Bug#1050126: bookworm-pu: package marco/1.26.1-3+deb12u2
On Fr 25 Aug 2023 22:25:59 CEST, Jonathan Wiltshire wrote: Control: tag -1 moreinfo On Sun, Aug 20, 2023 at 02:12:53PM +0200, Mike Gabriel wrote: In MATE's window manager marco an annoying issue was introduced with marco's version in Debian bullseye (iirc). If compositing was enabled in gsettings, there would be nice shadows around windows on local displays, but black frames (instead of the shadows) around windows when MATE was run in an X2Go session. Mihai Moldovan now worked on a fix for this and we'd like to bring his patches to marco in Debian bookworm (so the X2Go user experience is without black shadows around windows). In IRC you indicated that the uploaded package had an incomplete fix and asked for a reject. It would be more helpful to follow up to this bug where other people can see it. Is the complete fix now uploaded? Yes, it is now. It was this bit that was missing from the rejected-on-request upload: * debian/: + Drop black-frame-in-X2Go-sessions-workaround, re-enable compositing by default again. This drops the gsettings override 20_marco-debian.gschema.override. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net pgpB0f5VQSrZi.pgp Description: Digitale PGP-Signatur
NEW changes in stable-new
Processing changes file: cryptmount_6.2.0-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: cryptmount_6.2.0-1+deb12u1_s390x-buildd.changes ACCEPT
Processed: bookworm-pu: package vorta/0.8.10-1+deb12u1
Processing control commands: > affects -1 + src:vorta Bug #1050546 [release.debian.org] bookworm-pu: package vorta/0.8.10-1+deb12u1 Added indication that 1050546 affects src:vorta -- 1050546: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050546 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050546: bookworm-pu: package vorta/0.8.10-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: vo...@packages.debian.org, s...@debian.org Control: affects -1 + src:vorta [ Reason ] The upload of borgbackup/1.2.4-1 broke vorta/0.8.10-1, because that release of borg breaking changes (during the soft freeze), and no one noticed until bookworm was released as stable. [ Impact ] Some core functionality in Vorta is broken in bookworm; specifically, the ability to diff between backups. This issue was discovered and reported by a user at Bug #1042671. Additionally, I think this issue must be fixed because we are proud of how well our stable release process works; Our freeze, and stable updates, exist to prevent this sort of bug from impacting users in stable releases. [ Tests ] This packages has build-time tests as well as both types of autopkgtests for Python packages. Autopkgtests run with xvfb-run to be as close to real-world usage as possible. Finally, Lutz Lübbert confirms that the targeted fix proposed in this upload works correctly: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042671#31 [ Risks ] Insignificant. The changes introduced in the fix this upload cherry picked from upstream have already been tested in vorta/0.8.12-1 for over two months, as well by users of upstream's 0.8.11 release in April. The changes are found in 0006-Handle-ctime-and-mtime-diff-changes-1675.patch, they look like to obvious and correct solution to me. It would be possible to fix this from the borgbackup side, but I think we will agree that fixing this in a vorta p-u is the correct approach. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] This upload adds 0006-Handle-ctime-and-mtime-diff-changes-1675.patch, which adapts vorta to the ctime and mtime tracking introduced in borgbackup/1.2.4-1. It also adds test coverage for this change. <#part type="application/octet-stream" filename="/home/sten/Dropbox/tmp/0.8.10-1_to_0.8.10-1+deb12u1.debdiff" disposition=attachment> <#/part> Thank you for your consideration, Nicholas
Processed: bookworm-pu: package openbsd-inetd/0.20221205-2+deb12u1
Processing control commands: > affects -1 + src:openbsd-inetd Bug #1050542 [release.debian.org] bookworm-pu: package openbsd-inetd/0.20221205-2+deb12u1 Added indication that 1050542 affects src:openbsd-inetd -- 1050542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050542 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050542: bookworm-pu: package openbsd-inetd/0.20221205-2+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
Control: affects -1 + src:openbsd-inetd
This is needed to fix #1050208, introduced in bookworm, which makes
inetd crash on configuration reloads.
The fix is in the change to patches/default_v4v6, everything else is
improvements to the test suite and more tests (also to catch this
specific problem).
0.20221205-2+deb12u1 is a no changes rebuild of the package currently in
testing.
For a better view of the changes please see
https://salsa.debian.org/md/openbsd-inetd/-/commits/master .
--
ciao,
Marco
diff -Nru openbsd-inetd-0.20221205/debian/changelog openbsd-inetd-0.20221205/debian/changelog
--- openbsd-inetd-0.20221205/debian/changelog 2023-01-02 14:33:50.0 +0100
+++ openbsd-inetd-0.20221205/debian/changelog 2023-08-26 00:34:16.0 +0200
@@ -1,8 +1,21 @@
+openbsd-inetd (0.20221205-2+deb12u1) bookworm; urgency=medium
+
+ * Rebuilt for bookworm.
+
+ -- Marco d'Itri Sat, 26 Aug 2023 00:34:16 +0200
+
+openbsd-inetd (0.20221205-2) unstable; urgency=medium
+
+ * Updated the Debian patch default_v4v6 to fix fix a double free and
+a memory leak on configuration reloads. (Closes: #1050208)
+
+ -- Marco d'Itri Wed, 23 Aug 2023 12:49:41 +0200
+
openbsd-inetd (0.20221205-1) unstable; urgency=medium
* New CVS snapshot.
* When just "tcp" or "udp" is specified in inetd.conf, now inetd defaults
-to runnning two servers: one for IPv4 and one for IPv6 traffic.
+to running two servers: one for IPv4 and one for IPv6 traffic.
This is identical to specifying both e.g. "tcp4" and "tcp6".
The old semantics of only accepting IPv4 connections can be restored
by using "tcp4" or "udp4".
diff -Nru openbsd-inetd-0.20221205/debian/copyright openbsd-inetd-0.20221205/debian/copyright
--- openbsd-inetd-0.20221205/debian/copyright 2023-01-01 22:49:25.0 +0100
+++ openbsd-inetd-0.20221205/debian/copyright 2023-08-23 03:00:22.0 +0200
@@ -29,10 +29,3 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
-setproctitle.c and discard_stupid_environment() come from netkit 0.17,
-patched by the USAGI project.
-
-strlcpy.c comes from the openbsd source tree, slightly edited.
-
-bsd-closefrom.c comes from the openssh source tree, slightly edited.
-
diff -Nru openbsd-inetd-0.20221205/debian/NEWS openbsd-inetd-0.20221205/debian/NEWS
--- openbsd-inetd-0.20221205/debian/NEWS 2023-01-02 03:09:21.0 +0100
+++ openbsd-inetd-0.20221205/debian/NEWS 2023-08-23 12:46:59.0 +0200
@@ -1,7 +1,7 @@
openbsd-inetd (0.20221205-1) unstable; urgency=medium
* When just "tcp" or "udp" is specified in inetd.conf, now inetd defaults
-to runnning two servers: one for IPv4 and one for IPv6 traffic.
+to running two servers: one for IPv4 and one for IPv6 traffic.
This is identical to specifying both e.g. "tcp4" and "tcp6".
The old semantics of only accepting IPv4 connections can be restored
by using "tcp4" or "udp4".
diff -Nru openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst
--- openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst 2023-01-02 02:45:43.0 +0100
+++ openbsd-inetd-0.20221205/debian/openbsd-inetd.preinst 2023-08-23 03:06:12.0 +0200
@@ -54,14 +54,6 @@
install)
create_inetd
;;
-
-upgrade|abort-upgrade)
-;;
-
-*)
-echo "$0 called with unknown argument '$1'" >&2
-exit 1
-;;
esac
#DEBHELPER#
diff -Nru openbsd-inetd-0.20221205/debian/patches/default_v4v6 openbsd-inetd-0.20221205/debian/patches/default_v4v6
--- openbsd-inetd-0.20221205/debian/patches/default_v4v6 2023-01-02 02:30:41.0 +0100
+++ openbsd-inetd-0.20221205/debian/patches/default_v4v6 2023-08-23 02:45:43.0 +0200
@@ -44,37 +44,35 @@
int val;
int argc;
+ static int proto_override;
-+ static char *saved_cp;
++ static char saved_line[1024];
sep = calloc(1, sizeof(struct servtab));
if (sep == NULL) {
-@@ -1165,6 +1167,14 @@ getconfigent(void)
+@@ -1165,6 +1167,11 @@ getconfigent(void)
more:
freeconfig(sep);
+ if (proto_override) {
+ /* process again the same configuration entry */
-+ cp = saved_cp;
-+ saved_cp = NULL;
++ cp = saved_line;
+ } else {
-+ if (saved_cp)
-+ free(saved_cp);
+
while ((cp = nextline(fconfig)) && *cp == '#')
;
if (cp == NULL) {
-@@ -1172,6 +1182,10 @@ more:
+@@ -1172,6 +1179,11 @@ more:
return (NULL);
}
-+ /* keep a copy of the configuration entry */
-+ saved_cp = newstr(cp);
-+ } /* proto_override */
++ /* keep a copy of the configuration entry */
++ strcpy(saved_line, cp);
++
++ } /* !proto_override */
+
memset(sep, 0, sizeof *sep);
arg = skip(, 0);
if (arg == NULL) {
-@@ -1314,9 +1328,37 @@ do { \
+@@ -1314,9 +1326,37 @@ do { \
} else {
int s;
@@ -86,7 +84,7 @@
+
+
NEW changes in stable-new
Processing changes file: cryptmount_6.2.0-1+deb12u1_source.changes ACCEPT
Bug#1050537: bookworm-pu: package batik/1.16+dfsg-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ba...@packages.debian.org
Control: affects -1 + src:batik
Dear Release Team,
I would like to propose an upload of batik in the next point release.
[ Reason ]
CVE-2022-44729 and CVE-2022-44730 have been filed against batik. They are fixed
in sid (and soon trixie). I discussed with Security team, they said a DSA is
not needed but suggested to fix the CVE in bookworm in a point release.
The two CVE are corrected by backporting upstream changes.
[ Impact ]
The two CVE would remain:
``A malicious SVG can probe user profile / data and send it directly as
parameter to a URL.''
and
``A malicious SVG could trigger loading external resources by default, causing
resource consumption or in some cases even information disclosure.''
[ Tests ]
The rdepss using the classes touched by upstream corrections were rebuilt in a
bookworm chroot. No additional tests were made.
[ Risks ]
Code is quite trivial and it is a direct backport of changes made in version
1.17, currently in sid. Risks due to the changes in the code are quite limited
in my opinion, but batik has many rdeps so you might consider the security
risks are not important enough to deserve an update in a point release.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Changes are in 7 files and consist in:
- Blocking loading external resource by default
http://svn.apache.org/viewvc?view=revision=1905049
- Switching to empty whitelist of packages for the class RhinoClassShutter
https://svn.apache.org/viewvc?view=revision=1905011
Thanks for your attention,
--
Pierre
diff -Nru batik-1.16+dfsg/debian/changelog batik-1.16+dfsg/debian/changelog
--- batik-1.16+dfsg/debian/changelog2022-10-27 18:27:37.0 +0200
+++ batik-1.16+dfsg/debian/changelog2023-08-24 21:28:00.0 +0200
@@ -1,3 +1,9 @@
+batik (1.16+dfsg-1+deb12u1) bookworm; urgency=medium
+
+ * Fixing CVE-2022-44729 and CVE-2022-44730
+
+ -- Pierre Gruet Thu, 24 Aug 2023 21:28:00 +0200
+
batik (1.16+dfsg-1) unstable; urgency=medium
* New upstream version 1.16+dfsg, fixing security issues:
diff -Nru batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch
batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch
--- batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch 1970-01-01
01:00:00.0 +0100
+++ batik-1.16+dfsg/debian/patches/CVE-2022-447xx.patch 2023-08-24
21:27:27.0 +0200
@@ -0,0 +1,208 @@
+Description: fixing CVE-2022-44729 and CVE-2022-44730
+ by applying the file changes of upstream commits fixing the CVE
+Author: Pierre Gruet
+Origin: upstream, https://issues.apache.org/jira/browse/BATIK-1347 and
https://issues.apache.org/jira/browse/BATIK-1349
+Forwarded: not-needed
+Last-Update: 2023-08-24
+
+---
a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
+@@ -77,6 +77,9 @@
+ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
++if (DATA_PROTOCOL.equals(externalResourceURL.getProtocol())) {
++return;
++}
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+---
a/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
b/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
+@@ -21,6 +21,7 @@
+ import org.mozilla.javascript.ClassShutter;
+
+ import java.util.Arrays;
++import java.util.ArrayList;
+ import java.util.List;
+
+ /**
+@@ -30,7 +31,7 @@
+ * @version $Id: RhinoClassShutter.java 1904565 2022-10-13 11:05:28Z ssteiner
$
+ */
+ public class RhinoClassShutter implements ClassShutter {
+-private static final List WHITELIST =
Arrays.asList("java.io.PrintStream", "java.lang.System", "java.net.URL");
++ public static final List WHITELIST = new ArrayList<>();
+
+ /*
+ public RhinoClassShutter() {
+@@ -59,56 +60,12 @@
+ * Returns whether the given class is visible to scripts.
+ */
+ public boolean visibleToScripts(String fullClassName) {
+-if (!WHITELIST.contains(fullClassName) &&
!fullClassName.endsWith("Permission") && !fullClassName.startsWith("org.")) {
+-return false;
+-}
+-
+-// Don't let them mess with script engine's internals.
+-if (fullClassName.startsWith("org.mozilla.javascript"))
+-return false;
+-
+-if (fullClassName.startsWith("org.apache.batik.")) {
+-// Just get package within batik.
+-String
Processed: bullseye-pu: package batik/1.12-4+deb11u2
Processing control commands: > affects -1 + src:batik Bug #1050538 [release.debian.org] bullseye-pu: package batik/1.12-4+deb11u2 Added indication that 1050538 affects src:batik -- 1050538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050538 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050538: bullseye-pu: package batik/1.12-4+deb11u2
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ba...@packages.debian.org
Control: affects -1 + src:batik
Dear Release Team,
I would like to propose an upload of batik in the next point release.
[ Reason ]
CVE-2022-44729 and CVE-2022-44730 have been filed against batik. They are fixed
in sid (and soon trixie). I discussed with Security team, they said a DSA is
not needed but suggested to fix the CVE in bullseye in a point release.
The two CVE are corrected by backporting upstream changes.
[ Impact ]
The two CVE would remain:
``A malicious SVG can probe user profile / data and send it directly as
parameter to a URL.''
and
``A malicious SVG could trigger loading external resources by default, causing
resource consumption or in some cases even information disclosure.''
[ Tests ]
The rdeps using the classes touched by upstream corrections were rebuilt in a
bullseye chroot. No additional tests were made.
[ Risks ]
Code is quite trivial and it is a direct backport of changes made in version
1.17, currently in sid. Risks due to the changes in the code are quite limited
in my opinion, but batik has many rdeps so you might consider the security
risks are not important enough to deserve an update in a point release.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in oldstable
[X] the issue is verified as fixed in unstable
[ Changes ]
Changes are in 7 files and consist in:
- Blocking loading external resource by default
http://svn.apache.org/viewvc?view=revision=1905049
- Switching to empty whitelist of packages for the class RhinoClassShutter
https://svn.apache.org/viewvc?view=revision=1905011
Thanks for your attention,
--
Pierre
diff -Nru batik-1.12/debian/changelog batik-1.12/debian/changelog
--- batik-1.12/debian/changelog 2022-10-29 16:22:11.0 +0200
+++ batik-1.12/debian/changelog 2023-08-25 11:07:07.0 +0200
@@ -1,3 +1,10 @@
+batik (1.12-4+deb11u2) bullseye; urgency=medium
+
+ * Team upload.
+ * Fixing CVE-2022-44729 and CVE-2022-44730
+
+ -- Pierre Gruet Fri, 25 Aug 2023 11:07:07 +0200
+
batik (1.12-4+deb11u1) bullseye-security; urgency=high
* Team upload.
diff -Nru batik-1.12/debian/patches/CVE-2022-447xx.patch
batik-1.12/debian/patches/CVE-2022-447xx.patch
--- batik-1.12/debian/patches/CVE-2022-447xx.patch 1970-01-01
01:00:00.0 +0100
+++ batik-1.12/debian/patches/CVE-2022-447xx.patch 2023-08-25
11:06:23.0 +0200
@@ -0,0 +1,199 @@
+Description: fixing CVE-2022-44729 and CVE-2022-44730
+ by applying the file changes of upstream commits fixing the CVE
+Author: Pierre Gruet
+Origin: upstream, https://issues.apache.org/jira/browse/BATIK-1347 and
https://issues.apache.org/jira/browse/BATIK-1349
+Forwarded: not-needed
+Last-Update: 2023-08-24
+
+---
a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
+@@ -74,6 +74,9 @@
+ParsedURL docURL){
+ // Make sure that the archives comes from the same host
+ // as the document itself
++if (DATA_PROTOCOL.equals(externalResourceURL.getProtocol())) {
++return;
++}
+ if (docURL == null) {
+ se = new SecurityException
+ (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
+---
a/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
b/batik-script/src/main/java/org/apache/batik/script/rhino/RhinoClassShutter.java
+@@ -20,6 +20,7 @@
+
+ import org.mozilla.javascript.ClassShutter;
+ import java.util.Arrays;
++import java.util.ArrayList;
+ import java.util.List;
+
+ /**
+@@ -29,7 +30,7 @@
+ * @version $Id: RhinoClassShutter.java 1733416 2016-03-03 07:07:13Z gadams $
+ */
+ public class RhinoClassShutter implements ClassShutter {
+-private static final List WHITELIST =
Arrays.asList("java.io.PrintStream", "java.lang.System", "java.net.URL");
++ public static final List WHITELIST = new ArrayList<>();
+
+ /*
+ public RhinoClassShutter() {
+@@ -58,56 +59,12 @@
+ * Returns whether the given class is visible to scripts.
+ */
+ public boolean visibleToScripts(String fullClassName) {
+-if (fullClassName.startsWith("java.") &&
!WHITELIST.contains(fullClassName) && !fullClassName.endsWith("Permission")) {
+-return false;
+-}
+-
+-// Don't let them mess with script engine's internals.
+-if (fullClassName.startsWith("org.mozilla.javascript"))
+-return false;
+-
+-if (fullClassName.startsWith("org.apache.batik.")) {
+-// Just get package within batik.
+-String batikPkg = fullClassName.substring(17);
+-
+-
Processed: bookworm-pu: package batik/1.16+dfsg-1+deb12u1
Processing control commands: > affects -1 + src:batik Bug #1050537 [release.debian.org] bookworm-pu: package batik/1.16+dfsg-1+deb12u1 Added indication that 1050537 affects src:batik -- 1050537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1050126: bookworm-pu: package marco/1.26.1-3+deb12u2
Processing control commands: > tag -1 moreinfo Bug #1050126 [release.debian.org] bookworm-pu: package marco/1.26.1-3+deb12u2 Added tag(s) moreinfo. -- 1050126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050126: bookworm-pu: package marco/1.26.1-3+deb12u2
Control: tag -1 moreinfo On Sun, Aug 20, 2023 at 02:12:53PM +0200, Mike Gabriel wrote: > In MATE's window manager marco an annoying issue was introduced with > marco's version in Debian bullseye (iirc). If compositing was > enabled in gsettings, there would be nice shadows around windows > on local displays, but black frames (instead of the shadows) > around windows when MATE was run in an X2Go session. > > Mihai Moldovan now worked on a fix for this and we'd like to bring > his patches to marco in Debian bookworm (so the X2Go user experience > is without black shadows around windows). In IRC you indicated that the uploaded package had an incomplete fix and asked for a reject. It would be more helpful to follow up to this bug where other people can see it. Is the complete fix now uploaded? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1041166: cryptmount 6.2.0-1+deb12u1 flagged for acceptance
package release.debian.org tags 1041166 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: cryptmount Version: 6.2.0-1+deb12u1 Explanation: avoid memory initialisation issues in command line parser
Processed: cryptmount 6.2.0-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1041166 = bookworm pending Bug #1041166 [release.debian.org] bookworm-pu: package cryptmount/6.2.0-1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1041166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041166 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1040925: bookworm-pu: package ca-certificates-java/20230103+x
Hi, If there are no objections, I intend to publish the update with this text this evening or over the weekend: | ca-certificates-java, a package to update the cacerts JKS keystore used | for many java runtimes, may fail to install alongside OpenJDK because | of a circular dependency. This update resolves the issue. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1049364: transition: gnome-panel
Hi Graham! On Thu, Aug 24, 2023 at 06:01:27PM +, Graham Inggs wrote: > Control: tags -1 confirmed > > Hi Dmitry > > On Mon, 14 Aug 2023 at 18:27, Dmitry Shachnev wrote: > > gnome-panel has a new release, which bumped SONAME of the shared library. > > I packaged it in experimental and verified that all reverse > > build-dependencies > > (gnome-applets, gnome-flashback, sensors-applet, workrave) build fine with > > it. > > Please go ahead. Thank you. gnome-panel uploaded. -- Dmitry Shachnev signature.asc Description: PGP signature
Bug#1050166: marked as done (RM: printrun/2.0.1-1)
Your message dated Fri, 25 Aug 2023 08:33:33 + with message-id and subject line Re: Bug#1050166: RM: printrun/2.0.1-1 has caused the Debian Bug report #1050166, regarding RM: printrun/2.0.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1050166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050166 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm X-Debbugs-Cc: print...@packages.debian.org, rockst...@gmx.com Control: affects -1 + src:printrun Dear release team, I would like to request the removal of the printrun package (which I maintain) from *testing* due to bug #1050157 [1]. The bug does not render the package completely unusable but all features dependent on 3D graphics won't work. IMHO, such a poor user experience makes the package not suitable for migrating to Ubuntu and other derivatives that rely on Debian testing (also not in good shape for a future Debian stable obviously but there's more time for that). More context on the team mailing list [2]. First time I deal with this. If there's anything else I need to do, or any other guidance, please let me know. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050157 [2]: https://alioth-lists.debian.net/pipermail/3dprinter-general/Week-of-Mon-20230807/002330.html Many thanks, Rock Storm --- End Message --- --- Begin Message --- printrun is gone from testing, closing.--- End Message ---
Processed: Re: Bug#1050223: RM: r-cran-rgdal/1.6-7+dfsg-1
Processing control commands: > tags -1 - moreinfo Bug #1050223 [release.debian.org] RM: r-cran-rgdal/1.6-7+dfsg-1 Removed tag(s) moreinfo. -- 1050223: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050223 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050223: RM: r-cran-rgdal/1.6-7+dfsg-1
Control: tags -1 - moreinfo Am Tue, Aug 22, 2023 at 06:43:46PM +0200 schrieb Paul Gevers: > > Hi Andreas, > > rgdal will run out of upstream support soon. Since the package created > > failures with newer upstream versions of other packages (see bug > > #1049438) it should be removed from testing. > > Two questions/remarks: > 1) why only testing, doesn't it make more sense to remove it from unstable > (hint: reassign to ftp.debian.org) If you only need it from testing, > reopening 1049438 is a reasonably fast way to achieve that. I guess I need some time to verify all dependencies and may be we even find a fix. But this needs time I do not have currently. It does not make sense to me to stop testing migration of other r-cran-* packages just because a candidate for removal makes some tests fail. > 2) as you mentioned in 1049438, the reverse (test) depends should be fixed > first. Please remove the moreinfo tag once that has happened. Closing this was a mistake and I've re-opened it. Regarding the testing removal of r-cran-rgdal. This bug would do this automatically. However, as long as the package is in testing it creates noise of testing removal announcements which does not really help. Thus my request for removal from testing. Sorry for the mess I've created by closing this bug Andreas. -- http://fam-tille.de
