Processed: unblock: curl/7.88.1-6
Processing control commands: > affects -1 + src:curl Bug #1033273 [release.debian.org] unblock: curl/7.88.1-6 Added indication that 1033273 affects src:curl -- 1033273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033273 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033273: unblock: curl/7.88.1-6
Package: release.debian.org Control: affects -1 + src:curl X-Debbugs-Cc: c...@packages.debian.org User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: sergi...@debian.org, samuel...@debian.org Severity: normal Please unblock package curl We have two changes on unstable: 1) Curl's test suite now skips flaky tests and it's critical to the result of the build: This means we get a FTBFS if tests fails, considering curl has a very extensive test-suite (around 1600 tests) and that this will increase the reliability of our backporting of patches throughout stable, oldstable and oldoldstable (hello lts/elts), this is very important. 2) Add support to PEM certificates for libcurl3-nss: When working on having the improved test coverage, we noticed the possibility to fix this long-standing bug. Users of libcurl3-nss are now able to load PEM certificates (like from ca-certificates), which makes it easier to run a safer libcurl with nss. [ Reason ] Major improvements to tests and fix of a long-standing bug related to usage of NSS and PEM certificates. [ Impact ] Maintenance of curl will be much more reliable from now on as we have better test coverage with results which can't be ignored. [ Tests ] I've run at least 8 builds of the curl package in our buildd infrastructure and didn't spot any flaky tests left. Regarding the NSS + PEM change, curl's extensive unit tests passed. [ Risks ] More work and less reliability maintaining curl on trixie (for backporting patches, for example). [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] I would like 7.88.1-6 to migrate as soon as possible (it has been more than 10 days already) because I want to push 6 CVE fixes after this upload. I will also request for the CVE fixes to be unblocked but I would like this version to migrate first so it happens sooner (trying to avoid baking this for an extra 20 days). unblock curl/7.88.1-6 Thank you, -- Samuel Henrique curl_7.88.1-6.debdiff Description: Binary data
Bug#1031587: [request-tracker-maintainers] Bug#1031587: Handling of the request-tracker4 -> request-tracker5 transition in bookworm
Hi Dominic On 2023-02-27 15:50:05 +, Dominic Hargreaves wrote: > On Thu, Feb 23, 2023 at 04:54:33PM +0100, Paul Gevers wrote: > > Control: tags -1 moreinfo > > > > Hi, > > > > On 20-02-2023 13:09, Dominic Hargreaves wrote: > > > If the release team would be willing to grant an exception to the policy > > > to get this done, we can get this wrapped up inside a week I expect. > > > > Can you please confirm that everything is ready to do this? I.e. there is no > > "this should work but we haven't tested it" cases. If yes, then please > > upload the packages that involve new binaries to experimental and when those > > are passed NEW, ping this bug. If no surprises pop up, we'll grant an > > exception, but we want everything fully ready before doing so. > > Thanks, yep. We had planned out this transition and I feel confident > the rest of it will work out (worst case we need to drop a barely > used extension package somewhere). > > Andrew and I are working on this at the moment and will ping this bug > when it's fully staged. What's the status of this transition? Cheers -- Sebastian Ramacher
Bug#1033242: marked as done (unblock: nwchem/7.0.2-4)
Your message dated Mon, 20 Mar 2023 21:59:14 + with message-id and subject line unblock nwchem has caused the Debian Bug report #1033242, regarding unblock: nwchem/7.0.2-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033242: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: nwc...@packages.debian.org Control: affects -1 + src:nwchem Please unblock package nwchem [ Reason ] nwchem-mpich had a problem running over multiple nodes with mpich, discussed at https://github.com/nwchemgit/nwchem/issues/633 It was a problem in mpich which got fixed in mpich 4.0.3, but currently we have mpich 4.0.2. The workaround for nwchem is to set the environment variable ARMCI_USE_WIN_ALLOCATE=0 The need for this workaround is documented in a README.Debian, added in nwchem/7.0.2-4 [ Impact ] Without this patch, users may be unaware of the environment variable setting required to run nwchem over multiple nodes (with mpich) [ Tests ] This is a documentation update, no source changes, debci tests continue to pass (or fail on some arches as before, no regression) [ Risks ] Documentation update only. No source change. Negligible rish. [ Checklist ] [x ] all changes are documented in the d/changelog [x ] I reviewed all changes and I approve them [x ] attach debdiff against the package in testing unblock nwchem/7.0.2-4 diff -Nru nwchem-7.0.2/debian/changelog nwchem-7.0.2/debian/changelog --- nwchem-7.0.2/debian/changelog 2022-03-10 17:20:23.0 +0100 +++ nwchem-7.0.2/debian/changelog 2023-03-19 15:01:42.0 +0100 @@ -1,3 +1,13 @@ +nwchem (7.0.2-4) unstable; urgency=medium + + * Team upload. + * create nwchem-mpich.README.Debian to document the need to use +ARMCI_USE_WIN_ALLOCATE=0 when running nwchem with MPICH 4.0.2 +(binary nwchem.mpich, fixed in mpich 4.0.3). +See upstream Issue#633. + + -- Drew Parsons Sun, 19 Mar 2023 15:01:42 +0100 + nwchem (7.0.2-3) unstable; urgency=medium * Team upload. diff -Nru nwchem-7.0.2/debian/nwchem-mpich.README.Debian nwchem-7.0.2/debian/nwchem-mpich.README.Debian --- nwchem-7.0.2/debian/nwchem-mpich.README.Debian 1970-01-01 01:00:00.0 +0100 +++ nwchem-7.0.2/debian/nwchem-mpich.README.Debian 2023-03-19 15:01:42.0 +0100 @@ -0,0 +1,38 @@ +Running NWChem with MPICH +- + +tldr: + set ARMCI_USE_WIN_ALLOCATE=0 when running nwchem.mpich + + +When nwchem.mpich is run over multiple processes, it may give an error +e.g. on 2 processes + + iter energy gnorm gmax time + - --- - - + 1 -75.9473154351 8.06D-01 3.50D-01 0.2 + ga_iter_lsolve: convergence stagnant ... aborting solve + Increased level shift to 2.00 + ga_iter_lsolve: convergence stagnant ... aborting solve + + +or on 3 processes + + Symmetry analysis of molecular orbitals - initial + - + + sym_movecs_adapt: orbital10 negative proj. + 1.00D+00 -2.08D-05 -1.04D-05 -5.55D-17 + + sym_movecs_adapt: negative proj 0 + ... + For further details see manual section: No section for this category +[0] ARMCI Error: 0:sym_movecs_adapt: negative proj: +Abort(-1) on node 0 (rank 0 in comm 496): application called MPI_Abort(comm=0x8402, -1) - process 0 + + +When this happens, the fix is to set the environment variable + + ARMCI_USE_WIN_ALLOCATE=0 + +For more discussion, see https://github.com/nwchemgit/nwchem/issues/633 --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1033188: marked as done (unblock: thunderbird/1:102.9.0-1)
Your message dated Mon, 20 Mar 2023 21:59:12 + with message-id and subject line unblock thunderbird has caused the Debian Bug report #1033188, regarding unblock: thunderbird/1:102.9.0-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033188 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: thunderb...@packages.debian.org Control: affects -1 + src:thunderbird Please unblock package thunderbird [ Reason ] A new upstream release of the Thunderbird ESR series did happen that fixes a few CVE vulnerabilities. [ Impact ] Debian testing/bullseye would stick with version 102.8.0. [ Tests ] Even if the autopkgtests are marked superficial the main test did show that Thunbderbird is able to start and is picking up the global settings from /etc/thunderbird. Besides that I tested the new version a lot on alocal basis. [ Risks ] We are in the middle of the ESR releases and upstream change are now a lot less deep and agressive than on a start of a new ESR series. stable-security and also oldstable-security already are using 102.9.0 as actual version. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing (only for the debian/folder) [ Other info ] The modifications for the source are quite big as usual but are going in parallel with firefox-esr due the same sorce code base. Please see further down for a diff of the chnages on the debian side. Basically only the Standards-Version was changed. unblock thunderbird/1:102.9.0-1 $ git diff debian/1%102.8.0-1 debian/ diff --git a/debian/changelog b/debian/changelog index b1c0dd97102..340fa97407c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +thunderbird (1:102.9.0-1) unstable; urgency=medium + + * [ad8cc7c] New upstream version 102.9.0 +Fixed CVE issues in upstream version 102.9 (MFSA 2023-11): +CVE-2023-25751: Incorrect code generation during JIT compilation +CVE-2023-28164: URL being dragged from a removed cross-origin iframe +into the same tab triggered navigation +CVE-2023-28162: Invalid downcast in Worklets +CVE-2023-25752: Potential out-of-bounds when accessing throttled streams +CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 + * [b0a22c0] d/control: Increase Standards-Version to 4.6.2 +No further changes needed. + + -- Carsten Schoenert Wed, 15 Mar 2023 19:54:53 +0100 + thunderbird (1:102.8.0-1) unstable; urgency=medium * [b130936] New upstream version 102.8.0 diff --git a/debian/control b/debian/control index 13c0245e0c8..7f30678cab7 100644 --- a/debian/control +++ b/debian/control @@ -60,7 +60,7 @@ Vcs-Git: https://salsa.debian.org/mozilla-team/thunderbird.git -b debian/sid Vcs-Browser: https://salsa.debian.org/mozilla-team/thunderbird/commits/debian/sid/ Homepage: https://www.thunderbird.net/ X-Debian-Homepage: http://wiki.debian.org/Thunderbird -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Package: thunderbird Architecture: amd64 arm64 i386 mips64el ppc64el s390x ppc64 --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1033268: unblock: emacs/1:28.2+1-13
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: em...@packages.debian.org, Sean Whitton , j...@debian.org, car...@debian.org Control: affects -1 + src:emacs Hi release team members, Please unblock package emacs Sean might give some additional input if you need some additional information. Between 1:28.2+1-10 and 1:28.2+1-13 of emacs, there were security fixes for CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-27985 and CVE-2023-27986. CVE-2022-48337, CVE-2022-48338 and CVE-2022-48339 were covered as well in DSA-5360-1 for bullseye. Can you please unblock emacs/1:28.2+1-13 so we do not have regression for those fixes from bullseye to bookworm? (note the -13 entry has a off-by-one typo in one CVE identifier) Regards, Salvatore diff -Nru emacs-28.2+1/debian/.git-dpm emacs-28.2+1/debian/.git-dpm --- emacs-28.2+1/debian/.git-dpm2023-01-18 01:32:40.0 +0100 +++ emacs-28.2+1/debian/.git-dpm2023-03-14 21:30:28.0 +0100 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -595617abab6964ac0c6e617bae3d82692bf298b9 -595617abab6964ac0c6e617bae3d82692bf298b9 +4e6971c25c27c9a3f34cc69b51db894105362d08 +4e6971c25c27c9a3f34cc69b51db894105362d08 279b82e64e15b5e2df3cb522636c6db85a8ee659 279b82e64e15b5e2df3cb522636c6db85a8ee659 emacs_28.2+1.orig.tar.xz diff -Nru emacs-28.2+1/debian/changelog emacs-28.2+1/debian/changelog --- emacs-28.2+1/debian/changelog 2023-01-18 01:32:40.0 +0100 +++ emacs-28.2+1/debian/changelog 2023-03-14 21:30:28.0 +0100 @@ -1,3 +1,24 @@ +emacs (1:28.2+1-13) unstable; urgency=high + + * Cherry-pick upstream fixes for command injection vulnerabilities +(CVE-2023-27984, CVE-2023-27986) (Closes: #1032538). + + -- Sean Whitton Tue, 14 Mar 2023 13:30:28 -0700 + +emacs (1:28.2+1-12) unstable; urgency=medium + + * Fix memory leak in etags.c introduced by recent security fix. +Thanks to Adrian Bunk for identifying the issue. + + -- Sean Whitton Thu, 02 Mar 2023 12:21:19 -0700 + +emacs (1:28.2+1-11) unstable; urgency=high + + * Cherry-pick upstream fixes for command injection vulnerabilities +(CVE-2022-48337, CVE-2022-48338, CVE-2022-48339) (Closes: #1031730). + + -- Sean Whitton Wed, 22 Feb 2023 11:01:50 -0700 + emacs (1:28.2+1-10) unstable; urgency=medium * Fix copyright tests for 2023 onwards. Thanks to Mattias Engdegård for diff -Nru emacs-28.2+1/debian/patches/0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch emacs-28.2+1/debian/patches/0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch --- emacs-28.2+1/debian/patches/0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch 1970-01-01 01:00:00.0 +0100 +++ emacs-28.2+1/debian/patches/0020-Fix-htmlfontify.el-command-injection-vulnerability-C.patch 2023-03-14 21:30:28.0 +0100 @@ -0,0 +1,33 @@ +From 665489d7de786a61fa0c0883b9dffbc76487e37e Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Sat, 24 Dec 2022 16:28:54 +0800 +Subject: Fix htmlfontify.el command injection vulnerability (CVE-2022-48339) + +This upstream patch has been incorporated to fix the problem: + + Fix htmlfontify.el command injection vulnerability. + + * lisp/htmlfontify.el (hfy-text-p): Fix command injection + vulnerability. (Bug#60295) + +Origin: upstream, commit 807d2d5b3a7cd1d0e3f7dd24de22770f54f5ae16 +Bug: https://debbugs.gnu.org/60295 +Bug-Debian: https://bugs.debian.org/1031730 +Forwarded: not-needed +--- + lisp/htmlfontify.el | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el +index 115f67c9560..f8d1e205369 100644 +--- a/lisp/htmlfontify.el b/lisp/htmlfontify.el +@@ -1882,7 +1882,7 @@ hfy-make-directory + + (defun hfy-text-p (srcdir file) + "Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this." +- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir))) ++ (let* ((cmd (format hfy-istext-command (shell-quote-argument (expand-file-name file srcdir + (rsp (shell-command-to-stringcmd))) + (string-match "text" rsp))) + diff -Nru emacs-28.2+1/debian/patches/0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch emacs-28.2+1/debian/patches/0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch --- emacs-28.2+1/debian/patches/0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch 1970-01-01 01:00:00.0 +0100 +++ emacs-28.2+1/debian/patches/0021-Fix-ruby-mode.el-command-injection-vulnerability-CVE.patch 2023-03-14 21:30:28.0 +0100 @@ -0,0 +1,33 @@ +From 52fb40cf6a3c50c996cff79b0d4f81fc39c7badf Mon Sep 17 00:00:00 2001 +From: Xi Lu +Date: Fri, 23 Dec 2022 12:52:48 +0800 +Subject: Fix ruby-mode.el command injection vulnerability (CVE-2022-48338) + +This upstream patch has been incorporated to fix the problem: + + Fix ruby-mode.el local command injection vulnerability (bug#60268) + + *
Processed: unblock: emacs/1:28.2+1-13
Processing control commands: > affects -1 + src:emacs Bug #1033268 [release.debian.org] unblock: emacs/1:28.2+1-13 Added indication that 1033268 affects src:emacs -- 1033268: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033268 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033267: Upload ccache bookworm fix via testing-proposed-updates?
Package: release.debian.org Severity: normal [ Short version ] I prematurely uploaded ccache/4.8-1 to unstable to fix bug #1033191. I would like to get a more targeted fix into testing instead of that one. Would it be appropriate to use testing-proposed-updates for this, as suggested on the freeze policy page? [ Long version ] Ccache versions 4.7–4.7.4 by default enable a feature called the inode cache which shares information between processes via a memory mapped file, synchronized by pthread mutexes. Yesterday, a user reported that he is seeing ccache processes hanging on futex calls (related to the inode cache feature) on GitLab runners with Debian bookworm as well as other distributions using ccache 4.7.4. The inode cache synchronization mechanism was rewritten in ccache 4.8 to use spin locks, thus taking pthread mutexes out of the equation, so after reviewing the freeze policy page briefly I uploaded ccache/4.8-1 to improve the situation since ccache is a non-key package with good autopkgtests. Except I was wrong: ccache is apparently considered a key package, which I did not know. Also, in retrospect, I was too stressed and should definitely have made a more targeted fix. The user then submitted Debian bug #1033191 with severity serious. I agree that it would be unfortunate to ship ccache 4.7.4 in bookworm. Unless fixed, builds using ccache 4.7.4 (maybe in specific container environments such as GitLab runners with buggy kernels, maybe in other scenarios) risk getting stuck. For reference, I'm attaching the targeted fix I would like to make. -- Joel diff -Nru ccache-4.7.4/LICENSE.adoc ccache-4.7.5/LICENSE.adoc --- ccache-4.7.4/LICENSE.adoc 2022-11-21 19:53:32.0 +0100 +++ ccache-4.7.5/LICENSE.adoc 2023-03-20 20:47:12.0 +0100 @@ -35,7 +35,7 @@ Copyright (C) 2002-2007 Andrew Tridgell -Copyright (C) 2009-2022 Joel Rosdahl and other contributors +Copyright (C) 2009-2023 Joel Rosdahl and other contributors diff -Nru ccache-4.7.4/cmake/CcacheVersion.cmake ccache-4.7.5/cmake/CcacheVersion.cmake --- ccache-4.7.4/cmake/CcacheVersion.cmake 2022-11-21 19:53:32.0 +0100 +++ ccache-4.7.5/cmake/CcacheVersion.cmake 2023-03-20 20:47:12.0 +0100 @@ -22,7 +22,7 @@ # CCACHE_VERSION_ORIGIN is set to "archive" in scenario 1 and "git" in scenario # 3. -set(version_info "1527040bc2a278b9d3d51badb732ecf5841d8bb5 HEAD, tag: v4.7.4, origin/master, origin/HEAD, master") +set(version_info "9b1033f3ae534e5aad02c10f663b589b8f28c026 HEAD, tag: v4.7.5, origin/HEAD, origin/4.7-maint, 4.7-maint") set(CCACHE_VERSION "unknown") if(version_info MATCHES "^([0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f])[0-9a-f]* (.*)") diff -Nru ccache-4.7.4/debian/changelog ccache-4.7.5/debian/changelog --- ccache-4.7.4/debian/changelog 2022-11-21 20:40:46.0 +0100 +++ ccache-4.7.5/debian/changelog 2023-03-20 21:59:44.0 +0100 @@ -1,3 +1,10 @@ +ccache (4.7.5-1) unstable; urgency=medium + + * New upstream release 4.7.5, whose only change compared with 4.7.4 is +to disable the inode cache by default (closes: #1033191) + + -- Joel Rosdahl Mon, 20 Mar 2023 21:59:44 +0100 + ccache (4.7.4-1) unstable; urgency=medium * New upstream release 4.7.4 diff -Nru ccache-4.7.4/doc/MANUAL.adoc ccache-4.7.5/doc/MANUAL.adoc --- ccache-4.7.4/doc/MANUAL.adoc 2022-11-21 19:53:32.0 +0100 +++ ccache-4.7.5/doc/MANUAL.adoc 2023-03-20 20:47:12.0 +0100 @@ -756,7 +756,7 @@ If true, ccache will cache source file hashes based on device, inode and timestamps. This reduces the time spent on hashing include files since the -result can be resused between compilations. The default is true. The feature +result can be resused between compilations. The default is false. The feature requires <> to be located on a local filesystem of a supported type. + diff -Nru ccache-4.7.4/doc/NEWS.adoc ccache-4.7.5/doc/NEWS.adoc --- ccache-4.7.4/doc/NEWS.adoc 2022-11-21 19:53:32.0 +0100 +++ ccache-4.7.5/doc/NEWS.adoc 2023-03-20 20:47:12.0 +0100 @@ -1,5 +1,16 @@ = Ccache news +== Ccache 4.7.5 + +Release date: 2023-03-20 + +=== Bug fixes + +- Disabled the inode cache by default again since there have reports of ccache + processes hanging on futex calls related to the inode cache. + + [small]#_[contributed by Joel Rosdahl]_# + + == Ccache 4.7.4 Release date: 2022-11-21 diff -Nru ccache-4.7.4/src/Config.hpp ccache-4.7.5/src/Config.hpp --- ccache-4.7.4/src/Config.hpp 2022-11-21 19:53:32.0 +0100 +++ ccache-4.7.5/src/Config.hpp 2023-03-20 20:47:12.0 +0100 @@ -1,4 +1,4 @@ -// Copyright (C) 2019-2022 Joel Rosdahl and other contributors +// Copyright (C) 2019-2023 Joel Rosdahl and other contributors // // See doc/AUTHORS.adoc for a complete list of contributors. // @@ -181,7 +181,7 @@ bool m_hash_dir = true; std::string m_ignore_headers_in_manifest; std::string m_ignore_options; - bool m_inode_cache = true; +
Bug#1033229: marked as done (unblock: im-config/0.55-2)
Your message dated Mon, 20 Mar 2023 21:08:09 + with message-id and subject line unblock im-config has caused the Debian Bug report #1033229, regarding unblock: im-config/0.55-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033229 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-input-met...@lists.debian.org Please unblock package im-config. [ Reason ] The file /etc/xdg/autostart/im-launch.desktop had an Exec line which proved to be incompatible with the parser of systemd boot. That Exec line has therefore been simplified in im-config 0.55-2. [ Impact ] The issue resulted in im-config failing to start the IM framework, e.g. fcitx5, when logging in to a Plasma (Wayland) session. That's an annoyance which will be fixed with the version in unstable. [ Tests ] Manually installed the binary built by version 0.55-2 of the im-config source, and confirmed that the bug was fixed as expected. [ Risks ] The change is a targeted trivial fix to address the issue at hand. Can't think of any adverse side effects. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing -- Cheers, Gunnar Hjalmarssondiff --git a/debian/changelog b/debian/changelog index c5ae651c299c0765505947febdacd33e21490a5d..8f623fc6535339c94bee79c31ce9e891a888d3d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +im-config (0.55-2) unstable; urgency=medium + + * systemd boot compatible Exec line in im-launch.desktop +- Fixes issue with the IM framework not being started automatically + when logging in to a Plasma (Wayland) session (closes: #1033097). + + -- Gunnar Hjalmarsson Mon, 20 Mar 2023 11:47:27 +0100 + im-config (0.55-1) unstable; urgency=medium * Set GTK_IM_MODULE in GNOME on Xorg sessions (closes: #1031227) diff --git a/debian/patches/series b/debian/patches/series index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..6639a6d9c04ac850f554da420891f57a857f0275 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch diff --git a/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch b/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch new file mode 100644 index ..1f0fdbc2aeae3757dc77e9f5f673d12c663d8150 --- /dev/null +++ b/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch @@ -0,0 +1,55 @@ +From: Gunnar Hjalmarsson +Date: Mon, 20 Mar 2023 09:55:59 +0100 +Subject: systemd boot compatible Exec line in im-launch.desktop + +im-launch.desktop is autostarted, and the Exec line has up to now +contained a condition so /usr/bin/im-launch has only been started in +wayland sessions. + +However, as from KDE Plasma 5.25 systemd boot is enabled by default, +and that feature fails to parse the previous Exec line in +im-launch.desktop. An example consequence is that fcitx5 is not started +automatically at login to a KDE Plasma (Wayland) or Kubuntu (Wayland) +session. + +This commit fixes the issue by moving the mentioned condition from +im-launch.desktop to the top of /usr/bin/im-launch, resulting in an +Exec line simple enough for systemd boot to parse. + +Bug-KDE: https://bugs.kde.org/show_bug.cgi?id=455252 +Bug-Debian: https://bugs.debian.org/1033097 +Origin: https://salsa.debian.org/input-method-team/im-config/-/commit/5a979231 +--- + im-launch | 6 ++ + im-launch.desktop | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/im-launch b/im-launch +index 4845f92..721a24a 100755 +--- a/im-launch b/im-launch +@@ -13,6 +13,12 @@ if [ "x$1" = "x-h" ] || [ "x$1" = "x--help" ] || [ "x$1" = "x" ]; then + exit 1 + fi + ++if [ "$1" = 'true' ] && [ "$XDG_SESSION_TYPE" != 'wayland' ]; then ++# This program was autostarted, but was already run at the ++# start of an X session, so don't run it now too. ++exit 0 ++fi ++ + if [ "$IM_CONFIG_CHECK_ENV" = 1 ] && \ +[ "$IM_CONFIG_PHASE" = 1 ]; then + # If tweaked, keep hands off :-) +diff --git a/im-launch.desktop b/im-launch.desktop +index 7e3b624..e8d5e70 100644 +--- a/im-launch.desktop b/im-launch.desktop +@@ -1,6 +1,6 @@ + [Desktop Entry] + Name=im-launch +-Exec=sh -c 'if [
Bug#1033220: marked as done (unblock: postgresql-common/248)
Your message dated Mon, 20 Mar 2023 21:07:11 +
with message-id
and subject line unblock postgresql-common
has caused the Debian Bug report #1033220,
regarding unblock: postgresql-common/248
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1033220: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033220
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: postgresql-com...@packages.debian.org
Control: affects -1 + src:postgresql-common
Please unblock package postgresql-common.
The new version contains an updated translation and fixes a small
config file parsing issue.
[ Tests ]
The postgresql-common testsuite passes.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
(well, git diff)
unblock postgresql-common/248
Christoph
diff --git a/PgCommon.pm b/PgCommon.pm
index 783aa4c..e51d89e 100644
--- a/PgCommon.pm
+++ b/PgCommon.pm
@@ -340,8 +340,8 @@ sub set_conffile_value {
# of appending
if (!$found) {
for (my $i=0; $i <= $#lines; ++$i) {
- if ($lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)\w+\b((?:\s*#.*)?)/i or
- $lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)'[^']*'((?:\s*#.*)?)/i) {
+ if ($lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)\w+\b((?:\s*#.*)?)$/i or
+ $lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)'[^']*'((?:\s*#.*)?)$/i) {
$lines[$i] = "$1$2$value$3\n";
$found = 1;
last;
diff --git a/debian/changelog b/debian/changelog
index dbdbe2c..4a2306b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+postgresql-common (248) unstable; urgency=medium
+
+ [ Christoph Berg ]
+ * Update ro debconf translation, mulțumesc Remus-Gabriel Chelu!
+
+ [ Athos Ribeiro ]
+ * Fix set_conffile_value comment parsing regular expression.
+
+ -- Christoph Berg Tue, 14 Mar 2023 15:19:01 +0100
+
postgresql-common (247) unstable; urgency=medium
[ Christoph Berg ]
diff --git a/debian/po/ro.po b/debian/po/ro.po
index 5faa387..86d4d41 100644
--- a/debian/po/ro.po
+++ b/debian/po/ro.po
@@ -1,23 +1,30 @@
-# translation of templates.po to Romanian
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
+# Mesajele în limba română pentru pachetul postgresql-common.
+# translation of postgresql-common.po to Romanian
+# Copyright © 2008, 2023 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the postgresql-common package.
#
# Igor Stirbu , 2008.
+# Remus-Gabriel Chelu , 2023.
+# NOTĂ: la sugestia lui Daniel Șerbănescu, am vrut să traduc cluster(s) = grup(uri) de servere;
+# dar în textul mesajelor, nu rezultă foarte clar dacă cluster(s) = ca mai sus(grup de servere),
+# sau este vorba de baza/bazele de date ale acestora, sau decît directorul(ele) ce găzduiesc
+# aceste baze de date. Așa că le-am lăsat în românizatul cluster(e)/clusterul(ele). Scuze...
+#
msgid ""
msgstr ""
-"Project-Id-Version: templates\n"
+"Project-Id-Version: postgresql-common 246\n"
"Report-Msgid-Bugs-To: postgresql-com...@packages.debian.org\n"
"POT-Creation-Date: 2016-03-05 11:47+0100\n"
-"PO-Revision-Date: 2008-07-21 10:32+0300\n"
-"Last-Translator: Igor Stirbu \n"
+"PO-Revision-Date: 2023-02-12 18:02+0100\n"
+"Last-Translator: Remus-Gabriel Chelu \n"
"Language-Team: Romanian \n"
"Language: ro\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.11.4\n"
-"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
+"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
"20)) ? 1 : 2;\n"
+"X-Generator: Poedit 3.2.2\n"
#. Type: error
#. Description
@@ -31,38 +38,38 @@ msgstr "Versiunea majoră învechită ${old}"
#: ../postgresql-common.templates:1001
msgid ""
"The PostgreSQL version ${old} is obsolete, but the server or client packages "
-"are still installed. Please install the latest packages (postgresql-"
-"${latest} and postgresql-client-${latest}) and upgrade the existing "
-"${oldversion} clusters with pg_upgradecluster (see manpage)."
+"are still installed. Please install the latest packages (postgresql-${latest} "
+"and postgresql-client-${latest}) and upgrade the existing ${oldversion} "
+"clusters with pg_upgradecluster (see manpage)."
msgstr ""
"Versiunea PostgreSQL ${old} este învechită, dar
Bug#1033218: marked as done (unblock: ruby-kubeclient/4.9.3-2)
Your message dated Mon, 20 Mar 2023 21:05:27 + with message-id and subject line unblock ruby-kubeclient has caused the Debian Bug report #1033218, regarding unblock: ruby-kubeclient/4.9.3-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ruby-kubecli...@packages.debian.org Control: affects -1 + src:ruby-kubeclient Please unblock package ruby-kubeclient [ Reason ] Fixes ftbfs/rc bug #1032551 [ Impact ] package ftbfs [ Tests ] Upstream tests passed. [ Risks ] This was discussed with upstream and it is safe to ignore these failures. https://github.com/ManageIQ/kubeclient/issues/609 [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] unblock ruby-kubeclient/4.9.3-2 diff -Nru ruby-kubeclient-4.9.3/debian/changelog ruby-kubeclient-4.9.3/debian/changelog --- ruby-kubeclient-4.9.3/debian/changelog 2022-08-21 16:34:09.0 +0530 +++ ruby-kubeclient-4.9.3/debian/changelog 2023-03-20 12:34:36.0 +0530 @@ -1,3 +1,9 @@ +ruby-kubeclient (4.9.3-2) unstable; urgency=medium + + * Disable tests that checks expired certificates (Closes: #1032551) + + -- Pirate Praveen Mon, 20 Mar 2023 12:34:36 +0530 + ruby-kubeclient (4.9.3-1) unstable; urgency=medium [ vinay-keshava ] diff -Nru ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch --- ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch 1970-01-01 05:30:00.0 +0530 +++ ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch 2023-03-20 12:34:36.0 +0530 @@ -0,0 +1,16 @@ +These are expired certificates and regenrating them currently require creating +a k0s cluster. + +Forwarded: https://github.com/ManageIQ/kubeclient/issues/609 + +--- a/test/test_config.rb b/test/test_config.rb +@@ -232,7 +232,7 @@ + if custom_ca + # When certificates expire one way to recreate them is using a k0s single-node cluster: + # test/config/update_certs_k0s.rb +-assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert])) ++#assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert])) + end + else + assert_nil(context.ssl_options[:client_cert]) diff -Nru ruby-kubeclient-4.9.3/debian/patches/series ruby-kubeclient-4.9.3/debian/patches/series --- ruby-kubeclient-4.9.3/debian/patches/series 2022-08-21 16:34:09.0 +0530 +++ ruby-kubeclient-4.9.3/debian/patches/series 2023-03-20 12:34:36.0 +0530 @@ -1,2 +1,3 @@ remove-bundler.patch remove-git-in-gemspec.patch +disable-expired-certs-test.patch --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1033216: marked as done (unblock: ruby-globalid/0.6.0-2)
Your message dated Mon, 20 Mar 2023 21:04:08 +
with message-id
and subject line unblock ruby-globalid
has caused the Debian Bug report #1033216,
regarding unblock: ruby-globalid/0.6.0-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1033216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033216
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby-globa...@packages.debian.org
Control: affects -1 + src:ruby-globalid
Please unblock package ruby-globalid
[ Reason ]
Fixes CVE-2023-22799/#1029851
[ Impact ]
Security issue
[ Tests ]
Upstream test suite passing.
[ Risks ]
Patch backported from upstream and applies cleanly.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
unblock ruby-globalid/0.6.0-2
diff -Nru ruby-globalid-0.6.0/debian/changelog ruby-globalid-0.6.0/debian/changelog
--- ruby-globalid-0.6.0/debian/changelog 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/changelog 2023-03-19 17:58:06.0 +0530
@@ -1,3 +1,17 @@
+ruby-globalid (0.6.0-2) unstable; urgency=medium
+
+ * Team Upload
+
+ [ Debian Janitor ]
+ * Remove constraints unnecessary since buster (oldstable):
++ Build-Depends: Drop versioned constraint on ruby-activesupport.
+
+ [ Pirate Praveen ]
+ * Fix CVE-2023-22799 (Closes: #1029851)
+ * Bump Standards-Version to 4.6.2 (no changes needed)
+
+ -- Pirate Praveen Sun, 19 Mar 2023 17:58:06 +0530
+
ruby-globalid (0.6.0-1) unstable; urgency=medium
* Team upload.
diff -Nru ruby-globalid-0.6.0/debian/control ruby-globalid-0.6.0/debian/control
--- ruby-globalid-0.6.0/debian/control 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/control 2023-03-19 17:58:06.0 +0530
@@ -6,9 +6,9 @@
Build-Depends: debhelper-compat (= 13),
gem2deb,
rake,
- ruby-activesupport (>= 2:5.0),
+ ruby-activesupport,
ruby-rails
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
Vcs-Git: https://salsa.debian.org/ruby-team/ruby-globalid.git
Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-globalid
Homepage: https://github.com/rails/globalid
diff -Nru ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch
--- ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch 1970-01-01 05:30:00.0 +0530
+++ ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch 2023-03-19 17:58:06.0 +0530
@@ -0,0 +1,48 @@
+From 3bc4349422e60f2235876a59dd415e98b072eb2b Mon Sep 17 00:00:00 2001
+From: Aaron Patterson
+Date: Tue, 17 Jan 2023 13:32:28 -0800
+Subject: [PATCH] Fix ReDoS vulnerability in name parsing
+
+Thanks to @ooo_q for the patch!
+
+[CVE-2023-22799]
+---
+ lib/global_id/uri/gid.rb | 11 ---
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/lib/global_id/uri/gid.rb
b/lib/global_id/uri/gid.rb
+@@ -123,9 +123,6 @@
+ private
+ COMPONENT = [ :scheme, :app, :model_name, :model_id, :params ].freeze
+
+- # Extracts model_name and model_id from the URI path.
+- PATH_REGEXP = %r(\A/([^/]+)/?([^/]+)?\z)
+-
+ def check_host(host)
+ validate_component(host)
+ super
+@@ -145,11 +142,11 @@
+ end
+
+ def set_model_components(path, validate = false)
+-_, model_name, model_id = path.match(PATH_REGEXP).to_a
+-model_id = CGI.unescape(model_id) if model_id
+-
++_, model_name, model_id = path.split('/', 3)
+ validate_component(model_name) && validate_model_id(model_id, model_name) if validate
+
++model_id = CGI.unescape(model_id) if model_id
++
+ @model_name = model_name
+ @model_id = model_id
+ end
+@@ -162,7 +159,7 @@
+ end
+
+ def validate_model_id(model_id, model_name)
+-return model_id unless model_id.blank?
++return model_id unless model_id.blank? || model_id.include?('/')
+
+ raise MissingModelIdError, "Unable to create a Global ID for " \
+ "#{model_name} without a model id."
diff -Nru ruby-globalid-0.6.0/debian/patches/series ruby-globalid-0.6.0/debian/patches/series
--- ruby-globalid-0.6.0/debian/patches/series 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/patches/series 2023-03-19 17:58:06.0 +0530
@@ -1 +1,2 @@
Bug#1032986: unblock fdroidserver/2.2.1-1
Hi, On 20-03-2023 17:16, Hans-Christoph Steiner wrote: I haven't really ever been able to troubleshoot it. I don't have access to a s390x box. And: ~ $ ssh zelenka.debian.org ssh: connect to host zelenka.debian.org port 22: Connection timed out ~ $ That's the only porterbox I could find. It works for me (now). Can you try again? Also, you don't strictly need to troubleshoot it. Obviously it depends on how sure you are it's in your dependency, but you said it quite convinced. Normally we expect a debdiff attached to an unblock. This is mostly to trigger the submitter to look at it and make sure that all changes are explained. Can you please elaborate on the changes in ./debian/? ^ The debdiff is large because we were working upstream on 2.2.x as the release that is tied to Debian/bookworm (attached). Sure, I already used some tooling on our side to inspect it. It would help if you took a look and see if you spot things worth mentioning (e.g. some patches being dropped, I don't want to assume things). To reduce the diff you could ignore the tests and translations. And that was uploaded before the freeze with passing autopkgtest, besides this s390x issue. Paul OpenPGP_signature Description: OpenPGP digital signature
Bug#1033249: unblock: gnome-initial-setup/43.2-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: gnome-initial-se...@packages.debian.org Control: affects -1 + src:gnome-initial-setup Control: block -1 by 1029206 Please unblock package gnome-initial-setup. Note that this unblock request is entangled with #1029206: in their current state, either they will both migrate, or neither will. [ Reason ] * Fix the Privacy Policy link when asking whether to enable Mozilla Location Services (#1033228) * Compatibility with a longer-term-supported WebKitGTK (see #1029206) [ Impact ] A minor code change in 43.2-5 is a blocker for #1029206. Additionally, if not unblocked, the "privacy policy" hyperlink in the Privacy tab will not do anything when gnome-initial-setup is run automatically on a system that has no user accounts yet. This doesn't normally happen on Debian systems, because d-i creates a user account, but it can happen if d-i was not used or if the d-i-created user account was deleted. (#1033228) The "privacy policy" link not working seems like something that would make us look bad. [ Tests ] Tested manually with the steps in #1033228. Briefly: deleted the user account created by d-i, then rebooted and went through initial setup as if for the first time, then re-ran initial setup as the logged-in user to simulate what would normally happen after a d-i installation. The upstream change for #1033228 includes a corresponding change for a UI toggle for whether to enable automatic crash reporting (Fedora's abrt). In practice this widget is not visible in Debian, because we don't have abrt, so that part is untested - but it's very similar to the UI toggle for location services. [ Risks ] The upstream changes to fix #1033228 are mostly declarative and I would say they are low risk. The upstream changes to fix FTBFS with the new WebKitGTK from #1029206 are very simple. If #1029206 can't happen for some reason, then this version will be unable to migrate. A contingency plan is to revert the build-dependency change. The patch applied for #1029206 is unnecessary but harmless if we revert to the old WebKitGTK. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock gnome-initial-setup/43.2-6 diffstat for gnome-initial-setup-43.2 gnome-initial-setup-43.2 debian/changelog | 28 ++ debian/control |2 debian/control.in|2 debian/patches/Update-for-removal-of-WebKitGTK-sandbox-API.patch | 26 ++ debian/patches/privacy-Move-subtitles-to-separate-labels.patch | 121 ++ debian/patches/series|2 gnome-initial-setup/gis-driver.c |2 gnome-initial-setup/pages/privacy/gis-privacy-page.c |6 gnome-initial-setup/pages/privacy/gis-privacy-page.ui| 31 ++ 9 files changed, 214 insertions(+), 6 deletions(-) diff -Nru gnome-initial-setup-43.2/debian/changelog gnome-initial-setup-43.2/debian/changelog --- gnome-initial-setup-43.2/debian/changelog 2023-03-06 23:46:19.0 + +++ gnome-initial-setup-43.2/debian/changelog 2023-03-20 15:27:27.0 + @@ -1,3 +1,31 @@ +gnome-initial-setup (43.2-6) unstable; urgency=medium + + * Team upload + * d/p/privacy-Move-subtitles-to-separate-labels.patch: +Fix Mozilla Location Services privacy policy link in kiosk mode. +The privacy policy links on the Privacy page are meant to be overridden +to open in an embedded (WebKitGTK-based) web browser widget instead of +an external web browser, but a regression in the port to GTK 4 between +GNOME 42 and 43 caused this behaviour to break. +In existing-user mode (run on the first GNOME login for a new user +account), the link would previously have opened in the default web +browser (normally Firefox), which is harmless but was not the +intended UX. +In new-user mode (when no user accounts exist), Initial Setup runs in a +captive "kiosk mode" to create the first user account. In this mode, the +link would previously not do anything. A mitigation is that this failure +mode is rarely seen in Debian, because the installer normally creates a +user account. (Closes: #1033228) + + -- Simon McVittie Mon, 20 Mar 2023 15:27:27 + + +gnome-initial-setup (43.2-5) unstable; urgency=medium + + * Build against webkitgtk 6.0 instead of 5.0 + * Cherry-pick a build fix for latest webkitgtk + + -- Jeremy Bicha Wed, 15 Mar 2023 20:18:52 -0400 + gnome-initial-setup (43.2-4) unstable; urgency=medium * Team upload diff -Nru gnome-initial-setup-43.2/debian/control gnome-initial-setup-43.2/debian/control --- gnome-initial-setup-43.2/debian/control 2023-03-06
Processed: unblock: gnome-initial-setup/43.2-6
Processing control commands: > affects -1 + src:gnome-initial-setup Bug #1033249 [release.debian.org] unblock: gnome-initial-setup/43.2-6 Added indication that 1033249 affects src:gnome-initial-setup > block -1 by 1029206 Bug #1033249 [release.debian.org] unblock: gnome-initial-setup/43.2-6 1033249 was not blocked by any bugs. 1033249 was not blocking any bugs. Added blocking bug(s) of 1033249: 1029206 -- 1033249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033249 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032986: unblock fdroidserver/2.2.1-1
* Hans-Christoph Steiner [2023-03-20 17:16]: I haven't really ever been able to troubleshoot it. I don't have access to a s390x box. And: ~ $ ssh zelenka.debian.org ssh: connect to host zelenka.debian.org port 22: Connection timed out ~ $ We resolved this with: https://lists.debian.org/debian-devel-announce/2018/11/msg3.html (i.e. ssh jumphost) Cheers Jochen signature.asc Description: PGP signature
Bug#1033244: unblock: armci-mpi/0.3.1~beta-7
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: armci-...@packages.debian.org
Control: affects -1 + src:armci-mpi
Please unblock package armci-mpi
[ Reason ]
armci-mpi 0.3.1~beta-7 makes some small changes to test management
that will be bookworm management more reliable. Source was
occasionally and randomly failing, evidently when only 1 cpu was
available (armci-mpi usually uses 2 processes for testing). s390x
fails debci tests with mpich.
armci-mpi/0.3.1~beta-7 restricts build-time testing to 1 process if
only 1 cpu is available. It switches off mpich tests on s390x in
debian/tests.
So tests should pass more reliably and s390x won't show a "false"
failure (the failure is real but is known. No point making bookworm
continue to fail on s390x. Better to let it just monitor openmpi
operations).
[ Impact ]
If not accepted, s390x will show debci failure, when in fact openmpi
tests should be passing (an openmpi failure should not be treated as
"not a regression").
Also binNMUs may occasionally fail (if only 1 cpu is provided for the
build)
[ Tests ]
debci tests are passing as normal
s390x now reports as passing (with openmpi, skipping mpich)
[ Risks ]
(Discussion of the risks involved. E.g. code is trivial or
complex, key package vs leaf package, alternatives available.)
[ Checklist ]
[x ] all changes are documented in the d/changelog
[x ] I reviewed all changes and I approve them
[x ] attach debdiff against the package in testing
[ Other info ]
Our default MPI is openmpi. The mpich build is provided to enable an
mpich build of nwchem that supports multinode execution (with the env
variable documented in nwchem/7.0.2-4).
armci-mpi might now migrate after 20 day testing. I've filed this
unblock request to complement the unblock request for nwchem/7.0.2-4,
since nwchem/7.0.2-4 was built against armci-mpi/0.3.1~beta-7
(it uses static libraries, no problem in practice but better for
bookworm to have the matching package versions)
unblock armci-mpi/0.3.1~beta-7
diff -Nru armci-mpi-0.3.1~beta/debian/changelog
armci-mpi-0.3.1~beta/debian/changelog
--- armci-mpi-0.3.1~beta/debian/changelog 2022-03-07 13:07:13.0
+0100
+++ armci-mpi-0.3.1~beta/debian/changelog 2023-03-19 14:08:54.0
+0100
@@ -1,3 +1,12 @@
+armci-mpi (0.3.1~beta-7) unstable; urgency=medium
+
+ * Team upload.
+ * run build-time tests on only 1 process if only 1 CPU is available.
+Closes: #1031064.
+ * debian/tests: don't run mpich tests on s390x. Closes: #1009772.
+
+ -- Drew Parsons Sun, 19 Mar 2023 14:08:54 +0100
+
armci-mpi (0.3.1~beta-6) unstable; urgency=medium
* Team upload.
diff -Nru armci-mpi-0.3.1~beta/debian/rules armci-mpi-0.3.1~beta/debian/rules
--- armci-mpi-0.3.1~beta/debian/rules 2022-03-07 13:07:13.0 +0100
+++ armci-mpi-0.3.1~beta/debian/rules 2023-03-19 14:08:54.0 +0100
@@ -49,8 +49,9 @@
ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
override_dh_auto_test:
set -e; \
+ ncpu=`nproc`; if [ $${ncpu} -gt 1 ]; then ncpu=2; fi;\
for mpi_flavor in $(TEST_MPI_FLAVORS); do \
- $(MAKE) -C $(CURDIR)/build-$${mpi_flavor} -k check
MPIEXEC="mpiexec.$${mpi_flavor} -np 2" ARMCI_USE_WIN_ALLOCATE=1 || cat
$(CURDIR)/build-$${mpi_flavor}/test-suite.log; \
+ $(MAKE) -C $(CURDIR)/build-$${mpi_flavor} -k check
MPIEXEC="mpiexec.$${mpi_flavor} -np $${ncpu}" ARMCI_USE_WIN_ALLOCATE=1 || cat
$(CURDIR)/build-$${mpi_flavor}/test-suite.log; \
done
endif
diff -Nru armci-mpi-0.3.1~beta/debian/tests/control
armci-mpi-0.3.1~beta/debian/tests/control
--- armci-mpi-0.3.1~beta/debian/tests/control 2022-03-07 13:07:13.0
+0100
+++ armci-mpi-0.3.1~beta/debian/tests/control 2023-03-19 14:08:54.0
+0100
@@ -15,3 +15,4 @@
debhelper, dh-autoreconf,
gcc
Restrictions: allow-stderr
+Architecture: !s390x
Processed: unblock: armci-mpi/0.3.1~beta-7
Processing control commands: > affects -1 + src:armci-mpi Bug #1033244 [release.debian.org] unblock: armci-mpi/0.3.1~beta-7 Added indication that 1033244 affects src:armci-mpi -- 1033244: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033244 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033242: unblock: nwchem/7.0.2-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: nwc...@packages.debian.org Control: affects -1 + src:nwchem Please unblock package nwchem [ Reason ] nwchem-mpich had a problem running over multiple nodes with mpich, discussed at https://github.com/nwchemgit/nwchem/issues/633 It was a problem in mpich which got fixed in mpich 4.0.3, but currently we have mpich 4.0.2. The workaround for nwchem is to set the environment variable ARMCI_USE_WIN_ALLOCATE=0 The need for this workaround is documented in a README.Debian, added in nwchem/7.0.2-4 [ Impact ] Without this patch, users may be unaware of the environment variable setting required to run nwchem over multiple nodes (with mpich) [ Tests ] This is a documentation update, no source changes, debci tests continue to pass (or fail on some arches as before, no regression) [ Risks ] Documentation update only. No source change. Negligible rish. [ Checklist ] [x ] all changes are documented in the d/changelog [x ] I reviewed all changes and I approve them [x ] attach debdiff against the package in testing unblock nwchem/7.0.2-4 diff -Nru nwchem-7.0.2/debian/changelog nwchem-7.0.2/debian/changelog --- nwchem-7.0.2/debian/changelog 2022-03-10 17:20:23.0 +0100 +++ nwchem-7.0.2/debian/changelog 2023-03-19 15:01:42.0 +0100 @@ -1,3 +1,13 @@ +nwchem (7.0.2-4) unstable; urgency=medium + + * Team upload. + * create nwchem-mpich.README.Debian to document the need to use +ARMCI_USE_WIN_ALLOCATE=0 when running nwchem with MPICH 4.0.2 +(binary nwchem.mpich, fixed in mpich 4.0.3). +See upstream Issue#633. + + -- Drew Parsons Sun, 19 Mar 2023 15:01:42 +0100 + nwchem (7.0.2-3) unstable; urgency=medium * Team upload. diff -Nru nwchem-7.0.2/debian/nwchem-mpich.README.Debian nwchem-7.0.2/debian/nwchem-mpich.README.Debian --- nwchem-7.0.2/debian/nwchem-mpich.README.Debian 1970-01-01 01:00:00.0 +0100 +++ nwchem-7.0.2/debian/nwchem-mpich.README.Debian 2023-03-19 15:01:42.0 +0100 @@ -0,0 +1,38 @@ +Running NWChem with MPICH +- + +tldr: + set ARMCI_USE_WIN_ALLOCATE=0 when running nwchem.mpich + + +When nwchem.mpich is run over multiple processes, it may give an error +e.g. on 2 processes + + iter energy gnorm gmax time + - --- - - + 1 -75.9473154351 8.06D-01 3.50D-01 0.2 + ga_iter_lsolve: convergence stagnant ... aborting solve + Increased level shift to 2.00 + ga_iter_lsolve: convergence stagnant ... aborting solve + + +or on 3 processes + + Symmetry analysis of molecular orbitals - initial + - + + sym_movecs_adapt: orbital10 negative proj. + 1.00D+00 -2.08D-05 -1.04D-05 -5.55D-17 + + sym_movecs_adapt: negative proj 0 + ... + For further details see manual section: No section for this category +[0] ARMCI Error: 0:sym_movecs_adapt: negative proj: +Abort(-1) on node 0 (rank 0 in comm 496): application called MPI_Abort(comm=0x8402, -1) - process 0 + + +When this happens, the fix is to set the environment variable + + ARMCI_USE_WIN_ALLOCATE=0 + +For more discussion, see https://github.com/nwchemgit/nwchem/issues/633
Processed: unblock: nwchem/7.0.2-4
Processing control commands: > affects -1 + src:nwchem Bug #1033242 [release.debian.org] unblock: nwchem/7.0.2-4 Added indication that 1033242 affects src:nwchem -- 1033242: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033242 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033240: Unblock: swe-data
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: jald...@debian.org, s...@astrorigin.com
Hello,
I am requesting a review and unblock for a non-key package, 'swe-data' [1].
The new version fixes the following bug: #1031657 [2].
Missing information in the d/control file did not allow a smooth transition
from bullseye to bookworm.
The fix was tested with first, installation of the packages from bullseye,
then installation of packages from sid. Everything went fine.
You can find the related source debdiff in attachment.
Thanks for attention.
[1] https://tracker.debian.org/pkg/swe-data
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031657
diff -Nru swe-data-4.0-2022/debian/changelog
swe-data-4.0-2022/debian/changelog
--- swe-data-4.0-2022/debian/changelog 2023-02-08 12:46:57.0
+0100
+++ swe-data-4.0-2022/debian/changelog 2023-02-27 10:21:27.0
+0100
@@ -1,9 +1,9 @@
-swe-data (4.0-2022-1.1) unstable; urgency=medium
+swe-data (4.0-2022-2) unstable; urgency=medium
- * Non-maintainer upload.
- * Source-only upload.
+ * Add Replaces+Breaks info to swe-standard-data (closes: #1031657).
+ * Add multiarch hints to swe-basic-data, swe-sat-data.
- -- Adrian Bunk Wed, 08 Feb 2023 13:46:57 +0200
+ -- Stanislas Marquis Mon, 27 Feb 2023 10:21:27 +0100
swe-data (4.0-2022-1) unstable; urgency=medium
diff -Nru swe-data-4.0-2022/debian/control
swe-data-4.0-2022/debian/control
--- swe-data-4.0-2022/debian/control2022-11-11 01:41:55.0
+0100
+++ swe-data-4.0-2022/debian/control2023-02-27 08:15:11.000
00 +0100
@@ -12,12 +12,17 @@
Package: swe-basic-data
Section: libs
Architecture: all
+Multi-Arch: foreign
Depends:
${misc:Depends},
Suggests:
libswe-doc (>= 2.10.03),
swe-standard-data (= ${binary:Version}),
swe-extra-data (= ${binary:Version}),
+Replaces:
+ swe-standard-data (<< 4.0-2022),
+Breaks:
+ swe-standard-data (<< 4.0-2022),
Description: Swiss Ephemeris library (basic set of ephemeris files).
This set of ephemeris files covers the recent past, contemporary period and
near future (1800 to 2399 CE). Also included are the static data files for
@@ -56,6 +61,7 @@
Package: swe-sat-data
Section: libs
Architecture: all
+Multi-Arch: foreign
Depends:
${misc:Depends},
Suggests:
signature.asc
Description: OpenPGP digital signature
Re: Update on packaging corepack
On Thu, 16 Mar 2023 10:23:53 +0100 Israel Galadima
wrote:
> Hi,
>
> Michael and I have done some packaging work for corepack.
> Of note, we have updated clipanion and packaged some dependencies of
> proxy-agent.
>
> Although, some of our work is awaiting uploads because of the freeze.
>
> Regards.
We tried to update yarnpkg as part of an outreachy project (in two
rounds), but we could not complete it in time for bookworm. As shared
by Israel, we made some good progress and we hope to be able to do it
in trixie. I request bookworm-ignore tags for these bugs (as such there
is no immediate breakage, just unmaintained upstreams for these
packages). Hopefully we can handle any security updates ourselves.
Additionally, even though yarnpkg itself is old, the presence of the
package makes it easy to obtain a newer yarnpkg. In gitlab, I already
use the packaged yarnpkg command to install a newer yarnpkg[1]. It is
also very common in nodejs world to use specific version of yarnpkg for
each project, these are typically installed in .yarn directory for each
project.
yarnpkg: 980316,958686, 1002902, 980316
node-har-validator: 1024575
node-request: 956423
node-request-capture-har: 1002901
[1]
https://salsa.debian.org/ruby-team/gitlab/-/blob/master/debian/rake-tasks.sh#L44
runuser -u ${gitlab_user} -- sh -c 'yarnpkg set version berry'
Bug#1033236: unblock: apktool/2.7.0+dfsg-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: apkt...@packages.debian.org Control: affects -1 + src:apktool Please unblock package apktool [ Reason ] To fix the RC bug #1033226. [ Impact ] The core feature of `apktool build` will not work at all because it can't find a JAR. [ Tests ] I added a new test to cover a full cycle: apktool decode check if extracted file exists apktool build check if new APK file exists [ Risks ] Its a trivial fix, just fixing a symlink, I see no risks. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock apktool/2.7.0+dfsg-5diff --git a/debian/changelog b/debian/changelog index d439603..1884587 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +apktool (2.7.0+dfsg-5) unstable; urgency=medium + + * fix broken symlink to commons-text.jar (Closes: #1033226) + + -- Hans-Christoph Steiner Mon, 20 Mar 2023 14:00:20 +0100 + apktool (2.7.0+dfsg-4) unstable; urgency=medium * fix arch detection for Depends: diff --git a/debian/links b/debian/links index 2c167db..779d62e 100644 --- a/debian/links +++ b/debian/links @@ -2,7 +2,7 @@ usr/share/java/antlr3-runtime.jar usr/share/apktool/antlr3-runtime.jar usr/share/java/commons-cli.jar usr/share/apktool/commons-cli.jar usr/share/java/commons-io.jar usr/share/apktool/commons-io.jar usr/share/java/commons-lang3.jar usr/share/apktool/commons-lang3.jar -usr/share/java/commons-text-1.9.jar usr/share/apktool/commons-text-1.9.jar +usr/share/java/commons-text.jar usr/share/apktool/commons-text.jar usr/share/java/guava.jar usr/share/apktool/guava.jar usr/share/java/snakeyaml.jar usr/share/apktool/snakeyaml.jar usr/share/java/stringtemplate.jar usr/share/apktool/stringtemplate.jar diff --git a/debian/tests/control b/debian/tests/control index 298f6e5..af602dd 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,4 +1,4 @@ # urzip.apk comes from https://github.com/eighthave/urzip via https://gitlab.com/fdroid/fdroidserver -Test-Command: apktool d debian/tests/urzip.apk && test -e urzip/smali/info/guardianproject/urzip/UnZipper.smali +Test-Command: apktool d debian/tests/urzip.apk && test -e urzip/smali/info/guardianproject/urzip/UnZipper.smali && apktool b urzip/ && test -e urzip/dist/urzip.apk Depends: apktool Restrictions: allow-stderr
Processed: unblock: apktool/2.7.0+dfsg-5
Processing control commands: > affects -1 + src:apktool Bug #1033236 [release.debian.org] unblock: apktool/2.7.0+dfsg-5 Added indication that 1033236 affects src:apktool -- 1033236: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033236 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Add affected package
Processing commands for cont...@bugs.debian.org: > affects 1033229 src:im-config Bug #1033229 [release.debian.org] unblock: im-config/0.55-2 Added indication that 1033229 affects src:im-config > End of message, stopping processing here. Please contact me if you need assistance. -- 1033229: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033229 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033229: unblock: im-config/0.55-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-input-met...@lists.debian.org Please unblock package im-config. [ Reason ] The file /etc/xdg/autostart/im-launch.desktop had an Exec line which proved to be incompatible with the parser of systemd boot. That Exec line has therefore been simplified in im-config 0.55-2. [ Impact ] The issue resulted in im-config failing to start the IM framework, e.g. fcitx5, when logging in to a Plasma (Wayland) session. That's an annoyance which will be fixed with the version in unstable. [ Tests ] Manually installed the binary built by version 0.55-2 of the im-config source, and confirmed that the bug was fixed as expected. [ Risks ] The change is a targeted trivial fix to address the issue at hand. Can't think of any adverse side effects. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing -- Cheers, Gunnar Hjalmarssondiff --git a/debian/changelog b/debian/changelog index c5ae651c299c0765505947febdacd33e21490a5d..8f623fc6535339c94bee79c31ce9e891a888d3d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +im-config (0.55-2) unstable; urgency=medium + + * systemd boot compatible Exec line in im-launch.desktop +- Fixes issue with the IM framework not being started automatically + when logging in to a Plasma (Wayland) session (closes: #1033097). + + -- Gunnar Hjalmarsson Mon, 20 Mar 2023 11:47:27 +0100 + im-config (0.55-1) unstable; urgency=medium * Set GTK_IM_MODULE in GNOME on Xorg sessions (closes: #1031227) diff --git a/debian/patches/series b/debian/patches/series index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..6639a6d9c04ac850f554da420891f57a857f0275 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch diff --git a/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch b/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch new file mode 100644 index ..1f0fdbc2aeae3757dc77e9f5f673d12c663d8150 --- /dev/null +++ b/debian/patches/systemd_boot_compatible_Exec_line_in_im-launch.desktop.patch @@ -0,0 +1,55 @@ +From: Gunnar Hjalmarsson +Date: Mon, 20 Mar 2023 09:55:59 +0100 +Subject: systemd boot compatible Exec line in im-launch.desktop + +im-launch.desktop is autostarted, and the Exec line has up to now +contained a condition so /usr/bin/im-launch has only been started in +wayland sessions. + +However, as from KDE Plasma 5.25 systemd boot is enabled by default, +and that feature fails to parse the previous Exec line in +im-launch.desktop. An example consequence is that fcitx5 is not started +automatically at login to a KDE Plasma (Wayland) or Kubuntu (Wayland) +session. + +This commit fixes the issue by moving the mentioned condition from +im-launch.desktop to the top of /usr/bin/im-launch, resulting in an +Exec line simple enough for systemd boot to parse. + +Bug-KDE: https://bugs.kde.org/show_bug.cgi?id=455252 +Bug-Debian: https://bugs.debian.org/1033097 +Origin: https://salsa.debian.org/input-method-team/im-config/-/commit/5a979231 +--- + im-launch | 6 ++ + im-launch.desktop | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/im-launch b/im-launch +index 4845f92..721a24a 100755 +--- a/im-launch b/im-launch +@@ -13,6 +13,12 @@ if [ "x$1" = "x-h" ] || [ "x$1" = "x--help" ] || [ "x$1" = "x" ]; then + exit 1 + fi + ++if [ "$1" = 'true' ] && [ "$XDG_SESSION_TYPE" != 'wayland' ]; then ++# This program was autostarted, but was already run at the ++# start of an X session, so don't run it now too. ++exit 0 ++fi ++ + if [ "$IM_CONFIG_CHECK_ENV" = 1 ] && \ +[ "$IM_CONFIG_PHASE" = 1 ]; then + # If tweaked, keep hands off :-) +diff --git a/im-launch.desktop b/im-launch.desktop +index 7e3b624..e8d5e70 100644 +--- a/im-launch.desktop b/im-launch.desktop +@@ -1,6 +1,6 @@ + [Desktop Entry] + Name=im-launch +-Exec=sh -c 'if [ "x$XDG_SESSION_TYPE" = "xwayland" ] ; then exec env IM_CONFIG_CHECK_ENV=1 im-launch true; fi' ++Exec=sh -c 'IM_CONFIG_CHECK_ENV=1 im-launch true' + TryExec=im-launch + Type=Application + NoDisplay=true
Bug#1033227: unblock: live-tasks-non-free-firmware/12.0.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: live-tasks-non-free-firmw...@packages.debian.org Control: affects -1 + src:live-tasks-non-free-firmware Please unblock package live-tasks-non-free-firmware This is provides meta-packages on live systems to install non-free firmware packages on those systems. Sorry for it being so late, it depended on the firmware section itself existing and being populated. The package only provides the metapackages, for convenience, I'm including the control file below: """ Source: live-tasks-non-free-firmware Maintainer: Live Systems Maintainers Uploaders: Jonathan Carter Section: non-free-firmware/metapackages Priority: optional Build-Depends: debhelper-compat (= 13) Standards-Version: 4.6.2 Vcs-Browser: https://salsa.debian.org/live-team/live-tasks-non-free-firmware Vcs-Git: https://salsa.debian.org/live-team/live-tasks-non-free-firmware.git Rules-Requires-Root: no Package: live-task-non-free-firmware-pc Architecture: all Recommends: amd64-microcode, bluez-firmware, firmware-amd-graphics, firmware-atheros, firmware-brcm80211, firmware-intel-sound, firmware-ipw2x00, firmware-iwlwifi, firmware-linux, firmware-linux-nonfree, firmware-realtek, firmware-sof-signed, intel-microcode Suggests: vrms Description: selection of oft-used non-free-firmware shipped on live systems Provides non-free-firmware packages for Debian live systems. . Its dependencies, along with this package itself, is safe to remove, provided that your device does not depend on them in order to function. Package: live-task-non-free-firmware-server Architecture: all Recommends: firmware-bnx2, firmware-bnx2x, firmware-cavium, firmware-myricom, firmware-netronome, firmware-netxen, firmware-qlogic Suggests: vrms Description: provides firmware for server network and storage devices Provides non-free firmware packages for Debian live systems. . This package installs firmware packages for server devices. . Its dependencies, along with this package itself, is safe to remove, provided that your device does not depend on them in order to function. """ unblock live-tasks-non-free-firmware/12.0.1 thanks, -Jonathan
Processed: unblock: live-tasks-non-free-firmware/12.0.1
Processing control commands: > affects -1 + src:live-tasks-non-free-firmware Bug #1033227 [release.debian.org] unblock: live-tasks-non-free-firmware/12.0.1 Added indication that 1033227 affects src:live-tasks-non-free-firmware -- 1033227: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033227 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1005863: gcc-11: invalid opcode for Geode LX on i386
On Mon, 20 Mar 2023 at 07:22, Bastian Blank wrote: > > On Sun, Mar 19, 2023 at 11:47:21PM +, James Addison wrote: > > Would it be fair to raise the severity of this bug to a release-critical > > level? > > No, it would be fair to remove Geode LX from the set of supported > processors. Those are now over 15 years old. Ok, thank you; understood. It looks like this was previously documented[1] for the Debian 9.0 (stretch) release in 2017, and later discussed[2] further. I'll continue following the upstream bug, but I clearly don't fully understand the problem yet. My hope was that we could continue to maintain (in fact, with my updated understanding: restore) support for the affected Geode LX platform. I can accept that that may not be possible. [1] - https://www.debian.org/releases/stretch/i386/release-notes/ch-information.html#i386-is-now-almost-i686 [2] - https://lists.debian.org/debian-user/2019/04/msg01091.html
Bug#1033220: unblock: postgresql-common/248
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: postgresql-com...@packages.debian.org
Control: affects -1 + src:postgresql-common
Please unblock package postgresql-common.
The new version contains an updated translation and fixes a small
config file parsing issue.
[ Tests ]
The postgresql-common testsuite passes.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
(well, git diff)
unblock postgresql-common/248
Christoph
diff --git a/PgCommon.pm b/PgCommon.pm
index 783aa4c..e51d89e 100644
--- a/PgCommon.pm
+++ b/PgCommon.pm
@@ -340,8 +340,8 @@ sub set_conffile_value {
# of appending
if (!$found) {
for (my $i=0; $i <= $#lines; ++$i) {
- if ($lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)\w+\b((?:\s*#.*)?)/i or
- $lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)'[^']*'((?:\s*#.*)?)/i) {
+ if ($lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)\w+\b((?:\s*#.*)?)$/i or
+ $lines[$i] =~ /^\s*#\s*($key)(\s*(?:=|\s)\s*)'[^']*'((?:\s*#.*)?)$/i) {
$lines[$i] = "$1$2$value$3\n";
$found = 1;
last;
diff --git a/debian/changelog b/debian/changelog
index dbdbe2c..4a2306b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+postgresql-common (248) unstable; urgency=medium
+
+ [ Christoph Berg ]
+ * Update ro debconf translation, mulțumesc Remus-Gabriel Chelu!
+
+ [ Athos Ribeiro ]
+ * Fix set_conffile_value comment parsing regular expression.
+
+ -- Christoph Berg Tue, 14 Mar 2023 15:19:01 +0100
+
postgresql-common (247) unstable; urgency=medium
[ Christoph Berg ]
diff --git a/debian/po/ro.po b/debian/po/ro.po
index 5faa387..86d4d41 100644
--- a/debian/po/ro.po
+++ b/debian/po/ro.po
@@ -1,23 +1,30 @@
-# translation of templates.po to Romanian
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
-# This file is distributed under the same license as the PACKAGE package.
+# Mesajele în limba română pentru pachetul postgresql-common.
+# translation of postgresql-common.po to Romanian
+# Copyright © 2008, 2023 THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the postgresql-common package.
#
# Igor Stirbu , 2008.
+# Remus-Gabriel Chelu , 2023.
+# NOTĂ: la sugestia lui Daniel Șerbănescu, am vrut să traduc cluster(s) = grup(uri) de servere;
+# dar în textul mesajelor, nu rezultă foarte clar dacă cluster(s) = ca mai sus(grup de servere),
+# sau este vorba de baza/bazele de date ale acestora, sau decît directorul(ele) ce găzduiesc
+# aceste baze de date. Așa că le-am lăsat în românizatul cluster(e)/clusterul(ele). Scuze...
+#
msgid ""
msgstr ""
-"Project-Id-Version: templates\n"
+"Project-Id-Version: postgresql-common 246\n"
"Report-Msgid-Bugs-To: postgresql-com...@packages.debian.org\n"
"POT-Creation-Date: 2016-03-05 11:47+0100\n"
-"PO-Revision-Date: 2008-07-21 10:32+0300\n"
-"Last-Translator: Igor Stirbu \n"
+"PO-Revision-Date: 2023-02-12 18:02+0100\n"
+"Last-Translator: Remus-Gabriel Chelu \n"
"Language-Team: Romanian \n"
"Language: ro\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.11.4\n"
-"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
+"Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < "
"20)) ? 1 : 2;\n"
+"X-Generator: Poedit 3.2.2\n"
#. Type: error
#. Description
@@ -31,38 +38,38 @@ msgstr "Versiunea majoră învechită ${old}"
#: ../postgresql-common.templates:1001
msgid ""
"The PostgreSQL version ${old} is obsolete, but the server or client packages "
-"are still installed. Please install the latest packages (postgresql-"
-"${latest} and postgresql-client-${latest}) and upgrade the existing "
-"${oldversion} clusters with pg_upgradecluster (see manpage)."
+"are still installed. Please install the latest packages (postgresql-${latest} "
+"and postgresql-client-${latest}) and upgrade the existing ${oldversion} "
+"clusters with pg_upgradecluster (see manpage)."
msgstr ""
"Versiunea PostgreSQL ${old} este învechită, dar pachetele pentru server sau "
"client sunt încă instalate. Instalați cele mai recente pachete (postgresql-"
"${latest} și postgresql-client-${latest}) și actualizați clusterele "
-"${oldversion} existente cu pg_upgradecluster (a se vedea pagina de manual)."
+"${oldversion} existente cu ajutorul comenzii «pg_upgradecluster» (consultați "
+"pagina de manual)."
#. Type: error
#. Description
#: ../postgresql-common.templates:1001
msgid ""
"Please be aware that the installation of postgresql-${latest} will "
-"automatically create a default cluster ${latest}/main. If you want to "
-"upgrade the ${old}/main cluster, you need to remove the already existing "
-"${latest} cluster (pg_dropcluster --stop ${latest} main, see manpage for "
-"details)."
+"automatically create a
Processed: unblock: postgresql-common/248
Processing control commands: > affects -1 + src:postgresql-common Bug #1033220 [release.debian.org] unblock: postgresql-common/248 Added indication that 1033220 affects src:postgresql-common -- 1033220: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033220 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: unblock: ghostscript/10.0.0~dfsg-10
Processing control commands: > affects -1 + src:ghostscript Bug #1033219 [release.debian.org] unblock: ghostscript/10.0.0~dfsg-10 Added indication that 1033219 affects src:ghostscript -- 1033219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033219 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033219: unblock: ghostscript/10.0.0~dfsg-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ghostscr...@packages.debian.org, havard.f.aa...@pfft.no Control: affects -1 + src:ghostscript Please unblock package ghostscript This fix from upstream to handle an issue with cross building the package, a regression from 9.56.1~dfsg. The bug #717825 was definitively created for a different issue, but I thought it would serve. It has the severity of 'wishlist' though since this is a regression the severity could probably be higher. [ Reason ] Fix cross build. [ Impact ] The package in it's present state can't be cross built. [ Tests ] salsa CI was used to actually test the cross building of the package. [ Risks ] I consider the risk to be small, most of the related issue was a wrong command line option. The upstream patch removes this erroneous option and updates an if statement in 'configure.ac'. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] unblock ghostscript/10.0.0~dfsg-10 diff -Nru ghostscript-10.0.0~dfsg/debian/changelog ghostscript-10.0.0~dfsg/debian/changelog --- ghostscript-10.0.0~dfsg/debian/changelog2022-12-12 07:45:09.0 +0100 +++ ghostscript-10.0.0~dfsg/debian/changelog2023-03-20 09:12:00.0 +0100 @@ -1,3 +1,10 @@ +ghostscript (10.0.0~dfsg-10) unstable; urgency=medium + + * QA upload. + * Add patch from upstream to fix cross build. Closes: #717825 + + -- Håvard F. Aasen Mon, 20 Mar 2023 09:12:00 +0100 + ghostscript (10.0.0~dfsg-9) unstable; urgency=medium * QA upload. diff -Nru ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch --- ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch 1970-01-01 01:00:00.0 +0100 +++ ghostscript-10.0.0~dfsg/debian/patches/0001_fix_cross_compile.patch 2023-03-20 09:12:00.0 +0100 @@ -0,0 +1,36 @@ +From: Chris Liddell +Date: Thu, 24 Nov 2022 16:33:47 + +Subject: [PATCH] Fix a little bitrot in the cross-compiling logic + +Removing the option to disable FAPI meant configuring for cross compiling would +fail because the option being passed to the sub-call to configure would include +an unknown command line option. + +Origin: upstream, https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4c3575346b9c7d394ebc73b4e5fabebadd8877ec +Bug-Debian: https://bugs.debian.org/717825 +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index bb57825..aa5c9ad 100644 +--- a/configure.ac b/configure.ac +@@ -138,7 +138,7 @@ if test x"$host" != x"$build" ; then + echo $AUXFLAGS_MAK_LINE07 >> $AUXFLAGS_MAK.in + + AC_MSG_NOTICE([Begin recursive call to configure script (for auxiliary tools)]) +- "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-fapi --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" ++ "$absolute_source_path/configure" CC="$CCAUX" CFLAGS="$CFLAGSAUX" CPPFLAGS="$CPPFLAGSAUX" LDFLAGS="$LDFLAGSAUX" CCAUX= CFLAGSAUX= CFLAGSAUX= MAKEFILE=$AUXFLAGS_MAK --host=$build --build=$build --enable-auxtools_only --disable-hidden-visibility --with-local-zlib --without-libtiff --disable-contrib --disable-fontconfig --disable-dbus --disable-freetype --disable-cups --disable-openjpeg --disable-gtk --with-libiconv=no --without-libidn --without-libpaper --without-pdftoraster --without-ijs --without-jbig2dec --without-x --with-drivers="" + status=$? + cp config.log "$olddir/configaux.log" + if test $status -eq 0 ; then +@@ -2482,7 +2482,7 @@ PDF= + PDF_MAK="\$(GLSRCDIR)\$(D)stub.mak" + PDFROMFS_MAK="\$(GLSRCDIR)\$(D)stub.mak" + +-if test x"$with_pdf" != x"no" ; then ++if test x"$with_pdf" != x"no" -a x"$enable_auxtools_only" != x"yes" ; then + + if test x"$JBIG2_DECODER" = x""; then + AC_MSG_ERROR([No JBIG2 decoder available, required for PDF support]) diff -Nru ghostscript-10.0.0~dfsg/debian/patches/series ghostscript-10.0.0~dfsg/debian/patches/series --- ghostscript-10.0.0~dfsg/debian/patches/series 2022-12-12 07:45:09.0 +0100 +++ ghostscript-10.0.0~dfsg/debian/patches/series 2023-03-20 09:12:00.0 +0100 @@ -1,3 +1,4 @@ +0001_fix_cross_compile.patch 1004_enable_spot_devices.patch 2001_docdir_fix_for_debian.patch 2002_gs_man_fix_debian.patch
Processed: unblock: ruby-kubeclient/4.9.3-2
Processing control commands: > affects -1 + src:ruby-kubeclient Bug #1033218 [release.debian.org] unblock: ruby-kubeclient/4.9.3-2 Added indication that 1033218 affects src:ruby-kubeclient -- 1033218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033218: unblock: ruby-kubeclient/4.9.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ruby-kubecli...@packages.debian.org Control: affects -1 + src:ruby-kubeclient Please unblock package ruby-kubeclient [ Reason ] Fixes ftbfs/rc bug #1032551 [ Impact ] package ftbfs [ Tests ] Upstream tests passed. [ Risks ] This was discussed with upstream and it is safe to ignore these failures. https://github.com/ManageIQ/kubeclient/issues/609 [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] unblock ruby-kubeclient/4.9.3-2 diff -Nru ruby-kubeclient-4.9.3/debian/changelog ruby-kubeclient-4.9.3/debian/changelog --- ruby-kubeclient-4.9.3/debian/changelog 2022-08-21 16:34:09.0 +0530 +++ ruby-kubeclient-4.9.3/debian/changelog 2023-03-20 12:34:36.0 +0530 @@ -1,3 +1,9 @@ +ruby-kubeclient (4.9.3-2) unstable; urgency=medium + + * Disable tests that checks expired certificates (Closes: #1032551) + + -- Pirate Praveen Mon, 20 Mar 2023 12:34:36 +0530 + ruby-kubeclient (4.9.3-1) unstable; urgency=medium [ vinay-keshava ] diff -Nru ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch --- ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch 1970-01-01 05:30:00.0 +0530 +++ ruby-kubeclient-4.9.3/debian/patches/disable-expired-certs-test.patch 2023-03-20 12:34:36.0 +0530 @@ -0,0 +1,16 @@ +These are expired certificates and regenrating them currently require creating +a k0s cluster. + +Forwarded: https://github.com/ManageIQ/kubeclient/issues/609 + +--- a/test/test_config.rb b/test/test_config.rb +@@ -232,7 +232,7 @@ + if custom_ca + # When certificates expire one way to recreate them is using a k0s single-node cluster: + # test/config/update_certs_k0s.rb +-assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert])) ++#assert(context.ssl_options[:cert_store].verify(context.ssl_options[:client_cert])) + end + else + assert_nil(context.ssl_options[:client_cert]) diff -Nru ruby-kubeclient-4.9.3/debian/patches/series ruby-kubeclient-4.9.3/debian/patches/series --- ruby-kubeclient-4.9.3/debian/patches/series 2022-08-21 16:34:09.0 +0530 +++ ruby-kubeclient-4.9.3/debian/patches/series 2023-03-20 12:34:36.0 +0530 @@ -1,2 +1,3 @@ remove-bundler.patch remove-git-in-gemspec.patch +disable-expired-certs-test.patch
Bug#1033216: unblock: ruby-globalid/0.6.0-2
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby-globa...@packages.debian.org
Control: affects -1 + src:ruby-globalid
Please unblock package ruby-globalid
[ Reason ]
Fixes CVE-2023-22799/#1029851
[ Impact ]
Security issue
[ Tests ]
Upstream test suite passing.
[ Risks ]
Patch backported from upstream and applies cleanly.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
unblock ruby-globalid/0.6.0-2
diff -Nru ruby-globalid-0.6.0/debian/changelog ruby-globalid-0.6.0/debian/changelog
--- ruby-globalid-0.6.0/debian/changelog 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/changelog 2023-03-19 17:58:06.0 +0530
@@ -1,3 +1,17 @@
+ruby-globalid (0.6.0-2) unstable; urgency=medium
+
+ * Team Upload
+
+ [ Debian Janitor ]
+ * Remove constraints unnecessary since buster (oldstable):
++ Build-Depends: Drop versioned constraint on ruby-activesupport.
+
+ [ Pirate Praveen ]
+ * Fix CVE-2023-22799 (Closes: #1029851)
+ * Bump Standards-Version to 4.6.2 (no changes needed)
+
+ -- Pirate Praveen Sun, 19 Mar 2023 17:58:06 +0530
+
ruby-globalid (0.6.0-1) unstable; urgency=medium
* Team upload.
diff -Nru ruby-globalid-0.6.0/debian/control ruby-globalid-0.6.0/debian/control
--- ruby-globalid-0.6.0/debian/control 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/control 2023-03-19 17:58:06.0 +0530
@@ -6,9 +6,9 @@
Build-Depends: debhelper-compat (= 13),
gem2deb,
rake,
- ruby-activesupport (>= 2:5.0),
+ ruby-activesupport,
ruby-rails
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
Vcs-Git: https://salsa.debian.org/ruby-team/ruby-globalid.git
Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-globalid
Homepage: https://github.com/rails/globalid
diff -Nru ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch
--- ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch 1970-01-01 05:30:00.0 +0530
+++ ruby-globalid-0.6.0/debian/patches/CVE-2023-22799.patch 2023-03-19 17:58:06.0 +0530
@@ -0,0 +1,48 @@
+From 3bc4349422e60f2235876a59dd415e98b072eb2b Mon Sep 17 00:00:00 2001
+From: Aaron Patterson
+Date: Tue, 17 Jan 2023 13:32:28 -0800
+Subject: [PATCH] Fix ReDoS vulnerability in name parsing
+
+Thanks to @ooo_q for the patch!
+
+[CVE-2023-22799]
+---
+ lib/global_id/uri/gid.rb | 11 ---
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/lib/global_id/uri/gid.rb
b/lib/global_id/uri/gid.rb
+@@ -123,9 +123,6 @@
+ private
+ COMPONENT = [ :scheme, :app, :model_name, :model_id, :params ].freeze
+
+- # Extracts model_name and model_id from the URI path.
+- PATH_REGEXP = %r(\A/([^/]+)/?([^/]+)?\z)
+-
+ def check_host(host)
+ validate_component(host)
+ super
+@@ -145,11 +142,11 @@
+ end
+
+ def set_model_components(path, validate = false)
+-_, model_name, model_id = path.match(PATH_REGEXP).to_a
+-model_id = CGI.unescape(model_id) if model_id
+-
++_, model_name, model_id = path.split('/', 3)
+ validate_component(model_name) && validate_model_id(model_id, model_name) if validate
+
++model_id = CGI.unescape(model_id) if model_id
++
+ @model_name = model_name
+ @model_id = model_id
+ end
+@@ -162,7 +159,7 @@
+ end
+
+ def validate_model_id(model_id, model_name)
+-return model_id unless model_id.blank?
++return model_id unless model_id.blank? || model_id.include?('/')
+
+ raise MissingModelIdError, "Unable to create a Global ID for " \
+ "#{model_name} without a model id."
diff -Nru ruby-globalid-0.6.0/debian/patches/series ruby-globalid-0.6.0/debian/patches/series
--- ruby-globalid-0.6.0/debian/patches/series 2021-11-30 09:42:23.0 +0530
+++ ruby-globalid-0.6.0/debian/patches/series 2023-03-19 17:58:06.0 +0530
@@ -1 +1,2 @@
fix_test_helper.patch
+CVE-2023-22799.patch
Processed: unblock: ruby-globalid/0.6.0-2
Processing control commands: > affects -1 + src:ruby-globalid Bug #1033216 [release.debian.org] unblock: ruby-globalid/0.6.0-2 Added indication that 1033216 affects src:ruby-globalid -- 1033216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033216 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
