NEW changes in oldstable-new
Processing changes file: pandoc_2.9.2.1-1+deb11u1_mipsel-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: pandoc_2.9.2.1-1+deb11u1_mips64el-buildd.changes ACCEPT
Re: Upcoming changes to Debian Linux kernel packages
On Mon, 2023-09-25 at 04:35 +0200, Andreas Beckmann wrote: > On 25/09/2023 00.50, Bastian Blank wrote: > > Already built modules remain until someone deletes it. So you can > > also > > switch back to the still installed older kernel version and it will > > have > > the still working module available. > > This is what I expect not to work. > > Assume I have Linux 6.6 and a third-party gpu driver module installed > (so there are dkms and the Linux 6.6 headers as well) and everything > is > working fine. > Then I upgrade the system, which brings Linux 6.7 (along linux-image- > 6.6 > which is kept installed) and a new version of the gpu driver (which > adds > support for 6.7). So the old gpu module for 6.6 gets removed and a > new > one is built for 6.7 only (since there are only 6.7 headers now). > Unfortunately 6.7 breaks some exotic in-tree driver (which I > desperately > need), so I need to go back to 6.6. Oops, there is no gpu driver > module > any more. Recovery now needs manual intervention. Same concern here. We cannot pose strong assumption on the user's upgrade path. The said scenario may happen for any dkms package when the newer kernel version is not supported. > I'm not sure which class of bugs you are trying to solve with this > proposed unversioned linux-headers change. IMO the current scheme of > linux-headers-$version-$abi-$flavor matching > linux-image-$version-$abi-$flavor works well. But perhaps something > could be improved on the metapackage side. Ideally a user should > install > either meta-linux-image-without-headers-$flavor OR > meta-linux-image-with-headers-$flavor (and ideally installing dkms > should "automatically switch" to the with-headers variant, not sure > how > this could be done). The current scheme of having to install > linux-image-$flavor AND linux-headers-$flavor is a bit tricky. > I'm open to implement improvements on the dkms side. I could not understand the benefit of it neither. Apart from the dkms part, the user-customized kernel packages cannot be omitted as well. For instance, if I build a customized kernel from debian's kernel source, using `make bindeb-pkg`, I get those: linux-headers-6.5.3_6.5.3-2_amd64.deb linux-image-6.5.3_6.5.3-2_amd64.deb linux-libc-dev_6.5.3-2_amd64.deb Currently they are well integrated into the system, and IIRC dkms also works for them. If versioning is gone, how to make it compatible with user's local kernel package? There must be two copies of kernel headers in the system in this case because we cannot remove user's local customized headers on our own. Then the design still has to support multi version co-existence.
NEW changes in oldstable-new
Processing changes file: pandoc_2.9.2.1-1+deb11u1_arm64-buildd.changes ACCEPT
Re: Upcoming changes to Debian Linux kernel packages
On 25/09/2023 00.50, Bastian Blank wrote: Already built modules remain until someone deletes it. So you can also switch back to the still installed older kernel version and it will have the still working module available. This is what I expect not to work. Assume I have Linux 6.6 and a third-party gpu driver module installed (so there are dkms and the Linux 6.6 headers as well) and everything is working fine. Then I upgrade the system, which brings Linux 6.7 (along linux-image-6.6 which is kept installed) and a new version of the gpu driver (which adds support for 6.7). So the old gpu module for 6.6 gets removed and a new one is built for 6.7 only (since there are only 6.7 headers now). Unfortunately 6.7 breaks some exotic in-tree driver (which I desperately need), so I need to go back to 6.6. Oops, there is no gpu driver module any more. Recovery now needs manual intervention. I'm not sure which class of bugs you are trying to solve with this proposed unversioned linux-headers change. IMO the current scheme of linux-headers-$version-$abi-$flavor matching linux-image-$version-$abi-$flavor works well. But perhaps something could be improved on the metapackage side. Ideally a user should install either meta-linux-image-without-headers-$flavor OR meta-linux-image-with-headers-$flavor (and ideally installing dkms should "automatically switch" to the with-headers variant, not sure how this could be done). The current scheme of having to install linux-image-$flavor AND linux-headers-$flavor is a bit tricky. I'm open to implement improvements on the dkms side. Andreas PS: the proposed "more versioning in the linux-image packages" will solve some rare dkms issues where modules didn't get rebuilt after linux-headers-* was upgraded but $(uname -r) didn't change
NEW changes in oldstable-new
Processing changes file: pandoc_2.9.2.1-1+deb11u1_armhf-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: lxc_5.0.2-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: lxcfs_5.0.3-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_armel-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_armel-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_s390x-buildd.changes ACCEPT
Re: Bug#1040901: Upcoming changes to Debian Linux kernel packages
Hi Ben On Sun, Sep 24, 2023 at 06:05:09PM +0200, Ben Hutchings wrote: > On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote: > > The same upstream version in testing and backports will have the same > > package name. > This is not OK, because they will be incompatible on architectures > supporting SB (and sometimes incompatible on others due to compiler > differences or required config changes). I don't know what you are talking about. Those two packages have different versions, so won't contain anything compatible. It is the same between 1.2.3-1 vs 1.2.3-2 and 1.2.3-1~bpo13+1 vs 1.2.3-1. > If someone upgrades from stable + backports to testing, and has OOT > modules: > - With DKMS, will a rebuild be triggered if the linux-image package > name doesn't change? The same as with a normal package upgrade, it will rebuilt against the new version. It just runs into the same version skew as everything else. > - With module-assistant, the new linux-image package will satisfy > dependencies of the old modules even though they are incompatible. No, the two linux-image packages have different versions, so won't satisfy the dependencies. > > Multiple uploads of the same upstream version will have > > the same package name, but those rarely happens. > Those happen fairly often for urgent security updates. Right. Maybe we need a manual or automatic override for this, we can do a lot of things. > > It will not longer be possible to reliably derive the package name from > > kernel release (see above), as both values are not really related > > anymore. > Given all the drawbacks, I don't see the benefit of decoupling package > names from release strings. > In the same way that shared library packages must be renamed for every > backward-incompatible ABI changes, I believe we should keep doing this > for linux-image packages. Noted, but I don't see a way to do that. We can't map versions cleanly into package names. We have binNMU, which can't change package names, so will already in violation of that. And we already don't do that, see that huge version ignore list. Also the ABI in shared libraries is to have two independent updateable identities. Nothing is true in case of the kernel, it will just break on every update of either side, which would be the equivalent of a = dependency. So no, shared libraries are not a good comparison. > > ## Header and tool packages will not longer contain version > > > > The headers packages will not longer include the version. It won't be > > reliably possible to derive the package name anyway from the running > > kernel. > > > > This means that only headers of one single version can be available on > > the system at one time. This might be a bit inconvinient for dkms, as > > it can't longer build modules for multiple versions. > > > > But we too often have the problem that image and headers go out of sync > > and then you can't find the correct ones anyway. > > > > Example: linux-headers-cloud-arm64 > > This is all downside with no justification given. Please explain what > the benefit is. The current way does not work. See all the bug reports about uninstallable packages and what not with dkms. To build modules against version x, you'll need to install version x of the headers, not x-1 or x+1. This currently works most of the time, but is by far stable. And if you already have to search for the specific version, it does not matter if you might have the ability to install multiple at the same time, the archive will in any case only contain one version at a time. IMHO the only way around would be to install image and headers always in one piece for those who want to build own modules against. But this will require further restructuring, as the headers for this then need to be built from linux-signed-* and arch-any to be without skew. And use proper dependencies so everything is installed with the same version always. Aka something like that: Package: linux-image-cloud-arm64 Depends: linux-image-1.2.3-cloud-arm64 (= 1.2.3-1) Package: linux-modules-thirdparty-cloud-arm64 Depends: linux-image-1.2.3-cloud-arm64 (= 1.2.3-1), linux-modules-1.2.3-cloud-arm64 (= 1.2.3-1), linux-headers-1.2.3-cloud-arm64 (= 1.2.3-1) Package: linux-image-1.2.3-cloud-arm64 Depends: linux-modules-1.2.3-cloud-arm64 (= 1.2.3-1) Package: linux-headers-1.2.3-cloud-arm64 Depends: linux-modules-1.2.3-cloud-arm64 (= 1.2.3-1) Package: linux-modules-1.2.3-cloud-arm64 However doesn't building modules currently need the vmlinux as well? Which would not be fullfiled anyway right now. > > ## Installer packages will not longer contain too much version > > > > The installer can only ever handle one version of kernel. Also it got > > an internal mechanism to detect which packages belong together > > (the Kernel-Version control entry). So we have no need to rename them > > and force a matching change in d-i itself just because a new kernel > > exists. So it
NEW changes in oldstable-new
Processing changes file: pandoc_2.9.2.1-1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_armel-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_s390x-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_armel-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_s390x-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: openssh_8.4p1-5+deb11u2_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_arm64-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_armel-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_i386-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_i386-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_i386-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_armel-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_mips64el-buildd.changes ACCEPT
Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
在 2023-09-24星期日的 19:09 +0100,Adam D. Barratt写道: > On Sat, 2023-09-23 at 22:10 +0100, Adam D. Barratt wrote: > > Control: tags -1 confirmed > > > > On Thu, 2023-09-21 at 13:37 -0400, Boyuan Yang wrote: > > > As reported in https://bugs.debian.org/1051408 , current flameshot > > > in Debian 11 (Bullseye) will silently upload the current captured > > > screenshot to imgur without confirmation whenever the corresponding > > > hotkey is pressed. This imposes a security risk of leaking > > > sensitive > > > information. > > > > > > In order to mitigate this issue, I propose to upload flameshot > > > 0.9.0+ds1-2+deb11u1, which strips the embedded imgur token > > > hardcoded > > > in the source code. Users who wish to utilize the img uploading > > > feature can fill in their own imgur token in flameshot config > > > window to re-enable the feature. > > > > > > > Please go ahead. > > > > I should have spotted this before, but the news file in the source > package should simply be named "debian/NEWS"; dh_installchangelogs will > then install it as NEWS.Debian in the binary package. > > It's up to you whether you want to upload a +deb11u2 that simply fixes > that, or would prefer that we reject the existing upload and you can > upload a fixed +deb11u1. Thanks, I just uploaded a +deb11u2 to reflect this change. Best, Boyuan Yang signature.asc Description: This is a digitally signed message part
Re: Upcoming changes to Debian Linux kernel packages
Hi Andreas On Sun, Sep 24, 2023 at 11:10:36PM +0200, Andreas Beckmann wrote: > On 24/09/2023 15.01, Bastian Blank wrote: > > ## Kernel modules will be signed with an ephemeral key > > > > The modules will not longer be signed using the Secure Boot CA like the > > EFI kernel image itself. Instead a key will be created during the build > > and thrown away after. > > Do I correctly assume that change only affects the modules shipped by the > linux-image packages and not third-party modules built with dkms? Yes. Nothing calls for changes to MOK keys, which are used by dkms. > > ## Header and tool packages will not longer contain version > > > This means that only headers of one single version can be available on > > the system at one time. This might be a bit inconvinient for dkms, as > > it can't longer build modules for multiple versions. > > That sounds problematic in case of third party modules. If it is possible to > have multiple linux-image-* packages installed, but only headers for one of > them, the third-party modules will only be available for one of the kernel > versions for sure (maybe there are still old module builds available, but no > guarantee especially after the third-party module got updated). This will > make switching between different kernel versions difficult to impossible, > e.g. it may be hard to go back to a working older kernel version in case the > new one does not work properly (or the third-party module cannot be built or > does not work for the new version). Already built modules remain until someone deletes it. So you can also switch back to the still installed older kernel version and it will have the still working module available. Yes, you would not be able to build new modules for the older kernel until you also install the matching headers. > Regarding getting the correct linux-header-* packages installed for the > installed linux-image-* packages: > Maybe linux-image-* could have > Recommends: linux-headers-* | no-linux-headers > s.t. the correct linux-headers-* are installed by default (installation of > recommends is enabled by default) for all installed linux-image-* packages. > no-linux-headers would be an opt-out package that can be installed manually > if someone does not want to get linux-headers-* installed at all. It should > never be installed automatically. Nack. I actually thought about that. But third-party modules are too much a special configuration to do that and pay the 50MiB or so penalty for each system. Also this still have the version skew problem between linux and linux-signed-*, so will be unreliable. > For dkms it is hard recommend the correct linux-header-* package, right now > we have > Recommends: linux-headers-generic | linux-headers-686-pae | > linux-headers-amd64 | linux-headers > which does not really work for the non-default kernel flavor, e.g. the > -cloud or -i386 kernel. So some improvement on the kernel side would be nice > here. I thought about adding a versioned provides with the complete kernel release string as version, so something like | Provides: linux-headers (= $(uname -r)) This can then be installed via apt-get and the correct version as long as the package is available. This however can't be done via dependencies, because it is dynamic. So dkms would need to actively make sure it got the correct package, if they are still reachable at all. Bastian -- We have found all life forms in the galaxy are capable of superior development. -- Kirk, "The Gamesters of Triskelion", stardate 3211.7
NEW changes in oldstable-new
Processing changes file: openssh_8.4p1-5+deb11u2_armel-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_mipsel-buildd.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_i386-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_armhf-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_i386-buildd.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_all-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_i386-buildd.changes ACCEPT
NEW changes in oldstable-new
Processing changes file: inetutils_2.0-1+deb11u2_amd64-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_arm64-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_armel-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_armhf-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_i386-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_mips64el-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_mipsel-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_ppc64el-buildd.changes ACCEPT Processing changes file: inetutils_2.0-1+deb11u2_s390x-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_i386-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_amd64-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_arm64-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_armhf-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_i386-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_ppc64el-buildd.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: firewalld_1.3.3-1~deb12u1_all-buildd.changes ACCEPT Processing changes file: jekyll_4.3.1+dfsg-3+deb12u1_all-buildd.changes ACCEPT Processing changes file: lemonldap-ng_2.16.1+ds-deb12u1_all-buildd.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_all-buildd.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_all-buildd.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_all-buildd.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_all-buildd.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_all-buildd.changes ACCEPT
Processed: bookworm-pu: package mate-notification-daemon/1.26.0-1+deb12u1
Processing control commands: > affects -1 + src:mate-notification-daemon Bug #1052577 [release.debian.org] bookworm-pu: package mate-notification-daemon/1.26.0-1+deb12u1 Added indication that 1052577 affects src:mate-notification-daemon -- 1052577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052577 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052577: bookworm-pu: package mate-notification-daemon/1.26.0-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: mate-notification-dae...@packages.debian.org
Control: affects -1 + src:mate-notification-daemon
This changeset fixes two memories in MATE's notification daemon.
[ Reason ]
Improve robustness of MATE desktop in Debian 12.
[ Impact ]
If not accepted, memory leaks continue to exist in core component of the
MATE desktop.
[ Tests ]
Local smoke tests. No regressions, so far. Patches have been cherry-picked
from upstream.
[ Risks ]
Regression may occur to users of the MATE desktop environment.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ * debian/patches:
++ Add 1001_daemon-fix-memory-leak.patch and
1002_mnd-daemon-fix-memory-leak.
+ patch. Fix two memory leaks in src/daemon/daemon.c and src/daemon/
+ mnd-daemon.c. (Closes: #1052565).
[ Other info ]
None.
diff -Nru mate-notification-daemon-1.26.0/debian/changelog
mate-notification-daemon-1.26.0/debian/changelog
--- mate-notification-daemon-1.26.0/debian/changelog2021-12-11
21:40:50.0 +0100
+++ mate-notification-daemon-1.26.0/debian/changelog2023-09-24
23:40:09.0 +0200
@@ -1,3 +1,12 @@
+mate-notification-daemon (1.26.0-1+deb12u1) bookworm; urgency=medium
+
+ * debian/patches:
++ Add 1001_daemon-fix-memory-leak.patch and
1002_mnd-daemon-fix-memory-leak.
+ patch. Fix two memory leaks in src/daemon/daemon.c and src/daemon/
+ mnd-daemon.c. (Closes: #1052565).
+
+ -- Mike Gabriel Sun, 24 Sep 2023 23:40:09 +0200
+
mate-notification-daemon (1.26.0-1) unstable; urgency=medium
[ Martin Wimpress ]
diff -Nru
mate-notification-daemon-1.26.0/debian/patches/1001_daemon-fix-memory-leak.patch
mate-notification-daemon-1.26.0/debian/patches/1001_daemon-fix-memory-leak.patch
---
mate-notification-daemon-1.26.0/debian/patches/1001_daemon-fix-memory-leak.patch
1970-01-01 01:00:00.0 +0100
+++
mate-notification-daemon-1.26.0/debian/patches/1001_daemon-fix-memory-leak.patch
2023-09-24 23:37:04.0 +0200
@@ -0,0 +1,26 @@
+From 954106793cfba1cc5bb3a740dd14373ff30ee14f Mon Sep 17 00:00:00 2001
+From: rbuj
+Date: Sat, 23 Oct 2021 02:59:59 +0200
+Subject: [PATCH] daemon: fix memory leak
+
+---
+ src/daemon/daemon.c | 8
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/src/daemon/daemon.c
b/src/daemon/daemon.c
+@@ -1685,10 +1685,10 @@
+ {
+ notify_daemon_notifications_complete_get_server_information(object,
+ invocation,
+- g_strdup("Notification Daemon"),
+- g_strdup("MATE"),
+- g_strdup(PACKAGE_VERSION),
+- g_strdup("1.1"));
++ "Notification Daemon",
++ "MATE",
++ PACKAGE_VERSION,
++ "1.1");
+ return TRUE;
+ }
+
diff -Nru
mate-notification-daemon-1.26.0/debian/patches/1002_mnd-daemon-fix-memory-leak.patch
mate-notification-daemon-1.26.0/debian/patches/1002_mnd-daemon-fix-memory-leak.patch
---
mate-notification-daemon-1.26.0/debian/patches/1002_mnd-daemon-fix-memory-leak.patch
1970-01-01 01:00:00.0 +0100
+++
mate-notification-daemon-1.26.0/debian/patches/1002_mnd-daemon-fix-memory-leak.patch
2023-09-24 23:38:22.0 +0200
@@ -0,0 +1,27 @@
+From 516275e2716ed5cbf8c1c52849fe04d934814791 Mon Sep 17 00:00:00 2001
+From: rbuj
+Date: Thu, 21 Oct 2021 15:57:00 +0200
+Subject: [PATCH] mnd-daemon: fix memory leak
+
+---
+ src/daemon/mnd-daemon.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/daemon/mnd-daemon.c
b/src/daemon/mnd-daemon.c
+@@ -63,12 +63,15 @@
+ error = NULL;
+ if (g_option_context_parse (context, argc, argv, ) == FALSE)
+ {
++ g_option_context_free (context);
+ g_warning ("Failed to parse command line arguments: %s",
error->message);
+ g_error_free (error);
+
+ return FALSE;
+ }
+
++ g_option_context_free (context);
++
+ if (debug)
+ g_setenv ("G_MESSAGES_DEBUG", "all", FALSE);
+
diff -Nru mate-notification-daemon-1.26.0/debian/patches/series
mate-notification-daemon-1.26.0/debian/patches/series
--- mate-notification-daemon-1.26.0/debian/patches/series 2021-12-11
21:39:46.0 +0100
+++ mate-notification-daemon-1.26.0/debian/patches/series 2023-09-24
23:35:13.0 +0200
@@ -1 +1,3 @@
1000_add-AssumedAppArmorLabel.patch
+1001_daemon-fix-memory-leak.patch
+1002_mnd-daemon-fix-memory-leak.patch
NEW changes in oldstable-new
Processing changes file: openssh_8.4p1-5+deb11u2_all-buildd.changes ACCEPT
Re: Upcoming changes to Debian Linux kernel packages
On 24/09/2023 15.01, Bastian Blank wrote: ## Kernel modules will be signed with an ephemeral key The modules will not longer be signed using the Secure Boot CA like the EFI kernel image itself. Instead a key will be created during the build and thrown away after. Do I correctly assume that change only affects the modules shipped by the linux-image packages and not third-party modules built with dkms? ## Header and tool packages will not longer contain version This means that only headers of one single version can be available on the system at one time. This might be a bit inconvinient for dkms, as it can't longer build modules for multiple versions. That sounds problematic in case of third party modules. If it is possible to have multiple linux-image-* packages installed, but only headers for one of them, the third-party modules will only be available for one of the kernel versions for sure (maybe there are still old module builds available, but no guarantee especially after the third-party module got updated). This will make switching between different kernel versions difficult to impossible, e.g. it may be hard to go back to a working older kernel version in case the new one does not work properly (or the third-party module cannot be built or does not work for the new version). Regarding getting the correct linux-header-* packages installed for the installed linux-image-* packages: Maybe linux-image-* could have Recommends: linux-headers-* | no-linux-headers s.t. the correct linux-headers-* are installed by default (installation of recommends is enabled by default) for all installed linux-image-* packages. no-linux-headers would be an opt-out package that can be installed manually if someone does not want to get linux-headers-* installed at all. It should never be installed automatically. For dkms it is hard recommend the correct linux-header-* package, right now we have Recommends: linux-headers-generic | linux-headers-686-pae | linux-headers-amd64 | linux-headers which does not really work for the non-default kernel flavor, e.g. the -cloud or -i386 kernel. So some improvement on the kernel side would be nice here. Andreas
Bug#1050868: bookworm-pu: package debootstrap/1.0.128+nmu2+deb12u1
Luca Boccassi writes: > On Sat, 23 Sept 2023 at 14:29, Simon McVittie wrote: >> >> On Wed, 30 Aug 2023 at 16:27:12 +0100, Simon McVittie wrote: >> > [ Reason ] >> > Part of the transition to merged-/usr, and more specifically, allowing >> > us to stop shipping files in trixie whose physical path on disk does >> > not match their path in the dpkg database due to directory aliasing. >> > >> > This change needs to be in bookworm (and bullseye, and maybe buster) >> > before that process can continue, because official buildds run debootstrap >> > from stable (or older). >> > >> > I also took the opportunity to backport changes that make the autopkgtests >> > pass. >> > >> > [ Impact ] >> > If not accepted, trixie will continue to be stuck in a >> > mostly-but-not-entirely merged-/usr limbo, with the moratorium from >> > #1035831 >> > remaining in place. >> >> I'm aware that we're getting close to the deadline for 12.2 and 11.8, >> so I've uploaded the proposed version to bookworm-proposed-updates for >> easier testing and review. Luca: the proposed version and a signed tag >> are available from my fork on salsa (I am not able to push to the d-i >> repository for debootstrap). I uploaded with dgit, so the git tree and >> the .dsc have been verified to be identical. >> >> If this version is not accepted for whatever reason, then I think we >> should treat version 1.0.128+nmu2+deb12u1 as having been used, and skip >> ahead to 1.0.128+nmu2+deb12u2 for any subsequent bookworm update. >> (And if there is a problem with having this version in bookworm-pu for >> whatever reason, I'm happy to upload a +deb12u2 that is identical to >> 1.0.128+nmu2 except for the changelog.) > > Thank you, pushed both branches. > > Release Team, we are aware that you requested an explicit review from > D-I for this and #1025708, however there are no available reviewers, > so it appears we are deadlocked. Would you please consider waiving > this requirement to break the deadlock? > Philip Hands has confirmed on Salsa that the change has been tested > with OpenQA and everything still works: > https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/105#note_429838 Just thought I'd mention that those tests were for current unstable. As mentioned in: https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/105#note_430223 my attempts to test the same change in bullseye have not yet worked out, because bullseye's D-I is missing the features that were recently added to D-I in order to allow one to add a test repo from which D-I can obtain modified udebs (such as debootstrap). I'll ought to be able to sort out tweaked versions of net-retriever & anne for bullseye, in which case a test should be possible. I'm somewhat dubious that such a test is going to tell us anything interesting though. Cheers, Phil. -- Philip Hands -- https://hands.com/~phil signature.asc Description: PGP signature
Bug#1052564: bookworm-pu: package libmatemixer/1.26.0-2+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libmatemi...@packages.debian.org
Control: affects -1 + src:libmatemixer
It has been reported that audio components using libmatemixer crash when
removable audio devices (such as USB audio devices) get removed from the
system.
[ Reason ]
Stabilize MATE's audio components, such as the volume applet.
[ Impact ]
If this will not be accepted, removal audio devices will cause MATE to
crash in its audio components when these devices get removed.
[ Tests ]
Manual tests. Patch has been cherry-picked from upstream.
[ Risks ]
MATE users will be affected, if the patch introduces regressions.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+ * debian/patches:
++ Add 0001_remove-weak-pointers-on-dispose.patch. Remove weak pointers on
+ dispose.
+ A weak pointer has a callback that will happily overwrite freed object
+ memory if the weakly referenced object outlives the object storing the
+ reference. Remove those callbacks when they are no longer needed.
+ This resolves heap corruptions / application crashes when removing audio
+ devices, such as USB audio devices. (Closes: #1052555).
[ Other info ]
None.
diff -Nru libmatemixer-1.26.0/debian/changelog
libmatemixer-1.26.0/debian/changelog
--- libmatemixer-1.26.0/debian/changelog2021-12-13 17:25:45.0
+0100
+++ libmatemixer-1.26.0/debian/changelog2023-09-24 22:10:12.0
+0200
@@ -1,3 +1,16 @@
+libmatemixer (1.26.0-2+deb12u1) bookworm; urgency=medium
+
+ * debian/patches:
++ Add 0001_remove-weak-pointers-on-dispose.patch. Remove weak pointers on
+ dispose.
+ A weak pointer has a callback that will happily overwrite freed object
+ memory if the weakly referenced object outlives the object storing the
+ reference. Remove those callbacks when they are no longer needed.
+ This resolves heap corruptions / application crashes when removing audio
+ devices, such as USB audio devices. (Closes: #1052555).
+
+ -- Mike Gabriel Sun, 24 Sep 2023 22:10:12 +0200
+
libmatemixer (1.26.0-2) unstable; urgency=medium
* debian/rules:
diff -Nru
libmatemixer-1.26.0/debian/patches/0001_remove-weak-pointers-on-dispose.patch
libmatemixer-1.26.0/debian/patches/0001_remove-weak-pointers-on-dispose.patch
---
libmatemixer-1.26.0/debian/patches/0001_remove-weak-pointers-on-dispose.patch
1970-01-01 01:00:00.0 +0100
+++
libmatemixer-1.26.0/debian/patches/0001_remove-weak-pointers-on-dispose.patch
2023-09-24 22:07:14.0 +0200
@@ -0,0 +1,152 @@
+From d0c6df12a42e2339d323048ff51ae25eea1a3c07 Mon Sep 17 00:00:00 2001
+From: Adric Blake
+Date: Fri, 1 Sep 2023 21:30:19 -0400
+Subject: [PATCH] Remove weak pointers on dispose
+
+A weak pointer has a callback that will happily overwrite freed object memory
if the weakly referenced object outlives the object storing the reference.
Remove those callbacks when they are no longer needed.
+---
+ libmatemixer/matemixer-device-switch.c | 17 +
+ libmatemixer/matemixer-stream-control.c | 15 +++
+ libmatemixer/matemixer-stream-switch.c | 17 +
+ libmatemixer/matemixer-stream.c | 4
+ 4 files changed, 53 insertions(+)
+
+diff --git a/libmatemixer/matemixer-device-switch.c
b/libmatemixer/matemixer-device-switch.c
+index 51e946e..a8fa18c 100644
+--- a/libmatemixer/matemixer-device-switch.c
b/libmatemixer/matemixer-device-switch.c
+@@ -53,6 +53,8 @@ static void mate_mixer_device_switch_set_property (GObject
*o
+const GValue
*value,
+GParamSpec
*pspec);
+
++static void mate_mixer_device_switch_dispose (GObject
*object);
++
+ G_DEFINE_ABSTRACT_TYPE_WITH_PRIVATE (MateMixerDeviceSwitch,
mate_mixer_device_switch, MATE_MIXER_TYPE_SWITCH)
+
+ static void
+@@ -61,6 +63,7 @@ mate_mixer_device_switch_class_init
(MateMixerDeviceSwitchClass *klass)
+ GObjectClass *object_class;
+
+ object_class = G_OBJECT_CLASS (klass);
++object_class->dispose = mate_mixer_device_switch_dispose;
+ object_class->get_property = mate_mixer_device_switch_get_property;
+ object_class->set_property = mate_mixer_device_switch_set_property;
+
+@@ -143,6 +146,20 @@ mate_mixer_device_switch_init (MateMixerDeviceSwitch
*swtch)
+ swtch->priv = mate_mixer_device_switch_get_instance_private (swtch);
+ }
+
++static void
++mate_mixer_device_switch_dispose (GObject *object)
++{
++MateMixerDeviceSwitch *swtch;
++
++swtch = MATE_MIXER_DEVICE_SWITCH (object);
++
++if
Processed: bookworm-pu: package libmatemixer/1.26.0-2+deb12u1
Processing control commands: > affects -1 + src:libmatemixer Bug #1052564 [release.debian.org] bookworm-pu: package libmatemixer/1.26.0-2+deb12u1 Added indication that 1052564 affects src:libmatemixer -- 1052564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: limit package to release.debian.org, tagging 1049974
Processing commands for cont...@bugs.debian.org: > limit package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1049974 = bookworm pending Bug #1049974 [release.debian.org] bookworm-pu: package plasma-workspace/5.27.5-2+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1049974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049974 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in oldstable-new
Processing changes file: inetutils_2.0-1+deb11u2_amd64.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-1+deb11u1_source.changes ACCEPT Processing changes file: openssh_8.4p1-5+deb11u2_source.changes ACCEPT Processing changes file: pandoc_2.9.2.1-1+deb11u1_source.changes ACCEPT
NEW changes in stable-new
Processing changes file: firewalld_1.3.3-1~deb12u1_source.changes ACCEPT Processing changes file: jekyll_4.3.1+dfsg-3+deb12u1_source.changes ACCEPT Processing changes file: lemonldap-ng_2.16.1+ds-deb12u1_sourceonly.changes ACCEPT Processing changes file: libapache-mod-jk_1.2.48-2+deb12u1_source.changes ACCEPT Processing changes file: lxc_5.0.2-1+deb12u1_source.changes ACCEPT Processing changes file: lxcfs_5.0.3-1+deb12u1_source.changes ACCEPT Processing changes file: mutt_2.2.12-0.1~deb12u1_source.changes ACCEPT Processing changes file: openssh_9.2p1-2+deb12u1_source.changes ACCEPT Processing changes file: plasma-framework_5.103.0-1+deb12u1_source.changes ACCEPT Processing changes file: plasma-workspace_5.27.5-2+deb12u1_source.changes ACCEPT Processing changes file: qtlocation-opensource-src_5.15.8+dfsg-3+deb12u1_source.changes ACCEPT Processing changes file: samba_4.17.11+dfsg-0+deb12u1_source.changes ACCEPT
Bug#1049974: Bug#1052543: plasma-workspace 5.27.5-2+deb12u1 flagged for acceptance
package release.debian.org tags 1049974 = bookworm pending thanks Re-sending to the right bug... On Sun, 2023-09-24 at 19:38 +, Adam D Barratt wrote: > package release.debian.org > tags 1052543 = bookworm pending > thanks > > Hi, > > The upload referenced by this bug report has been flagged for > acceptance into the proposed-updates queue for Debian bookworm. > > Thanks for your contribution! > > Upload details > == > > Package: plasma-workspace > Version: 5.27.5-2+deb12u1 > > Explanation: fix crash in krunner > >
Processed: pandoc 2.9.2.1-1+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1042057 = bullseye pending Bug #1042057 [release.debian.org] bullseye-pu: package pandoc/2.9.2.1-1+deb11u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1042057: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042057 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: openssh 8.4p1-5+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052150 = bullseye pending Bug #1052150 [release.debian.org] bullseye-pu: package openssh/1:8.4p1-5+deb11u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052150: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052150 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: inetutils 2.0-1+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1050332 = bullseye pending Bug #1050332 [release.debian.org] bullseye-pu: package inetutils/2:2.0-1+deb11u2 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1050332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libapache-mod-jk 1.2.48-1+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052552 = bullseye pending Bug #1052552 [release.debian.org] bullseye-pu: package libapache-mod-jk/1:1.2.48-1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052552: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052552 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052552: libapache-mod-jk 1.2.48-1+deb11u1 flagged for acceptance
package release.debian.org tags 1052552 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libapache-mod-jk Version: 1.2.48-1+deb11u1 Explanation: remove implicit mapping functionality, which could lead to unintended exposure of the status worker and/or bypass of security constraints [CVE-2023-41081]
Bug#1052150: openssh 8.4p1-5+deb11u2 flagged for acceptance
package release.debian.org tags 1052150 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: openssh Version: 8.4p1-5+deb11u2 Explanation: fix remote code execution issue via a forwarded agent socket [CVE-2023-38408]
Bug#1050332: inetutils 2.0-1+deb11u2 flagged for acceptance
package release.debian.org tags 1050332 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: inetutils Version: 2.0-1+deb11u2 Explanation: check return values for set*id() functions, avoiding potential security issues [CVE-2023-40303]
Bug#1042057: pandoc 2.9.2.1-1+deb11u1 flagged for acceptance
package release.debian.org tags 1042057 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: pandoc Version: 2.9.2.1-1+deb11u1 Explanation: fix arbitrary file write issues [CVE-2023-35936 CVE-2023-38745]
Processed: openssh 9.2p1-2+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052149 = bookworm pending Bug #1052149 [release.debian.org] bookworm-pu: package openssh/1:9.2p1-2+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: samba 4.17.11+dfsg-0+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1051594 = bookworm pending Bug #1051594 [release.debian.org] bookworm-pu: package samba/2:4.17.11+dfsg-0+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1051594: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051594 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052543: plasma-workspace 5.27.5-2+deb12u1 flagged for acceptance
package release.debian.org tags 1052543 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: plasma-workspace Version: 5.27.5-2+deb12u1 Explanation: fix crash in krunner
Processed: plasma-workspace 5.27.5-2+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052543 = bookworm pending Bug #1052543 [release.debian.org] bookworm-pu: package plasma-framework/5.103.0-1+deb12u1 Ignoring request to alter tags of bug #1052543 to the same tags previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1052543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: qtlocation-opensource-src 5.15.8+dfsg-3+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1051171 = bookworm pending Bug #1051171 [release.debian.org] bookworm-pu: package qtlocation-opensource-src/5.15.8+dfsg-3+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1051171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051171 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052149: openssh 9.2p1-2+deb12u1 flagged for acceptance
package release.debian.org tags 1052149 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: openssh Version: 9.2p1-2+deb12u1 Explanation: fix remote code execution issue via a forwarded agent socket [CVE-2023-38408]
Bug#1051594: samba 4.17.11+dfsg-0+deb12u1 flagged for acceptance
package release.debian.org tags 1051594 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: samba Version: 4.17.11+dfsg-0+deb12u1 Explanation: new upstream stable release
Processed: plasma-framework 5.103.0-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052543 = bookworm pending Bug #1052543 [release.debian.org] bookworm-pu: package plasma-framework/5.103.0-1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051171: qtlocation-opensource-src 5.15.8+dfsg-3+deb12u1 flagged for acceptance
package release.debian.org tags 1051171 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qtlocation-opensource-src Version: 5.15.8+dfsg-3+deb12u1 Explanation: fix freeze when loading map tiles
Processed: mutt 2.2.12-0.1~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052070 = bookworm pending Bug #1052070 [release.debian.org] bookworm-pu: package mutt/2.2.12-0.1~deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052070: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052070 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052543: plasma-framework 5.103.0-1+deb12u1 flagged for acceptance
package release.debian.org tags 1052543 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: plasma-framework Version: 5.103.0-1+deb12u1 Explanation: fix plasmashell crashes
Processed: lxc 5.0.2-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052479 = bookworm pending Bug #1052479 [release.debian.org] bookworm-pu: package lxc/1:5.0.2-1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052479: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052479 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: lxcfs 5.0.3-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052007 = bookworm pending Bug #1052007 [release.debian.org] bookworm-pu: package lxcfs/5.0.3-1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052007 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libapache-mod-jk 1.2.48-2+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1052553 = bookworm pending Bug #1052553 [release.debian.org] bookworm-pu: package libapache-mod-jk/1:1.2.48-2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1052553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052553 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: firewalld 1.3.3-1~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1042903 = bookworm pending Bug #1042903 [release.debian.org] bookworm-pu: package firewalld/1.3.3-1~deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1042903: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042903 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052479: lxc 5.0.2-1+deb12u1 flagged for acceptance
package release.debian.org tags 1052479 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: lxc Version: 5.0.2-1+deb12u1 Explanation: fix nftables syntax for IPv6 NAT
Processed: lemonldap-ng 2.16.1+ds-deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1050997 = bookworm pending Bug #1050997 [release.debian.org] bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1050997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: jekyll 4.3.1+dfsg-3+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1051302 = bookworm pending Bug #1051302 [release.debian.org] bookworm-pu: package jekyll/4.3.1+dfsg-3+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1051302: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051302 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051302: jekyll 4.3.1+dfsg-3+deb12u1 flagged for acceptance
package release.debian.org tags 1051302 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: jekyll Version: 4.3.1+dfsg-3+deb12u1 Explanation: support YAML aliases
Bug#1052553: libapache-mod-jk 1.2.48-2+deb12u1 flagged for acceptance
package release.debian.org tags 1052553 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libapache-mod-jk Version: 1.2.48-2+deb12u1 Explanation: remove implicit mapping functionality, which could lead to unintended exposure of the status worker and/or bypass of security constraints [CVE-2023-41081]
Bug#1050997: lemonldap-ng 2.16.1+ds-deb12u1 flagged for acceptance
package release.debian.org tags 1050997 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: lemonldap-ng Version: 2.16.1+ds-deb12u1 Explanation:
Bug#1052070: mutt 2.2.12-0.1~deb12u1 flagged for acceptance
package release.debian.org tags 1052070 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: mutt Version: 2.2.12-0.1~deb12u1 Explanation: new upstream stable release
Bug#1052007: lxcfs 5.0.3-1+deb12u1 flagged for acceptance
package release.debian.org tags 1052007 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: lxcfs Version: 5.0.3-1+deb12u1 Explanation: fix CPU reporting within an arm32 container with large numbers of CPUs
Bug#1042903: firewalld 1.3.3-1~deb12u1 flagged for acceptance
package release.debian.org tags 1042903 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: firewalld Version: 1.3.3-1~deb12u1 Explanation: don't mix IPv4 and IPv6 addresses in a single nftables rule
Bug#1052561: bookworm-pu: package nfdump/1.7.3-1 (pre-discussion)
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: nfd...@packages.debian.org Control: affects -1 + src:nfdump [ Reason ] I am proposing updating updating the nfdump package to a new _upstream_ release in bookworm. I made the judgement to switch to the new nfdump 1.7 series in the bookworm release cycle. This has turned out to be premature. The 1.7.1 release we shipped in bookworm was under rapid development. One of the most popular applications for nfdump is to run it together with nfsen, a PHP based webfrontend to collect and analyze netflows. This one also has been under rapid development during the bookworm freeze. It turns out that at least in some cases nfdump does not work well with recent nfsen versions, see Bug#1042535. The likely commit has been identified, but it was impossible to backport it due to the major source restructuring nfdump 1.7.x went through. Between 1.7.1 and 1.7.3 there were 169 commits, with bugfix commits touching core parts of the code. Things however appear to have stabilized now. The 1.7.3 release is a couple of weeks old, with no bad bug reports appearing. It has been tested both by the reporter of Bug#1042535 and by me, and it fixes all known errors with nfdump 1.7.x. Therefor I'd like to update nfdump in bookworm from 1.7.1 to 1.7.3, same as in testing. The alternative would be to use backports to provide a better nfdump version for bookworm users, but in this case I'm sure that 1.7.3 would be the better fit for all users. If you reject updating to 1.7.3 I will do this instead. I'm open to uploading that into -proposed early after the next point release to give it the maximum possible coverage. [ Impact ] Users using nfsen (a popular framework for nfsen) will not get usable profiles. [ Tests ] There is an upstream testsuite ran during build, but this did not detect the nfprofile issue earlier. [ Risks ] New upstream version always carries some risk, but the package is low popcon and most of the times used with nfsen. Which is from the same author who heartily recommends the latest 1.7.3 [ Checklist ] [ ] *all* changes are documented in the d/changelog [ ] I reviewed all changes and I approve them [ ] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] 169 upstream commits. [ Other info ] I did not attach the debdiff because it would be too large and only consist of upstream changes. No changes to debian/ (except dropping a backported fix already in 12.1) are necessary.
Processed: bookworm-pu: package nfdump/1.7.3-1 (pre-discussion)
Processing control commands: > affects -1 + src:nfdump Bug #1052561 [release.debian.org] bookworm-pu: package nfdump/1.7.3-1 (pre-discussion) Added indication that 1052561 affects src:nfdump -- 1052561: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052561 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1049955: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u2
24.09.2023 19:43, Adam D. Barratt: On Sun, 2023-09-24 at 06:52 +0300, Michael Tokarev wrote: .. Will it be easier to upload the reviewed 7.2+dfsg-7+deb12u2 (based on 7.2.5) and close this bug#, and later make 7.2+dfsg-7+deb12u3 (based on 7.2.6), or update current bug# with new release? I guess it's better to do it step by step, closing this bug# and filing a new one. That might depend when you expect to be ready with the newer update. The window for 12.2 closes next weekend, so if you'd rather have more time to test and work on the 7.2.6 update, it would make sense to upload the 7.2.5-based update for 12.2, and then the newer update for 12.3. Well, the packages are ready now, and sure thing I know about the timeline for 12.2. But the thing is that besides the security fix (for a class of issues), there's nothing really urgent there. Instead, I'll propose qemu version 7.2.1234 for debian 12.3 :) Thank you, /mjt
Processed: Re: Bug#1051902: bullseye-pu: package dpkg/1.20.13
Processing control commands: > tags -1 confirmed Bug #1051902 [release.debian.org] bullseye-pu: package dpkg/1.20.13 Added tag(s) confirmed. -- 1051902: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051902 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051902: bullseye-pu: package dpkg/1.20.13
Control: tags -1 confirmed On Thu, 2023-09-14 at 00:28 +0200, Guillem Jover wrote: > This update backports the loong64 arch support as requested in > #1051763 because some of the Debian infra is still using bullseye. > There's also a fix for a segfault on virtual field formatting which > is rather easy to trigger for packages that are known to dpkg, but > are not installed, such as virtual packages or references from > Recommends or Suggests, which was also included in the 1.21.22 pre- > approval request included in bookworm. And finally a fix for a memory > leak, included in 1.22.0 in unstable. > Please go ahead, bearing in mind that the window for 11.8 closes over the coming weekend. Regards, Adam
Bug#1052543: bookworm-pu: package plasma-framework/5.103.0-1+deb12u1
Hi Adam, On Sun, 24 Sep 2023 17:37:58 +0100 "Adam D. Barratt" wrote: [...] > Please go ahead. Package has been uploaded. -- Med vänliga hälsningar Patrick Franz
Processed: Re: Bug#1042058: bookworm-pu: package pandoc/2.17.1.1-2~deb12u1
Processing control commands: > tags -1 confirmed Bug #1042058 [release.debian.org] bookworm-pu: package pandoc/2.17.1.1-2~deb12u1 Added tag(s) confirmed. -- 1042058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1042058: bookworm-pu: package pandoc/2.17.1.1-2~deb12u1
Control: tags -1 confirmed On Tue, 2023-07-25 at 23:40 +0200, Guilhem Moulin wrote: > pandoc 2.17.1.1-1.1 is vulnerable to CVE-2023-35936: Arbitrary file > write vulnerability via specially crafted image element in the input > when generating files using the `--extract-media` option or > outputting to PDF format. > Please go ahead; sorry for the delay. Regards, Adam
Bug#1052420: bullseye-pu: package flameshot/0.9.0+ds1-2+deb11u1
On Sat, 2023-09-23 at 22:10 +0100, Adam D. Barratt wrote: > Control: tags -1 confirmed > > On Thu, 2023-09-21 at 13:37 -0400, Boyuan Yang wrote: > > As reported in https://bugs.debian.org/1051408 , current flameshot > > in Debian 11 (Bullseye) will silently upload the current captured > > screenshot to imgur without confirmation whenever the corresponding > > hotkey is pressed. This imposes a security risk of leaking > > sensitive > > information. > > > > In order to mitigate this issue, I propose to upload flameshot > > 0.9.0+ds1-2+deb11u1, which strips the embedded imgur token > > hardcoded > > in the source code. Users who wish to utilize the img uploading > > feature can fill in their own imgur token in flameshot config > > window to re-enable the feature. > > > > Please go ahead. > I should have spotted this before, but the news file in the source package should simply be named "debian/NEWS"; dh_installchangelogs will then install it as NEWS.Debian in the binary package. It's up to you whether you want to upload a +deb11u2 that simply fixes that, or would prefer that we reject the existing upload and you can upload a fixed +deb11u1. Regards, Adam
Bug#1049955: bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u2
On Sun, 2023-09-24 at 06:52 +0300, Michael Tokarev wrote: > 23.09.2023 23:45, Adam D. Barratt wrote: > > Control: tags -1 confirmed > > > > On Thu, 2023-08-17 at 12:54 +0300, Michael Tokarev wrote: > > > There's a next upstream qemu stable/bugfix release, fixing a > > > big number of various issues, including 3 (minor) security > > > issues too. The full list is in the changelog below and > > > in the upstream git (mirrored in salsa too). > ... > > > Please go ahead. > > It is a "good" timing, Adam. Just 2 days ago I sent announcement > for a new qemu stable-7.2.6 release fixing a bunch of more bugs, > and fixing an important class of security issues too. > > https://lore.kernel.org/qemu-devel/bf422038-5f0a-e9ca-1eb3-ed25442c7...@tls.msk.ru/ > > "Good" because I forgot to send a note to this bug report about the > upcoming release (it was planned) and as a result we clashed. > > I prepared debian package (based on this new 7.2.6), it is in testing > now on my local machine. > > Will it be easier to upload the reviewed 7.2+dfsg-7+deb12u2 (based on > 7.2.5) and close this bug#, and later make 7.2+dfsg-7+deb12u3 (based > on 7.2.6), or update current bug# with new release? > > I guess it's better to do it step by step, closing this bug# and > filing a new one. > That might depend when you expect to be ready with the newer update. The window for 12.2 closes next weekend, so if you'd rather have more time to test and work on the 7.2.6 update, it would make sense to upload the 7.2.5-based update for 12.2, and then the newer update for 12.3. Regards, Adam
Bug#1052227: bookworm-pu (pre-approval): mutter/43.8-0+deb12u1
On Sun, 2023-09-24 at 11:31 +0100, Simon McVittie wrote: > On Sat, 23 Sep 2023 at 20:44:14 +0100, Adam D. Barratt wrote: > > On Tue, 2023-09-19 at 11:26 +0100, Simon McVittie wrote: > > > Several new upstream bugfix releases. I've been trying to get > > > these > > > into > > > a suitable state for a stable update since 12.1, but every time > > > I've > > > been testing one long enough to think about asking for upload > > > approval, > > > there have been more bugfixes upstream and the cycle starts > > > again. > > > > > > This might be the last upstream bugfix release in the 43.x > > > series, > > > or we might get a 43.9. > > > > > > > Please go ahead. > > To be clear, do you want this and the accompanying gnome-shell update > uploaded in time for 12.2, or should I upload them after 12.2 for > inclusion in 12.3 as I suggested in the request? > I'm more than happy to trust your judgement here. If you'd rather wait until 12.3, that's fine. There's certainly no need to rush from the SRM side. > I have been asked to roll one additional change into this update: > updating the (non-upstream) triple-buffering patch to its latest > version, which fixes an issue where some session types (Xorg and some > video drivers like Raspberry Pi) would only refresh at 30fps rather > than the intended 60fps, fixing > https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/2017137 > and > https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/2017097. I have > not tested that change yet, but the equivalent for mutter 44 has been > in Ubuntu since May. After I've tested it in v43 on Debian, would > that be OK to include? The additional diff (beyond what you already > saw) will be what's attached, plus a changelog entry. > That sounds OK; thanks. Regards, Adam
Processed: Re: Bug#1052543: bookworm-pu: package plasma-framework/5.103.0-1+deb12u1
Processing control commands: > tags -1 confirmed Bug #1052543 [release.debian.org] bookworm-pu: package plasma-framework/5.103.0-1+deb12u1 Added tag(s) confirmed. -- 1052543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052543: bookworm-pu: package plasma-framework/5.103.0-1+deb12u1
Control: tags -1 confirmed On Sun, 2023-09-24 at 13:26 +0200, Patrick Franz wrote: > Upstream KDE has received a number of bug reports about plasmashell > crashing when closing windows. This patch backports the fix to > avoid these crashes back into bookworm. > Please go ahead. Regards, Adam
Processed: Re: Bug#1052455: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1
Processing control commands: > tags -1 confirmed Bug #1052455 [release.debian.org] bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1 Added tag(s) confirmed. -- 1052455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052455: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1
Control: tags -1 confirmed
On Sun, 2023-09-24 at 22:27 +1000, Hugh McMaster wrote:
> Control: tags -1 -moreinfo
>
> Hi Adam,
>
> On Sun, 24 Sept 2023 at 05:53, Adam D. Barratt wrote:
> > Control: tags -1 moreinfo
> >
> > On Fri, 2023-09-22 at 22:16 +1000, Hugh McMaster wrote:
> > > FreeType 2.12.1 shipped with experimental COLRv1 support enabled.
> > > This was
> > > unintentional, as the implementation shipped in this release was
> > > incomplete and
> > > incompatible with the final COLRv1 API.
[...]
> > Do we know if any applications shipped in bookworm attempt to use
> > this
> > partial API? If so, do we know how they'll handle the change?
>
> The API function call appears in several packages that include
> internal copies of FreeType: openjdk-{11, 19, 20} and godot
> 3.5.2-stable-2. However, none of them call PUT_COLOR_LAYERS_V1() to
> access the API.
>
> I doubt many people know the COLRv1 API is in FreeType 2.12.1, as the
> API is not mentioned in the release notes for that version. In saying
> that, upstream recommends disabling the COLRv1 API.
OK, thanks.
Please go ahead.
Regards,
Adam
Bug#1052553: bookworm-pu: package libapache-mod-jk/1:1.2.48-2
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fixing CVE-2023-41081 in Bookworm.
Unintended exposure of the status worker and/or bypass security constraints
configured in httpd by using implicit mapping.
[ Tests ]
Implicit mapping no longer works with this update and users must
explicitly configure it. Otherwise an error message is logged now
which means the update works as intended.
[ Risks ]
Users who unintentionally relied on the implicit mapping functionality
will have to update their configuration but this is intended and
needed to avoid the bypass of other security constraints.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards,
Markus
diff -Nru libapache-mod-jk-1.2.48/debian/changelog
libapache-mod-jk-1.2.48/debian/changelog
--- libapache-mod-jk-1.2.48/debian/changelog2023-02-18 19:17:18.0
+0100
+++ libapache-mod-jk-1.2.48/debian/changelog2023-09-24 16:40:59.0
+0200
@@ -1,3 +1,20 @@
+libapache-mod-jk (1:1.2.48-2+deb12u1) bookworm; urgency=high
+
+ * Fix CVE-2023-41081:
+The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to
+forward requests from Apache to Tomcat, in some circumstances, such as when
+a configuration included "JkOptions +ForwardDirectories" but the
+configuration did not provide explicit mounts for all possible proxied
+requests, mod_jk would use an implicit mapping and map the request to the
+first defined worker. Such an implicit mapping could result in the
+unintended exposure of the status worker and/or bypass security constraints
+configured in httpd. As of this security update, the implicit mapping
+functionality has been removed and all mappings must now be via explicit
+configuration. This issue affects Apache Tomcat Connectors (mod_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 16:40:59 +0200
+
libapache-mod-jk (1:1.2.48-2) unstable; urgency=medium
* Declare compliance with Debian Policy 4.6.2.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
--- libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch 1970-01-01
01:00:00.0 +0100
+++ libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch 2023-09-24
16:40:59.0 +0200
@@ -0,0 +1,47 @@
+From: Markus Koschany
+Date: Sun, 24 Sep 2023 16:39:43 +0200
+Subject: CVE-2023-41081
+
+Bug-Debian: https://bugs.debian.org/1051956
+Origin:
https://github.com/apache/tomcat-connectors/commit/0095b6cb84f41313ee4c0364b49c766168790792
+---
+ native/apache-2.0/mod_jk.c | 19 ---
+ 1 file changed, 19 deletions(-)
+
+diff --git a/native/apache-2.0/mod_jk.c b/native/apache-2.0/mod_jk.c
+index b755116..d9345d7 100644
+--- a/native/apache-2.0/mod_jk.c
b/native/apache-2.0/mod_jk.c
+@@ -2767,17 +2767,6 @@ static int jk_handler(request_rec * r)
+ rconf->rule_extensions = e;
+ }
+ }
+-else if (worker_env.num_of_workers == 1) {
+- /** We have a single worker ( the common case ).
+- ( lb is a bit special, it should count as a single worker but
+- I'm not sure how ). We also have a manual config directive that
+- explicitly give control to us. */
+-worker_name = worker_env.worker_list[0];
+-if (JK_IS_DEBUG_LEVEL(xconf->log))
+-jk_log(xconf->log, JK_LOG_DEBUG,
+- "Single worker (%s) configuration for %s",
+- worker_name, r->uri);
+-}
+ else {
+ if (!xconf->uw_map) {
+ if (JK_IS_DEBUG_LEVEL(xconf->log))
+@@ -2804,14 +2793,6 @@ static int jk_handler(request_rec * r)
+ r->uri = clean_uri;
+ }
+ }
+-
+-if (worker_name == NULL && worker_env.num_of_workers) {
+-worker_name = worker_env.worker_list[0];
+-if (JK_IS_DEBUG_LEVEL(xconf->log))
+-jk_log(xconf->log, JK_LOG_DEBUG,
+- "Using first worker (%s) from %d workers for %s",
+- worker_name, worker_env.num_of_workers, r->uri);
+-}
+ }
+ if (worker_name)
+ apr_table_setn(r->notes, JK_NOTE_WORKER_NAME, worker_name);
diff -Nru libapache-mod-jk-1.2.48/debian/patches/series
libapache-mod-jk-1.2.48/debian/patches/series
--- libapache-mod-jk-1.2.48/debian/patches/series 2023-02-18
19:17:18.0 +0100
+++ libapache-mod-jk-1.2.48/debian/patches/series 2023-09-24
16:40:59.0 +0200
@@ -1,2 +1,3 @@
0002-debianize-log-directory.patch
Bug#1052552: bullseye-pu: package libapache-mod-jk/1:1.2.48-1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fixing CVE-2023-41081 in Bullseye.
Unintended exposure of the status worker and/or bypass security constraints
configured in httpd by using implicit mapping.
[ Tests ]
Implicit mapping no longer works with this update and users must
explicitly configure it. Otherwise an error message is logged now
which means the update works as intended.
[ Risks ]
Users who unintentionally relied on the implicit mapping functionality
will have to update their configuration but this is intended and
needed to avoid the bypass of other security constraints.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards,
Markus
diff -Nru libapache-mod-jk-1.2.48/debian/changelog
libapache-mod-jk-1.2.48/debian/changelog
--- libapache-mod-jk-1.2.48/debian/changelog2020-06-04 21:42:29.0
+0200
+++ libapache-mod-jk-1.2.48/debian/changelog2023-09-24 17:09:51.0
+0200
@@ -1,3 +1,20 @@
+libapache-mod-jk (1:1.2.48-1+deb11u1) bullseye; urgency=high
+
+ * Fix CVE-2023-41081:
+The mod_jk component of Apache Tomcat Connectors, an Apache 2 module to
+forward requests from Apache to Tomcat, in some circumstances, such as when
+a configuration included "JkOptions +ForwardDirectories" but the
+configuration did not provide explicit mounts for all possible proxied
+requests, mod_jk would use an implicit mapping and map the request to the
+first defined worker. Such an implicit mapping could result in the
+unintended exposure of the status worker and/or bypass security constraints
+configured in httpd. As of this security update, the implicit mapping
+functionality has been removed and all mappings must now be via explicit
+configuration. This issue affects Apache Tomcat Connectors (mod_jk only).
+(Closes: #1051956)
+
+ -- Markus Koschany Sun, 24 Sep 2023 17:09:51 +0200
+
libapache-mod-jk (1:1.2.48-1) unstable; urgency=medium
* New upstream version 1.2.48.
diff -Nru libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch
--- libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch 1970-01-01
01:00:00.0 +0100
+++ libapache-mod-jk-1.2.48/debian/patches/CVE-2023-41081.patch 2023-09-24
17:09:51.0 +0200
@@ -0,0 +1,47 @@
+From: Markus Koschany
+Date: Sun, 24 Sep 2023 16:39:43 +0200
+Subject: CVE-2023-41081
+
+Bug-Debian: https://bugs.debian.org/1051956
+Origin:
https://github.com/apache/tomcat-connectors/commit/0095b6cb84f41313ee4c0364b49c766168790792
+---
+ native/apache-2.0/mod_jk.c | 19 ---
+ 1 file changed, 19 deletions(-)
+
+diff --git a/native/apache-2.0/mod_jk.c b/native/apache-2.0/mod_jk.c
+index b755116..d9345d7 100644
+--- a/native/apache-2.0/mod_jk.c
b/native/apache-2.0/mod_jk.c
+@@ -2767,17 +2767,6 @@ static int jk_handler(request_rec * r)
+ rconf->rule_extensions = e;
+ }
+ }
+-else if (worker_env.num_of_workers == 1) {
+- /** We have a single worker ( the common case ).
+- ( lb is a bit special, it should count as a single worker but
+- I'm not sure how ). We also have a manual config directive that
+- explicitly give control to us. */
+-worker_name = worker_env.worker_list[0];
+-if (JK_IS_DEBUG_LEVEL(xconf->log))
+-jk_log(xconf->log, JK_LOG_DEBUG,
+- "Single worker (%s) configuration for %s",
+- worker_name, r->uri);
+-}
+ else {
+ if (!xconf->uw_map) {
+ if (JK_IS_DEBUG_LEVEL(xconf->log))
+@@ -2804,14 +2793,6 @@ static int jk_handler(request_rec * r)
+ r->uri = clean_uri;
+ }
+ }
+-
+-if (worker_name == NULL && worker_env.num_of_workers) {
+-worker_name = worker_env.worker_list[0];
+-if (JK_IS_DEBUG_LEVEL(xconf->log))
+-jk_log(xconf->log, JK_LOG_DEBUG,
+- "Using first worker (%s) from %d workers for %s",
+- worker_name, worker_env.num_of_workers, r->uri);
+-}
+ }
+ if (worker_name)
+ apr_table_setn(r->notes, JK_NOTE_WORKER_NAME, worker_name);
diff -Nru libapache-mod-jk-1.2.48/debian/patches/series
libapache-mod-jk-1.2.48/debian/patches/series
--- libapache-mod-jk-1.2.48/debian/patches/series 2020-06-04
21:42:29.0 +0200
+++ libapache-mod-jk-1.2.48/debian/patches/series 2023-09-24
17:09:51.0 +0200
@@ -1,2 +1,3 @@
0002-debianize-log-directory.patch
Re: Bug#1040901: Upcoming changes to Debian Linux kernel packages
On Sun, 2023-09-24 at 15:01 +0200, Bastian Blank wrote: [...] > ## Kernel modules will be signed with an ephemeral key > > The modules will not longer be signed using the Secure Boot CA like the > EFI kernel image itself. Instead a key will be created during the build > and thrown away after. > > Yes, this will make the build unreproducible, but no better solution > currently exists. There are some plans, but no-one is working on them. > If a suitable replacement shows up, we can always switch to that > solution. Builds for the architectures involved are already unreproducible due to inconsistent generation of BTF in both the kernel and modules. Additionally, my "plan" would also get rid of signing modules with the Secure Boot CA, so I'm not going to object to this. [...] > ## Image packages contains more version info > > By renaming the kernel packages we try to make several kernels > installable at the same time. In contrast to rpm, where you can have > the same package installed multiple times in different versions, dpkg > only supports a single one at the same time. So the co-installable > versions needs to have different package names. > > The packages will include the full upstream version. There exists the > exception of devel builds and uploads to experimental, wich will contain > even less of the version, to avoid new names in that cases. > > Example: linux-image-6.5.3-cloud-arm64 > > There are some drawbacks. > > The same upstream version in testing and backports will have the same > package name. This is not OK, because they will be incompatible on architectures supporting SB (and sometimes incompatible on others due to compiler differences or required config changes). If someone upgrades from stable + backports to testing, and has OOT modules: - With DKMS, will a rebuild be triggered if the linux-image package name doesn't change? - With module-assistant, the new linux-image package will satisfy dependencies of the old modules even though they are incompatible. > Multiple uploads of the same upstream version will have > the same package name, but those rarely happens. Those happen fairly often for urgent security updates. > Those packages will > not be compatible and a reboot is necessary to be able to load modules > again. > > It will not longer be possible to reliably derive the package name from > kernel release (see above), as both values are not really related > anymore. Given all the drawbacks, I don't see the benefit of decoupling package names from release strings. In the same way that shared library packages must be renamed for every backward-incompatible ABI changes, I believe we should keep doing this for linux-image packages. > ## Header and tool packages will not longer contain version > > The headers packages will not longer include the version. It won't be > reliably possible to derive the package name anyway from the running > kernel. > > This means that only headers of one single version can be available on > the system at one time. This might be a bit inconvinient for dkms, as > it can't longer build modules for multiple versions. > > But we too often have the problem that image and headers go out of sync > and then you can't find the correct ones anyway. > > Example: linux-headers-cloud-arm64 This is all downside with no justification given. Please explain what the benefit is. > ## Installer packages will not longer contain too much version > > The installer can only ever handle one version of kernel. Also it got > an internal mechanism to detect which packages belong together > (the Kernel-Version control entry). So we have no need to rename them > and force a matching change in d-i itself just because a new kernel > exists. So it will not longer contain the full version in the package > names if not needed. [...] In the installer, netboot images break every time the kernel ABI is bumped. I think there's a specific check and error message for this, but I'm not exactly sure. It should be verified that this detection will work the way you expect, so that the error message doesn't change and create a support burden for the installer team. Currently kernel-wedge generates the udeb package names and would need to add an option to leave out the version part of the names. I'm happy to work on that once we have an agreement for what to do. Ben. -- Ben Hutchings It is easier to change the specification to fit the program than vice versa. signature.asc Description: This is a digitally signed message part
Upcoming changes to Debian Linux kernel packages
Hi folks Debian currently does Secure Boot signing using a shim chained to the Microsoft key. This use requires that we follow certain rules. And one of the recent changes to those rules state that our method of signing kernel modules also with the same key will not be allowed anymore. Some information are in #1040901. We could just do the minimal change, sign the modules a different way and let users walk into authenticated failures and other scary error messages. Or we could change the existing ABI setting on every upload, creating a new set of binary packages. But maybe we can enhance the user experience a bit, by reducing the chance of scarry errors, but with the chance of simple errors like "you need to reboot". So let's do some more changes and hopefully don't break the user experience too much. The planned changes are discussed in more detail. ## Kernel modules will be signed with an ephemeral key The modules will not longer be signed using the Secure Boot CA like the EFI kernel image itself. Instead a key will be created during the build and thrown away after. Yes, this will make the build unreproducible, but no better solution currently exists. There are some plans, but no-one is working on them. If a suitable replacement shows up, we can always switch to that solution. ## Kernel release value includes complete Debian version The kernel release is what "uname -r" shows, and how modules are organized in /lib/modules. This value will include the complete version of the binary package, so even binNMU will somehow work. This will make sure the value changes with every upload and modules will not be compatible already from that check. Example: 6.5.3-2+b2-cloud-arm64 ## Image packages contains more version info By renaming the kernel packages we try to make several kernels installable at the same time. In contrast to rpm, where you can have the same package installed multiple times in different versions, dpkg only supports a single one at the same time. So the co-installable versions needs to have different package names. The packages will include the full upstream version. There exists the exception of devel builds and uploads to experimental, wich will contain even less of the version, to avoid new names in that cases. Example: linux-image-6.5.3-cloud-arm64 There are some drawbacks. The same upstream version in testing and backports will have the same package name. Multiple uploads of the same upstream version will have the same package name, but those rarely happens. Those packages will not be compatible and a reboot is necessary to be able to load modules again. It will not longer be possible to reliably derive the package name from kernel release (see above), as both values are not really related anymore. ## Header and tool packages will not longer contain version The headers packages will not longer include the version. It won't be reliably possible to derive the package name anyway from the running kernel. This means that only headers of one single version can be available on the system at one time. This might be a bit inconvinient for dkms, as it can't longer build modules for multiple versions. But we too often have the problem that image and headers go out of sync and then you can't find the correct ones anyway. Example: linux-headers-cloud-arm64 ## Installer packages will not longer contain too much version The installer can only ever handle one version of kernel. Also it got an internal mechanism to detect which packages belong together (the Kernel-Version control entry). So we have no need to rename them and force a matching change in d-i itself just because a new kernel exists. So it will not longer contain the full version in the package names if not needed. ## Further work The changes outlined here try to avoid changes to the initramfs protocol, aka /etc/kernel/. There are larger change is cooking somehow, see https://lists.debian.org/msgid-search/y2gbkyerb10ky...@shell.thinkmo.de Regards, Bastian -- You! What PLANET is this! -- McCoy, "The City on the Edge of Forever", stardate 3134.0
Processed: Re: Bug#1052455: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1
Processing control commands: > tags -1 -moreinfo Bug #1052455 [release.debian.org] bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1 Removed tag(s) moreinfo. -- 1052455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052455: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u1
Control: tags -1 -moreinfo
Hi Adam,
On Sun, 24 Sept 2023 at 05:53, Adam D. Barratt wrote:
>
> Control: tags -1 moreinfo
>
> On Fri, 2023-09-22 at 22:16 +1000, Hugh McMaster wrote:
> > FreeType 2.12.1 shipped with experimental COLRv1 support enabled.
> > This was
> > unintentional, as the implementation shipped in this release was
> > incomplete and
> > incompatible with the final COLRv1 API.
> >
> > Upstream's intention was to enable COLRv1 support in FreeType 2.13.0.
> >
> > Applications attempting to use the partial COLRv1 API in FreeType
> > 2.12.1 will
> > get unexpected (and incorrect) results.
> >
>
> Do we know if any applications shipped in bookworm attempt to use this
> partial API? If so, do we know how they'll handle the change?
The API function call appears in several packages that include
internal copies of FreeType: openjdk-{11, 19, 20} and godot
3.5.2-stable-2. However, none of them call PUT_COLOR_LAYERS_V1() to
access the API.
I doubt many people know the COLRv1 API is in FreeType 2.12.1, as the
API is not mentioned in the release notes for that version. In saying
that, upstream recommends disabling the COLRv1 API.
Bug#1049974: bookworm-pu: package plasma-workspace/5.27.5-2+deb12u1
Hi Adam, On Sat, 23 Sep 2023 21:41:40 +0100 "Adam D. Barratt" wrote: [...] > Please go ahead. Package has been uploaded. -- Med vänliga hälsningar Patrick Franz
Bug#1052543: bookworm-pu: package plasma-framework/5.103.0-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: plasma-framew...@packages.debian.org, delta...@debian.org
Control: affects -1 + src:plasma-framework
[ Reason ]
Upstream KDE has received a number of bug reports about plasmashell
crashing when closing windows. This patch backports the fix to
avoid these crashes back into bookworm.
It was fixed in plasma-framework 5.104.0 which is available in
unstable (unstable currently has 5.107.0)
The corresponding Debian bug report is
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050723
with the upstream bug report to be found at
https://bugs.kde.org/show_bug.cgi?id=472543.
[ Impact ]
plasmashell crashes somewhat regularly when closing a window.
[ Tests ]
No manual or automated tests were conducted on the Debian side.
However, the request for this backport comes from upstream KDE and
the patch has been included upstream as well.
[ Risks ]
The code change is trivial - it is a 1-line patch.
The patch is coming directly from upstream and has been included
in subsequent versions of plasma-framework.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
One-line patch to fix plasmashell crashing when closing windows.
diffstat for plasma-framework-5.103.0 plasma-framework-5.103.0
changelog |7 +++
patches/fix-plasmashell-crash.patch | 33 +
patches/series |1 +
3 files changed, 41 insertions(+)
diff -Nru plasma-framework-5.103.0/debian/changelog
plasma-framework-5.103.0/debian/changelog
--- plasma-framework-5.103.0/debian/changelog 2023-02-12 21:44:34.0
+0100
+++ plasma-framework-5.103.0/debian/changelog 2023-09-24 12:36:00.0
+0200
@@ -1,3 +1,10 @@
+plasma-framework (5.103.0-1+deb12u1) bookworm; urgency=medium
+
+ * Team upload.
+ * Add patch to fix plasmashell crashes (Closes: #1050723).
+
+ -- Patrick Franz Sun, 24 Sep 2023 12:36:00 +0200
+
plasma-framework (5.103.0-1) unstable; urgency=medium
[ Aurélien COUDERC ]
diff -Nru plasma-framework-5.103.0/debian/patches/fix-plasmashell-crash.patch
plasma-framework-5.103.0/debian/patches/fix-plasmashell-crash.patch
--- plasma-framework-5.103.0/debian/patches/fix-plasmashell-crash.patch
1970-01-01 01:00:00.0 +0100
+++ plasma-framework-5.103.0/debian/patches/fix-plasmashell-crash.patch
2023-09-24 12:32:39.0 +0200
@@ -0,0 +1,33 @@
+From 0ad9576f29a3fcc41cec283ad13d3e654508ce1f Mon Sep 17 00:00:00 2001
+From: Fushan Wen
+Date: Tue, 7 Mar 2023 22:34:03 +0800
+Subject: [PATCH] WindowThumbnail: postpone texture deletion to avoid crash
+
+The culprit was the texture that was delete as soon as the item was
+delete while they may be used a bit longer by the render thread.
+
+See also: https://github.com/sailfishos/sailfish-office/pull/85
+
+BUG: 464186
+BUG: 446874
+FIXED-IN: 5.104
+---
+ src/declarativeimports/core/windowthumbnail.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/declarativeimports/core/windowthumbnail.cpp
b/src/declarativeimports/core/windowthumbnail.cpp
+index 6a08f3bc29..7b1e26dc80 100644
+--- a/src/declarativeimports/core/windowthumbnail.cpp
b/src/declarativeimports/core/windowthumbnail.cpp
+@@ -233,7 +233,7 @@ void WindowThumbnail::releaseResources()
+ {
+ QQuickWindow::RenderStage m_renderStage = QQuickWindow::NoStage;
+ if (m_textureProvider) {
+-window()->scheduleRenderJob(new
DiscardTextureProviderRunnable(m_textureProvider), m_renderStage);
++window()->scheduleRenderJob(new
DiscardTextureProviderRunnable(m_textureProvider),
QQuickWindow::AfterSynchronizingStage);
+ m_textureProvider = nullptr;
+ }
+
+--
+GitLab
+
diff -Nru plasma-framework-5.103.0/debian/patches/series
plasma-framework-5.103.0/debian/patches/series
--- plasma-framework-5.103.0/debian/patches/series 1970-01-01
01:00:00.0 +0100
+++ plasma-framework-5.103.0/debian/patches/series 2023-09-24
12:32:50.0 +0200
@@ -0,0 +1 @@
+fix-plasmashell-crash.patch
Processed: bookworm-pu: package plasma-framework/5.103.0-1+deb12u1
Processing control commands: > affects -1 + src:plasma-framework Bug #1052543 [release.debian.org] bookworm-pu: package plasma-framework/5.103.0-1+deb12u1 Added indication that 1052543 affects src:plasma-framework -- 1052543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1052445: Uploaded to sid
Thank you, Sebastian, for the go-ahead. The upload to sid was done, and things build well there. Cheers, Teus Benschop
Bug#1052227: bookworm-pu (pre-approval): mutter/43.8-0+deb12u1
On Sat, 23 Sep 2023 at 20:44:14 +0100, Adam D. Barratt wrote:
> On Tue, 2023-09-19 at 11:26 +0100, Simon McVittie wrote:
> > Several new upstream bugfix releases. I've been trying to get these
> > into
> > a suitable state for a stable update since 12.1, but every time I've
> > been testing one long enough to think about asking for upload
> > approval,
> > there have been more bugfixes upstream and the cycle starts again.
> >
> > This might be the last upstream bugfix release in the 43.x series,
> > or we might get a 43.9.
> >
>
> Please go ahead.
To be clear, do you want this and the accompanying gnome-shell update
uploaded in time for 12.2, or should I upload them after 12.2 for inclusion
in 12.3 as I suggested in the request?
I have been asked to roll one additional change into this update: updating
the (non-upstream) triple-buffering patch to its latest version, which
fixes an issue where some session types (Xorg and some video drivers like
Raspberry Pi) would only refresh at 30fps rather than the intended 60fps,
fixing https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/2017137 and
https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/2017097. I have not
tested that change yet, but the equivalent for mutter 44 has been in Ubuntu
since May. After I've tested it in v43 on Debian, would that be OK to
include? The additional diff (beyond what you already saw) will be what's
attached, plus a changelog entry.
Thanks,
smcv
>From b6d4b5bade286b2d3b6d2d9faa348574ad87503d Mon Sep 17 00:00:00 2001
From: Daniel van Vugt
Date: Mon, 24 Apr 2023 17:42:42 +0800
Subject: [PATCH] clutter/frame-clock: Fall back to triple buffering, not
double buffering
When the driver doesn't support GPU timestamps (Xorg, Raspberry Pi, others)
https://launchpad.net/bugs/2017137
https://launchpad.net/bugs/2017097
---
clutter/clutter/clutter-frame-clock.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/clutter/clutter/clutter-frame-clock.c b/clutter/clutter/clutter-frame-clock.c
index 78f8dde9b4..f89db2582c 100644
--- a/clutter/clutter/clutter-frame-clock.c
+++ b/clutter/clutter/clutter-frame-clock.c
@@ -392,7 +392,15 @@ clutter_frame_clock_compute_max_render_time_us (ClutterFrameClock *frame_clock)
if (!frame_clock->got_measurements_last_frame ||
G_UNLIKELY (clutter_paint_debug_flags &
CLUTTER_DEBUG_DISABLE_DYNAMIC_MAX_RENDER_TIME))
-return refresh_interval_us * SYNC_DELAY_FALLBACK_FRACTION;
+{
+ int64_t ret = refresh_interval_us * SYNC_DELAY_FALLBACK_FRACTION;
+
+ if (!triple_buffering_disabled &&
+ frame_clock->state == CLUTTER_FRAME_CLOCK_STATE_DISPATCHED_ONE)
+ret += refresh_interval_us;
+
+ return ret;
+}
for (i = 0; i < ESTIMATE_QUEUE_LENGTH; ++i)
{
--
2.40.1
Bug#1052070: bookworm-pu: package mutt/2.2.12-0.1~deb12u1
On 2023-09-23 20:39:32 [+0100], Adam D. Barratt wrote: > Please go ahead. Thanks, done. > Regards, > > Adam Sebastian
Bug#1052026: marked as done (transition: thrift)
Your message dated Sun, 24 Sep 2023 09:25:05 +0200 with message-id and subject line Re: Bug#1052026: transition: thrift has caused the Debian Bug report #1052026, regarding transition: thrift to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1052026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052026 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Control: affects -1 + src:thrift Hi RMs, Small transition to 0.19.0 release of thrift. The only reverse dependency is gnuradio which builds fine with the new thrift release. There are two things to consider. First is that gnuradio is also involved in the fmtlib, qwt and boost1.81 transitions as well. Then it is scheduled to be removed from testing on 14th of October due to depending on bladerf which has an open RC bug [1].with a patch since the end of August. Thanks for considering, Laszlo/GCS [1] https://bugs.debian.org/1050943 --- End Message --- --- Begin Message --- On 2023-09-17 13:22:24 +0200, Sebastian Ramacher wrote: > Control: tags -1 confirmed > > On 2023-09-16 13:53:03 +0500, László Böszörményi wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: transition > > Control: affects -1 + src:thrift > > > > Hi RMs, > > > > Small transition to 0.19.0 release of thrift. The only reverse > > dependency is gnuradio which builds fine with the new thrift release. > > Please go ahead. The old binaries got removed from testing. Closing. Cheers -- Sebastian Ramacher--- End Message ---
