NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: systemd_241-7~deb10u6_mipsel-buildd.changes
  ACCEPT
Processing changes file: wireshark_2.6.20-0+deb10u1_mips-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: emacs_26.1+1-3.2+deb10u2_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: systemd_241-7~deb10u6_mips-buildd.changes
  ACCEPT

Bug#980847: pre-approval: qutebrowser/2.0.0-1

[Axel Beckert]

Hi Paul,

Paul Gevers wrote:
> With the understanding that autoremovals remain on during the whole
> freeze, we may manually remove RC buggy packages at any time and that
> after the soft freeze starts, removed packages are not allowed to enter
> bullseye again, this request is basically a maintainer call.
> 
> Go ahead if you think the risk is acceptable for your package.

Thanks! With a very responsive upstream, I'm very optimistic that
there won't be any severe issues which can't be fixed quickly.

So I just did a no-source-change upload of the package in experimental
to unstable.

Regards, Axel
-- 
 ,''`.  |  Axel Beckert , https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-|  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: wireshark_2.6.20-0+deb10u1_mips64el-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: cairo_1.16.0-4+deb10u1_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: device-tree-compiler_1.4.7-4_mipsel-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_mipsel-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_mipsel-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_mips-buildd.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_mips64el-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: clevis_11-2+deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_mips64el-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_mipsel-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_mips64el-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 
atftp_0.7.git20120829-3.2~deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_mips-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_armel-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_mips-buildd.changes
  ACCEPT
Processing changes file: wireshark_2.6.20-0+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: wireshark_2.6.20-0+deb10u1_armhf-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_i386.changes
  ACCEPT
Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_s390x-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_i386.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_s390x-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_mips-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_mips64el-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_i386.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_armel-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_i386.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_mips-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_s390x.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_mips-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_amd64-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_armel-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_armhf-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_i386.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_ppc64el-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_s390x.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_mips-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_mips64el-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_all-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_amd64-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_arm64-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_armel-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_armhf-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_i386.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_s390x-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_amd64-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_armhf-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_i386.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_s390x-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers_418.181.07-1_amd64-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers_418.181.07-1_armhf-buildd.changes
  ACCEPT
Processing changes file: nvidia-graphics-drivers_418.181.07-1_i386.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers-legacy-390xx_390.141-2~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers-legacy-390xx_390.141-2~deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers-legacy-390xx_390.141-2~deb10u1_i386-buildd.changes
  ACCEPT
Processing changes file: 
pepperflashplugin-nonfree_1.8.8~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: pepperflashplugin-nonfree_1.8.8~deb10u1_i386.changes
  ACCEPT
Processing changes file: steam_1.0.0.68-1~deb10u1_all-buildd.changes
  ACCEPT
Processing changes file: steam_1.0.0.68-1~deb10u1_i386.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_amd64-buildd.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_arm64-buildd.changes
  ACCEPT
Processing changes file: 

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 
atftp_0.7.git20120829-3.2~deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: cairo_1.16.0-4+deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_amd64-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_armel-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_armhf-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_ppc64el-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_s390x-buildd.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_s390x.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_mips64el-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_amd64-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_arm64-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_armel-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_armhf-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_ppc64el-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_s390x-buildd.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_amd64-buildd.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_armhf-buildd.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_i386-buildd.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_all-buildd.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_arm64-buildd.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_ppc64el-buildd.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_s390x.changes
  ACCEPT

Re: Podman 3.0 and Debian bullseye

[Dmitry Smirnov]

On Sunday, 31 January 2021 1:08:36 PM AEDT Reinhard Tartler wrote:

> A low-effort workaround could be to add a build-dependency on podman to
> prevent it from building on mipsen.

Thank you for advise. I shall do that to allow migration.


> > No it hasn't... :( There is a serious regression:
> >   https://github.com/hashicorp/nomad-driver-podman/issues/69
> 
> I'm having a hard time considering this a "serious" regression. The problem
> as far as I understand is that while the driver does work fine with the
> new REST interface, it doesn't allow you to upload images in OCI format
> from local disk.
> If you instead chose to have imaged pulled from a (local) image registry,
> the driver would work fine.

Do you have experience operating local container registry??
I have and I can tell that it is not fun, to say the least. Docker registry
leaks disk space because it does not garbage collect some images...
Neither does it like Buildah/Podman's native image format, although it
can be remedied by building images with "export BUILDAH_FORMAT=docker".

IMHO just saving built images to network share is the best, easiest, most
reliable way of deploying local images. It is the best to avoid Docker
registry whenever possible.


> Blocking podman 3.0 because of this is something I can't get behind.
> But maybe I'm missing something else here?

I hope my answer above helps to understand the issue...


-- 
Cheers,
 Dmitry Smirnov
 GPG key : 4096R/52B6BBD953968D1B

---

Weakness of attitude becomes weakness of character.
-- Albert Einstein

---

Your Facebook friends are wrong about the lockdown. A non-hysterics's guide
to COVID-19 by Tom Woods.
-- https://wrongaboutlockdown.com/


signature.asc
Description: This is a digitally signed message part.

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_all-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_arm64-buildd.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_i386.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_all-buildd.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_arm64-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_all-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_amd64-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_arm64-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_armel-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_armhf-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_i386-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_ppc64el-buildd.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_s390x.changes
  ACCEPT
Processing changes file: debian-edu-config_2.10.65+deb10u7_all-buildd.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_arm64-buildd.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_i386.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_all-buildd.changes
  ACCEPT

Re: Podman 3.0 and Debian bullseye

[Reinhard Tartler]

trimming cc-list

On Mon, Jan 25, 2021 at 7:15 PM Dmitry Smirnov  wrote:

> On Monday, 25 January 2021 10:47:25 PM AEDT Reinhard Tartler wrote:
> > It seems that https://packages.qa.debian.org/n/nomad-driver-podman.html
> > has never made it to testing, which makes me wonder whether
> > it'll make it to bullseye.
>
> Nothing should stop it from getting to "testing". It was blocked on
> due to "autopkgtest-pkg-go" which is useless for binary-only packages.
> At a time I did not mind because I was not sure whether it is
> good enough for "testing".
>

According to https://qa.debian.org/excuses.php?package=nomad-driver-podman
the package won't migrate because of unsatisfiable dependencies on mips64el
and mips64el. This is because the 'podman' package doesn't (currently)
build on mipsen, whereas the nomad-driver-podman does. Apparently "britney"
doesn't permit "partial" migrations...

A low-effort workaround could be to add a build-dependency on podman to
prevent
it from building on mipsen. A better fix could be to patch podman to build
on
mipsen...

> > Luckily it seems that issue
> > has been fixed in latest master of nomad-driver-podman, cf.
>
> No it hasn't... :( There is a serious regression:
>
>   https://github.com/hashicorp/nomad-driver-podman/issues/69


I'm having a hard time considering this a "serious" regression. The problem
as far as I understand is that while the driver does work fine with the new
REST interface, it doesn't allow you to upload images in OCI format from
local
disk. If you instead chose to have imaged pulled from a (local) image
registry,
the driver would work fine.

Blocking podman 3.0 because of this is something I can't get behind. But
maybe
I'm missing something else here?

-- 
regards,
Reinhard

Bug#977782: buster-pu: package postsrsd/1.5-2

[Oxan van Leeuwen]

Hi,

On 30-01-2021 21:27, Salvatore Bonaccorso wrote:

I noticed that today there was an upload to security-master for it.
Given our previous discussion, was this an oversight? I just have
rejected the package, could you please upload it for the upcoming
point release instead to ftp-master?


Ah, that wasn't the intention.

@Tomasz: it seems you accidentally uploaded to the security archive 
tonight. The last commit in the buster branch on Salsa should be for an 
upload the regular archive, maybe you forgot to pull? In any case, can 
you please upload that one? Thanks!


Regards,
Oxan

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: nvidia-graphics-drivers_418.181.07-1_source.changes
  ACCEPT
Processing changes file: 
nvidia-graphics-drivers-legacy-390xx_390.141-2~deb10u1_source.changes
  ACCEPT
Processing changes file: steam_1.0.0.68-1~deb10u1_source.changes
  ACCEPT
Processing changes file: wireshark_2.6.20-0+deb10u1_source.changes
  ACCEPT

Processed: steam 1.0.0.68-1~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 977520 = buster pending
Bug #977520 [release.debian.org] buster-pu: package steam/1.0.0.59-4+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
977520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: wireshark 2.6.20-0+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 975932 = buster pending
Bug #975932 [release.debian.org] buster-pu: package wireshark/2.6.20-0+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
975932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980201 = buster pending
Bug #980201 [release.debian.org] buster-pu: package 
nvidia-graphics-drivers-legacy-390xx/390.141-2~deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980201: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980201
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#980802: nvidia-graphics-drivers 418.181.07-1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980802 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers
Version: 418.181.07-1

Explanation: new upstream release; fix possible denial of service and 
information disclosure [CVE-2021-1056]

Bug#980201: nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980201 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers-legacy-390xx
Version: 390.141-2~deb10u1

Explanation: new upstream release; fix possible denial of service and 
information disclosure [CVE-2021-1056]

Processed: nvidia-graphics-drivers 418.181.07-1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980802 = buster pending
Bug #980802 [release.debian.org] buster-pu: package 
nvidia-graphics-drivers/418.181.07-1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980802
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#977520: steam 1.0.0.68-1~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 977520 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: steam
Version: 1.0.0.68-1~deb10u1

Explanation: new upstream release

Bug#975932: wireshark 2.6.20-0+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 975932 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: wireshark
Version: 2.6.20-0+deb10u1

Explanation: fix various crashes, infinite loops and memory leaks 
[CVE-2019-16319 CVE-2019-19553 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 
CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 
CVE-2020-28030 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431]

Re: Podman 3.0 and Debian bullseye

[Reinhard Tartler]

On Sat, Jan 30, 2021 at 5:03 PM Antonio Terceiro 
wrote:

> FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
> and haven't noticed anything wrong with it. I hope we can have that
> version in bullseye.
>


Me too.

Dear release team, do you have any opinion on this topic?

thanks,
-rt



-- 
regards,
Reinhard

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: cairo_1.16.0-4+deb10u1_amd64.changes
  ACCEPT
Processing changes file: choose-mirror_2.99+deb10u3_source.changes
  ACCEPT
Processing changes file: dpdk_18.11.11-1~deb10u1_source.changes
  ACCEPT
Processing changes file: intel-microcode_3.20201118.1~deb10u1_multi.changes
  ACCEPT
Processing changes file: pepperflashplugin-nonfree_1.8.8~deb10u1_source.changes
  ACCEPT

Re: Podman 3.0 and Debian bullseye

[Antonio Terceiro]

On Sun, Jan 24, 2021 at 08:02:26PM -0500, Reinhard Tartler wrote:
> Dear release-team,
> 
> I'm proposing to have podman 3.0 in debian/bullseye. As maintainer of the
> package, I'm convinced this is a good step for Debian because:
> 
>  - podman 3.0 will be included in RHEL 8.4, which will be released in May
> 2021. I expect security support for podman in Debian to become
> significantly simpler than let's say podman 2.2
>  - users have expressed interest in podman 2.2 or late (cf. #978650 and
> others)
>  - podman 3.0 implements enough of docker's REST API to support
> docker-compose (cf. https://www.redhat.com/sysadmin/podman-docker-compose)
>  - the salsa team has expressed interest in exploring podman to facilitate
> gitlab maintenance. I'd expect this update to make their lives
> significantly easier if included in the next stable release
> 
> Current concerns/risk:
> 
>  - Podman 3.0.0~rc1 was only just released, but I expect it to be released
> soon. After all, RHEL 8.4 is scheduled for May 2021
>  - Podman 3 drops the legacy varlink interface. To the best of my
> knowledge, there are no packages in debian/testing that would require
> varlink (please correct me if I'm wrong here). Not having to support
> varlink in Debian seems a support benefit, there is little to no love
> for it upstream.
>  - I've just uploaded podman 3.0 to debian/experimental, and is ready for
> wider testing. Uploading to unstable requires a couple of additional
> package updates in sid:
>- golang-github-containers-storage
>- golang-github-containers-image
>- golang-github-containers-common
>- golang-github-containers-buildah
> 
> I'm not really sure if this update required formal approval by the release
> team, but I'd really appreciate your input in any case.

FWIW I have been using podman 3.0.0~rc1 from experimental for a few days
and haven't noticed anything wrong with it. I hope we can have that
version in bullseye.


signature.asc
Description: PGP signature

Processed: intel-microcode 3.20201118.1~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980962 = buster pending
Bug #980962 [release.debian.org] buster-pu: package 
intel-microcode/3.20201118.1~deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980962: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980962
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: dpdk 18.11.11-1~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981002 = buster pending
Bug #981002 [release.debian.org] buster-pu: package dpdk/18.11.11-1~deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981002
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#981292: cairo 1.16.0-4+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981292 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: cairo
Version: 1.16.0-4+deb10u1

Explanation: fix mask usage in image-compositor [CVE-2020-35492]

Processed: pepperflashplugin-nonfree 1.8.8~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 979072 = buster pending
Bug #979072 [release.debian.org] buster-pu: pepperflashplugin-nonfree
Ignoring request to alter tags of bug #979072 to the same tags previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
979072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979072
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#981002: dpdk 18.11.11-1~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981002 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: dpdk
Version: 18.11.11-1~deb10u1

Explanation: new upstream stable release

Processed: cairo 1.16.0-4+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981292 = buster pending
Bug #981292 [release.debian.org] buster-pu: package cairo/1.16.0-4+deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: atftp_0.7.git20120829-3.2~deb10u1_source.changes
  ACCEPT
Processing changes file: cjson_1.7.10-1.1+deb10u1_source.changes
  ACCEPT
Processing changes file: clevis_11-2+deb10u1_source.changes
  ACCEPT
Processing changes file: cyrus-imapd_3.0.8-6+deb10u5_sourceonly.changes
  ACCEPT
Processing changes file: debian-edu-config_2.10.65+deb10u7_source.changes
  ACCEPT
Processing changes file: device-tree-compiler_1.4.7-4_source.changes
  ACCEPT
Processing changes file: dovecot_2.3.4.1-5+deb10u6_source.changes
  ACCEPT
Processing changes file: emacs_26.1+1-3.2+deb10u2_source.changes
  ACCEPT
Processing changes file: highlight.js_9.12.0+dfsg1-4+deb10u1_amd64.changes
  ACCEPT
Processing changes file: net-snmp_5.7.3+dfsg-5+deb10u2_source.changes
  ACCEPT
Processing changes file: python-bottle_0.12.15-2+deb10u1_amd64.changes
  ACCEPT
Processing changes file: systemd_241-7~deb10u6_source.changes
  ACCEPT

Bug#980962: intel-microcode 3.20201118.1~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980962 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: intel-microcode
Version: 3.20201118.1~deb10u1

Explanation: update various microcode

Bug#979072: pepperflashplugin-nonfree 1.8.8~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 979072 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: pepperflashplugin-nonfree
Version: 1.8.8~deb10u1

Explanation: turn into a dummy package taking care of removing the previously 
installed plugin (no longer functional nor supported)

Processed: systemd 241-7~deb10u6 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981345 = buster pending
Bug #981345 [release.debian.org] buster-pu: package systemd/241-7~deb10u6
Added tag(s) pending; removed tag(s) confirmed and d-i.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981345
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#981345: systemd 241-7~deb10u6 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981345 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: systemd
Version: 241-7~deb10u6

Explanation: journal: do not trigger assertion when journal_file_close() is 
passed NULL

Processed: net-snmp 5.7.3+dfsg-5+deb10u2 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 972149 = buster pending
Bug #972149 [release.debian.org] buster-pu: package 
net-snmp/5.7.3+dfsg-5+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
972149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: highlight.js 9.12.0+dfsg1-4+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980857 = buster pending
Bug #980857 [release.debian.org] buster-pu: package 
highlight.js/9.12.0+dfsg1-4+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980857
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: python-bottle 0.12.15-2+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981271 = buster pending
Bug #981271 [release.debian.org] buster-pu: package 
python-bottle/0.12.15-2+deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981271: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: emacs 26.1+1-3.2+deb10u2 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 979749 = buster pending
Bug #979749 [release.debian.org] buster-pu: package emacs/1:26.1+1-3.2+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
979749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979749
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: debian-edu-config 2.10.65+deb10u7 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980491 = buster pending
Bug #980491 [release.debian.org] [pre-approval] buster-pu: package 
debian-edu-config/2.10.65+deb10u7
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980491: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980491
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: dovecot 2.3.4.1-5+deb10u6 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981239 = buster pending
Bug #981239 [release.debian.org] buster-pu: package dovecot/1:2.3.4.1-5+deb10u6
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981239: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: cyrus-imapd 3.0.8-6+deb10u5 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980259 = buster pending
Bug #980259 [release.debian.org] buster-pu: package cyrus-imapd/3.0.8-6+deb10u5
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980259: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980259
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: device-tree-compiler 1.4.7-4 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981339 = buster pending
Bug #981339 [release.debian.org] buster-pu: package device-tree-compiler/1.4.7-4
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981339: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981339
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: cjson 1.7.10-1.1+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980268 = buster pending
Bug #980268 [release.debian.org] buster-pu: cjson/1.7.10-1.1+deb10u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980268
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: atftp 0.7.git20120829-3.2~deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 980938 = buster pending
Bug #980938 [release.debian.org] buster-pu: package 
atftp/0.7.git20120829-3.2~deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980938
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: clevis 11-2+deb10u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 981059 = buster pending
Bug #981059 [release.debian.org] buster-pu: package clevis/11-2
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
981059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981059
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#981339: device-tree-compiler 1.4.7-4 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981339 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: device-tree-compiler
Version: 1.4.7-4

Explanation: fix segfault on “dtc -I fs /proc/device-tree”

Bug#981239: dovecot 2.3.4.1-5+deb10u6 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981239 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: dovecot
Version: 2.3.4.1-5+deb10u6

Explanation: fix crash when searching mailboxes containing malformed MIME 
messages

Bug#981059: clevis 11-2+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981059 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: clevis
Version: 11-2+deb10u1

Explanation: fix initramfs creation; clevis-dracut: Trigger initramfs creation 
upon installation

Bug#981271: python-bottle 0.12.15-2+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 981271 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: python-bottle
Version: 0.12.15-2+deb10u1

Explanation: stop allowing ";" as a query-string separator [CVE-2020-28473]

Bug#980938: atftp 0.7.git20120829-3.2~deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980938 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: atftp
Version: 0.7.git20120829-3.2~deb10u1

Explanation: fix denial of service issue [CVE-2020-6097]

Bug#980268: cjson 1.7.10-1.1+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980268 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: cjson
Version: 1.7.10-1.1+deb10u1

Explanation: fix infinite loop in cJSON_Minify

Bug#980857: highlight.js 9.12.0+dfsg1-4+deb10u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980857 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: highlight.js
Version: 9.12.0+dfsg1-4+deb10u1

Explanation: fix prototype pollution [CVE-2020-26237]

Bug#980259: cyrus-imapd 3.0.8-6+deb10u5 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980259 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: cyrus-imapd
Version: 3.0.8-6+deb10u5

Explanation: fix version comparison in cron script

Bug#980491: debian-edu-config 2.10.65+deb10u7 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 980491 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: debian-edu-config
Version: 2.10.65+deb10u7

Explanation: move host keytabs cleanup code out of gosa-modify-host into a 
standalone script, reducing LDAP calls to a single query

Bug#979749: emacs 26.1+1-3.2+deb10u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 979749 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: emacs
Version: 26.1+1-3.2+deb10u2

Explanation: don't crash with OpenPGP User IDs with no e-mail address

Bug#972149: net-snmp 5.7.3+dfsg-5+deb10u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 972149 = buster pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian buster.

Thanks for your contribution!

Upload details
==

Package: net-snmp
Version: 5.7.3+dfsg-5+deb10u2

Explanation: snmpd: Add cacheTime and execType flags to EXTEND-MIB

Processed: user release.debian....@packages.debian.org, usertagging 979072 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was 
a...@adam-barratt.org.uk).
> usertags 979072 = pu
Usertags were: rm.
Usertags are now: pu.
> retitle 979072 buster-pu: pepperflashplugin-nonfree
Bug #979072 [release.debian.org] RM: pepperflashplugin-nonfree -- RoQA; no 
longer works; upstream EOL
Changed Bug title to 'buster-pu: pepperflashplugin-nonfree' from 'RM: 
pepperflashplugin-nonfree -- RoQA; no longer works; upstream EOL'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
979072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979072
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Re: source-only uploads for future point releases (Re: Bug

[Utkarsh Gupta]

Henrique de Moraes Holschuh  wrote:
> But just in case, what about Jessie ELTS non-free ?

A source-only upload should work and the builders would pick it from there.
However, uploading to jessie now is not straightforward. There's a
different repository altogether, so only those who have their keys
added can upload (cf: the ELTS team).

Should you have more questions, let me know. Either way, I'll wait for
buster-pu and stretch update of intel-microcode and then work on this?
(cf: our other thread :)).


- u

Bug#977782: buster-pu: package postsrsd/1.5-2

[Salvatore Bonaccorso]

hi Oxan,

On Thu, Dec 31, 2020 at 05:11:13PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Sun, 2020-12-20 at 20:48 +0100, Oxan van Leeuwen wrote:
> > Upstream recently discovered a potential remote denial-of-service
> > attack in  postsrsd (CVE-2020-35573) [1]. Fortunately, this issue is
> > currently not  exploitable in Debian due to gcc optimizing the
> > problematic loop away. Thus, the  security has decided not to issue a
> > DSA [2], but instead suggested to fix it 
> > through a stable update.
> > 
> 
> Please go ahead.

I noticed that today there was an upload to security-master for it.
Given our previous discussion, was this an oversight? I just have
rejected the package, could you please upload it for the upcoming
point release instead to ftp-master?

Regards,
Salvatore

Re: why was bitcoin package removed from testing?

[Jonas Smedegaard]

Quoting Paul Gevers (2021-01-30 19:49:31)
> On 30-01-2021 11:50, Jonas Smedegaard wrote:
> > If the release team consider bitcoin unacceptable for Debian stable, 
> > then please elaborate why.
> 
> We consider it unacceptable for Debian bullseye because the security 
> team doesn't want to support it.

Thanks for the clarification.

Now, if only the security team would clarify... :-/


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#979072: RM: pepperflashplugin-nonfree -- RoQA; No longer work; upstream eol

[Andreas Beckmann]

On 1/30/21 3:43 PM, Adam D. Barratt wrote:
> On Sun, 2021-01-17 at 17:22 +0100, Andreas Beckmann wrote:
>> On 1/16/21 7:54 PM, Adam D. Barratt wrote:
>>> On Fri, 2021-01-15 at 18:48 +0100, Andreas Beckmann wrote:
 I think it would be better to replace the broken installer
 package
 with
 a dummy package stating the EoL fact. (see #978954 for more
 discussion)
>>> Do you have a proposed diff for such an upload?
>>
>> Of course ;-)
>>
> 
> That seems like a reasonable solution.
> 
> Please feel free to go ahead, bearing in mind that the window for 10.8
> closes during this weekend.

Thanks, uploaded.

That package also migrated to Ubuntu and was backported there to all
supported releases.


Andreas

Bug#981232: unblock: perl/5.32.1-1

[Dominic Hargreaves]

On Sat, Jan 30, 2021 at 09:13:42PM +0200, Niko Tyni wrote:
> On Sat, Jan 30, 2021 at 07:35:04AM +0100, Paul Gevers wrote:
> 
> > The pseudo excuses [1] report quite some autopkgtest regressions. Can
> > you please check them, fix them if relevant or explain why they are not
> > relevant for bullseye (e.g. unstable only)?
> 
> > [1] https://release.debian.org/britney/pseudo-excuses-experimental.html#perl
> 
> I spent most of today going through logs of the 300 or so packages showing
> regressions. The gain was not worth the maintainer time IMHO. I'm not
> looking forward to doing this again for the actual testing migration.

Thanks!

> I found about 160 network/proxy failures on arm64 hosts with apt bailing
> out, and about 120 installability failures relating to the four packages
> that we already knew will need a rebuild.
> 
> The remaining 19 failures are categorized below with comments.
> 
> I'm away from my credentials for the self service, can schedule retries
> probably tomorrow if necessary. Happy if somebody else beats me to it.

I pressed retry a bunch of times.

> Needs fixing for 5.32.1
> ---
> 
> - libdevel-mat-dumper-perl
>  real issue; needs a strict dependency and a rebuild for 5.32.1
>  also means this is a fifth package that needs a binnmu
>  filed #981408
> 
> - perl 
> filed as #981409
> minor issue, can be fixed when uploading to sid

Fixed in git.

> Retry suggested
> ---
> 
> bioperl # flaky; API rate limit exceeded, similar to testing/amd64/1.7.7-2  
> 2020-12-02 04:21:20 UTC
> backuppc # one-off? unlikely it's perl's fault
> jellyfish # test suite timeout, not perl specific?
> ikiwiki-hosting # not perl specific: apache2.service: Failed to set up mount 
> namespacing: Permission denied
> libbio-db-ncbihelper-perl # network error? MSG: Can't query website: 500 
> Status read failed: Connection reset by peer
> trinityrnaseq # probably flaky?
> libtest-valgrind-perl # no idea, worth a retry. Might be a valgrind issue on 
> ppc64el

Bug#980847: marked as done (pre-approval: qutebrowser/2.0.1-2)

[Debian Bug Tracking System]

Your message dated Sat, 30 Jan 2021 20:32:37 +0100
with message-id <8eec166e-fad6-517c-b937-00746d39a...@debian.org>
and subject line Re: Bug#980847: pre-approval: qutebrowser/2.0.0-1
has caused the Debian Bug report #980847,
regarding pre-approval: qutebrowser/2.0.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
980847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980847
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please pre-approve the package qutebrowser/2.0.0-1.

[ Reason ]
A major upstream release (2.0.0) of qutebrowser is going to be released
soon (currently aimed at early next week, i.e. around 26th of January
2021).

While it certainly counts as a "large change", it is a leaf package and
risk is believed to be small (see below).

[ Impact ]
Users on Debian Stable will continue to use the previous release series
(1.14.x) for the next couple of years. Since there are some changes
around the names of commands/settings, this introduces an undesirable
gap between users on Debian Stable and users on other distributions
(many of qutebrowser's users are on rolling-release distributions).

This gap would make it more difficult both for upstream and the affected
users to give/take support, share configuration files, etc.

[ Tests ]
qutebrowser has a big automated testsuite with over 9000 (sic) tests.
Note that many of those result from parametrization (running the same
test with different sets of inputs), but still this reduces the
potential for regressions. Upstream also uses other measures to reduce
defects where appropriate, such as type annotations.

A part of its users is using it directly from its git repository, so
that any remaining issues with changes usually get reported and fixed
quickly.

[ Risks ] qutebrowser is a leaf package, so no coordination with other
package(r)s is required. It is also a desktop application - while those
certainly shouldn't be held to lower standards, the impact (or need for
additional "preparation time" for users) might be smaller compared to
e.g. a server application.

There are many changes upstream:

  $ git diff --stat v1.14.1...master
  540 files changed, 12654 insertions(+), 10182 deletions(-)

Excluding tests/scripts/...:

  $ git diff --stat v1.14.1...master -- qutebrowser/
  199 files changed, 5189 insertions(+), 5794 deletions(-)

However, the bulk of those changes are a result of relatively boring
changes upstream, such as dropping support for old Python/Qt versions.

The upstream changelog is probably a better indication:
https://github.com/qutebrowser/qutebrowser/blob/master/doc/changelog.asciidoc#v200-unreleased

[ Checklist ]
(N/A because this is a pre-approval)

[ Other info ]
The upstream maintainer is on Cc for this bug and is willing to work
with the package maintainers for this, where needed. If (despite all
measures) regressions would be introduced, a potential patch release
would happen as soon as possible. Patch releases are done from a
dedicated v2.0.x maintenance branch, keeping care to keep changes as
small as possible and without any non-bugfix changes.

The release also introduces a new optional dependency on the Python
"adblock" module for better ad blocking. It is currently not packaged
for Debian and doing so is outside of the scope of this request. If the
dependency is unavailable, qutebrowser will fall back on the same
hosts-based adblocking it used before this release.

So please pre-approve qutebrowser/2.0.0-1.

For Debian's qutebrowser package, the qutebrowser package maintainers
and upstream.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), 
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 
'buildd-experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi Axel,

On 23-01-2021 02:26, Axel Beckert wrote:
> While it certainly counts as a "large change", it is a leaf package and
> risk is believed to be small (see below).

With the understanding that autoremovals remain on during the whole
freeze, we may manually remove RC buggy packages at any time and that
after the soft freeze starts, removed 

Bug#981232: unblock: perl/5.32.1-1

[Niko Tyni]

On Sat, Jan 30, 2021 at 07:35:04AM +0100, Paul Gevers wrote:

> The pseudo excuses [1] report quite some autopkgtest regressions. Can
> you please check them, fix them if relevant or explain why they are not
> relevant for bullseye (e.g. unstable only)?

> [1] https://release.debian.org/britney/pseudo-excuses-experimental.html#perl

I spent most of today going through logs of the 300 or so packages showing
regressions. The gain was not worth the maintainer time IMHO. I'm not
looking forward to doing this again for the actual testing migration.

I found about 160 network/proxy failures on arm64 hosts with apt bailing
out, and about 120 installability failures relating to the four packages
that we already knew will need a rebuild.

The remaining 19 failures are categorized below with comments.

I'm away from my credentials for the self service, can schedule retries
probably tomorrow if necessary. Happy if somebody else beats me to it.

Needs fixing for 5.32.1
---

- libdevel-mat-dumper-perl
 real issue; needs a strict dependency and a rebuild for 5.32.1
 also means this is a fifth package that needs a binnmu
 filed #981408

- perl 
filed as #981409
minor issue, can be fixed when uploading to sid

Retry suggested
---

bioperl # flaky; API rate limit exceeded, similar to testing/amd64/1.7.7-2  
2020-12-02 04:21:20 UTC
backuppc # one-off? unlikely it's perl's fault
jellyfish # test suite timeout, not perl specific?
ikiwiki-hosting # not perl specific: apache2.service: Failed to set up mount 
namespacing: Permission denied
libbio-db-ncbihelper-perl # network error? MSG: Can't query website: 500 Status 
read failed: Connection reset by peer
trinityrnaseq # probably flaky?
libtest-valgrind-perl # no idea, worth a retry. Might be a valgrind issue on 
ppc64el

Issues elsewhere, not triggered by src:perl
---

apache2 # fails with just src:openssl from experimental
kopanocore # not in testing; fails with e.g. src:e2fsprogs from experimental too
libcrypt-smime-perl # probably triggered by src:openssl in experimental, failed 
the same way on ppc64el earlier with perl/5.32.1~rc1-1
libdata-alias-perl # not in testing, uninstallable
libtemplate-plugin-calendar-simple-perl # #964155; not in testing
libwebsockets # tested from experimental, fails just by itself
mysql-8.0 # not in testing; fails without src:perl too
metastudent # not a regression, missing/old reference? #981293
licensecheck # failures in testing too, filed #981410

-- 
Niko Tyni   nt...@debian.org

Re: question regarding possible needed further action on package arduino

[Carsten Schoenert]

Hello Paul,

Am 30.01.21 um 19:24 schrieb Paul Gevers:
...
>> So here is my question, do I need to contact the FTP Team to clear this
>> non solvable dependency (I remember I needed something similar in the
>> past for Thunderbird) or can this issue get managed by the RT? Thanks!
> 
> Please ask ftp-master to remove the old arduino-core package. As long as
> that is in unstable, the package will not migrate as britney will keep
> on believing that the arch:all hasn't been built.

thanks for the quick answer and also for confirmation of my thinking.
I'll contact the FTP team soon.

-- 
Regards
Carsten

Re: why was bitcoin package removed from testing?

[Paul Gevers]

Hi Jonas,

On 30-01-2021 11:50, Jonas Smedegaard wrote:
> If the release team consider bitcoin unacceptable for Debian stable, 
> then please elaborate why.

We consider it unacceptable for Debian bullseye because the security
team doesn't want to support it.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Re: from >3500 down to 11 (packages in bullseye not built on buildds)

[Holger Levsen]

Hi Paul,

On Sat, Jan 30, 2021 at 07:18:42PM +0100, Paul Gevers wrote:
> https://release.debian.org/bullseye/freeze_policy.html#soft mentions
> """
> Please note that packages that are in bullseye at the start of the soft
> freeze can still be removed if they are buggy. This can happen manually
> or by the auto-removals.
> """
> autoremoval is enabled until we release.

cool!

& thanks for the clarification. what confused me was the table on the top of
https://release.debian.org/bullseye/freeze_policy.html which has a row 
saying "Adding/removing binary packages || Standard automatic migration || No"
which I now understand to be refering to packaging changes of a given
source package and not source packages themselves.

Sadly I have no idea how to improve that table now, maybe just explicitly
state somewhere "autoremovals are enabled until we release"?
 
> Thanks for you great work on making bullseye reproducible.

with pleasure! :)


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Re: question regarding possible needed further action on package arduino

[Paul Gevers]

Hi Carsten,

On 30-01-2021 08:18, Carsten Schoenert wrote:
> after a month of concentrate work together with Rock Storm on the
> arduino package , and some related build depending packages the Debian
> Electronics Team is happy we have now an updated Arduino IDE package in
> unstable.
> 
> https://tracker.debian.org/pkg/arduino

Great.

> The current migration checking says that the build on architecture all
> is missing. The arduino package now doesn't have an 'all' architecture
> package any more as we needed to melt all together into architecture
> related.
> 
> So here is my question, do I need to contact the FTP Team to clear this
> non solvable dependency (I remember I needed something similar in the
> past for Thunderbird) or can this issue get managed by the RT? Thanks!

Please ask ftp-master to remove the old arduino-core package. As long as
that is in unstable, the package will not migrate as britney will keep
on believing that the arch:all hasn't been built.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Re: from >3500 down to 11 (packages in bullseye not built on buildds)

[Paul Gevers]

Hi Holger,

On 30-01-2021 18:41, Holger Levsen wrote:
>   bsdowl is marked for autoremoval on Februay 20th but the autoremoval
> will not happen as that date is after the soft freeze, after which 
> autoremovals
>   will not ahappen anymore.

https://release.debian.org/bullseye/freeze_policy.html#soft mentions
"""
Please note that packages that are in bullseye at the start of the soft
freeze can still be removed if they are buggy. This can happen manually
or by the auto-removals.
"""

autoremoval is enabled until we release.

Thanks for you great work on making bullseye reproducible.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

from >3500 down to 11 (packages in bullseye not built on buildds)

[Holger Levsen]

hi,

so, after me doing 540 no-source-change source-only NMUploads in December 2020
and 2940 in January 2021 we've come down from >3500 binary packages in bullseye
which were not built on buildds to 11. That's pretty awesome! [1]

(It also means that currently I have uploaded >10% of all of Debian, which is 
pretty
insane, IMNSHO. This was of course only possible because of all YOUR awesome 
work!)

And I still would like to get this number (11) down to *zero* for the release, 
so
please continue to help!

The eleven source packages are:

(I've bcced the maintainers and uploaders.)


- autobahn-cpp: has a FTBFS bug which is #978201 and which is titled "FTBFS: 
wamp_websocketpp_websocket_transport.ipp: error: ‘::_1’ has not been 
declared"
It is marked marked for autoremoval on February 8th, so if nothing
happens this package will not be released with bullseye.

- bsdowl: has a trivial piuparts issue which is described nicely in #980793
but fixing wasn't trivial for me. bsdowl installs files in 
/usr/share/mk,
but that is now a symlink (shipped by bmake), pointing to
/usr/share/bmake/mk-netbsd. debian/rules is basically empty so some
understanding of bmake is needed... (debian/*.install files do not 
exist.)
bsdowl is marked for autoremoval on Februay 20th but the autoremoval
will not happen as that date is after the soft freeze, after which 
autoremovals
will not ahappen anymore.

- qdjango: FTBFS on buildds / #980267. I believe a variable might get 
incorrectly
expanded? It's marked for autoremoval on February 14th, which will
not happen, so something needs to be done here.

- golang-rsc-qr: marked for autoremoval on February 8th due to #978296 which is
FTBFS bug about dh_auto_test failing. Seems fixable, even if only by
disabling some test...

- golang-github-cznic-lldb: is affected by #980573 and #980668 but the 
autoremoval 
will not happen as it's marked for February 18th, which is after the 
soft freeze,
after which autoremovals will not happen. So something needs to be done 
here.

- golang-github-cznic-ql: is affected by #980572 and #980706 but the autoremoval
is scheduled for March 3rd, so will not happen. So something needs to 
be done
here as well.
  Both golang-github-cznic-(lldb|ql) depend on golang-github-cznic-sortutil,
which is marked for autoremoval on March 5th due to #980698...

- trapperkeeper-scheduler-clojure: maintainer accidently(?) did a binary upload 
5 days
ago. I've already pinged pollo on irc and will keep an eye on the 
situation :)

- trapperkeeper-authorization-clojure: should migrate in 3 days once 
rbac-client-clojure
migrated. Thanks Louis-Philippe for all those clojure fixes!

- udunits: had a recent maintainer upload and should migrate in 4 days. Thanks, 
Alastair!

- namazu2: NMU has been uploaded to DELAYED/5, should enter sid in 2 days and 
then
hopefully migrate. Thanks, Andreas!

- afew: had a recent maintainer upload and should migrate in 4 days. Thanks, 
Håvard!


Thank you for reading this far! And keep rocking! :)


[1] 
http://layer-acht.org/thinking/blog/20201231-no-source-change-source-uploads/


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄

Moral, truth, long term- and holistic thinking seem to mean nothing to us. The
emperors are naked. Every single one. It turns out our whole society is just
one big nudist party. (Greta Thunberg about the world reacting to the corona
crisis but not reacting appropriatly to the climate crisis.)


signature.asc
Description: PGP signature

Processed: unblock 970386 with 981239

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> unblock 970386 with 981239
Bug #970386 [dovecot-imapd] dovecot-imapd: assertion failure in 
message_part_finish when searching large folder
970386 was blocked by: 981239
970386 was not blocking any bugs.
Removed blocking bug(s) of 970386: 981239
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
970386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970386
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Uploading linux (5.10.12-1)

[Salvatore Bonaccorso]

Hi

I would like to upload linux version 5.10.12-1 to unstable later today
or tomorrow. It imports one further stable version from the previous
in unstable up to 5.10.12. It will contain an ABI bump. 

Notably it contains the fixes for CVE-2021-3347.

The pending changes in the package are additionally:

   * xen: Fix XenStore initialisation for XS_LOCAL
   * [rt] Refresh "printk: refactor kmsg_dump_get_buffer()"
   * [rt] Refresh "locking/rtmutex: Handle the various new futex race
 conditions"
   * [rt] Refresh "locking/rtmutex: add sleeping lock implementation"
   * [rt] Refresh "crypto: limit more FPU-enabled sections"
   * Enable USB_NET_AQC111 as module (Closes: #968760)
   * [arm64] Enable DRM_VC4 again. (Closes: #968181, #968188)
   * [arm64] Enable DRM_VC4_HDMI_CEC. (Closes: #977438)

The xen change is needed to fix an upstream regression which is included in
5.10.11, cf.
https://lore.kernel.org/xen-devel/20210129005129.GA2452@mail-itl/T/#mc0a7e5fe1659826a5c755dd2f02f9987c2eb0f11
.

Regards,
Salvatore



signature.asc
Description: PGP signature

Re: source-only uploads for future point releases (Re: Bug#980962: buster-pu: package intel-microcode/3.20201118.1~deb10u1)

[Henrique de Moraes Holschuh]

On Sat, Jan 30, 2021, at 09:16, Holger Levsen wrote:
> On Fri, Jan 29, 2021 at 04:32:27PM -0300, Henrique de Moraes Holschuh wrote:
> > > Please feel free to upload, bearing in mind that the window for 10.8
> > > closes during this weekend.
> > Uploaded (source, i386, amd64).
>  
> one can do source only uploads to stable(-security) and oldstable() too.
> 
> Can we have source-only uploads for future point releases please?

Sure, I wanted to do just that, but given the time frame for the upload and the 
deadline, I did not want to risk the need for a second upload with binaries.

There is a pain point for *non-free* (which is the case here), in that in the 
past, not all possibilities were covered by autobuilders. And there was (is?) 
no documentation of such border conditions, because they were not on purpose.  
I guess I got the cat-and-water behaviour re. that :-)

I will assume non-free, non-free backports and non-free security are fully 
supported by autobuilders for stretch and beyond now.  But just in case, what 
about Jessie ELTS non-free ?

-- 
  Henrique de Moraes Holschuh 

Bug#981381: marked as done (nmu: cdebootstrap_0.7.7+b13)

[Debian Bug Tracking System]

Your message dated Sat, 30 Jan 2021 16:45:59 +0100
with message-id <20210130154552.ga27...@debian.org>
and subject line Re: nmu: cdebootstrap_0.7.7+b13
has caused the Debian Bug report #981381,
regarding nmu: cdebootstrap_0.7.7+b13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
981381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981381
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hey folks,

I've removed the hardcoded READSIZE limitation in libdebian-installer
and uploaded that in version 0.121. To also fix this bug in
cdebootstrap-static we'll need to binNMU this too:

nmu cdebootstrap_0.7.7 . ANY . unstable . -m "Rebuild against 
libdebian-installer 0.121; Closes: #979226"

The new libdebian-installer is already built and installed for all
arches.

Cheers,

Steve

-- System Information:
Debian Release: 10.7
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Hi,

On Sat, Jan 30, 2021 at 12:10:28PM +, Steve McIntyre wrote:
> nmu cdebootstrap_0.7.7 . ANY . unstable . -m "Rebuild against 
> libdebian-installer 0.121; Closes: #979226"

Scheduled.

Please note that binNMUs don't trigger mails to close bugs, so you'll have to
do that manually.

cheers,

Ivo--- End Message ---

Re: why was bitcoin package removed from testing?

[Thomas Hochstein]

Jonas Smedegaard wrote:

> The bitcoin package was removed from testing some hours ago - 
> https://tracker.debian.org/news/1225530/bitcoin-removed-from-testing/ 
> references bug#718272 but that bug is closed.
>
> If the removal accidental (e.g. cause by bug closure flip-flop, then 
> please consider correcting that by fast-trackign a re-acceptance.

The remove seems to be triggered by a manual relase team hint, as
shown on
,
refering to .

-thh

Bug#981345: buster-pu: package systemd/241-7~deb10u6

[Michael Biebl]

Am 30.01.21 um 09:42 schrieb Cyril Brulebois:

Michael Biebl  (2021-01-29):

CCed kibi/debian-boot, as usual.

The udev package should not be affected, as the above change only
affects the journal, which is not used in d-i.

The regression potential is rather low. The fix itself is a
cherry-pick from upstream and has been part of sid/testing since
quite a while.


Sure thing, fine with me!




Uploaded. Thanks all for the quick replies.

Regards,
Michael



OpenPGP_signature
Description: OpenPGP digital signature

Processed: tagging 962672

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> # Addressed by 20200601~deb10u2
> tags 962672 + pending
Bug #962672 [release.debian.org] buster-pu: package 
ca-certificates/20200611~deb10u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
962672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962672
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: buster-pu: package highlight.js/9.12.0+dfsg1-4+deb10u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #980857 [release.debian.org] buster-pu: package 
highlight.js/9.12.0+dfsg1-4+deb10u1
Added tag(s) confirmed.

-- 
980857: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980857
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#980857: buster-pu: package highlight.js/9.12.0+dfsg1-4+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

For some reason, the initial request here doesn't seem to have made it
to the debian-release list.

On Sat, 2021-01-23 at 08:32 +, Thorsten Alteholz wrote:
> The attached debdiff for highlight.js fixes CVE-2020-26237 in Buster.
> 
> Meanwhile it is marked as no-dsa by the security team.
> 
> The same fix is already applied to 9.18.1+dfsg1-3, which was uploaded
> to unstable  in December and no regression showed up.

Please go ahead.

Regards,

Adam

Bug#981239: buster-pu: package dovecot/1:2.3.4.1-5+deb10u6

[Adam D. Barratt]

Control: tags -1 + confirmed

On Wed, 2021-01-27 at 21:07 -0800, Noah Meyerhans wrote:
> I'd like to update the dovecot IMAP suite in buster to address bug
> #970386.
> This bug involves a server crash that's triggered when issuing a
> server-side full-text search against a mailbox containing messages
> with certain malformed MIME components.  The fix cherry-picked
> cleanly from upstream and I have confirmed that it addresses the
> issue.

Assuming that "cherry-picked ... from upstream" here implies that the
fix is already in unstable, please go ahead.

Regards,

Adam

Processed: Re: Bug#981239: buster-pu: package dovecot/1:2.3.4.1-5+deb10u6

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #981239 [release.debian.org] buster-pu: package dovecot/1:2.3.4.1-5+deb10u6
Added tag(s) confirmed.

-- 
981239: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981239
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#975932: buster-pu: package wireshark/2.6.20-0+deb10u1

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + confirmed
Bug #975932 [release.debian.org] buster-pu: package wireshark/2.6.20-0+deb10u1
Added tag(s) confirmed.

-- 
975932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#975932: buster-pu: package wireshark/2.6.20-0+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Thu, 2020-11-26 at 22:38 +0200, Adrian Bunk wrote:
> This update fixes the 14 non-dsa CVEs in buster by upgrading
> to 2.6.20 (12 CVEs fixed) plus two fixes for additional CVEs.
> 
> Wireshark is a package where upstream is followed,
> and will likely eventually be upgraded to a 3.x release
> in a DSA at some point in the future. That's why this
> pu request updates to the final 2.6 release (on top of
> the last 2.6 release that was in unstable) instead of
> backporting all CVE fixes.
> 

Please go ahead, sorry for the delay.

Regards,

Adam

Processed: tagging 980402

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 980402 + pending
Bug #980402 [release.debian.org] RM: compactheader -- RoQA; abandoned upstream, 
no longer usable
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
980402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#979072: RM: pepperflashplugin-nonfree -- RoQA; No longer work; upstream eol

[Adam D. Barratt]

On Sun, 2021-01-17 at 17:22 +0100, Andreas Beckmann wrote:
> On 1/16/21 7:54 PM, Adam D. Barratt wrote:
> > On Fri, 2021-01-15 at 18:48 +0100, Andreas Beckmann wrote:
> > > I think it would be better to replace the broken installer
> > > package
> > > with
> > > a dummy package stating the EoL fact. (see #978954 for more
> > > discussion)
> > Do you have a proposed diff for such an upload?
> 
> Of course ;-)
> 

That seems like a reasonable solution.

Please feel free to go ahead, bearing in mind that the window for 10.8
closes during this weekend.

Regards,

Adam

Bug#975932: buster-pu: package wireshark/2.6.20-0+deb10u1

[Adrian Bunk]

Attached is an update with 2 more CVEs fixed.

Thanks
Adrian


On Thu, Nov 26, 2020 at 10:38:09PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian@packages.debian.org
> Usertags: pu
> 
> This update fixes the 14 non-dsa CVEs in buster by upgrading
> to 2.6.20 (12 CVEs fixed) plus two fixes for additional CVEs.
> 
> Wireshark is a package where upstream is followed,
> and will likely eventually be upgraded to a 3.x release
> in a DSA at some point in the future. That's why this
> pu request updates to the final 2.6 release (on top of
> the last 2.6 release that was in unstable) instead of
> backporting all CVE fixes.
> 
> The attached debdiff only includes changes to debian/

diff -Nru wireshark-2.6.8/debian/changelog wireshark-2.6.20/debian/changelog
--- wireshark-2.6.8/debian/changelog2019-05-27 17:08:44.0 +0300
+++ wireshark-2.6.20/debian/changelog   2021-01-30 15:55:58.0 +0200
@@ -1,3 +1,48 @@
+wireshark (2.6.20-0+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream version including the following security fixes:
+- CVE-2019-16319: The Gryphon dissector could go into an infinite loop.
+- CVE-2019-19553: The CMS dissector could crash.
+- CVE-2020-7045: The BT ATT dissector could crash.
+- CVE-2020-9428: The EAP dissector could crash.
+- CVE-2020-9430: The WiMax DLMAP dissector could crash.
+- CVE-2020-9431: The LTE RRC dissector could leak memory.
+- CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213)
+- CVE-2020-13164: The NFS dissector could crash.
+- CVE-2020-15466: The GVCP dissector could go into an infinite loop.
+- CVE-2020-25862: The TCP dissector could crash.
+- CVE-2020-25863: The MIME Multipart dissector could crash.
+  * Adjust 17_libdir_location.patch for context changes.
+  * Since Wireshark 2.6.14 tests are run automatically by debhelper,
+backport the build fix and making test failures non-fatal.
+  * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector
+could enter an infinite loop. (Closes: #974688)
+  * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689)
+  * CVE-2020-26418: Memory leak in the Kafka protocol dissector.
+  * CVE-2020-26421: Crash in USB HID protocol dissector.
+
+ -- Adrian Bunk   Sat, 30 Jan 2021 15:55:58 +0200
+
+wireshark (2.6.10-1) unstable; urgency=medium
+
+  * New upstream version 2.6.10
+ - security fixes:
+   - ASN.1 BER and related dissectors crash (CVE-2019-13619)
+ - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808)
+  * debian/gitlab-ci.yml: User minimal reference configuration
+
+ -- Balint Reczey   Wed, 17 Jul 2019 23:23:05 +0200
+
+wireshark (2.6.9-1) unstable; urgency=medium
+
+  * Acknowledge NMU
+  * New upstream version 2.6.9
+  * Drop obsolete CVE-2019-12295.patch
+  * Refresh patches
+
+ -- Balint Reczey   Thu, 30 May 2019 22:13:15 +0200
+
 wireshark (2.6.8-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru wireshark-2.6.8/debian/gitlab-ci.yml 
wireshark-2.6.20/debian/gitlab-ci.yml
--- wireshark-2.6.8/debian/gitlab-ci.yml2019-05-27 17:00:57.0 
+0300
+++ wireshark-2.6.20/debian/gitlab-ci.yml   2019-07-18 00:23:05.0 
+0300
@@ -1,13 +1,3 @@
-include: 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
-
-build:
-extends: .build-unstable
-
-lintian:
-extends: .test-lintian
-
-autopkgtest:
-extends: .test-autopkgtest
-
-piuparts:
-extends: .test-piuparts
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - 
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru 
wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
 
wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
--- 
wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
   1970-01-01 02:00:00.0 +0200
+++ 
wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
  2021-01-28 17:16:49.0 +0200
@@ -0,0 +1,54 @@
+From 831746a8f08053a18f54ea1aa2e1084586a2d0ab Mon Sep 17 00:00:00 2001
+From: Gerald Combs 
+Date: Thu, 5 Nov 2020 17:37:13 -0800
+Subject: epan: Limit our bits in decode_bits_in_field.
+
+Limit the number of bits we process in decode_bits_in_field, otherwise
+we'll overrun our buffer. Fixes #16958.
+---
+ epan/to_str.c | 11 +--
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/epan/to_str.c b/epan/to_str.c
+index eaa8b28793..9dd7a2e588 100644
+--- a/epan/to_str.c
 b/epan/to_str.c
+@@ -935,13 +935,13 @@ rel_time_to_secs_str(wmem_allocator_t *scope, const 
nstime_t *rel_time)
+ char *
+ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const 
guint64 value)
+ {
+-  guint64 mask = 0,tmp;
++  guint64 

source-only uploads for future point releases (Re: Bug#980962: buster-pu: package intel-microcode/3.20201118.1~deb10u1)

[Holger Levsen]

On Fri, Jan 29, 2021 at 04:32:27PM -0300, Henrique de Moraes Holschuh wrote:
> > Please feel free to upload, bearing in mind that the window for 10.8
> > closes during this weekend.
> Uploaded (source, i386, amd64).
 
one can do source only uploads to stable(-security) and oldstable() too.

Can we have source-only uploads for future point releases please?


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁   holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀ PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
 ⠈⠳⣄


signature.asc
Description: PGP signature

Bug#981381: nmu: cdebootstrap_0.7.7+b13

[Steve McIntyre]

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu

Hey folks,

I've removed the hardcoded READSIZE limitation in libdebian-installer
and uploaded that in version 0.121. To also fix this bug in
cdebootstrap-static we'll need to binNMU this too:

nmu cdebootstrap_0.7.7 . ANY . unstable . -m "Rebuild against 
libdebian-installer 0.121; Closes: #979226"

The new libdebian-installer is already built and installed for all
arches.

Cheers,

Steve

-- System Information:
Debian Release: 10.7
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-13-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

why was bitcoin package removed from testing?

[Jonas Smedegaard]

The bitcoin package was removed from testing some hours ago - 
https://tracker.debian.org/news/1225530/bitcoin-removed-from-testing/ 
references bug#718272 but that bug is closed.

If the removal accidental (e.g. cause by bug closure flip-flop, then 
please consider correcting that by fast-trackign a re-acceptance.

If the release team consider bitcoin unacceptable for Debian stable, 
then please elaborate why.

Please don't just point to the bug log (as security team did): This bug 
log contains a variety of claims, and it is quite helpful that we are 
transparent about _which_ reasons Debian consider release-critical.


Kind regards,

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

signature.asc
Description: signature

Bug#981345: buster-pu: package systemd/241-7~deb10u6

[Cyril Brulebois]

Michael Biebl  (2021-01-29):
> CCed kibi/debian-boot, as usual.
> 
> The udev package should not be affected, as the above change only
> affects the journal, which is not used in d-i.
> 
> The regression potential is rather low. The fix itself is a
> cherry-pick from upstream and has been part of sid/testing since
> quite a while.

Sure thing, fine with me!


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature