Bug#1059344: bookworm-pu: package libdatetime-timezone-perl/1:2.60-1+2023d
On Sun, Dec 24, 2023 at 08:57:22PM +0100, gregor herrmann wrote: > On Sun, 24 Dec 2023 16:19:07 +, Jonathan Wiltshire wrote: > > > On Sat, Dec 23, 2023 at 01:36:11AM +0100, gregor herrmann wrote: > > > I've uploaded libdatetime-timezone-perl/1:2.60-1+2023d to bookworm. > > > As usual, it contains the tzdata data 2023d as a quilt patch. > > Thanks. Should it and the bullseye one be released to stable-updates as > > usual? Text along the lines of the previous SUA? > > Thanks for asking! > I didn't include this request this time, as the changes probably > don't affect too many people and I thought that you might be busy with > other things at this time of the year :) > > But if it's not too much hassle (and without any time pressure > whatsoever), having them in *-updates before the next point releases > would be nice. And basing the wording of the announcements on the > previous examples would be perfect. Ok; the window for today has just closed so I'll sort it out in the next couple of days and by then hopefully tzdata will also be ready. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
NEW changes in stable-new
Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_s390x-buildd.changes ACCEPT
Bug#1059344: bookworm-pu: package libdatetime-timezone-perl/1:2.60-1+2023d
On Sun, 24 Dec 2023 16:19:07 +, Jonathan Wiltshire wrote: > On Sat, Dec 23, 2023 at 01:36:11AM +0100, gregor herrmann wrote: > > I've uploaded libdatetime-timezone-perl/1:2.60-1+2023d to bookworm. > > As usual, it contains the tzdata data 2023d as a quilt patch. > Thanks. Should it and the bullseye one be released to stable-updates as > usual? Text along the lines of the previous SUA? Thanks for asking! I didn't include this request this time, as the changes probably don't affect too many people and I thought that you might be busy with other things at this time of the year :) But if it's not too much hassle (and without any time pressure whatsoever), having them in *-updates before the next point releases would be nice. And basing the wording of the announcements on the previous examples would be perfect. Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `- signature.asc Description: Digital Signature
Bug#1058938: bookworm-pu: package onionprobe/1.0.0+ds-2.1+deb12u1
On Sun, Dec 24, 2023 at 05:20:54PM +, Georg Faerber wrote: > On 23-12-24 16:31:37, Jonathan Wiltshire wrote: > > Something has gone wrong with your upload (a rebase maybe?): > > The missing part of the changelog, as per the diff you sent, is > currently not part of the git history, which is problematic, I guess. > > So if my above assumption is correct, I'll ensure that's recorded in git > accordingly, rebuild and upload again. > > Jonathan, does the above make sense? Yes. Just make sure you have the rejection email before you upload again with the same version. Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
NEW changes in stable-new
Processing changes file: fish_3.6.0-3.1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_all-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_armel-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_i386-buildd.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_ppc64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: fish_3.6.0-3.1+deb12u1_all-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: fish_3.6.0-3.1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: libdatetime-timezone-perl_2.60-1+2023d_all-buildd.changes ACCEPT Processing changes file: localslackirc_1.17-1.1+deb12u1_all-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: onionprobe_1.0.0+ds-2.1+deb12u1_source.changes REJECT Processing changes file: fish_3.6.0-3.1+deb12u1_source.changes ACCEPT Processing changes file: libdatetime-timezone-perl_2.60-1+2023d_source.changes ACCEPT Processing changes file: localslackirc_1.17-1.1+deb12u1_amd64.changes ACCEPT Processing changes file: swupdate_2022.12+dfsg-4+deb12u1_source.changes ACCEPT
Processed: swupdate 2022.12+dfsg-4+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1056969 = bookworm pending Bug #1056969 [release.debian.org] bookworm-pu: package swupdate/2022.12+dfsg-4+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1056969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056969 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libdatetime-timezone-perl 2.60-1+2023d flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1059344 = bookworm pending Bug #1059344 [release.debian.org] bookworm-pu: package libdatetime-timezone-perl/1:2.60-1+2023d Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1059344: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059344 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fish 3.6.0-3.1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1059235 = bookworm pending Bug #1059235 [release.debian.org] bookworm-pu: package fish/3.6.0-3.1+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1059235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059235 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: localslackirc 1.17-1.1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1054466 = bookworm pending Bug #1054466 [release.debian.org] bookworm-pu: package localslackirc/1.17-1.1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1054466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1059344: libdatetime-timezone-perl 2.60-1+2023d flagged for acceptance
package release.debian.org tags 1059344 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libdatetime-timezone-perl Version: 2.60-1+2023d Explanation: update data to Olson database version 2023d (changes for Antarctica and Greenland)
Bug#1059235: fish 3.6.0-3.1+deb12u1 flagged for acceptance
package release.debian.org tags 1059235 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: fish Version: 3.6.0-3.1+deb12u1 Explanation: handle Unicode non-printing characters safely when given as command substitution [CVE-2023-49284]
Bug#1056969: swupdate 2022.12+dfsg-4+deb12u1 flagged for acceptance
package release.debian.org tags 1056969 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: swupdate Version: 2022.12+dfsg-4+deb12u1 Explanation: prevent acquiring root privileges through inappropriate socket mode
Bug#1054466: localslackirc 1.17-1.1+deb12u1 flagged for acceptance
package release.debian.org tags 1054466 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: localslackirc Version: 1.17-1.1+deb12u1 Explanation: send authorization and cookie headers to the websocket
Bug#1059402: bookworm-pu: package postfix/3.7.6-0+deb12u2
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)
[ Reason ]
This is another of the regular postfix maintenance updates. It
encompasses three upstream updates (3.7.7, 3.7.8, and 3.7.9) because
life intervened and I got behind. This one is of particular importance/
urgency since it includes a new setting to address CVE-2023-51764.
[ Impact ]
Bugs remain unfixed, CVE-2023-51764 can be partially mitigated, but not
fully resolved.
[ Tests ]
There is a high level autopkgtest.
[ Risks ]
Risks are low. These have all been released as part of upstream
maintenance and no regressions have been reported. There are no changes
in Debian packaging.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
* 3.7.7
- Bugfix (bug introduced: 20140218): when opportunistic TLS fails
during or after the handshake, don't require that a probe
message spent a minimum time-in-queue before falling back to
plaintext. Problem reported by Serg. File: smtp/smtp.h.
- Bugfix (defect introduced: 19980207): the valid_hostname()
check in the Postfix DNS client library was blocking unusual
but legitimate wildcard names (*.name) in some DNS lookup
results and lookup requests. Examples:
name class/type value
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
This problem was reported first in the context of TLSA
record lookups. Files: util/valid_hostname.[hc],
* 3.7.8
- Bugfix (defect introduced Postfix 2.5, 20080104): the Postfix
SMTP server was waiting for a client command instead of
replying immediately, after a client certificate verification
error in TLS wrappermode. Reported by Andreas Kinzler. File:
smtpd/smtpd.c.
- Usability: the Postfix SMTP server now attempts to log the
SASL username after authentication failure. In Postfix
logging, this appends ", sasl_username=xxx" after the reason
for SASL authentication failure. The logging replaces an
unavailable reason with "(reason unavailable)", and replaces
an unavailable sasl_username with "(unavailable)". Based
on code by Jozsef Kadlecsik. Files: xsasl/xsasl_server.c,
xsasl/xsasl_cyrus_server.c, smtpd/smtpd_sasl_glue.c.
- Bugfix (defect introduced: Postfix 2.11): in forward_path,
the expression ${recipient_delimiter} would expand to an
empty string when a recipient address had no recipient
delimiter. Fixed by restoring Postfix 2.10 behavior to use
a configured recipient delimiter value. Reported by Tod
A. Sandman. Files: proto/postconf.proto, local/local_expand.c.
* 3.7.9 (Closes: #1059230)
- Addresses CVE-2023-51764, requires configuration change
- Security: with "smtpd_forbid_bare_newline = yes" (default
"no" for Postfix < 3.9), reply with "Error: bare
received" and disconnect when an SMTP client sends a line
ending in , violating the RFC 5321 requirement that
lines must end in . This prevents SMTP smuggling
attacks that target a recipient at a Postfix server. For
backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks". Files: mantools/postlink, proto/postconf.proto,
global/mail_params.h, global/smtp_stream.c, global/smtp_stream.h
[ Other info ]
The CVE fix requires a configuration change, which is not set be default
as it would likely break some configuratins. We should be sure to
mention that in the SUA.
Scott K
diff -Nru postfix-3.7.6/debian/changelog postfix-3.7.9/debian/changelog
--- postfix-3.7.6/debian/changelog 2023-07-05 17:18:24.0 -0400
+++ postfix-3.7.9/debian/changelog 2023-12-24 12:33:24.0 -0500
@@ -1,3 +1,58 @@
+postfix (3.7.9-0+deb12u1) bookworm; urgency=medium
+
+ [Wietse Venema]
+
+ * 3.7.7
+- Bugfix (bug introduced: 20140218): when opportunistic TLS fails
+ during or after the handshake, don't require that a probe
+ message spent a minimum time-in-queue before falling back to
+ plaintext. Problem reported by Serg. File: smtp/smtp.h.
+- Bugfix (defect introduced: 19980207): the valid_hostname()
+ check in the Postfix DNS client library was blocking unusual
+ but legitimate wildcard names (*.name) in some DNS lookup
+ results and lookup requests. Examples:
+ name class/type value
+*.one.example IN CNAME *.other.example
+
NEW changes in oldstable-new
Processing changes file: libdatetime-timezone-perl_2.47-1+2023d_all-buildd.changes ACCEPT
Re: Bug#1059395: libacl1, debhelper: changelog handling with --no-trim seems to be not binNMU-safe
Control: reassign -1 debhelper Control: found -1 debhelper/13.11.4 On Sun, 2023-12-24 at 14:27:22 +, Simon McVittie wrote: > Package: libacl1,debhelper > Control: found -1 libacl1/2.3.1-3 > Control: found -1 debhelper/13.11.9 > Severity: important > X-Debbugs-Cc: debian-release@lists.debian.org > I notice that libacl1 uses dh_installchangelogs --no-trim in its > debian/rules to suppress the default exclusion of older changelog > entries. It appears that using that option also suppresses the separation > of binNMU changelog entries into a separate file? I think it probably > should not, because the trimming of old changelog entries is merely > a nice-to-have to save some disk space, but the separation of binNMU > changelog entries is functionally necessary if we want packages to remain > multiarch co-installable across binNMUs. Yes, I don't see why the old behavior, when requested explicitly, would no longer behave as previously. This would seem like a regression in debhelper due to the trimming handling. > A sourceful upload of libacl1 would temporarily address this (until the > next binNMU) by not being a binNMU, but would not be a long-term solution, > unless we stop using binNMUs entirely and replace them with "no-changes" > machine-assisted sourceful uploads like Ubuntu has done. I've uploaded acl now with some minor pending changes I had queued as a temporary workaround. But the obvious and correct way forward to me is to fix debhelper (instead of having to change all affected packages, or having to stop using binNMUs due to this…). And I've just tested this and it also affects the current debhelper version in Debian (stable) bookworm. :/ Thanks, Guillem
Bug#1058938: bookworm-pu: package onionprobe/1.0.0+ds-2.1+deb12u1
Hi, Sorry for the additional work: On 23-12-24 16:31:37, Jonathan Wiltshire wrote: > Something has gone wrong with your upload (a rebase maybe?): The missing part of the changelog, as per the diff you sent, is currently not part of the git history, which is problematic, I guess. So if my above assumption is correct, I'll ensure that's recorded in git accordingly, rebuild and upload again. Jonathan, does the above make sense? Thanks, Georg
NEW changes in oldstable-new
Processing changes file: chromium_120.0.6099.129-1~deb11u1_source.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: chromium_120.0.6099.129-1~deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_source.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_all-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_amd64-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_arm64-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_armel-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_armhf-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_i386-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_mips64el-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_mipsel-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_ppc64el-buildd.changes ACCEPT Processing changes file: curl_7.74.0-1.3+deb11u11_s390x-buildd.changes ACCEPT Processing changes file: libdatetime-timezone-perl_2.47-1+2023d_source.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_source.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_all-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_armel-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_i386-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: putty_0.74-1+deb11u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: curl_7.88.1-10+deb12u5_source.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_all-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_amd64-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_arm64-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_armel-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_armhf-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_i386-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_mips64el-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_mipsel-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_ppc64el-buildd.changes ACCEPT Processing changes file: curl_7.88.1-10+deb12u5_s390x-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_source.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_all-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_armel-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_i386-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: putty_0.78-2+deb12u1_s390x-buildd.changes ACCEPT
Processed: libdatetime-timezone-perl 2.47-1+2023d flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1059345 = bullseye pending Bug #1059345 [release.debian.org] bullseye-pu: package libdatetime-timezone-perl/1:2.47-1+2023d Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1059345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059345 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1059345: libdatetime-timezone-perl 2.47-1+2023d flagged for acceptance
package release.debian.org tags 1059345 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libdatetime-timezone-perl Version: 2.47-1+2023d Explanation: update data to Olson database version 2023d (changes for Antarctica and Greenland)
Bug#1058938: bookworm-pu: package onionprobe/1.0.0+ds-2.1+deb12u1
On Fri, Dec 22, 2023 at 12:08:41PM +, Georg Faerber wrote: > On 23-12-21 21:52:08, Jonathan Wiltshire wrote: > > Please go ahead. > > Thanks, uploaded. Something has gone wrong with your upload (a rebase maybe?): | 1.0.0+ds/debian/changelog onionprobe-1.0.0+ds/debian/changelog | --- onionprobe-1.0.0+ds/debian/changelog 2022-10-15 10:32:07.0 + | +++ onionprobe-1.0.0+ds/debian/changelog 2023-12-18 14:30:56.0 + | @@ -1,9 +1,10 @@ | -onionprobe (1.0.0+ds-2.1) unstable; urgency=medium | +onionprobe (1.0.0+ds-2.1+deb12u1) bookworm; urgency=medium | | - * Non-maintainer upload. | - * No source change upload to rebuild with debhelper 13.10. | + * debian/patches: | +- Pull in upstream fix to silence Tor if generating hashed passwords. | + (Closes: #1053204) | | - -- Michael Biebl Sat, 15 Oct 2022 12:32:07 +0200 | + -- Georg Faerber Mon, 18 Dec 2023 14:30:56 + | | onionprobe (1.0.0+ds-2) unstable; urgency=medium I will reject so that you can upload again with the same version. -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Bug#1059344: bookworm-pu: package libdatetime-timezone-perl/1:2.60-1+2023d
On Sat, Dec 23, 2023 at 01:36:11AM +0100, gregor herrmann wrote: > > I've uploaded libdatetime-timezone-perl/1:2.60-1+2023d to bookworm. > As usual, it contains the tzdata data 2023d as a quilt patch. Thanks. Should it and the bullseye one be released to stable-updates as usual? Text along the lines of the previous SUA? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Processed: Re: bookworm-pu: package systemd/252.20-1~deb12u1
Processing control commands: > retitle -1 bookworm-pu: package systemd/252.21-1~deb12u1 Bug #1057861 [release.debian.org] bookworm-pu: package systemd/252.20-1~deb12u1 Changed Bug title to 'bookworm-pu: package systemd/252.21-1~deb12u1' from 'bookworm-pu: package systemd/252.20-1~deb12u1'. -- 1057861: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057861 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1059395: libacl1, debhelper: changelog handling with --no-trim seems to be not binNMU-safe
Package: libacl1,debhelper
Control: found -1 libacl1/2.3.1-3
Control: found -1 debhelper/13.11.9
Severity: important
X-Debbugs-Cc: debian-release@lists.debian.org
libacl1 was recently binNMU'd on all architectures to address version skew.
Unfortunately, the binNMU'd version is no longer multiarch co-installable
because its changelog differs between architectures:
│ │ ├── ./usr/share/doc/libacl1/changelog.Debian.gz
│ │ │ ├── changelog.Debian
│ │ │ │ @@ -1,13 +1,13 @@
│ │ │ │ acl (2.3.1-3+b1) sid; urgency=low, binary-only=yes
│ │ │ │
│ │ │ │ - * Binary-only non-maintainer upload for amd64; no source changes.
│ │ │ │ + * Binary-only non-maintainer upload for i386; no source changes.
│ │ │ │* Rebuild to sync binNMU versions
│ │ │ │
│ │ │ │ - -- all / amd64 / i386 Build Daemon (x86-conova-01) ...
│ │ │ │ + -- i386 Build Daemon (x86-grnet-01) ...
This binNMU changelog entry would normally be separated into
changelog.Debian.${DEB_HOST_ARCH}.gz, as can be seen in
/usr/share/doc/libxext6/ at the time of writing. However, that mechanism
doesn't seem to have been effective for libacl1.
I notice that libacl1 uses dh_installchangelogs --no-trim in its
debian/rules to suppress the default exclusion of older changelog
entries. It appears that using that option also suppresses the separation
of binNMU changelog entries into a separate file? I think it probably
should not, because the trimming of old changelog entries is merely
a nice-to-have to save some disk space, but the separation of binNMU
changelog entries is functionally necessary if we want packages to remain
multiarch co-installable across binNMUs.
A sourceful upload of libacl1 would temporarily address this (until the
next binNMU) by not being a binNMU, but would not be a long-term solution,
unless we stop using binNMUs entirely and replace them with "no-changes"
machine-assisted sourceful uploads like Ubuntu has done.
Not using --no-trim could address this from the libacl1 side, but
presumably the libacl1 maintainer has used that option intentionally and
for a reason. (Is that reason more important than having co-installable
binNMUs?)
Making --no-trim only disable the trimming of old changelog entries, but
retain the separation of binNMU changelog entries (and then binNMU'ing
libacl1 again) could address this from the debhelper side.
I don't know which of these ways forward is the right one. Please reassign
or clone as appropriate, and in the meantime please consider doing a
sourceful upload of libacl1 to unblock multi-arch co-installability.
Thanks,
smcv
Re: Bug#1057755: Qt WebEngine Security Support In Stable
On Sat, Dec 23, 2023 at 03:55:15PM -0700, Soren Stoutner wrote: >... > In a hypothetical world where Qt 6.2 LTS had shipped with bookworm, we could > build any Qt WebEngine from 6.2, 6.3, or 6.4 against it without problem. > Initially it might seem best to build the highest possible, but because 6.4 > updates end a full year before 6.2 LTS updates, it would be best for stable > support if we stuck with 6.2 as long as possible. >... When Qt WebEngine from 6.5 is officially backportable to 6.2, then backporting it to versions between 6.2 and 6.5 is unlikely to be a problem. Backporting even more recent versions to 6.4 would be expected to be easier than backporting to 6.2, since 6.4 is closer to what gets backported and backporting problems tend to increase when the backporting distance increases since the code differences increase. >... > If it ends up not being feasible to backport the entire Qt WebEngine from > the next LTS release, then we could look at cherry-picking all of the > security commits. This would be, by far, the most time-intensive solution. > But, as your point out, the security fixes on the Chromium side are well > marked. And, generally, they are small commits that only modify a few lines. > For example: >... Your "generally" is not true, it misses the biggest problem. Out of 20 CVEs there might be 19 easy ones, plus one that is a quite invasive patch requiring a lot of backporting work. Who has both the required skills and a reliable commitment today for doing in the year 2027 an urgent backport of a complex fix for a zero-day vulnerability that is already being exploited in the wild? > Soren Stoutner cu Adrian
Bug#1058944: Bug#1058876 libopenmpi-dev: paths missing /usr/include...(for fortran mpi.mod)
reopen 1058876 block 1058944 by 1058876 thanks Alas, the fix in openmpi 4.1.6-3 for the include path to the openmpi fortran modules has hardcoded x86_64-linux-gnu This is preventing builds and tests on other architectures, e.g. rebuilding sundials for the petsc transition. I think openmpi's debian/tests will also need Depends: pkg-config for the new compile_run_cc_pkgconfig test.
Processed: Re:Bug#1058876 libopenmpi-dev: paths missing /usr/include...(for fortran mpi.mod)
Processing commands for cont...@bugs.debian.org:
> reopen 1058876
Bug #1058876 {Done: Alastair McKinstry } [libopenmpi-dev]
libopenmpi-dev: paths missing /usr/include...(for fortran mpi.mod)
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions openmpi/4.1.6-3.
> block 1058944 by 1058876
Bug #1058944 [release.debian.org] transition: petsc
1058944 was not blocked by any bugs.
1058944 was blocking: 1057863
Added blocking bug(s) of 1058944: 1058876
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1058876: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058876
1058944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058944
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
