emacs 28.2+1-15+deb12u1 flagged for acceptance
package release.debian.org tags 1069933 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: emacs Version: 28.2+1-15+deb12u1 Explanation: security fixes [CVE-2024-30202 CVE-2024-30203 CVE-2024-30204 CVE-2024-30205]
Bug#1070218: pypy3 7.3.11+dfsg-2+deb12u2 flagged for acceptance
package release.debian.org tags 1070218 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: pypy3 Version: 7.3.11+dfsg-2+deb12u2 Explanation: strip C0 control and space characters in urlsplit [CVE-2023-24329]; avoid bypass of TLS handshake protections on closed sockets [CVE-2023-40217]; tempfile.TemporaryDirectory: fix symlink bug in cleanup [CVE-2023-6597]; protect zipfile from "quoted-overlap" zipbomb [CVE-2024-0450]
Bug#1065071: php-symfony-contracts 1.1.10-2+deb11u1 flagged for acceptance
package release.debian.org tags 1065071 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: php-symfony-contracts Version: 1.1.10-2+deb11u1 Explanation: force loading of system dependencies
Bug#1069880: cpu 1.4.3-14~deb11u1 flagged for acceptance
package release.debian.org tags 1069880 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: cpu Version: 1.4.3-14~deb11u1 Explanation: provide exactly one definition of globalLdap in ldap plugin
Bug#1068694: bullseye-pu: package json-smart/2.2-2+deb11u1
On Mon, 2024-04-22 at 17:57 +0100, Jonathan Wiltshire wrote: > Control: tag -1 confirmed > > On Tue, Apr 09, 2024 at 10:01:11AM +0200, Andreas Beckmann wrote: > > +++ b/debian/patches/0004-CVE-2021-31684-Fix-indexOf.patch > > @@ -0,0 +1,27 @@ > > +From: HAPPY > > Well if that doesn't tickle my antennae nothing will :) > > Please go ahead. It looks like the bookworm update didn't make it to stable-new (and thus p-u) yet, so the bullseye update is stuck in oldstable-new so as not to cause version skew. Regards, Adam
Bug#1071272: linux: building the bookworm-backports armhf kernel causes OOM on buildds
Source: linux Version: 6.7.12-1~bpo12+1 Severity: serious X-Debbugs-CC: debian-...@lists.debian.org X-Debbugs-CC: d...@debian.org Hi, armhf builds of the bookworm-backports kernel appear to have led to outages on several buildds recently. Each of arm-ubc-04, arm-ubc-05 and arm-ubc-06 (QEMU ganeti guests) stopped responding after starting to build the kernel, and had to be rebooted. The build logs stop are various points - two at different points during drivers/net, and one during the dpkg-deb runs at the end of the build. The one common factor appears to be that the system logs on each machine show the OOM killer being invoked during the build, initially killing syslog but subsequently schroot and many system processes. Each buildd has 12GB of RAM and 120GB of swap available. The issue also seems to be specific to the armhf build - arm-ubc-06 recently successfully built the armel build of the same kernel version. Please let us know if you need any further information. Regards, Adam
Bug#1031888: emacs-nox: bullseye-security update fails to install on mips64el
On Thu, 2024-05-16 at 17:01 +0100, Sean Whitton wrote: > control: reopen 1031888 > > Hello Adam, > > On Fri 21 Apr 2023 at 10:19am +01, Adam D. Barratt wrote: > [...] > > With my DSA hat on, I'm not aware of it having been confirmed to > > fix > > the issue on bullseye. I'm happy to test an updated package in the > > meantime. (FWIW the update isn't in p-u currently because of this > > issue.) > > I have prepared an update for bullseye incorporating upstream's fix > for the memory leak. > I would be grateful if you could test whether the mips64el > installation is still reproducible. > > As deb11u3 is already in p-u and tagged, I've versioned this deb11u4. > I've pushed it to the fix-1031888 branch of salsa:rlb/deb-emacs.git. > I've built a 27.1+1-3.1+deb11u4~1.gbp4104c1 package, and confirmed that it installs cleanly over +deb11u2 on mipsel-osuosl-01. I then checked the version numbers, and realised that +deb11u2 was the version that was previously failing. Checking back, all of the debian.org systems that were affected by the bug are either down or have already been upgraded to bookworm, so I'm afraid I no longer have a useful test environment for #1031888. Regards, Adam
Bug#1071172: libc6-dev omits the bits directory
Control: tags -1 + moreinfo On Wed, 2024-05-15 at 22:10 +1000, Joris van der Geer wrote: > package:libc6-dev > version: 2.36 There's no such version of the package. However, assuming you mean the package in bookworm (2.36-9+deb12u5), > Libc6 omits thr ‘bits’ directory, rendering glibc inoperable this is incorrect: adam@darzee:~$ dpkg -S libc-header-start.h libc6-dev:amd64: /usr/include/x86_64-linux-gnu/bits/libc-header-start.h Regards, Adam
Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1
On Tue, 2024-05-14 at 20:51 +0200, Santiago Vila wrote: > > > As bart-cuda build-depends on nvidia-cuda-toolkit, which is in > > > non- > > > free, bart-cuda is not buildable on the buildd network, so this > > > will > > > also need a binary upload to be performed. > > > > Ok, what's the best way to solve this? Can you reject the upload > > so that I do it again including .debs? > > Nevermind. I see that the upload was already accepted, and what is > missing is a binary-only upload matching the already existing source. > Yes, sorry if I wasn't clear enough about that. > I'll make the missing binary upload. Thanks. Regards, Adam
Bug#1070761: bullseye-pu: package bart-cuda/0.6.00-1+deb11u1
On Wed, 2024-05-08 at 17:18 +0200, Santiago Vila wrote: > This upload fixes Bug #1070757 FTBFS in bullseye. > Note: A similar request for a similar bug has been made for package > "bart". > > [ Impact ] > Anybody who try to build the package from source may find > that the package FTBFS unexpectedly. As bart-cuda build-depends on nvidia-cuda-toolkit, which is in non- free, bart-cuda is not buildable on the buildd network, so this will also need a binary upload to be performed. Regards, Adam
Bug#1065013: nvidia-graphics-drivers 470.239.06-1 flagged for acceptance
On Wed, 2024-05-08 at 18:22 +0100, Adam D. Barratt wrote: > On Wed, 2024-05-08 at 19:18 +0200, Andreas Beckmann wrote: > > On 05/05/2024 20.52, Adam D Barratt wrote: > > > Package: nvidia-graphics-drivers > > > Version: 470.239.06-1 > > > > > Explanation: upstream security fixes [CVE-2022-42265 CVE-2024- > > > 0074 > > > CVE-2024-0078] > > > > Can we push these packages to bullseye-updates? > > The kernel change that recently caused problems for the nvidia > > modules > > in bookworm has now reached bullseye, too: #1070726, but the new > > upstream already sitting in bullseye-pu is sufficient to fix that. > > Would wording similar to > https://lists.debian.org/debian-stable-announce/2024/02/msg2.html > be accurate / suitable? (With the 12.5 reference changed to the > relevant DSA number.) Not sure if you saw the previous mail, but see below for suggested SUA text. Regards, Adam === This update addresses problems in three non-free driver packages supporting nVidia graphics cards. The Linux kernel released in DSA 5681-1 changed an inlined function to call two GPL-only symbols, making that function inaccessible to non-free kernel modules. As a result, the nVidia kernel modules cannot be built via DKMS at installation time for the updated kernel. The following packages have been updated to correct the problem: Source package Fixed version == = nvidia-graphics-drivers470.239.06-1 nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1 nvidia-settings470.239.06-1 If you use the affected packages, we recommend you upgrade to these versions. ===
Bug#1070670: shim-helpers-i386-signed 1+15.8+1~deb11u1 flagged for acceptance
package release.debian.org tags 1070670 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: shim-helpers-i386-signed Version: 1+15.8+1~deb11u1 Explanation: rebuild against shim 15.8.1
Bug#1070670: shim-helpers-arm64-signed 1+15.8+1~deb11u1 flagged for acceptance
package release.debian.org tags 1070670 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: shim-helpers-arm64-signed Version: 1+15.8+1~deb11u1 Explanation: rebuild against shim 15.8.1
Bug#1070660: shim-helpers-i386-signed 1+15.8+1~deb12u1 flagged for acceptance
package release.debian.org tags 1070660 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: shim-helpers-i386-signed Version: 1+15.8+1~deb12u1 Explanation: rebuild against shim 15.8.1
Bug#1070670: shim-helpers-amd64-signed 1+15.8+1~deb11u1 flagged for acceptance
package release.debian.org tags 1070670 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: shim-helpers-amd64-signed Version: 1+15.8+1~deb11u1 Explanation: rebuild against shim 15.8.1
Bug#1070660: shim-helpers-arm64-signed 1+15.8+1~deb12u1 flagged for acceptance
package release.debian.org tags 1070660 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: shim-helpers-arm64-signed Version: 1+15.8+1~deb12u1 Explanation: rebuild against shim 15.8.1
Bug#1070660: shim-helpers-amd64-signed 1+15.8+1~deb12u1 flagged for acceptance
package release.debian.org tags 1070660 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: shim-helpers-amd64-signed Version: 1+15.8+1~deb12u1 Explanation: rebuild against shim 15.8.1
Bug#1070660: shim 15.8-1~deb12u1 flagged for acceptance
package release.debian.org tags 1070660 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: shim Version: 15.8-1~deb12u1 Explanation: new upstream release
Bug#1070670: shim 15.8-1~deb11u1 flagged for acceptance
package release.debian.org tags 1070670 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: shim Version: 15.8-1~deb11u1 Explanation: new upstream release
Bug#1065013: nvidia-graphics-drivers 470.239.06-1 flagged for acceptance
On Wed, 2024-05-08 at 19:18 +0200, Andreas Beckmann wrote: > On 05/05/2024 20.52, Adam D Barratt wrote: > > Package: nvidia-graphics-drivers > > Version: 470.239.06-1 > > > Explanation: upstream security fixes [CVE-2022-42265 CVE-2024-0074 > > CVE-2024-0078] > > Can we push these packages to bullseye-updates? > The kernel change that recently caused problems for the nvidia > modules > in bookworm has now reached bullseye, too: #1070726, but the new > upstream already sitting in bullseye-pu is sufficient to fix that. Would wording similar to https://lists.debian.org/debian-stable-announce/2024/02/msg2.html be accurate / suitable? (With the 12.5 reference changed to the relevant DSA number.) Regards, Adam
Bug#1067106: bullseye-pu: package nvidia-settings/470.239.06-1
Control: tags -1 + pending On Mon, 2024-05-06 at 20:29 +0200, Andreas Beckmann wrote: > while accepting the nvidia stack yesterday (many thanks for that!) > you missed to tag etc. this bug, while the package was accepted > (perhaps attributed to a different bug?). Yep, the metadata in the comment file had a typo in the bug number. Fixed now, thanks. Regards, Adam
Bug#1070490: libc6: Unpacking libc6:amd64 2.28-10+deb10u3 over 2.28-10+deb10u2 breaks system
On Mon, 2024-05-06 at 13:02 +0200, Jan Krčmář wrote: > Package: libc6 > Version: 2.28-10+deb10u3 > > Upgrading the system (Debian 10/Buster) causes corrupted system, > ending with kernel panic and unbootable system. > [...] > The following packages will be upgraded: > apt apt-transport-https apt-utils base-files ca-certificates The fact that APT is being upgraded here seems strange - APT hasn't changed in buster for 3 years. What's your base system? > [...] > Unpacking libc6:amd64 (2.28-10+deb10u3) over (2.28-10+deb10u2) ... > Replaced by files in installed package libcrypt1:amd64 (1:4.4.18-4) > ... This, on the other hand, looks like you've done something odd to your system. libcrypt1 doesn't exist until bullseye, so at some point you have partially upgraded your base system. In conjunction with your pre- upgrade system apparently having an APT version that's /older/ than the one in buster, this feels odd. Regards, Adam
Bug#1067016: nvidia-settings 470.239.06-1 flagged for acceptance
package release.debian.org tags 1067016 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: nvidia-settings Version: 470.239.06-1 Explanation: new upstrem bugfix release; build for ppc64el
Bug#1065053: nvidia-graphics-drivers-tesla-470 470.239.06-1~deb11u1 flagged for acceptance
package release.debian.org tags 1065053 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: nvidia-graphics-drivers-tesla-470 Version: 470.239.06-1~deb11u1 Explanation: new upstream LTS release [CVE-2024-0074 CVE-2024-0078 CVE-2022-42265]
Bug#1065013: nvidia-graphics-drivers 470.239.06-1 flagged for acceptance
package release.debian.org tags 1065013 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: nvidia-graphics-drivers Version: 470.239.06-1 Explanation: upstream security fixes [CVE-2022-42265 CVE-2024-0074 CVE-2024-0078]
Bug#1067843: nvidia-open-gpu-kernel-modules 535.161.08-1~deb12u1 flagged for acceptance
package release.debian.org tags 1067843 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-open-gpu-kernel-modules Version: 535.161.08-1~deb12u1 Explanation: update to 535 series LTS drivers [CVE-2023-0180 CVE-2023-0183 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199 CVE-2023-25515 CVE-2023-25516 CVE-2023-31022 CVE-2024-0074 CVE-2024-0075 CVE-2024-0078]
Bug#1067821: nvidia-graphics-drivers 535.161.08-2~deb12u1 flagged for acceptance
package release.debian.org tags 1067821 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-graphics-drivers Version: 535.161.08-2~deb12u1 Explanation: new upstream stable release [CVE-2023-0180 CVE-2023-0183 CVE-2023-0184 CVE-2023-0185 CVE-2023-0187 CVE-2023-0188 CVE-2023-0189 CVE-2023-0190 CVE-2023-0191 CVE-2023-0194 CVE-2023-0195 CVE-2023-0198 CVE-2023-0199 CVE-2023-25515 CVE-2023-25516 CVE-2023-31022 CVE-2024-0074 CVE-2024-0075 CVE-2024-0078]
Bug#1067745: nvidia-settings 535.171.04-1~deb12u1 flagged for acceptance
package release.debian.org tags 1067745 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-settings Version: 535.171.04-1~deb12u1 Explanation: new upstream LTS release
Bug#1067742: nvidia-xconfig 535.171.04-1~deb12u1 flagged for acceptance
package release.debian.org tags 1067742 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-xconfig Version: 535.171.04-1~deb12u1 Explanation: new upstream LTS release
Bug#1065653: nvidia-modprobe 535.161.07-1~deb12u1 flagged for acceptance
package release.debian.org tags 1065653 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-modprobe Version: 535.161.07-1~deb12u1 Explanation: prepare to switch to 535 series LTS drivers
Bug#1067739: nvidia-persistenced 535.171.04-1~deb12u1 flagged for acceptance
package release.debian.org tags 1067739 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-persistenced Version: 535.171.04-1~deb12u1 Explanation: switch to 535 series LTS drivers; update list of supported drivers
Bug#1070202: RM: rust-atk-sys/experimental -- ROM; RoM; unmaintained library
On Wed, 2024-05-01 at 21:15 +0200, Matthias Geiger wrote: > I uploaded an experimental version some time ago that wasn't picked > up by dak apperantly when it was removing it from unstable. For reference, that's expected - the removal command operates on a single suite, so removals from more than one suite need a bug for each. Regards, Adam
Bug#1070175: RM: salt/3002.6+dfsg1-4+deb11u1
On Wed, 2024-05-01 at 19:46 +0200, Moritz Muehlenhoff wrote: > On Wed, May 01, 2024 at 06:29:29PM +0100, Adam D. Barratt wrote: > > On Wed, 2024-05-01 at 13:02 +0200, Moritz Muehlenhoff wrote: > > > Please remove salt in the next Bullseye point release. > > > It was already removed frm unstable for being unsupportable > > > and unmaintained (https:://bugs.debian.org/1069654). > > > > > > There are two related packages which need to be removed > > > alongside, since salt-common depends on them (but which > > > have no other dependencies outside of salt): > > > > > > pytest-salt-factories 0.93.0-1 > > > pytest-testinfra 6.1.0-1 > > > > I'm not doubting whether at least the former should be removed, but > > "salt-common depends on them" isn't a reason to remove things in > > itself. A relationship in the opposite direction certainly would be > > (i.e. "they depend on salt-common"). > > It's actually build dependencies, both pytest-salt-factories and > pytest-testinfra build depend on salt-common. Ah, that makes more sense. Thanks for the clarification. Regards, Adam
Bug#1070175: RM: salt/3002.6+dfsg1-4+deb11u1
On Wed, 2024-05-01 at 13:02 +0200, Moritz Muehlenhoff wrote: > Please remove salt in the next Bullseye point release. > It was already removed frm unstable for being unsupportable > and unmaintained (https:://bugs.debian.org/1069654). > > There are two related packages which need to be removed > alongside, since salt-common depends on them (but which > have no other dependencies outside of salt): > > pytest-salt-factories 0.93.0-1 > pytest-testinfra 6.1.0-1 I'm not doubting whether at least the former should be removed, but "salt-common depends on them" isn't a reason to remove things in itself. A relationship in the opposite direction certainly would be (i.e. "they depend on salt-common"). Regards, Adam
Bug#1067821: bookworm-pu: package nvidia-graphics-drivers/535.161.08-2~deb12u1
On Sun, 2024-04-28 at 13:43 +0200, Andreas Beckmann wrote: > Please reject nvidia-graphics-drivers/535.161.08-1~deb12u1, nvidia- > driver-full is uninstallable on ppc64el (but that was hidden by the > other t64 transition blockers). Done, thanks for letting us know. Regards, Adam
Bug#1070005: mirror submission for mirrors.hostico.ro
On Sun, 2024-04-28 at 13:28 +, Hostico wrote: > Package: mirrors > Severity: wishlist > User: mirr...@packages.debian.org > Usertags: mirror-submission > > Submission-Type: new > Site: mirrors.hostico.ro This is *not* a new submission. Please do not submit duplicate details for already listed mirrors. You were already advised two days ago to allow a few days for your mirror to automatically return to the published listing and that you did not need to resubmit. That advice has not changed in the meantime. If the intent was to change some details, the submission form has an "update" option; highlighting which details you believe have changed via a comment helps in such cases. Regards, Adam
Bug#1058697: fonts-fork-awesome: expected files missing?
Hi Paul, Paul Gevers writes: > For src:cacti (of which I'm de-facto the only maintainer) I received a > bug report in Ubuntu (#2046431) about missing files. As cacti doesn't > ship these files, but Depends on fonts-fork-awesome I was wondering if > cacti upstream is shipping "weird" files or if the files are reasonable > to be expected and are just missing to be build/shipped in > fonts-fork-awesome. > > We're at least talking about ./webfonts/fa-solid-900.woff2 and > ./css/all.css. As far as I can tell the above are copies of FontAwesome webfonts. apt-file list fonts-fork-awesome | grep css https://github.com/ForkAwesome/Fork-Awesome/tree/master/css It looks like we're not installing the "min" variant, which wouldn't solve this cacti bug. > See below for my reply to the Ubuntu bug report. > > Paul > > On 14-12-2023 10:13, Francis Greaves wrote: [snip] >> I setup everything, added the Gexport Plugin from here >> https://github.com/Cacti/plugin_gexport, but in the log I had 4 PHP >> errors relating to missing files: >> >> /usr/share/cacti/site/include/fa/webfonts/fa-solid-900.woff2 >> /usr/share/cacti/site/include/fa/css/all.css These look like FontAwesome assets to me. > Did this error only occur after you added the plugin? > >> Looking at the folder structure compared with the official download from >> the Cacti site: Here is the official download of ForkAwesome, which doesn't contain these files: https://github.com/ForkAwesome/Fork-Awesome/archive/1.2.0.zip > In Debian (and hence in Ubuntu) we try to depend on packages providing > functionality instead of embedding other projects in source packages. > For cacti in Ubuntu, the Awesome Font is delivered by the > fonts-fork-awesome package. You'll see that include/fa is a soft-link. > >> the include/fa/css folder only had two items fork-awesome.css and >> v5-compat.css when it should have 16 items >> >> the include/fa/ folder only has 5 items when it should have 10 and in >> particular has NO webfonts at all. >> >> Just as a test before moving to the official download I copied the >> include/fa/webfonts folder and the contents of the include/fa/css folder >> to the Ubuntu install I don't understand what fonts-fork-awesome is supposed to do about this. Isn't this a vendoring issue? > So, I wonder if we should request changes to the fonts-fork-awesome > package. Unfortunately, I'm not experience in how webfonts work. > I confess that I'm not either, but I suspect that src:cacti might need integration work to cope with unvendoring ForkAwesome--if that's the cause of this. My primary hypothesis is that this is upstream src:cacti FontAwesome cruft. Regards, Nicholas signature.asc Description: PGP signature
Bug#1069135: org-bullets: please consider switching to a more up-to-date upstream
Source: org-bullets Version: 0.2.4-3 Severity: normal Hi, I noticed some deprecation warnings in org-bullets' native-compilation log, so searched for an upstream fix. What I found was that our current upstream source is a decade old: https://github.com/sabof/org-bullets and that MELPA provides their users with a package from this fork, which has activity from four years ago: https://github.com/integral-dw/org-bullets It looks like integral-dw's fork might now the defacto upstream, because sabof's project looks dead. Maybe a PR/MR for some of those compilation warnings could be a useful way to test for a living and responsive upstream? Regards, Nicholas
Bug#1068798: bookworm-pu: package fdroidserver/2.2.1-1
Control: tags -1 + moreinfo On Thu, 2024-04-11 at 11:36 +0200, Jochen Sprickerhof wrote: > [ ] the issue is verified as fixed in unstable > [...] > Upstream is still working on a long term fix that will be uploaded to > unstable later. I agreed with upstream to use use the patch provided > in the mail on oss-security already now. In any case, assuming that the issue affects unstable (which appears to be the case), it should be fixed there first. Regards, Adam
Bug#1068605: RFS: web-mode/17.3.13-1 [Team] -- major emacs mode for editing web templates
reopen 1068605 owner 1068605 ! thanks Hi, Sorry I didn't ask this sooner, but would you prefer if I call you Deng, or Xiyue, or something else? Conventions and understanding vary a lot from place to place, after all. Xiyue Deng writes: > Thanks for pointing out #1019031! Totally missed it. I'll opt for > option 1 obviously. Updated team repo and mentors accordingly. You're welcome, and thank you. On a related note, have you read the definitions for source and binary packages? #1019031 was filed against src:web-mode, so was hidden from the bin:elpa-web-mode view. On the BTS the src:package view will display bugs that affect each binary package as well as the src:package. §4 of Policy has the definition, and here is another good resource: https://wiki.debian.org/Packaging/SourcePackage > Also, accordingly to this comment from Tobias[1] it looks like there are > opinions that prefer to reuse existing RFS bugs instead of filing new > ones. Do you think it's OK to reopen this one? There are also people who maintain the opposite position, but in the spirit of harmony I've reopened this bug. [edit: Be careful about only waiting a day and then going ahead and doing something without having received a reply, because when you "ask" for something, but then don't actually wait for a reply, it can make you look disingenuous and/or impatient and/or pushy.] Onto the review: >>>>* New upstream release Push the upstream tag to salsa, and find a way to mitigate this issue in the future. >>>>* Set upstream metadata fields: Bug-Database, Bug-Submit, >>>> Repository-Browse >>>>* Update standards version to 4.6.2; no changes needed Update this, since a new Policy version was recently released. Did you already work through the upgrade checklist stepwise, starting from 4.3.0? "debian-devel-announce" is a low traffic list that will keep you appraised of stuff like this. >>>>* Use https link of homepage in d/control >>>>* Modernize d/watch using special substitute strings to be more >>>>robust I'm happy to see this clear, concise, and useful phrasing. If you have any pending not-yet-uploaded work that doesn't use this, please update it. If you're interested in a nitpick, the key term is "substitution strings" and not "[special] substitute strings" (see the manpages for uscan and deb-substvars as well as codesearch.debian.net). >>>>* Fix issues in d/copyright >>>> - Clarify license to be GPL-3+ to be consistent with upstream This is unclear. Which licence was it before, and whose license are you talking about? Web-mode is a non-native package and debian/* is separate from the upstream source. Also, what does it mean to clarify a license? >>>> - Update copyright year info for upstream >>>> - Add copyright info for debian/* You added a license grant for debian/* where there was previously none with no explanation, notes, nor justification. Are you sure you have the right to do this? Contact debian-legal and ask them for a patch review of your intended changes. >>>> - Add Upstream-Contact Thanks for this and for all the other work I didn't comment on. Here are some things you can work on while waiting for a reply from debian-legal: * lintian-explain-tags prefer-uscan-symlink: if you're changing the watch file then this should be addressed * There's also a version qualifier in d/control that can be dropped. * Finally, have you installed and tested your updated package? * Extra/bonus: Which tags from the lintian output are candidates for an override, and why? -N signature.asc Description: PGP signature
Bug#1051024: bookworm-pu: package igtf-policy-bundle/1.22-1~deb12u1
On Mon, 2024-04-08 at 14:26 +0200, Dennis van Dok wrote: > I've uploaded a new version since unstable is already at 1.128-1. The package you've uploaded is versioned 1.128-1+deb12u1, which is higher than the version in unstable. The stable upload needs to have a lower version number, conventionally 1.128-1~deb12u1. It appears you've also uploaded a 1.128-1~deb12u1 package, which confusingly seems to be a rebuild of 1.12_7_-1 from unstable. I'm going to flag both uploads for rejection. Once you get confirmation of that having been actioned, if what you're actually aiming for is to get a rebuild of 1.128-1 into stable then please: - use 1.128-1~deb12u1 as the package version - attach a revised debdiff to this bug Regards, Adam
Bug#1068569: RM: nfs-ganesha-ceph [armel armhf i386] -- NBS; ceph dropped 32 bit support
On Mon, 2024-04-08 at 11:42 +0200, Christoph Martin wrote: > Hi Sebastian, > > the packages are already removed from testing and unstable. > Where do you see a problem? I'm not Sebastian, but the archive disagrees with you about the packages having been removed from unstable. adsb@coccia:~$ dak ls -s unstable -a armel,armhf,i386 nfs-ganesha-ceph nfs-ganesha-rados-grace nfs-ganesha-rgw nfs-ganesha-ceph| 4.3-5 | unstable | armel, armhf, i386 nfs-ganesha-rados-grace | 4.3-5 | unstable | armel, armhf, i386 nfs-ganesha-rgw | 4.3-5 | unstable | armel, armhf, i386 Regards, Adam
Bug#1067821: bookworm-pu: package nvidia-graphics-drivers/535.161.08-1~deb12u1
On Thu, 2024-03-28 at 18:40 +0100, Andreas Beckmann wrote: > On 27/03/2024 21.10, Adam D. Barratt wrote: > > Please go ahead, bearing in mind that the window for 12.6 closes > > over > > the coming weekend. > > The whole nvidia stack has now been uploaded, > src:nvidia-graphics-drivers is sitting in NEW. It's now in stable-new. We have a bit of an issue in terms of accepting / shipping the 535 bookworm stack, however. The upload of 535 to unstable is blocked from migration to testing by openssl, which is in turn blocked by dpkg, which is manually blocked for the time64 transition. Would we be better to ship the 525 packages that are already in p-u and revisit 535 for 12.7, or skip those updates as well and just include 535 when we can? Regards, Adam
Bug#1067980: bookworm-pu: package gpaste/43.1-3+deb12u1
Control: tags -1 + confirmed On Fri, 2024-03-29 at 15:57 +0100, Andreas Beckmann wrote: > In order to smoothen upgrade paths I'd like to add some > Breaks+Replaces > to bookworm. This avoids a file conflict in case libgpaste6 (last > released with stretch) is still installed. Please go ahead. Regards, Adam
Bug#1068016: bookworm-pu: package node-babel7/7.20.15+ds1+~cs214.269.168-3+deb12u2
Control: tags -1 + confimred On Fri, 2024-03-29 at 17:41 +0100, Andreas Beckmann wrote: > To smoothen some upgrade paths from buster -> bullseye -> bookworm we > need to add some Breaks+Replaces against obsolete packages. Please go ahead. Regards, Adam
Bug#1067821: bookworm-pu: package nvidia-graphics-drivers/535.161.08-1~deb12u1
Control: tags -1 + confirmed On Wed, 2024-03-27 at 09:51 +0100, Andreas Beckmann wrote: > In order to receive further upstream support (i.e. CVE fixes), we > need > to switch src:nvidia-graphics-drivers from the 525 series (EoL > 12/2023) > to the 535 series, a new LTSB branch sufficient for the lifetime of > bookworm. (The first 535 beta appeared during deep freeze of > bookworm.) > This driver supports a superset of the GPUs supported by the 525 > drivers, no GPUs have been dropped. > [...] > I'm currently doing interoperability tests with > src:nvidia-open-gpu-kernel-modules. (These two source packages > need to be updated together due to the strict firmware > dependency.) An upload to bookworm will only happen after the > package is in sid. Please go ahead, bearing in mind that the window for 12.6 closes over the coming weekend. Regards, Adam
Bug#1067843: bookworm-pu: package nvidia-open-gpu-kernel-modules/535.161.08-1~deb12u1
Control: tags -1 + confirmed On Wed, 2024-03-27 at 14:43 +0100, Andreas Beckmann wrote: > We need to update src:nvidia-open-gpu-kernel-modules to a new > upstream > version to stay in sync with src:nvidia-graphics-drivers (for a > matching > firmware-nvidia-gsp upstream version) and to fix some CVEs. [...] > [ ] the issue is verified as fixed in unstable > I'm currently doing interoperability tests with > src:nvidia-graphics-drivers. (These two source packages > need to be updated together due to the strict firmware > dependency.) An upload to bookworm will only happen after the > package is in sid. Please go ahead, bearing in mind that the window for 12.6 closes over the coming weekend. Regards, Adam
Bug#1067745: bookworm-pu: package nvidia-settings/535.171.04-1~deb12u1
Control: tags -1 + confirmed On Tue, 2024-03-26 at 11:09 +0100, Andreas Beckmann wrote: > In order to upgrade src:nvidia-graphics-drivers to the 535 LTS series > (the 525 series currently in stable is already EoL), we need to > update > some additional packages (some driver components can be built from > source and reside in contrib). Please go ahead. Regards, Adam
Bug#1067742: bookworm-pu: package nvidia-xconfig/535.171.04-1~deb12u1
Control: tags -1 + confirmed On Tue, 2024-03-26 at 10:51 +0100, Andreas Beckmann wrote: > In order to upgrade src:nvidia-graphics-drivers to the 535 LTS series > (the 525 series currently in stable is already EoL), we need to > update > some additional packages (some driver components can be built from > source and reside in contrib). Please go ahead. Regards, Adam
Bug#1067739: bookworm-pu: package nvidia-persistenced/535.171.04-1~deb12u1
Control: tags -1 + confirmed On Tue, 2024-03-26 at 10:40 +0100, Andreas Beckmann wrote: > In order to upgrade src:nvidia-graphics-drivers to the 535 LTS series > (the 525 series currently in stable is already EoL), we need to > update > some additional packages (some driver components can be built from > source and reside in contrib). Please go ahead. Regards, Adam
Bug#1067663: org-mode: Org mode 9.6.23 that fixes several critical
fixed 1067663 org-mode/9.5.2+dfsh-5 found 1067663 org-mode/9.6.7+dfsg-1 thanks 9.5.2+dfsh-5 in stable/bookworm is an empty package that depends on the org-mode bundled with stable/bookworm's Emacs, so I'm marking this CVE as fixed there. Elpa-org in stable/bookworm will be fixed by a security upload of Emacs. I'm skipping 9.6.6+dfsg-1~exp1, since it's not relevant anymore.
Bug#1067663: org-mode: Org mode 9.6.23 that fixes several critical
reopen 1067663 found org-mode/9.1.14+dfsg-3 found org-mode/9.1.14+dfsg-3+deb10u1 found org-mode/9.4.0+dfsg-1+deb11u1 found org-mode/9.5.2+dfsh-5 thanks Updating the affected versions from: https://security-tracker.debian.org/tracker/CVE-2024-30202 and https://security-tracker.debian.org/tracker/CVE-2024-30205
Bug#1067698: RFS: persist-el/0.6+dfsg-1 [Team] -- persist variables between Emacs Sessions
Control: owner -1 ! Xiyue Deng writes: >[ Xiyue Deng ] >* New upstream release. >* Re-export upstream signing key without extra signatures. $ uscan --download-current-version Newest version of persist-el on remote site is 0.6, specified download version is 0.6 gpgv: Signature made Sat 13 Jan 2024 05:05:03 EST gpgv:using RSA key C433554766D3DDC64221BFAA066DAFCB81E42C40 gpgv: Good signature from "GNU ELPA Signing Agent (2019) " gpgv: Signature made Sat 13 Jan 2024 05:05:03 EST gpgv:using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966 gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 77.
Bug#1067564: bookworm-pu: package cpu/1.4.3-14~deb12u1
Control: tags -1 + confirmed On Sat, 2024-03-23 at 18:40 +0100, Andreas Beckmann wrote: > The last QA upload four years ago fixed a FTBFS (multiple definitions > of > a global variable) by replacing that variable with an extern > declaration > and zero definitions. This didn't result in a linker error (missing > symbol) because it happens in a plugin library and thus is only > detected > at runtime when the plugin gets loaded (i.e. always). Oh dear... Please go ahead. Regards, Adam
Bug#1067149: bookworm-pu: package hovercraft/2.7-6~deb12u1
Control: tags -1 + confirmed On Tue, 2024-03-19 at 12:03 +0100, Andreas Beckmann wrote: > hovercraft is unusable w/o python3-setuptools > > [ Impact ] > hovercraft is unusable without manual installation of additional > packages. Please go ahead. Regards, Adam
Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1
Control: tags -1 + confirmed On Tue, 2024-03-12 at 10:24 -0400, Jérôme Charaoui wrote: > podman in bookworm suffers from a race condition which causes the > "network ls" command to fail intermittently in certain scenarios Please go ahead. Regards, Adam
Bug#1065052: nvidia-graphics-drivers-tesla-470 470.239.06-1~deb12u1 flagged for acceptance
package release.debian.org tags 1065052 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: nvidia-graphics-drivers-tesla-470 Version: 470.239.06-1~deb12u1 Explanation: new upstream stable release; improve compatibility with newer kernel versions; security fixes [CVE-2022-42265 CVE-2024-0074 CVE-2024-0078]
Bug#1065653: bookworm-pu: package nvidia-modprobe/535.161.07-1~deb12u1
Control: tags -1 + confirmed On Fri, 2024-03-08 at 09:42 +0100, Andreas Beckmann wrote: > In preparation to switching bookworm from the nvidia-graphics-drivers > 525.* series (production branch, EoL) to the 535.* series (long term > support branch, receives updates until July 2026), we need to update > nvidia-modprobe again. We already have a 535 release in bookworm, but > there was recently a new option being added. Please go ahead. Regards, Adam
Bug#1065264: bookworm-pu: package phpseclib/1.0.20-1+deb12u2
Control: tags -1 + confirmed On Sat, 2024-03-02 at 11:19 +0100, David Prévot wrote: > I’d like to see CVE-2024-27354 and CVE-2024-27355 addressed in the > next > point release. We agreed with the security team that these issues are > not worth a DSA. This update also fixes an issue in dependency > loading > similar to CVE-2024-24821 as fixed in composer/DSA-5632-1. > Please go ahead. Regards, Adam
Bug#1065263: bookworm-pu: package php-phpseclib/2.0.42-1+deb12u2
Control: tags -1 + confirmed On Sat, 2024-03-02 at 11:17 +0100, David Prévot wrote: > I’d like to see CVE-2024-27354 and CVE-2024-27355 addressed in the > next > point release. We agreed with the security team that these issues are > not worth a DSA. Please go ahead. Regards, Adam
Bug#1065261: bookworm-pu: package php-phpseclib3/3.0.19-1+deb12u3
Control: tags -1 + confirmed On Sat, 2024-03-02 at 11:15 +0100, David Prévot wrote: > I’d like to see CVE-2024-27354 and CVE-2024-27355 addressed in the > next > point release. We agreed with the security team that these issues are > not worth a DSA. This update also fixes an issue in dependency > loading > similar to CVE-2024-24821 as fixed in composer/DSA-5632-1. Please go ahead. Regards, Adam
Bug#1065068: bookworm-pu: package php-doctrine-deprecations/1.0.0-2+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 12:12 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1 (the last one for > Bookworm). > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Please go ahead. Regards, Adam
Bug#1065067: bookworm-pu: package php-doctrine-lexer/2.1.0-2+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 12:08 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Again the branch name probably wants adjusting. Please go ahead. Regards, Adam
Bug#1065065: bookworm-pu: package php-doctrine-annotations/2.0.1-1+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 12:05 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Please go ahead. Regards, Adam
Bug#1065062: bookworm-pu: package php-zend-code/4.8.0-1+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:58 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Please go ahead. Regards, Adam
Bug#1065060: bookworm-pu: package php-proxy-manager/2.11.1+1.0.14-1+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:50 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Please go ahead. Regards, Adam
Bug#1065059: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u2
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:54 +0100, David Prévot wrote: > Hi, > > Le Thu, Feb 29, 2024 at 11:40:25AM +0100, David Prévot a écrit : > > [x] attach debdiff against the package in (old)stable > > Now it’s true. Please go ahead. Regards, Adam
Bug#1065058: bookworm-pu: package php-symfony-contracts/2.5.2-1+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:31 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1, #1065056 and #1065057. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. Please go ahead. Regards, Adam
Bug#1065057: bookworm-pu: package php-composer-xdebug-handler/3.0.3-2+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:18 +0100, David Prévot wrote: > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next > point release. + * Track debian/bookworm-security Even though this update isn't going to the security archive? Please go ahead. Regards, Adam
Bug#1065056: bookworm-pu: package php-composer-class-map-generator/1.0.0-2+deb12u1
Control: tags -1 + confirmed On Thu, 2024-02-29 at 11:10 +0100, David Prévot wrote: > [1/9 for bookworm] > > This is a follow up from composer/DSA-5632-1. > > In order to fix a Debian-specific issue related to CVE-2024-24821, we > agreed with the security team to push related dependencies via the > next point release. All 9 of them. :-/ Please go ahead. Regards, Adam
Bug#1066928: ovn 23.03.1-1~deb12u2 flagged for acceptance
package release.debian.org tags 1066928 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: ovn Version: 23.03.1-1~deb12u2 Explanation: fix insufficient validation of incoming BFD packets [CVE-2024-2182]
Bug#1065413: openssl 3.0.13-1~deb12u1 flagged for acceptance
package release.debian.org tags 1065413 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openssl Version: 3.0.13-1~deb12u1 Explanation: new upstream stable release; fix excessive time taken issues [CVE-2023-5678 CVE-2023-6237], vector register corruption issue on PowerPC [CVE-2023-6129], PKCS12 Decoding crashes [CVE-2024-0727]
Bug#1067206: amavisd-new 2.13.0-3+deb12u1 flagged for acceptance
package release.debian.org tags 1067206 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: amavisd-new Version: 2.13.0-3+deb12u1 Explanation: handle multiple boundary parameters that contain conflicting values [CVE-2024-28054]; fix race condition in postinst
Bug#1065562: postfix 3.7.11-0+deb12u1 flagged for acceptance
package release.debian.org tags 1065562 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: postfix Version: 3.7.11-0+deb12u1 Explanation: new upstream stable release
Bug#1065376: libxml-stream-perl 1.24-4+deb12u1 flagged for acceptance
package release.debian.org tags 1065376 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libxml-stream-perl Version: 1.24-4+deb12u1 Explanation: fix compatibility with IO::Socket::SSL >= 2.078
Bug#1064993: systemd 252.23-1~deb12u1 flagged for acceptance
package release.debian.org tags 1064993 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.23-1~deb12u1 Explanation: new upstream stable release; fix denial of service issues [CVE-2023-50387 CVE-2023-50868]
Bug#1052455: freetype 2.12.1+dfsg-5+deb12u3 flagged for acceptance
package release.debian.org tags 1052455 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: freetype Version: 2.12.1+dfsg-5+deb12u3 Explanation: disable COLRv1 support again; fix function existence check when calling get_colr_glyph_paint()
Bug#1064588: glibc 2.36-9+deb12u5 flagged for acceptance
package release.debian.org tags 1064588 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: glibc Version: 2.36-9+deb12u5 Explanation: revert fix to always call destructors in reverse constructor order due to unforeseen application compatibility issues; fix a DTV corruption due to a reuse of a TLS module ID following dlclose with unused TLS
Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1
On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote: > This is an update to the current stable OpenSSL release in the 3.0.x > series. It addresses the following CVE reports which were postponed > due to low severity: [...] > I'm not aware of a problems/ regression at this point. Sorry for not getting to this sooner. Is this still the case? Regards, Adam
Bug#1053191: mirror submission for mirror.kpfu.ru
Control: tags -1 + moreinfo Hi, Apologies for the delay in getting back to you. On Fri, 2023-09-29 at 06:50 +, kpfu.ru wrote: > Site: mirror.kpfu.ru > Archive-architecture: amd64 i386 Our automated checks noticed an issue with your mirror: o The trace file at http://mirror.kpfu.ru/debian/project/trace/mirror.kpfu.ru is missing some required information. We expect at least the Maintainer and Upstream-mirror values to be filled in, and your trace file is missing one or both of them. As an additional note, is there a reason that you only mirror amd64 packages? In general users will expect mirrors to carry all architectures. Regards, Adam
Bug#1058071: mirror submission for mirrors.cat.pdx.edu
Control: tags -1 + moreinfo Hi, Apologies for the delay in getting back to you. On Mon, 2023-12-11 at 23:52 +, Sage Imel wrote: > Site: mirrors.cat.pdx.edu > Archive-architecture: amd64 arm64 armhf hurd-amd64 i386 riscv64 Our automated checks noticed an issue with your mirror: o The trace file at http://mirrors.cat.pdx.edu/debian/project/trace/mirrors.cat.pdx.edu is missing some required information. We expect at least the Maintainer and Upstream-mirror values to be filled in, and your trace file is missing one or both of them. As an additional note, is there a reason that you only mirror a subset of Debian's official architectures? Architectures-Configuration: EXCLUDE alpha arm armel hppa hurd-i386 ia64 kfreebsd-amd64 kfreebsd-i386 m68k mips mipsel powerpc s390 s390x sh sparc armel, mipsel and s390x are all currently supported architectures and would be expected to appear on all Debian mirrors. Regards, Adam
Bug#1063915: mirror submission for debian.mirrors.ovh.net
Control: tags -1 + moreinfo On Wed, 2024-02-14 at 20:03 +, OVHcloud wrote: > Site: debian.mirrors.ovh.net > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd- > amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x > Archive-http: /debian/ > Maintainer: OVHcloud > Country: FR France > Location: Anycast (Gravelines, Roubaix and Strasbourg) I know there was some discussion on IRC, so apologies if I'm rehashing here, but: - are the individual backends exposed in any way? - how do you ensure that the backends are in sync with each other? - what are the chances of users seeing inconsistent state if they hit different backends which aren't at the same stage of updating? Regards, Adam
Bug#1067488: mirror listing update for mirror.lon.macarne.com
Control: tags -1 + moreinfo On Fri, 2024-03-22 at 10:36 +, Arne wrote: > Submission-Type: update > Site: mirror.lon.macarne.com > Archive-architecture: ALL amd64 arm64 armel armhf hurd-i386 hurd- > amd64 i386 mips mips64el mipsel powerpc ppc64el riscv64 s390x > Archive-http: /debian/ > Archive-rsync: debian/ > Maintainer: Arne The only change here from #1067086 seems to be that the original request has: Maintainer: Macarne LLC Do you want it changing to the individual address instead? Regards, Adam
Bug#1064431: mirror submission for mirror.fra.macarne.com
Control: forcemerge 1067082 -1 Hi, This has been handled in the duplicate #1067082. Regards, Adam On Fri, 2024-02-23 at 07:59 +0800, Arne Ruhnau wrote: > Hi, should be fixed thanks. Arne > > > On Feb 23, 2024, at 2:24 AM, Adam D. Barratt > > wrote: > > > > Control: tags -1 + moreinfo > > > > On Wed, 2024-02-21 at 23:45 +, Macarne LLC wrote: > > > Submission-Type: new > > > Site: mirror.fra.macarne.com > > > > Our automated checks found an issue with your mirror: > > > > o The trace file at > > > > http://mirror.fra.macarne.com/debian/project/trace/mirror.fra.macarn > > e.com > > is missing some required information. > > > > We expect at least the Maintainer and Upstream-mirror values to be > > filled in, > > and your trace file is missing one or both of them. > > > > > > Please fix that and let us know once it's done. > > > > Regards, > > > > Adam >
Bug#1063621: clamav 1.0.5+dfsg-1~deb12u1 flagged for acceptance
package release.debian.org tags 1063621 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: clamav Version: 1.0.5+dfsg-1~deb12u1 Explanation: new upstream stable release; fix possible heap overflow issue [CVE-2024-20290], possible command injection issue [CVE-2024-20328]
Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1
On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote: > This is an update to the latest clamav release in the 1.0.x series. One small thing you may want to fix for any follow-up updates: +clamav (1.0.5+dfsg-1~deb12u1) bookworm; urgency=medium + + * Import 1.0.4 (Closes: #1063479). Regards, Adam
Bug#1064031: rustc-web 1.70.0+dfsg1-7~deb12u2 flagged for acceptance
package release.debian.org tags 1064031 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rustc-web Version: 1.70.0+dfsg1-7~deb12u2 Explanation: fix build issues and file conflicts
Bug#1064031: rustc-web 1.70.0+dfsg1-7~deb12u1 flagged for acceptance
On Sat, 2024-03-02 at 03:54 -0500, Andres Salomon wrote: > rustc-web (1.70.0+dfsg1-7~deb12u2) bookworm; urgency=medium > > * Non-maintainer upload. > * Increase allowed test failures on armhf and ppc64el to fix > FTBFS. > * Provide Conflicts/Replaces for rust*-mozilla*, which could still > be > installed from oldstable (closes: #1064562). > * Add Provides/Conflicts/Replaces for libstd-rust-1.70 (closes: > #1064563). Please go ahead. Regards, Adam
