Processed: tagging 1060077

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1060077 + confirmed
Bug #1060077 [release.debian.org] transition: g2clib
Bug #1058923 [release.debian.org] transition: g2clib
Added tag(s) confirmed.
Added tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1058923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058923
1060077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1059272: transition: tango

[Sebastian Ramacher]

Hi Santiago

On 2023-12-27 21:16:02 +0100, Sebastian Ramacher wrote:
> On 2023-12-22 08:36:17 -0300, Santiago Ruano Rincón wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: ta...@packages.debian.org, thomas.br...@byte-physics.de
> > Control: affects -1 + src:tango
> > 
> > Dear Release Team,
> > 
> > I would like to upload tango 9.5.0 to unstable. There has been a SONAME
> > bump from 9.4.2. Its reverse dependency pytango 9.5.0 builds and works
> > well. Both are available in experimental.
> > 
> > This set of uploads are needed to fix the pytango FTBFS bugs in unstable
> > related to python3.12:
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055733
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049843
> > 
> > Even if there is only one reverse dependency, I prefer to ask: May I go
> > ahead?
> 
> Please go ahead.

The autopkgtests of pytango fail on s390x: 
https://ci.debian.net/packages/p/pytango/testing/s390x/
Could you please take a lookg?

Cheers
-- 
Sebastian Ramacher

Processed: merging 1060077 1058923

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> merge 1060077 1058923
Bug #1060077 [release.debian.org] transition: g2clib
Bug #1058923 [release.debian.org] transition: g2clib
Merged 1058923 1060077
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1058923: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058923
1060077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060077
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1059961: marked as done (transition: benchmark)

[Debian Bug Tracking System]

Your message dated Mon, 15 Jan 2024 22:21:23 +0100
with message-id 
and subject line Re: Bug#1059961: transition: benchmark
has caused the Debian Bug report #1059961,
regarding transition: benchmark
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1059961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: benchm...@packages.debian.org
Control: affects -1 + src:benchmark

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear release team,

please schedule a tiny benchmark transition.

Thanks!

Ben file:

title = "benchmark";
is_affected = .depends ~ "libbenchmark1debian" | .depends ~ "libbenchmark1.8.3";
is_good = .depends ~ "libbenchmark1.8.3";
is_bad = .depends ~ "libbenchmark1debian";




-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmWWWMARHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wb6uA/9FuLjNjbEHrnfYhaMJPlFjc1d7xSOv5MJ
SsQJP8RRQP3KpSuP2U3B66b1itzRSOCMb+OiDIK9nigUPjM79l/E8WlVtZ6mLTBp
9PAoe391wPmJ4th3MzGQCOwCam/eXgy1xLa7/l6BgfBDRiOCygokFB1Pu3Af8IJq
34fsyPX2mbFoGjA+oqQcCLDPDmkWWYvo6iuMvP9tC3nGWojzAJlj4BS0Kds4ulsQ
NQ78W28wNfwqGSyfegHYN/8krkxWZI+OVXD/4eaW4qs+lfsMabdfCaiomA5dZZb8
N3UaPZdXwDRVw00btwW2lB/FN4smWd7V9gOprVzwwU8VfG9NGWGZ1DTrLQCjDQgj
/FGVFgTnp29xZSE1Z9FGJJh0BwJJLgM77x3+cDf8SHVwLiWO8DS51Y4P4xLTXSS6
9fvjea5XfquhDfSLsXpXFt6wFrnjrAImj/v1OWp9negPSRWyKycNzf4ePgIqhvw6
rQV6+VTVFGpB7DggoHqHmFEi8JV6SC44f5USpcHd5mMvHczGIgfuzho69xSoKx4U
CmdGtVEbEGsnxqylqFYHkfUz6B2Euper193JXAX5GQ/2DzrJe5TNsXStGvRBy+PS
TNSLeZMMkMofNE+1VjiffqQgmRSdFzqCmX6gmd3Zs6ZA20iNUjdcNPxKW9BAslbh
TndgQAtpDV4=
=EugD
-END PGP SIGNATURE-
--- End Message ---
--- Begin Message ---
On 2024-01-04 08:05:36 +0100, Anton Gladky wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> X-Debbugs-Cc: benchm...@packages.debian.org
> Control: affects -1 + src:benchmark
> 
> Dear release team,
> 
> please schedule a tiny benchmark transition.

The old binaries got removed from testing.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Bug#1060077: transition: g2clib

[Sebastian Ramacher]

Control: tags -1 ocnfirmed

On 2024-01-05 17:11:23 +, Alastair McKinstry wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> X-Debbugs-Cc: g2c...@packages.debian.org, sramac...@debian.org
> Control: affects -1 + src:g2clib
> 
> 
> There is a minor transition I wish to proceed. g2clib upstream have added an 
> SOVERSION of .0

Please go ahead.

Cheers
-- 
Sebastian Ramacher

Processed: Re: Bug#1059066: transition: nauty

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed
Bug #1059066 [release.debian.org] transition: nauty
Added tag(s) confirmed.

-- 
1059066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1059066: transition: nauty

[Sebastian Ramacher]

Control: tags -1 confirmed

On 2023-12-19 23:02:13 +, Torrance, Douglas wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: transition
> X-Debbugs-Cc: dtorra...@piedmont.edu
> Severity: normal
> 
> Hello!
> 
> I am requesting a transition slot for nauty.

Please go ahead.

Cheers
-- 
Sebastian Ramacher

Processed: Re: Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

[Debian Bug Tracking System]

Processing control commands:

> tags -1 + moreinfo
Bug #1060774 [release.debian.org] bullseye-pu: netatalk/3.1.12~ds-8+deb11u2
Added tag(s) moreinfo.

-- 
1060774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060774
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1060774: bullseye-pu: netatalk/3.1.12~ds-8+deb11u2

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Sun, 2024-01-14 at 06:23 +, Daniel Markstedt wrote:
> CVE-2022-22995
> Ref. advisory: https://netatalk.sourceforge.io/CVE-2022-22995.php
> 
> The attached patch can be applied to Debian oldstable to address the
> vulnerability.
> 

In order to approve an upload, we need to see a full source debdiff of
the proposed new package, not just the isolated patch. Please remove
the moreinfo tag when providing that.

> I'm proposing an oldstable out-of-release-cycle upload: 3.1.12~ds-
> 8+deb11u2

I'm not entirely sure what you mean by an "out-of-release-cycle upload"
here.

Regards,

Adam

Bug#1060851: bookworm-pu: package pypdf/3.4.1-1

[Scott Kitterman]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

(Please provide enough information to help the release team
to judge the request efficiently. E.g. by filling in the
sections below.)

[ Reason ]
This upload adds a patch to address CVE-2023-36464.  It was assessed by
the security team as no-dsa, so I think we ought to fix it in a stable
update.

[ Impact ]
Users remain vulnerable to the DoS attack described in the CVE.

[ Tests ]
There is a pypdf test suite that runs during package build and
autopkgtest.  Upstream did add a test for this issue, but since it
requires test assets not available in Debian, I did not include it in
the patch.

[ Risks ]
Code is trivial and the risk of regression is negligible.  This is the
exact fix upstream used.  The fix has been in the wild for 8 months, so
I think if it was going to cause a problem, we'd know by now.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Added the upstream change to fix the CVE (only the change to
pypdf/generic/_data_structures.py is relevant):
https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932

Updated gbp.conf to point at the bookworm branch

[ Other info ]
This will look like an NMU in tools that look at stable.  I just adopted
the package due to the original maintainer's RFA and have uploaded to
unstable (including this fix).  I elected not to change the maintainer
in this upload since that didn't fit with a minimal change in stable.

Scott K
diff -Nru pypdf-3.4.1/debian/changelog pypdf-3.4.1/debian/changelog
--- pypdf-3.4.1/debian/changelog2023-02-14 16:58:00.0 -0500
+++ pypdf-3.4.1/debian/changelog2024-01-15 11:28:43.0 -0500
@@ -1,3 +1,13 @@
+pypdf (3.4.1-1+deb12u1) bookworm; urgency=medium
+
+  * Update debian/gbp.conf to point at bookworm branch
+  * Prevent infinite loop when no character follows after a comment (Closes:
+#1040338)
+- Addresses CVE-2023-36464
+- Add d/p/0003-Prevent-infinite-loop-when-no-character-follows-afte.patch
+
+ -- Scott Kitterman   Mon, 15 Jan 2024 11:28:43 -0500
+
 pypdf (3.4.1-1) unstable; urgency=medium
 
   * New upstream version 3.4.1
diff -Nru pypdf-3.4.1/debian/gbp.conf pypdf-3.4.1/debian/gbp.conf
--- pypdf-3.4.1/debian/gbp.conf 2023-02-14 16:58:00.0 -0500
+++ pypdf-3.4.1/debian/gbp.conf 2024-01-15 11:28:20.0 -0500
@@ -1,3 +1,3 @@
 [DEFAULT]
-debian-branch = debian/unstable
+debian-branch = debian/bookworm
 pristine-tar = True
diff -Nru 
pypdf-3.4.1/debian/patches/0003-Prevent-infinite-loop-when-no-character-follows-afte.patch
 
pypdf-3.4.1/debian/patches/0003-Prevent-infinite-loop-when-no-character-follows-afte.patch
--- 
pypdf-3.4.1/debian/patches/0003-Prevent-infinite-loop-when-no-character-follows-afte.patch
  1969-12-31 19:00:00.0 -0500
+++ 
pypdf-3.4.1/debian/patches/0003-Prevent-infinite-loop-when-no-character-follows-afte.patch
  2024-01-15 11:28:43.0 -0500
@@ -0,0 +1,21 @@
+From: Scott Kitterman 
+Date: Mon, 15 Jan 2024 11:34:11 -0500
+Subject: Prevent infinite loop when no character follows after a comment
+https://security-tracker.debian.org/tracker/CVE-2023-36464
+---
+ pypdf/generic/_data_structures.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pypdf/generic/_data_structures.py 
b/pypdf/generic/_data_structures.py
+index bb2e028..524d4e0 100644
+--- a/pypdf/generic/_data_structures.py
 b/pypdf/generic/_data_structures.py
+@@ -979,7 +979,7 @@ class ContentStream(DecodedStreamObject):
+ # encountering a comment -- but read_object assumes that
+ # following the comment must be the object we're trying to
+ # read.  In this case, it could be an operator instead.
+-while peek not in (b"\r", b"\n"):
++while peek not in (b"\r", b"\n", b""):
+ peek = stream.read(1)
+ else:
+ operands.append(read_object(stream, None, 
self.forced_encoding))
diff -Nru pypdf-3.4.1/debian/patches/series pypdf-3.4.1/debian/patches/series
--- pypdf-3.4.1/debian/patches/series   2023-02-14 16:58:00.0 -0500
+++ pypdf-3.4.1/debian/patches/series   2024-01-15 11:28:43.0 -0500
@@ -1,2 +1,3 @@
 0001-Use-formal-Cryptodome-namespace.patch
 0002-mark-new-external-tests-appropriately.patch
+0003-Prevent-infinite-loop-when-no-character-follows-afte.patch

Re: Bug#1060779: src:mesa: fails to migrate to testing for too long: unavailable Build-Depends on mips64el

[Simon McVittie]

On Sun, 14 Jan 2024 at 08:39:52 +0100, Paul Gevers wrote:
> The Release Team considers packages that are out-of-sync between testing and
> unstable for more than 30 days as having a Release Critical bug in testing
> [1]. Your package src:mesa has been trying to migrate for 31 days [2].
> Hence, I am filing this bug. The version in unstable build depends on
> binaries from llvm-toolchain-17, which haven't been built on mips64el yet
> (reported in bug 1056116).

Adding mips64el porting team to Cc for visibility.

Mesa could probably work around this by disabling the LLVM parts on
mips64el (removing mips64 from LLVM_ARCHS in d/rules and from various
lists of LLVM-capable architectures in d/control).

The cost would be that most mips64el users would have to use slow
fallback software rendering, because disabling LLVM support would
disable llvmpipe (which it seems doesn't actually work properly
on mips* in any case) but also the AMD driver (which is what
graphical MIPS users rely on in practice, according to discussion on
https://salsa.debian.org/gnome-team/gnome-shell/-/merge_requests/71).

That's a high cost for mips64el users, but the alternative seems to be
letting mips64el hold back all of our other architectures, and I don't
think that's really viable.

Thanks,
smcv

Bug#1060367: release.debian.org: RFC: Transitions check for dupload?

[Holger Levsen]

On Sun, Jan 14, 2024 at 10:06:44PM +0100, Guillem Jover wrote:
> Warning: Source package barnowl is part of ongoing transitions:
>   
>   
> (I think I'll be adding some generic way to skip specific hooks,
> because this is a common pattern among them, something like
> --skip-hooks=a,b and DUPLOAD_SKIP_HOOKS=a,b.)
> > Continue anyway? (yes/NO) 
 
/me likes!

Though I'm a dput user. :) So I also applause sorting this out with
dupload first and then filing wishbugs for dput & dput-ng!


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The devel is in the details.


signature.asc
Description: PGP signature

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: wolfssl_5.5.4-2+deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: usrmerge_37~deb12u1_all-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_ppc64el-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: usrmerge_37~deb12u1_source.changes
  ACCEPT
Processing changes file: wolfssl_5.5.4-2+deb12u1_source.changes
  ACCEPT

Processed: wolfssl 5.5.4-2+deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1054446 = bookworm pending
Bug #1054446 [release.debian.org] bookworm-pu: package wolfssl/5.5.4-2+deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1054446: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054446
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: usrmerge 37~deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1057089 = bookworm pending
Bug #1057089 [release.debian.org] bookworm-pu: package usrmerge/37~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1057089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057089
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1057089: usrmerge 37~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1057089 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: usrmerge
Version: 37~deb12u1

Explanation: clean up biarch directories when not needed; don't run 
convert-etc-shells again on converted systems; handle mounted /lib/modules on 
Xen systems; improve error reporting; add versioned conflicts with libc-bin, 
dhcpcd, libparted1.8-10 and lustre-utils

Bug#1054446: wolfssl 5.5.4-2+deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1054446 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: wolfssl
Version: 5.5.4-2+deb12u1

Explanation: fix security issue when client sent neither PSK nor KSE extensions 
[CVE-2023-3724]