Bug#1064551: libjwt 1.10.2-1+deb12u1 flagged for acceptance

2024-03-03 Thread Jonathan Wiltshire
package release.debian.org
tags 1064551 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libjwt
Version: 1.10.2-1+deb12u1

Explanation: fix timing side channel attack [CVE-2024-25189]



Bug#1065326: python3.11 3.11.2-6+deb12u1 flagged for acceptance

2024-03-03 Thread Jonathan Wiltshire
package release.debian.org
tags 1065326 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: python3.11
Version: 3.11.2-6+deb12u1

Explanation: fix use-after-free crash when deallocating a frame object



Bug#1065052: bookworm-pu: package nvidia-graphics-drivers-tesla-470/470.239.06-1~deb12u1

2024-03-03 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Thu, Feb 29, 2024 at 09:57:59AM +0100, Andreas Beckmann wrote:
> [ Reason ]
> Let's update nvidia-graphics-drivers-tesla-470 in bookworm to a new
> upstream release fixing a few CVEs.
> This release also contains an upstream fix for the issue we recently
> fixed via stable-updates. No need for stable-updates this time.
> No additional packaging changes this time (besides refreshing/reordering
> the patches)

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1064551: bookworm-pu: libjwt/1.10.2-1+deb11u1

2024-02-25 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sat, Feb 24, 2024 at 12:50:51AM +, Thorsten Alteholz wrote:
> The attached debdiff for libjwt fixes
> CVE-2024-25189 in Bookworm. It is marked as
> no-dsa by the security team.
> The fix is straightfoward and should not make any problems.

It seems quite a lot of effort for something even the author thinks is
infeasible in the real world, but OK. Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1064588: bookworm-pu: package glibc/2.36-9+deb12u5

2024-02-25 Thread Jonathan Wiltshire
Control: tag -1 d-i

Hi,

On Sat, Feb 24, 2024 at 04:59:10PM +0100, Aurelien Jarno wrote:
> [ Reason ]
> The upstream stable branch got a few fixes in the last months, and this
> update pulls them into the debian package.
> 
> [ Impact ]
> In case the update isn't approved, systems will be left with a few
> issues, and the differences with upstream will increase, which might
> make next fixes more difficult to review.

I'm happy with it from SRM point of view, but as you say d-i ack needed.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057267: phpldapadmin 1.2.6.3-0.3+deb12u1 flagged for acceptance

2024-02-25 Thread Jonathan Wiltshire
package release.debian.org
tags 1057267 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: phpldapadmin
Version: 1.2.6.3-0.3+deb12u1

Explanation: fix compatbility with PHP 8.1+



Bug#1052455: RE: freetype 2.12.1+dfsg-5+deb12u1 makes chromium segfault at startup

2024-02-25 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sun, Feb 25, 2024 at 04:50:55PM +1100, Hugh McMaster wrote:
> I've prepared a source debdiff for the proposed freetype 
> 2.12.1+dfsg-5+deb12u3.
> 
> This update includes the original patch and the additional typo fix
> identified by Ben Wagner.
> 
> In terms of testing, grepping for PUT_COLOR_LAYERS_V1 or
> TT_SUPPORT_COLRV1 yields almost the same group of packages.
> 
> chromium, firefox-esr, godot, thunderbird all have GUIs. These launch
> and function as expected on my bookworm test system.
> 
> I also tested some of the openjdk-* demos, where the openjdk version
> is installable on bookworm.

Please go ahead as a source-only upload.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055214: bookworm-pu: package fpga-icestorm/0~20220915gita545498-3

2024-02-25 Thread Jonathan Wiltshire
On Wed, Feb 21, 2024 at 12:28:59PM +0100, Daniel Gröber wrote:
> Hi Jonathan,
> 
> On Wed, Feb 21, 2024 at 07:50:02AM +, Jonathan Wiltshire wrote:
> > On Thu, Nov 02, 2023 at 11:36:23AM +0100, Daniel Gröber wrote:
> > > [ Reason ]
> > > Andras Pal reported fpga-icestorm's "icebram" utility being broken in
> > > stable (#1055171) due to incompatible changes to yosys's output.
> > 
> > Please go ahead.
> 
> Done. This is my first stable update so I hope I got it right :)

Yes, you're fine. You probably need to update lintian to fix that warning.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1064276: python-channels-redis 4.0.0-1+deb12u1 flagged for acceptance

2024-02-23 Thread Jonathan Wiltshire
package release.debian.org
tags 1064276 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: python-channels-redis
Version: 4.0.0-1+deb12u1

Explanation: 



Bug#1063823: nvidia-graphics-drivers 470.223.02-2 flagged for acceptance

2024-02-23 Thread Jonathan Wiltshire
package release.debian.org
tags 1063823 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers
Version: 470.223.02-2

Explanation: end support for Tesla 450 drivers; build libnvidia-fbc1 for arm64



Bug#1055115: prometheus-node-exporter-collectors 0.0~git20230203.6f710f8-1+deb12u1 flagged for acceptance

2024-02-23 Thread Jonathan Wiltshire
package release.debian.org
tags 1055115 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: prometheus-node-exporter-collectors
Version: 0.0~git20230203.6f710f8-1+deb12u1

Explanation: do not adversely affect mirror network; fix deadlock with other 
apt update runs



Bug#1064419: bookworm-pu: package node-neo-async/2.6.2+~cs3.0.0-2

2024-02-22 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Thu, Feb 22, 2024 at 02:02:29AM +0530, Praveen Arimbrathodiyil wrote:
> [ Reason ]
> #1064411 some files that are present in npm dist tarball was missing in the
> binary package (it was built but not included in the binary) shipped in
> debian. We noticed this only now since we are trying to integrate
> yarn-plugin-apt (which will use apt installed node modules when available)
> with gitlab in bookworm-fasttrack (fasttrack.debian.net) only now and which
> expects these missing files to be present.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063821: python-dnslib 0.9.14-1+deb11u1 flagged for acceptance

2024-02-22 Thread Jonathan Wiltshire
package release.debian.org
tags 1063821 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: python-dnslib
Version: 0.9.14-1+deb11u1

Explanation: validate transaction ID in client.py



Bug#1054915: bookworm-pu: package freerdp2/2.11.2+dfsg1-1~deb12u1

2024-02-21 Thread Jonathan Wiltshire
Control: tag -1 moreinfo

Hi,

On Sat, Oct 28, 2023 at 05:58:38PM +0200, Tobias Frost wrote:
> Backporting the fixes is of course possible, but bears a significant
> risk for regression, therefor I would prefer to use the new upstream
> version, given also that upstream changes are only a few and fixing
> also a few bugs that would be nice to be fixed.

It's a balancing act, as always. I'm OK with new upstream releases if they
are small enough to sensibly review (or an upstream with a good trusted
history, which I don't yet have for freerdp2). If you think a new upstream
is reasonable, let's see how it looks.

Either way we need a source debdiff please.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

2024-02-21 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sun, Feb 11, 2024 at 12:29:09AM +, Daniel Markstedt wrote:
> Please find a debdiff attached here. Is this adequate for doing the security 
> release?
> 
> Thank you!
> 
> Daniel

> diff -Nru netatalk-3.1.12~ds/debian/changelog 
> netatalk-3.1.12~ds/debian/changelog
> --- netatalk-3.1.12~ds/debian/changelog   2023-09-20 05:19:20.0 
> +
> +++ netatalk-3.1.12~ds/debian/changelog   2024-02-10 23:49:31.0 
> +
> @@ -1,3 +1,10 @@
> +netatalk (3.1.12~ds-8+deb11u2) bullseye-security; urgency=high
> +
> +  * Fix CVE-2022-22995. Harden create_appledesktop_folder.
> +closes: bug#1060773
> +
> + -- Daniel Markstedt   Sat, 10 Feb 2024 23:49:31 +
> +

You should be targetting `bullseye` in the most recent changelog; with that
fixed, please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063723: pypdf2 1.26.0-4+deb11u1 flagged for acceptance

2024-02-20 Thread Jonathan Wiltshire
package release.debian.org
tags 1063723 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: pypdf2
Version: 1.26.0-4+deb11u1

Explanation: 



Bug#1055115: bookworm-pu: package prometheus-node-exporter-collectors/0.0~git20230203.6f710f8-1

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Tue, Oct 31, 2023 at 02:22:27PM -0400, Antoine Beaupre wrote:
> [ Reason ]
> Since the bookworm upgrade, all hosts with the
> prometheus-node-exporter-collectors package install repeatedly hit the
> mirrors with spurious apt-update runs. The Debian package
> systemd.timer(1) schedule is once on boot and then every 15 minutes
> after, which imposes a tremendous load on the mirror system.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055214: bookworm-pu: package fpga-icestorm/0~20220915gita545498-3

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Thu, Nov 02, 2023 at 11:36:23AM +0100, Daniel Gröber wrote:
> [ Reason ]
> Andras Pal reported fpga-icestorm's "icebram" utility being broken in
> stable (#1055171) due to incompatible changes to yosys's output.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057267: bookworm-pu: package phpldapadmin/1.2.6.3-0.3+deb12u1

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sat, Dec 02, 2023 at 11:56:14AM +0100, William Desportes wrote:
> Some users have older PHP versions than the one from bookworm, phpldapadmin 
> is compatible with most of the recent ones.
> But the patch that was distributed at the time of packaging was limited to 
> PHP 8.1+ and got outdated by a newer one that is compatible with more PHP 
> versions.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1064276: bookworm-pu: package python-channels-redis/4.0.0-1+deb12u1

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Mon, Feb 19, 2024 at 01:26:17PM +, Colin Watson wrote:
> [ Reason ]
> The version of python-channels-redis in bookworm suffers from
> https://bugs.debian.org/1027387 /
> https://github.com/django/channels_redis/issues/332, which was
> introduced in 4.0.0 and is a regression from bullseye.  I ran into this
> while working on debusine.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1060290: django-mailman3 1.3.5-2+deb11u1 flagged for acceptance

2024-02-20 Thread Jonathan Wiltshire
package release.debian.org
tags 1060290 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: django-mailman3
Version: 1.3.5-2+deb11u1

Explanation: scrub messages before archiving



Bug#1057084: nvidia-graphics-drivers-tesla-450 450.248.02-4~deb11u1 flagged for acceptance

2024-02-20 Thread Jonathan Wiltshire
package release.debian.org
tags 1057084 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers-tesla-450
Version: 450.248.02-4~deb11u1

Explanation: convert to transitional packages



Bug#1064029: bookworm-pu: package mailman3/3.3.8-2~deb12u2

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Fri, Feb 16, 2024 at 12:21:32AM +0100, Pierre-Elliott Bécue wrote:
> [ Reason ]
> Bug #1040708 is about a change in the way sqlalchemy reads postgresql
> URIs. Historically the prefix in this URI was postgres. Now it's
> postgresql. Therefore the default config for mailman3 is broken under
> bookworm.
> Bug #1038953 is about tracking cron-daemon instead of cron to allow more
> flexibility should one wish to use something else than cron. It was
> supposed to be done for some time.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063823: bullseye-pu: package nvidia-graphics-drivers/470.223.02-2

2024-02-20 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Tue, Feb 13, 2024 at 03:50:23AM +0100, Andreas Beckmann wrote:
> [ Reason ]
> While preparing the update series for bookworm I realized that I had
> missed in the last OPU some changes in
> src:nvidia-graphics-drivers/bullseye that were added in
> src:nvidia-graphics-drivers-tesa-470/bullseye.
> To avoid confusion, these packages should stay in sync.
> The relevant bug here is libnvidia-fbc1 not being built on arm64, even
> though the library is available in the blob nowadays.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055036: crmsh 4.4.1-1+deb12u1 flagged for acceptance

2024-02-18 Thread Jonathan Wiltshire
package release.debian.org
tags 1055036 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: crmsh
Version: 4.4.1-1+deb12u1

Explanation: create log directory and file on installation



Bug#1064159: ebook-speaker 6.2.0-4+deb12u1 flagged for acceptance

2024-02-18 Thread Jonathan Wiltshire
package release.debian.org
tags 1064159 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: ebook-speaker
Version: 6.2.0-4+deb12u1

Explanation: support username over 8 characters when enumerating groups



Bug#1064064: wayfire 0.7.4-3+deb12u1 flagged for acceptance

2024-02-18 Thread Jonathan Wiltshire
package release.debian.org
tags 1064064 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: wayfire
Version: 0.7.4-3+deb12u1

Explanation: add missing dependencies



Bug#1057874: archlinux-keyring 0~20231113-1~deb12u1 flagged for acceptance

2024-02-18 Thread Jonathan Wiltshire
package release.debian.org
tags 1057874 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: archlinux-keyring
Version: 0~20231113-1~deb12u1

Explanation: switch to pre-built keyrings; sync with upstream



Bug#1051466: ovn 23.03.1-1~deb12u1 flagged for acceptance

2024-02-18 Thread Jonathan Wiltshire
package release.debian.org
tags 1051466 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: ovn
Version: 23.03.1-1~deb12u1

Explanation: new upstream stable version



Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1

2024-02-18 Thread Jonathan Wiltshire
Control: tag -1 = bookworm confirmed

On Sat, Feb 17, 2024 at 05:08:36PM +0100, Valentin Vidic wrote:
> On Mon, Feb 12, 2024 at 06:21:52PM +0000, Jonathan Wiltshire wrote:
> > This will happen on every package update, no? What if the local
> > administrator has set other properties on the log file (e.g. to allow other
> > users to read it)?
> 
> Thanks, I have updated the postinst to only make the changes if
> the logs don't exist. Updated debdiff attached below...

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1064064: bookworm-pu: package wayfire/0.7.4-3+deb12u1

2024-02-17 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Fri, Feb 16, 2024 at 10:34:11AM -0500, Boyuan Yang wrote:
> [ Reason ]
> Currently binary package wayfire-dev needs several other -dev packages
> to work, but the dependency relationship is not documented. This will
> result in the following errors when trying to use wayfire-dev alone:

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057874: bookworm-pu: package archlinux-keyring/0~20231113-1~deb12u1

2024-02-17 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sat, Dec 09, 2023 at 11:17:05PM +, Luca Boccassi wrote:
> We would like to upload a new version of archlinux-keyring to p-u. This
> package ships the keyring necessary to bootstrap an Archlinux image
> from Debian, and it's necessary to keep it up to date to keep it
> usable.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-15 Thread Jonathan Wiltshire
Hi,

On Thu, Feb 15, 2024 at 05:48:37PM +, Dan Coleman wrote:
> As a user facing this issue, I'd rather have the release as soon as possible. 
> It's already been a couple days. But that's just a user perspective!
 
If you really can't wait another 24 hours, please feel free to install the
packages from bookworm-proposed-updates and help with testing them.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-15 Thread Jonathan Wiltshire
On Thu, Feb 15, 2024 at 07:08:30PM +0100, Andreas Beckmann wrote:
> On 15/02/2024 18.44, Jonathan Wiltshire wrote:
> > On Thu, Feb 15, 2024 at 02:24:05PM +0100, Andreas Beckmann wrote:
> > > On 14/02/2024 11.01, Jonathan Wiltshire wrote:
> > > > On Sun, Feb 11, 2024 at 11:23:00PM +0100, Andreas Beckmann wrote:
> > > > > We need to push 4 packages together to stable-updates:
> > > > > nvidia-graphics-drivers
> > > > > nvidia-settings
> > > > > nvidia-graphics-drivers-tesla-470
> > > > > nvidia-graphics-drivers-tesla
> > > > 
> > > > According to my list there's just nvidia-graphics-drivers-tesla missing
> > > > now; does that match yours?
> > > 
> > > Seems installable in sid now, so just uploaded to PU. These 4 should be
> > > ready for stable-updates.
> > 
> > Thanks; accepted all four, and the builds have just come in.
> > 
> > I can release as early as tonight (19:52) but I don't know if that's a bit
> > of a rush. Should I hang on until tomorrow evening in case of any
> > late-breaking issues?
> 
> Tomorrow is probably better.

Agreed.

> > We also need to put some thought into an announcement text. Here's a draft
> > starting point:
> > 
> > ===
> > This update addresses problems in four non-free packages to support nVidia
> > graphics cards.
> 
> three non-free driver packages ?

Oh, I counted nvidia-graphics-drivers twice, sorry.

> > The Linux kernel update included in Debian 12.5 marked two functions as
> > GPL-only, making them inaccessible to non-free kernel modules.
> not correct ...
> 
> The Linux kernel update in Debian 12.5 changed an inlined function to call
> two GPL-only symbols, making that function inaccessible to non-free kernel
> modules.

Yes, ok.

> > As a result,
> > the nVidia kernel modules cannot be built via DKMS at installation time for
> > the updated kernel.
> > 
> > This issue could not be resolved in time for the release of Debian 12.5.
> 
> (And perhaps something along this:)
> 
> Additionally src:nvidia-graphics-drivers and src:nvidia-settings have been
> enabled to build for ppc64el, in order to turn
> src:nvidia-graphics-drivers-tesla into transitional packages to ease future
> updates.

That's a bit wordy - I'll draft below.

> > The following packages have been updated to correct the problem.
> 
> > , as well as
> > fixing detection of Tesla 470 compatibility:
> Drop, that was a regression introduced in -6 and -6~deb12u1, it only existed
> for a few days.

Ok.

Revised draft:

===
This update addresses problems in three non-free driver packages supporing
nVidia graphics cards.
 
The Linux kernel released in Debian 12.5 changed an inlined function to call
two GPL-only symbols, making that function inaccessible to non-free kernel
modules.

As a result, the nVidia kernel modules cannot be built via DKMS at
installation time for the updated kernel. This issue could not be resolved
in time for the release of Debian 12.5.

In addition, the source packages nvidia-graphics-drivers and
nvidia-settings now build binaries for ppc64el, and
nvidia-graphics-drivers-tesla builds transitional packages to
ease future updates.

The following packages have been updated to correct the problem:

Source package Fixed version
== =
nvidia-graphics-drivers
nvidia-graphics-drivers-tesla
nvidia-graphics-drivers-tesla-470
nvidia-settings
 
If you use the affected packages, we recommend you upgrade to these
versions.
===

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-15 Thread Jonathan Wiltshire
On Thu, Feb 15, 2024 at 02:24:05PM +0100, Andreas Beckmann wrote:
> On 14/02/2024 11.01, Jonathan Wiltshire wrote:
> > On Sun, Feb 11, 2024 at 11:23:00PM +0100, Andreas Beckmann wrote:
> > > We need to push 4 packages together to stable-updates:
> > > nvidia-graphics-drivers
> > > nvidia-settings
> > > nvidia-graphics-drivers-tesla-470
> > > nvidia-graphics-drivers-tesla
> > 
> > According to my list there's just nvidia-graphics-drivers-tesla missing
> > now; does that match yours?
> 
> Seems installable in sid now, so just uploaded to PU. These 4 should be
> ready for stable-updates.

Thanks; accepted all four, and the builds have just come in.

I can release as early as tonight (19:52) but I don't know if that's a bit
of a rush. Should I hang on until tomorrow evening in case of any
late-breaking issues?

We also need to put some thought into an announcement text. Here's a draft
starting point:

===
This update addresses problems in four non-free packages to support nVidia
graphics cards.

The Linux kernel update included in Debian 12.5 marked two functions as
GPL-only, making them inaccessible to non-free kernel modules. As a result,
the nVidia kernel modules cannot be built via DKMS at installation time for
the updated kernel.

This issue could not be resolved in time for the release of Debian 12.5. 

The following packages have been updated to correct the problem, as well as
fixing detection of Tesla 470 compatibility:

  PackageFixed version
  =====
  nvidia-graphics-drivers
  nvidia-graphics-drivers-tesla
  nvidia-graphics-drivers-tesla-470
  nvidia-settings

If you use the affected packages, we recommend you upgrade to these
versions.
===

Feedback?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063914: nvidia-graphics-drivers-tesla 525.147.05-7~deb12u1 flagged for acceptance

2024-02-15 Thread Jonathan Wiltshire
package release.debian.org
tags 1063914 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers-tesla
Version: 525.147.05-7~deb12u1

Explanation: restore compatibility with newer Linux kernel builds



Bug#1063933: nvidia-graphics-drivers 525.147.05-7~deb12u1 flagged for acceptance

2024-02-15 Thread Jonathan Wiltshire
package release.debian.org
tags 1063933 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers
Version: 525.147.05-7~deb12u1

Explanation: fix Tesla 470 detection; relax dh-dkms build-dependency for 
compatibility with bookworm



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-14 Thread Jonathan Wiltshire
On Sun, Feb 11, 2024 at 11:23:00PM +0100, Andreas Beckmann wrote:
> We need to push 4 packages together to stable-updates:
> nvidia-graphics-drivers
> nvidia-settings
> nvidia-graphics-drivers-tesla-470
> nvidia-graphics-drivers-tesla

According to my list there's just nvidia-graphics-drivers-tesla missing
now; does that match yours?

Thanks,
Jonathan

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063737: nvidia-graphics-drivers-tesla-470 470.223.02-4~deb12u1 flagged for acceptance

2024-02-12 Thread Jonathan Wiltshire
package release.debian.org
tags 1063737 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers-tesla-470
Version: 470.223.02-4~deb12u1

Explanation: restore compatibility with newer Linux kernel builds; stop 
building nvidia-cuda-mps



Bug#1063675: nvidia-graphics-drivers 525.147.05-6~deb12u1 flagged for acceptance

2024-02-12 Thread Jonathan Wiltshire
On Mon, Feb 12, 2024 at 08:07:36PM +0100, Patrick ZAJDA wrote:
> 
> 
> Le 12/02/2024 à 18:56, Jonathan Wiltshire a écrit :
> > package release.debian.org
> > tags 1063675 = bookworm pending
> > thanks
> > 
> > Hi,
> > 
> > The upload referenced by this bug report has been flagged for acceptance 
> > into the proposed-updates queue for Debian bookworm.
> > 
> > Thanks for your contribution!
> > 
> > Upload details
> > ==
> > 
> > Package: nvidia-graphics-drivers
> > Version: 525.147.05-6~deb12u1
> > 
> > Explanation: restore compatibility with newer Linux kernel builds; take 
> > over packages from nvidia-graphics-drivers-tesla; add new 
> > nvidia-suspend-common package
> > 
> So the update won't be available in bookworm-update and we must add
> proposed-update to our sources to be able to update to latest kernel?
> Or do I miss something?

It will be released in bookworm at the next point release, and all being
well earlier than that via bookworm-updates.

Testing of the packages through proposed-updates before then is
appreciated, as always.

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063742: nvidia-settings 525.147.05-1~deb12u1 flagged for acceptance

2024-02-12 Thread Jonathan Wiltshire
package release.debian.org
tags 1063742 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-settings
Version: 525.147.05-1~deb12u1

Explanation: also build for ppc64el



Bug#1055656: bookworm-pu: package ms-gsl/4.0.0-2+deb12u1

2024-02-12 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Thu, Nov 09, 2023 at 09:00:09PM +0300, Nicholas Guriev wrote:
> [ Reason ]
> The libmsgsl-dev package in stable is currently incompatible with std::variant
> from GNU's libstdc++. To solve this issue, I propose a patch adding 
> conditional
> noexcept for the gsl::not_null template constructors.

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1

2024-02-12 Thread Jonathan Wiltshire
Control: tag -1 moreinfo

On Sun, Oct 29, 2023 at 10:16:25PM +0100, Valentin Vidic wrote:
> diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst
> --- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.0 +0100
> +++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.0 +0100
> @@ -0,0 +1,46 @@
> +#!/bin/sh
> +# postinst script for crmsh
> +#
> +# see: dh_installdeb(1)
> +
> +set -e
> +
> +# summary of how this script can be called:
> +#*  `configure' 
> +#*  `abort-upgrade' 
> +#*  `abort-remove' `in-favour' 
> +#  
> +#*  `abort-deconfigure' `in-favour'
> +#`removing'
> +#   
> +# for details, see http://www.debian.org/doc/debian-policy/ or
> +# the debian-policy package
> +#
> +
> +case "$1" in
> +configure)
> +mkdir -p /var/log/crmsh
> +chown hacluster:haclient /var/log/crmsh
> +chmod 0775 /var/log/crmsh
> +
> +touch /var/log/crmsh/crmsh.log
> +chown hacluster:haclient /var/log/crmsh/crmsh.log
> +chmod 0664 /var/log/crmsh/crmsh.log
> +;;

This will happen on every package update, no? What if the local
administrator has set other properties on the log file (e.g. to allow other
users to read it)?


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063736: snort removal from bullseye (Re: Bug#1063736: RM: snort -- RoQA; security issues, unmaintained)

2024-02-12 Thread Jonathan Wiltshire
On Mon, Feb 12, 2024 at 09:24:47AM +, Holger Levsen wrote:
> hi,
> 
> On Sun, Feb 11, 2024 at 09:44:18PM +, Jonathan Wiltshire wrote:
> > Requested by security team. Not in stable or testing.
> 
> once this has happened we should communicate this to our users via
> debian-security-upload to bullseye.

Looping in security in case security support should be withdrawn earlier.
(The removal won't happen until the next and final point release.)

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-12 Thread Jonathan Wiltshire
On Mon, Feb 12, 2024 at 12:37:44AM +0100, Andreas Beckmann wrote:
> On 11/02/2024 21.36, Salvatore Bonaccorso wrote:
> > If I can add a comment: I (but note I'm not wearing a
> > nvidia-graphics-drivers maintainer hat) would support that, as there
> > are enough people affected by this. This is quite unfortunate and I'm
> > open to hear ideas how we can try to avoid such fallouts.
> 
> I was aware of the bug (#1062932) but not of the fact a point release was
> upcoming. Even if I had been aware of the point release I'm not sure if I
> had realized the impact of this bug to make me yell ;-)
> Perhaps once point release dates have been choosen, this could be announced
> to d-d-a@ as well.
> I'm not following debian-release@ ... -ENOTIME

The point release dates go to debian-stable-annou...@lists.debian.org which
is very low traffic. But I agree it's likely that it would have been a
hidden problem anyway.

> > As you know we are strictly following upstream stable series (and
> > trying our best to keep an eye on as well regression reports upstream,
> > but OOT modules are not explicitly tested, so neither the nvidia ones)
> 
> Are autopkgtests being run for proposed-updates? That should have shown the
> issue.
> 
> It was unfortunate that this upstream backported change appeared in
> proposed-updates first and in sid only a few days later. And the
> metapackages from linux-signed-amd64 are still depending on the version
> before this change was introduced ... so I only could reproduce the issue
> (and verify fixes) manually. (The module build test done during the package
> build did not use the regressing headers.)
> 
> Then I had to spent quite some time verifying that the issue only happened
> on amd64 and since the 460 series (despite of ppc64el having even more calls
> to pfn_valid() dating back to the 418 series).
> 
> Andreas
> 
> PS: @Salvatore: Looking forward to see some linux 6.8 packages in
> experimental s.t. I can throw them in my module build chroot to see what
> breaks next :-) Or do you already have some early build available somewhere
> while experimental is still preparing 6.7?

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: nvidia-graphics-drivers 525.147.05-6~deb12u1 flagged for acceptance

2024-02-12 Thread Jonathan Wiltshire
package release.debian.org
tags 1063675 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-graphics-drivers
Version: 525.147.05-6~deb12u1

Explanation: restore compatibility with newer Linux kernel builds; take over 
packages from nvidia-graphics-drivers-tesla; add new nvidia-suspend-common 
package



Bug#1063742: bookworm-pu: package nvidia-settings/525.147.05-1~deb12u1

2024-02-11 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sun, Feb 11, 2024 at 11:52:14PM +0100, Andreas Beckmann wrote:
> [ Reason ]
> In order to enable building src:nvidia-graphics-drivers for ppc64el
> (part of the unification with src:nvidia-graphics-drivers-tesla), we
> also need to enable building src:nvidia-settings for ppc64el, otherwise
> we get some unsatisfiable dependency.
> (I'm not trying some magic to use nvidia-settings-tesla which is already
> built for ppc64el to satisfy that dependency.)

Agreed. Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063737: bookworm-pu: package nvidia-graphics-drivers-tesla-470/470.223.02-4~deb12u1

2024-02-11 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sun, Feb 11, 2024 at 11:16:13PM +0100, Andreas Beckmann wrote:
> [ Reason ]
> 1) A backported (by upstream) change in Linux 6.1.76 (included in
> today's point release) broke compilation of the non-free nvidia kernel
> module. A patched version of the driver is available in sid.
> 
> 2) After merging src:nvidia-graphics-drivers-tesla into
> src:nvidia-graphics-drivers (PU request for src:nvidia-graphics-drivers
> is already approved), the nvidia-cuda-mps package will be built from
> src:nvidia-graphics-drivers, so stop building it here.

Please go ahead.

Thanks,



-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-11 Thread Jonathan Wiltshire
On Sun, Feb 11, 2024 at 09:36:02PM +0100, Salvatore Bonaccorso wrote:
> If I can add a comment: I (but note I'm not wearing a
> nvidia-graphics-drivers maintainer hat) would support that, as there
> are enough people affected by this. This is quite unfortunate and I'm
> open to hear ideas how we can try to avoid such fallouts.

Yes, I've been watching the trickle of bugs being merged. As soon as
Andreas has chance to upload I'll get it out via stable-updates and an SUA
issued.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1063736: RM: snort -- RoQA; security issues, unmaintained

2024-02-11 Thread Jonathan Wiltshire
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: rm

Requested by security team. Not in stable or testing.



Bug#1063675: bookworm-pu: package nvidia-graphics-drivers/525.147.05-6~deb12u1

2024-02-10 Thread Jonathan Wiltshire
Control: tag -1 confirmed

On Sat, Feb 10, 2024 at 11:00:58PM +0100, Andreas Beckmann wrote:
> [ Reason ]
> 1) A backported (by upstream) change in Linux 6.1.76 (included in
> today's point release) broke compilation of the non-free nvidia kernel
> module. A patched version of the driver is available in sid.
> 
> 2) In order to simplify future maintenance of the many Nvidia driver
> packages (also in stable and oldstable) I'm going to remove the
> distinction between "normal" and "Tesla" drivers (they were at the
> same version in stable anyway). The Tesla specific bits
> (src:nvidia-graphics-drivers-tesla) will be merged into
> src:nvidia-graphics-drivers (that mainly means addition of the ppc64el
> architecture to these packages, and building some binary packages from
> src:nvidia-graphics-drivers instead: nvidia-powerd, nvidia-cuda-mps).
> nvidia-detect has been updated, too, as it no longer needs to
> distinguish the Tesla variants.
> There will be one further update to src:nvidia-graphics-drivers-tesla
> in stable that turns these packages into transitional packages depending
> on their counterparts from src:nvidia-graphics-drivers. (Separate PU
> request upcoming.)
> There will also be a PU request for nvidia-settings, as we need to
> enable building that on ppc64el. (The src:nvidia-settings-tesla package
> will then become obsolete.)
> 
> 3) In order to better integrate the nvidia driver with the system power
> management, a new package nvidia-suspend-common is being introduced
> which properly ships and enables some systemd units that were previously
> only being shipped as examples. These power management changes are an
> enhancement for the 525 series, but seem to be required in the 535
> series. (We will have to switch to the 535 LTSB series in stable soon,
> as 525 has reached EoL. 535 will be supported till mid 2026, so that will
> be the last driver branch switch for bookworm.)
> nvidia-suspend-common was already prepared in the previous pu update,
> but not yet enabled on stable as it hadn't undergone enough testing. As
> no new issues have popped up on sid, I'm confident to enable this in
> stable now.

Please go ahead. Is this something we should release early through
stable-updates, given the breakage is caused by a point release?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055966: bookworm-pu: package openvpn-dco-dkms/0.0+git20230324-1+deb12u1 (or 0.0+git20231103-0+deb12u1?)

2024-02-10 Thread Jonathan Wiltshire
On Tue, Feb 06, 2024 at 10:02:20PM +0100, Bernhard Schmidt wrote:
> Hi Jonathan,
> 
> > On Tue, Nov 14, 2023 at 11:26:54PM +0100, Bernhard Schmidt wrote:
> > > [ Reason ]
> > > openvpn-dco-dkms packages an accelerator kernel module for OpenVPN 
> > > (OpenVPN
> > > data channel offload). There is one annoying bug tracked as Bug#1055809 
> > > where on
> > > heavily loaded TCP servers a refcount issue might occur and the module 
> > > will
> > > become unusable.
> > 
> > This request was approved but not uploaded in time for the previous point
> > release (12.5). Should it be included in 12.6, or should this request be
> > abandoned and closed?
> 
> Sorry, my bad, I'm getting old. I'm still interested.
> 
> Considering the version in unstable is currently
> 
> 0.0+git20231103-1
> 
> should the upload be versioned
> 
> 0.0+git20231103-0+deb12u1 (like originally proposed) or
> 0.0+git20231103-1~deb12u1

As originally proposed please. You're not backporting 0.0+git20231103-1
directly as far as I know, because you have intermediate changes which
should not be included (correct me if I'm wrong about that).

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1052455: RE: freetype 2.12.1+dfsg-5+deb12u1 makes chromium segfault at startup

2024-02-10 Thread Jonathan Wiltshire
On Sat, Feb 10, 2024 at 12:23:06AM +1100, Hugh McMaster wrote:
> Hi Jonathan,
> 
> On Wed, 7 Feb 2024 at 04:47, Jonathan Wiltshire wrote:
> 
> > What's your plan at this point? We have skipped this update in two point
> > releases now and it needs a resolution.
> 
> 
> Thanks for following up. I’d actually forgotten about this.
> 
> I’d still like to disable the incomplete and incompatible COLRv1 support in
> Bookworm’s FreeType library.
> 
> The additional patch Ben Wagner identified is required.
> 
> Chromium seems to have fixed the bug we encountered last year, as I tested
> a build of FreeType as originally submitted and had no issues.
> 
> To avoid any surprises though, we should add the extra patch.
> 
> When is the next point release scheduled for?

It isn't yet, but the normal candence is approximately every two months.
You need to allow plenty for time for review and testing though. Please
propose a source debdiff as usual.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1049982: bullseye-pu: package riemann-c-client/1.10.4-2+b2

2024-02-10 Thread Jonathan Wiltshire
On Fri, Feb 09, 2024 at 06:48:34PM -1000, Romain Tartière wrote:
> Hi Jonathan,
> 
> On Tue, Feb 06, 2024 at 05:59:10PM +, Jonathan Wiltshire wrote:
> > This request was approved but not uploaded in time for the previous point
> > releases (11.8 and 11.9). Should it be included in 11.10, or should this
> > request be abandoned and closed?
> 
> I am not sure about the process, but AFAIK there is nothing more I can
> do and I have to wait for a Debian committer to push it so that the
> fixed version is available to all Debian users.
> 
> As far as I am concerned, I am still very interested in seeing the fixed
> version shipped in Debian!
> 
> In case I missed something and the ball is in my court, please point me
> to the next move because I obviously missed it!

It's your responsibility to upload (or find a sponsor for) the package
incorporating the approved changes. Once that's done it can be reviewed and
accepted by SRMs.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1043412: bookworm-pu: package quicktext/5.6

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Sun, Aug 27, 2023 at 02:37:30PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Thu, Aug 10, 2023 at 04:13:22PM +0200, Mechtilde Stehmann wrote:
> > This package is an extension to thunderbird. After thunderbird
> > will be updated to version 115.* in bookwork
> > it is necessary to update this extension too.
> 
> Thunderbird is not 115 in bookworm at present, and I'm not aware of
> currently plans for that to change. Have I missed something?

I guess it is now; do you still intend to update this package in bookworm
to suit?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1055966: bookworm-pu: package openvpn-dco-dkms/0.0+git20230324-1+deb12u1 (or 0.0+git20231103-0+deb12u1?)

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Tue, Nov 14, 2023 at 11:26:54PM +0100, Bernhard Schmidt wrote:
> [ Reason ]
> openvpn-dco-dkms packages an accelerator kernel module for OpenVPN (OpenVPN
> data channel offload). There is one annoying bug tracked as Bug#1055809 where 
> on
> heavily loaded TCP servers a refcount issue might occur and the module will
> become unusable.


This request was approved but not uploaded in time for the previous point
release (12.5). Should it be included in 12.6, or should this request be
abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1049988: bookworm-pu: package riemann-c-client/1.10.4-2

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Thu, Aug 17, 2023 at 01:01:01PM -1000, Romain Tartière wrote:
> [ Reason ]
> Due to improper return value checks, when communicating with a remote
> server over TLS riemann-c-client sometimes send the same data fragment
> multiple times, resulting in the server receiving a malformed payload.
> 
> This happen with all versions of TLS, but TLS 1.3 trigger this bad
> behaviour more often.  With more and more services using TLS 1.3, this
> problem is more and more prevalent.
> 
> [ Impact ]
> When the client send a large payload over TLS faster than the network
> can send it, the improper return value checks cause portions of that
> data to be send multiple times to the server.  When the transfer
> eventually finish, the server detect that the payload is invalid and
> drop the connection.  The client will then reconnect and retry the
> transfer that might fail again and again.
> 
> Beside error messages in the server logs, these data corrupt data
> transfer cause an unexpectedly hight bandwidth usage.

This request was approved but not uploaded in time for the previous point
release (12.5). Should it be included in 12.6, or should this request be
abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote:
> We would like to upload the latest stable point release of ovn 23.03
> to bookworm-p-u. Stable release branches are maintained upstream with
> the intention of providing bug fixes only and no compatibility
> breakages, and with automated non-trivial CI jobs that also cover
> Debian and Ubuntu.
> 
> Debdiff attached. Packaging updated with gbp/salsa config for new
> bookworm stable branch and in-flight patches to fix an issue with
> unnecessary logging breaking one of the tests introduced in the point
> release.

This request was approved but not uploaded in time for the previous point
release (12.5). Should it be included in 12.6, or should this request be
abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Tue, Jan 16, 2024 at 08:30:52AM +, Daniel Markstedt wrote:
> 2024年1月16日 (火) 02:53, Adam D. Barratt 
> <[a...@adam-barratt.org.uk](mailto:2024年1月16日 (火) 02:53, Adam D. Barratt < href=)> 送信:
> 
> > Control: tags -1 + moreinfo
> >
> > On Sun, 2024-01-14 at 06:23 +, Daniel Markstedt wrote:
> >> CVE-2022-22995
> >> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
> >>
> >> The attached patch can be applied to Debian oldstable to address the
> >> vulnerability.
> >>
> >
> > In order to approve an upload, we need to see a full source debdiff of
> > the proposed new package, not just the isolated patch. Please remove
> > the moreinfo tag when providing that.
> 
> Adam, thanks for following up on this request.
> I will work on a debdiff when I’m back home this coming weekend.
> Right now I’m working offsite without access to a personal computer.

Ping? It's now too late for 11.9 but your request can be considered for
11.10 if you send a debdiff.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057107: bullseye-pu: package libssh2/1.9.0-2

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Tue, Dec 19, 2023 at 07:52:02PM -0500, Nicolas Mora wrote:
> Hello,
> 
> Thank you for the feedback, the new attached debdiff should fix these.

Sorry, your message was not seen in time for 11.9 because the request is
still tagged moreinfo. It will be considered for 11.10.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1049982: bullseye-pu: package riemann-c-client/1.10.4-2+b2

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Thu, Aug 17, 2023 at 10:17:48AM -1000, Romain Tartière wrote:
> [ Reason ]
> Due to improper return value checks, when communicating with a remote
> server over TLS riemann-c-client sometimes send the same data fragment
> multiple times, resulting in the server receiving a malformed payload.
> 
> This happen with all versions of TLS, but TLS 1.3 trigger this bad
> behaviour more often.  With more and more services using TLS 1.3, this
> problem is more and more prevalent.
> 
> 
> [ Impact ]
> When the client send a large payload over TLS faster than the network
> can send it, the improper return value checks cause portions of that
> data to be send multiple times to the server.  When the transfer
> eventually finish, the server detect that the payload is invalid and
> drop the connection.  The client will then reconnect and retry the
> transfer that might fail again and again.
> 
> Beside error messages in the server logs, these data corrupt data
> transfer cause an unexpectedly hight bandwidth usage.

This request was approved but not uploaded in time for the previous point
releases (11.8 and 11.9). Should it be included in 11.10, or should this
request be abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1025518: bullseye-pu: package capnproto/0.7.1-1+deb11u1

2024-02-06 Thread Jonathan Wiltshire
On Tue, Jul 25, 2023 at 10:19:50PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
> 
> On Mon, Dec 05, 2022 at 11:22:51PM -0800, tony mancill wrote:
> > As the upstream author notes in [3], the issue is present in inlined
> > code, thus applications built against capnproto must be rebuilt against
> > the patched version.
> 
> This doesn't immediately make any of us enthusiastic, it has to be said...
> Can we get the proposed debdiff at least please?
> 
> The hazards are:
>  - ftbfs in the rdeps in stable
>  - much reduced testing of proposed-updates vs. for example sid/testing
> 
> > The issue for unstable and bookworm is being addressed via an
> > upload to experimental [4] and a subsequent transition [5].  Easy
> > enough...
> > 
> > For stable (and old-stable), we need to introduce 0.7.1, a new upstream
> > version that generates a (new) libcapnp-0.7.1 binary package to address
> > the vulnerability.  Once those are present in the archive, we can
> > trigger rebuilds of the reverse dependencies.  At this time I am asking
> > for bullseye.
> > 
> > [ Reason ]
> > This is to address CVE-2022-46149 [1].
> > 
> > [ Impact ]
> > Packages built with capnproto in bullseye will remain potentially
> > vulnerable to the CVE.
> > 
> > [ Tests ]
> > I have built the package in a clean bullseye chroot and then used ratt to
> > rebuilt the (8) bullseye r-deps:
> > 
> > - clickhouse_18.16.1+ds-7.2
> > - harvest-tools_1.3-6
> > - laminar_1.0-3
> > - librime_1.6.1+dfsg1-1
> > - mash_2.2.2+dfsg-2
> > - mir_1.8.0+dfsg1-18
> > - rr_5.4.0-2
> > - sonic-visualiser_4.2-1
> 
> laminar in particular doesn't seem to have much maintainer attention. If
> there are problems with the rdeps on rebuild are you going to be in a
> position to resolve them?
> 
> > [ Risks ]
> > The upstream author has stated that there are no known vulnerable
> > applications, yet advises that all capnproto users rebuild their
> > applications using patched versions of capnproto.
> 
> An abundance of caution? Otherwise the statements seem at odds with each
> other.
> 
> > If this is not amenable to stable-proposed-updates, would you recommend
> > backports?
> 
> I'm not sure a transition in backports is going to be well received either.
> Let's start with the debdiff and at least know what we're looking at.

Ping?

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057084: bullseye-pu: package nvidia-graphics-drivers-tesla-450/450.248.02-4~deb11u1

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Wed, Nov 29, 2023 at 02:38:08PM +0100, Andreas Beckmann wrote:
> [ Reason ]
> The Tesla 450 driver series has reached End of Life. I'd like to turn it
> into transitional packages to ease switching to the Tesla 470 driver
> series. We did the same with the Tesla 460 series after that reached EoL
> last year. The 470 series supports a superset of GPUs, so this switch is
> not a regression in terms of supported devices or features.

This request was approved but not uploaded in time for the previous point
release (11.9). Should it be included in 11.10, or should this request be
abandoned and closed?



-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1037188: bullseye-pu: package git/2.30.2-1+deb11u3

2024-02-06 Thread Jonathan Wiltshire
Hi,

On Sun, Oct 08, 2023 at 01:05:24PM +0100, Jonathan Wiltshire wrote:
> On Thu, Jul 27, 2023 at 03:52:52PM +0200, Andreas Beckmann wrote:
> > Control: tag -1 - moreinfo
> > 
> > On 08/07/2023 19.25, Adam D. Barratt wrote:
> > > It looks like not all of the postinst was removed - was that
> > > intentional? It's presumably harmless, but now leads to a lintian
> > > warning, which is why I noticed. :-)
> > 
> > That git-el.postinst code was already removed by
> >   c4b054cf0e debian: drop support for upgrades from pre-1.7.9.5 versions
> > (Mon Dec 28 20:13:48 2020 -0800)
> > and I missed the opportunity to simply delete the whole file when I
> > backported
> >   67b73aadeb debian: remove git-el package (Mon May 31 15:03:12 2021 -0700).
> > The remaining bits should be harmless (it's a postinst script for a package
> > no longer in d/control), but if you prefer, I can reupload with the cruft
> > bits removed, too. Should save a few brain cycles on future updates ;-)
> 
> Yes please; I'll reject the existing upload in a moment so you can re-use
> the version.

There hasn't been any movement on this bug for the previous point release
11.8 nor the frozen 11.9. Should it be included in 11.10, or should this
request be abandoned and closed?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1029008: Bug#1009879: security update needed for pypdf2 in bullseye (CVE-2022-24859)?

2024-02-06 Thread Jonathan Wiltshire
Control: close -1

Hi,

On Tue, Jul 25, 2023 at 10:26:06PM +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> Hi,
> 
> On Mon, Jan 16, 2023 at 07:41:21AM +0100, László Böszörményi wrote:
> > On Mon, Jan 16, 2023 at 6:38 AM Salvatore Bonaccorso  
> > wrote:
> > > On Sun, Jan 15, 2023 at 04:57:24PM -0500, Daniel Kahn Gillmor wrote:
> > > > I was looking into CVE-2022-24859 and pypdf2, and trying to figure out
> > > > whether the version in bullseye is still vulnerable, as it appears to be
> > > > according to the security tracker:
> > [...]
> > > It is still unfixed in bullseye TTBOMK, but would not warrant a DSA.
> >  Indeed, it's not yet fixed for Bullseye and doesn't warrant a DSA as
> > the max impact is an infinite loop in the user's own process.
> > 
> > > Can you propose a fix for it with cherry-picking the pull request
> > > changes for the next bullseye point release?
> >  Correct, it needs to go via Bullseye point update. I attached the
> > short change which has the original commit as Salvatore noted.
> 
> Either of the proposed diffs is fine; please go ahead.

This package has not been uploaded in time for two consecutive point
releases now, so I am closing the request.

Thanks,
-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1023740: bullseye-pu: package python-scciclient/0.8.0-2

2024-02-06 Thread Jonathan Wiltshire
Control: close -1

On Wed, Nov 09, 2022 at 01:00:15PM +0100, Thomas Goirand wrote:
> [ Reason ]
> This patch fixes the lack of TLS verification with scciclient.
> 
> [ Impact ]
> Man in the middle attack is possible without this patch.

This package has not been uploaded in time for two consecutive point
releases now, so I am closing the request.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1052455: RE: freetype 2.12.1+dfsg-5+deb12u1 makes chromium segfault at startup

2024-02-06 Thread Jonathan Wiltshire
Control: tag -1 moreinfo

Hi,

On Fri, Sep 29, 2023 at 12:22:41AM +1000, Hugh McMaster wrote:
> After discussing the timing of Debian 12.2 with a release manager, I’ll
> revert the change shortly.
> 

What's your plan at this point? We have skipped this update in two point
releases now and it needs a resolution.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1057089: usrmerge 37~deb12u1 flagged for acceptance

2024-01-15 Thread Jonathan Wiltshire
package release.debian.org
tags 1057089 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: usrmerge
Version: 37~deb12u1

Explanation: clean up biarch directories when not needed; don't run 
convert-etc-shells again on converted systems; handle mounted /lib/modules on 
Xen systems; improve error reporting; add versioned conflicts with libc-bin, 
dhcpcd, libparted1.8-10 and lustre-utils



Bug#1054446: wolfssl 5.5.4-2+deb12u1 flagged for acceptance

2024-01-15 Thread Jonathan Wiltshire
package release.debian.org
tags 1054446 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: wolfssl
Version: 5.5.4-2+deb12u1

Explanation: fix security issue when client sent neither PSK nor KSE extensions 
[CVE-2023-3724]



Bug#1060689: libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u1 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1060689 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libspreadsheet-parsexlsx-perl
Version: 0.27-2.1+deb11u1

Explanation: fix possible memory bomb [CVE-2024-22368]



Bug#1060688: libspreadsheet-parsexlsx-perl 0.27-3+deb12u1 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1060688 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libspreadsheet-parsexlsx-perl
Version: 0.27-3+deb12u1

Explanation: fix possible memory bomb [CVE-2024-22368]



Bug#1060433: apktool 2.7.0+dfsg-6+deb12u1 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1060433 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: apktool
Version: 2.7.0+dfsg-6+deb12u1

Explanation: prevent arbitrary file writes with malicious resource names 
[CVE-2024-21633]



Bug#1056358: needrestart 3.6-4+deb12u1 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1056358 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: needrestart
Version: 3.6-4+deb12u1

Explanation: fix microcode check regression on AMD CPUs



Bug#1053816: nftables 0.9.8-3.1+deb11u2 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1053816 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: nftables
Version: 0.9.8-3.1+deb11u2

Explanation: fix incorrect bytecode generation



Bug#1037219: imagemagick 6.9.11.60+dfsg-1.3+deb11u2 flagged for acceptance

2024-01-14 Thread Jonathan Wiltshire
package release.debian.org
tags 1037219 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: imagemagick
Version: 6.9.11.60+dfsg-1.3+deb11u2

Explanation: various security fixes [CVE-2021-20241 CVE-2021-20243 
CVE-2021-20244 CVE-2021-20245 CVE-2021-20246 CVE-2021-20309 CVE-2021-3574 
CVE-2021-39212 CVE-2021-4219 CVE-2022-1114 CVE-2022-28463 CVE-2022-32545 
CVE-2022-32546]



Bug#1059694: filezilla 3.63.0-1+deb12u3 flagged for acceptance

2024-01-08 Thread Jonathan Wiltshire
package release.debian.org
tags 1059694 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: filezilla
Version: 3.63.0-1+deb12u3

Explanation: prevent 'Terrapin' exploit [CVE-2023-48795]



Bug#1059693: filezilla 3.52.2-3+deb11u1 flagged for acceptance

2024-01-08 Thread Jonathan Wiltshire
package release.debian.org
tags 1059693 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: filezilla
Version: 3.52.2-3+deb11u1

Explanation: prevent 'Terrapin' exploit [CVE-2023-48795]



Bug#1059677: libpod 3.0.1+dfsg1-3+deb11u5 flagged for acceptance

2023-12-30 Thread Jonathan Wiltshire
package release.debian.org
tags 1059677 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libpod
Version: 3.0.1+dfsg1-3+deb11u5

Explanation: fix incorrect handling of supplementary groups [CVE-2022-2989]



Bug#1056935: libde265 1.0.11-0+deb11u2 flagged for acceptance

2023-12-30 Thread Jonathan Wiltshire
package release.debian.org
tags 1056935 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: libde265
Version: 1.0.11-0+deb11u2

Explanation: fix segmentation violation in the function 
decoder_context::process_slice_segment_header [CVE-2023-27102]; fix heap buffer 
overflow in the function derive_collocated_motion_vectors [CVE-2023-27103]; fix 
buffer over-read in pic_parameter_set::dump [CVE-2023-43887]; fix buffer 
overflow in the slice_segment_header function [CVE-2023-47471]



Bug#1059656: bookworm-pu: package espeak-ng/1.51+dfsg-10+deb12u1

2023-12-30 Thread Jonathan Wiltshire
Control: tag -1 d-i moreinfo

On Fri, Dec 29, 2023 at 09:54:57PM +0100, Samuel Thibault wrote:
> [ Reason ]
> This upload provides fixes for CVEs. They are not a regression over
> oldstable.
> 
> [ Impact ]
> Blind users using the espeak-ng speech synthesis might be at risk when
> e.g. reading a webpage that contains the CVE triggers.
> 
> [ Tests ]
> CVE tests are getting added in the patch.
> 
> [ Risks ]
> The code is relatively simple, comes from upstream, and has been in
> testing since December 24th.

Sorry, I hadn't spotted the udeb. d-i ack required.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1059656: bookworm-pu: package espeak-ng/1.51+dfsg-10+deb12u1

2023-12-30 Thread Jonathan Wiltshire
Control: tag -1 confirmed

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1059694: bookworm-pu: package filezilla/filezilla_3.63.0-1+deb12u3

2023-12-30 Thread Jonathan Wiltshire
Control: tag -1 confirmed

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1059693: bullseye-pu: package filezilla/filezilla_3.52.2-3+deb11u1

2023-12-30 Thread Jonathan Wiltshire
Control: tag -1 confirmed

Pleae go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1054189: bullseye-pu: package debian-security-support/1:11+2023.10.17

2023-12-29 Thread Jonathan Wiltshire
On Fri, Dec 22, 2023 at 03:58:15PM +, Holger Levsen wrote:
> On Thu, Dec 21, 2023 at 08:59:31PM +0000, Jonathan Wiltshire wrote:
> > > I've updated this update request for adding 3 more lines to
> > > security-support-ended.deb11 (and updating d/changelog)
> > Please go ahead.
> 
> thanks, uploaded.

In the past this package has been released early via stable-updates; is
that your intention this time, or can it wait until the next point release
expected in February?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1056738: minizip 1.1-8+deb11u1 flagged for acceptance

2023-12-29 Thread Jonathan Wiltshire
package release.debian.org
tags 1056738 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: minizip
Version: 1.1-8+deb11u1

Explanation: reject overflows of zip header fields [CVE-2023-45853]



Bug#1059230: Proposed Postfix SUA Text

2023-12-29 Thread Jonathan Wiltshire
On Thu, Dec 28, 2023 at 03:31:55PM -0500, Scott Kitterman wrote:
> Postfix is a High-performance mail transport agent.
> 
> Upstream published versions 3.5.23 and 3.7.9.
> 
> These are bug-fix releases. The changes are not currently required for 
> operation, but upstream strongly recommends that users update.
> 
> Changes since 3.5.18 and 3.7.6 currently in bullseye and bookworm include 
> fixes 
> for multiple implementation defects identified since these packages were last 
> updated, see debian/changelog for details.  Of particular note is a new 
> optional feature to prevent 'SMTP Smuggling' attacks.  It is disabled by 
> default.  A configuration change is required to enable this protection [1].
> 
> If you use postfix, we recommend that you install this update.
> 
> [1] https://www.postfix.org/smtp-smuggling.html

The important part is the CVE fix with config change requirement, no? How
about this, rephrasing to shift the emphasis:

| Postfix is a high-performance mail transport agent.
| 
| This update consists of recommended upstream bug fixes since the versions
| in bullseye and bookworm. In particular, a fix for CVE-2023-51764 (SMTP
| smuggling) requires a configuration change to take full effect.
| 
| The configuration change is not done automatically to avoid causing
| issues with existing installations. Users should consult the relevant
| Postfix documentation [1] before setting "smtpd_forbid_bare_newline = yes"
| in the main.cf file.
| 
|  1: https://www.postfix.org/smtp-smuggling.html

If you are able to comment before 13:00 UTC I can get it out this
afternoon.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1058938: onionprobe 1.0.0+ds-2.1+deb12u1 flagged for acceptance

2023-12-27 Thread Jonathan Wiltshire
package release.debian.org
tags 1058938 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: onionprobe
Version: 1.0.0+ds-2.1+deb12u1

Explanation: fix initialisation of Tor if using hashed passwords



Bug#1057280: gimp 2.10.22-4+deb11u2 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1057280 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: gimp
Version: 2.10.22-4+deb11u2

Explanation: remove old versions of separately packaged dds plugin



Bug#1054189: debian-security-support 11+2023.12.11 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1054189 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: debian-security-support
Version: 11+2023.12.11

Explanation: mark tor, consul and xen as end-of-life; limit samba support to 
non-AD DC use cases; match golang packages with regular expression; drop 
version-based checking



Bug#1059402: postfix 3.7.9-0+deb12u1 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1059402 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: postfix
Version: 3.7.9-0+deb12u1

Explanation: new upstream stable release; address SMTP smuggling issue 
[CVE-2023-51764]



Bug#1055349: python-websockets 8.1-1+deb11u1 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1055349 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: python-websockets
Version: 8.1-1+deb11u1

Explanation: fix predictable duration issue [CVE-2021-33880]



Bug#1054455: weborf 0.17-3+deb11u1 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1054455 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: weborf
Version: 0.17-3+deb11u1

Explanation: fix denial of service issue



Bug#1025789: wolfssl 4.6.0+p1-0+deb11u2 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1025789 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: wolfssl
Version: 4.6.0+p1-0+deb11u2

Explanation: fix buffer overflow issues [CVE-2022-39173 CVE-2022-42905], key 
disclosure issue [CVE-2022-42961], predictable buffer in input keying material 
[CVE-2023-3724]



Bug#1059343: libfirefox-marionette-perl 1.35-1+deb12u1 flagged for acceptance

2023-12-26 Thread Jonathan Wiltshire
package release.debian.org
tags 1059343 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libfirefox-marionette-perl
Version: 1.35-1+deb12u1

Explanation: fix compatibility with newer firefox-esr versions



Bug#1059344: bookworm-pu: package libdatetime-timezone-perl/1:2.60-1+2023d

2023-12-24 Thread Jonathan Wiltshire
On Sun, Dec 24, 2023 at 08:57:22PM +0100, gregor herrmann wrote:
> On Sun, 24 Dec 2023 16:19:07 +0000, Jonathan Wiltshire wrote:
> 
> > On Sat, Dec 23, 2023 at 01:36:11AM +0100, gregor herrmann wrote:
> > > I've uploaded libdatetime-timezone-perl/1:2.60-1+2023d to bookworm.
> > > As usual, it contains the tzdata data 2023d as a quilt patch.
> > Thanks. Should it and the bullseye one be released to stable-updates as
> > usual? Text along the lines of the previous SUA?
> 
> Thanks for asking!
> I didn't include this request this time, as the changes probably
> don't affect too many people and I thought that you might be busy with
> other things at this time of the year :)
> 
> But if it's not too much hassle (and without any time pressure
> whatsoever), having them in *-updates before the next point releases
> would be nice. And basing the wording of the announcements on the
> previous examples would be perfect.

Ok; the window for today has just closed so I'll sort it out in the next
couple of days and by then hopefully tzdata will also be ready.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1058938: bookworm-pu: package onionprobe/1.0.0+ds-2.1+deb12u1

2023-12-24 Thread Jonathan Wiltshire
On Sun, Dec 24, 2023 at 05:20:54PM +, Georg Faerber wrote:
> On 23-12-24 16:31:37, Jonathan Wiltshire wrote:
> > Something has gone wrong with your upload (a rebase maybe?):
> 
> The missing part of the changelog, as per the diff you sent, is
> currently not part of the git history, which is problematic, I guess.
> 
> So if my above assumption is correct, I'll ensure that's recorded in git
> accordingly, rebuild and upload again.
> 
> Jonathan, does the above make sense?

Yes. Just make sure you have the rejection email before you upload again
with the same version.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1



Bug#1059344: libdatetime-timezone-perl 2.60-1+2023d flagged for acceptance

2023-12-24 Thread Jonathan Wiltshire
package release.debian.org
tags 1059344 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libdatetime-timezone-perl
Version: 2.60-1+2023d

Explanation: update data to Olson database version 2023d (changes for 
Antarctica and Greenland)



Bug#1059235: fish 3.6.0-3.1+deb12u1 flagged for acceptance

2023-12-24 Thread Jonathan Wiltshire
package release.debian.org
tags 1059235 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: fish
Version: 3.6.0-3.1+deb12u1

Explanation: handle Unicode non-printing characters safely when given as 
command substitution [CVE-2023-49284]



Bug#1056969: swupdate 2022.12+dfsg-4+deb12u1 flagged for acceptance

2023-12-24 Thread Jonathan Wiltshire
package release.debian.org
tags 1056969 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: swupdate
Version: 2022.12+dfsg-4+deb12u1

Explanation: prevent acquiring root privileges through inappropriate socket mode



Bug#1054466: localslackirc 1.17-1.1+deb12u1 flagged for acceptance

2023-12-24 Thread Jonathan Wiltshire
package release.debian.org
tags 1054466 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: localslackirc
Version: 1.17-1.1+deb12u1

Explanation: send authorization and cookie headers to the websocket



  1   2   3   4   5   6   7   8   9   10   >