Bug#1039048: php-doctrine-cache: unsatisfiable build dependency

[Peter Michael Green]

Package: php-doctrine-cache
Version: 2.2.0-1
Severity: serious
Tags: trixie, sid

php-doctrine-cache build-depends on php-nrk-predis which
was a transitional dummy package in bookworm and no
longer exists in trixie or sid.

Presumablly the build-dependency should be changed to
php-predis.

Bug#1038746: (python-cryptography) build dependency missing in testing

[Peter Michael Green]

tags 1038746 +patch
thanks


Dose [1] is reporting issues with your packages. Normally your build
dependencies shouldn't be removed from testing without removal all
reverse build dependencies too, nor should a package be allowed to
migrate unless all build dependencies are candidate for migration too.
However, somehow we ended up in the current state

The "somehow" is that testing migration only checks build
dependencies in the forward direction, not in reverse. So a
new version of a package that breaks your build-dependencies
can and often does migrate. Specifically this was caused by
the recent update of rust-pyo3.

Anyway, a debdiff is attatched, I may or may not NMU this
later.
diff -Nru python-cryptography-38.0.4/debian/changelog 
python-cryptography-38.0.4/debian/changelog
--- python-cryptography-38.0.4/debian/changelog 2023-02-28 05:36:13.0 
+
+++ python-cryptography-38.0.4/debian/changelog 2023-06-25 00:58:26.0 
+
@@ -1,3 +1,13 @@
+python-cryptography (38.0.4-3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Don't depend on librust-indoc-dev, it's not used directly,
+instead depend on the "default" feature of librust-pyo3-dev.
+  * Apply adjusted upstream patch for py03 0.19 and bump
+dependencies accordingly.
+
+ -- Peter Michael Green   Sun, 25 Jun 2023 00:58:26 +
+
 python-cryptography (38.0.4-3) unstable; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru python-cryptography-38.0.4/debian/control 
python-cryptography-38.0.4/debian/control
--- python-cryptography-38.0.4/debian/control   2023-02-28 05:36:13.0 
+
+++ python-cryptography-38.0.4/debian/control   2023-06-25 00:58:26.0 
+
@@ -12,12 +12,12 @@
librust-asn1-0.12-dev,
librust-asn1-derive-0.12-dev,
librust-chrono-0.4-dev,
-   librust-indoc-dev,
librust-ouroboros-0.15-dev,
librust-paste-dev,
librust-pem-1.0-dev,
-   librust-pyo3-0.17-dev,
-   librust-pyo3-macros-0.17-dev,
+   librust-pyo3-0.19-dev,
+   librust-pyo3-0.19+default-dev,
+   librust-pyo3-macros-0.19-dev,
libssl-dev,
pybuild-plugin-pyproject,
python3-all-dev,
diff -Nru python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch 
python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch
--- python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch   
1970-01-01 00:00:00.0 +
+++ python-cryptography-38.0.4/debian/patches/Bump-pyo3-dep.patch   
2023-06-25 00:58:26.0 +
@@ -0,0 +1,13 @@
+Index: python-cryptography-38.0.4.new/src/rust/Cargo.toml
+===
+--- python-cryptography-38.0.4.new.orig/src/rust/Cargo.toml
 python-cryptography-38.0.4.new/src/rust/Cargo.toml
+@@ -7,7 +7,7 @@ publish = false
+ 
+ [dependencies]
+ once_cell = "1"
+-pyo3 = { version = "0.17" }
++pyo3 = { version = "0.19" }
+ asn1 = { version = "0.12", default-features = false, features = ["derive"] }
+ pem = ">= 1.0, < 1.2"
+ chrono = { version = "0.4", default-features = false, features = ["alloc", 
"clock"] }
diff -Nru python-cryptography-38.0.4/debian/patches/series 
python-cryptography-38.0.4/debian/patches/series
--- python-cryptography-38.0.4/debian/patches/series2023-02-28 
05:36:13.0 +
+++ python-cryptography-38.0.4/debian/patches/series2023-06-25 
00:58:26.0 +
@@ -6,3 +6,4 @@
 ease-chrono-dependency-from-0.4.22-to-0.4.patch
 drop-cffi-dep.patch
 Don-t-allow-update_into-to-mutate-immutable-objects-.patch
+Upgrade-to-pyo3-0.19.patch
diff -Nru python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch 
python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
--- python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
1970-01-01 00:00:00.0 +
+++ python-cryptography-38.0.4/debian/patches/Upgrade-to-pyo3-0.19.patch
2023-06-25 00:58:26.0 +
@@ -0,0 +1,71 @@
+This patch is based on the upstream commit described below, adapted for use
+in the Debian package by Peter Michael Green.
+
+commit b1cfa3adef986ef3466b080263911e8d79ec6141
+Author: Alex Gaynor 
+Date:   Wed May 31 16:27:10 2023 -0400
+
+pyo3 0.19 (#8999)
+
+* Bump pyo3 from 0.18.3 to 0.19.0 in /src/rust
+
+Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.18.3 to 0.19.0.
+- [Release notes](https://github.com/pyo3/pyo3/releases)
+- [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md)
+- [Commits](https://github.com/pyo3/pyo3/compare/v0.18.3...v0.19.0)
+
+---
+updated-dependencies:
+- dependency-name: pyo3
+  dependency-type: direct:production
+  update-type: version-update:semver-minor
+...
+
+Signed-off-by: dependabot[bot] 
+
+* pyo3 0.19
+
+-
+
+

Processed: re: (python-cryptography) build dependency missing in testing

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> tags 1038746 +patch
Bug #1038746 [src:python-cryptography] build dependency missing in testing
Added tag(s) patch.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1038746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038746
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038420: marked as done (rust-rustls - autopkgtest failure with new base64.)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 21:02:10 +
with message-id 
and subject line Bug#1038420: fixed in rust-rustls 0.20.8-4.1
has caused the Debian Bug report #1038420,
regarding rust-rustls - autopkgtest failure with new base64.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038420: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038420
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: rust-rustls
Version: 0.20.8-4
Severity: serious
Tags: trixie, sid

The autopkgtest for rust-rustls autopkgtest depends on rust-base64 0.13 but
unstable now has 0.21 and we are trying to get it into trixie.

Since your package does not use skip-not-installable this is a hard failure
and is blocking the testing migration of rust-rustls-pemfile and hence
rust-base64.

When upstream bumped the dependency they made some code
changes, but it looks like said code changes were only needed
to fix deprecation warnings. Simply bumping the dependency in
Cargo.toml and debian/tests/control is enough to make the autopkgtest
pass.

Debdiff attatched, if this is still outstanding in a week or so and other
blockers for testing migration are cleared, I will probablly NMU it.
diff -Nru rust-rustls-0.20.8/debian/changelog 
rust-rustls-0.20.8/debian/changelog
--- rust-rustls-0.20.8/debian/changelog 2023-02-03 13:57:58.0 +
+++ rust-rustls-0.20.8/debian/changelog 2023-06-18 01:01:18.0 +
@@ -1,3 +1,10 @@
+rust-rustls (0.20.8-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Bump base64 dev-dependency to 0.21.
+
+ -- Peter Michael Green   Sun, 18 Jun 2023 01:01:18 +
+
 rust-rustls (0.20.8-4) unstable; urgency=medium
 
   * add patch 1001 to add feature constraints to tests
diff -Nru rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch 
rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch
--- rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch1970-01-01 
00:00:00.0 +
+++ rust-rustls-0.20.8/debian/patches/2004_bump_base64.patch2023-06-18 
01:01:00.0 +
@@ -0,0 +1,11 @@
+--- rust-rustls-0.20.8.orig/rustls/Cargo.toml
 rust-rustls-0.20.8/rustls/Cargo.toml
+@@ -37,7 +37,7 @@ log = "0.4.4"
+ rustls-native-certs = "0.6"
+ criterion = "0.3.0"
+ rustls-pemfile = "1.0.0"
+-base64 = "0.13.0"
++base64 = "0.21.0"
+ 
+ [[example]]
+ name = "bogo_shim"
diff -Nru rust-rustls-0.20.8/debian/patches/series 
rust-rustls-0.20.8/debian/patches/series
--- rust-rustls-0.20.8/debian/patches/series2023-02-03 13:56:11.0 
+
+++ rust-rustls-0.20.8/debian/patches/series2023-06-18 01:00:10.0 
+
@@ -1,3 +1,4 @@
 1001_feature_constraints.patch
 2001_native_certs.patch
 2003_network_access.patch
+2004_bump_base64.patch
diff -Nru rust-rustls-0.20.8/debian/tests/control 
rust-rustls-0.20.8/debian/tests/control
--- rust-rustls-0.20.8/debian/tests/control 2023-02-02 19:14:08.0 
+
+++ rust-rustls-0.20.8/debian/tests/control 2023-06-18 00:58:44.0 
+
@@ -4,7 +4,7 @@
 Features: test-name=rust-rustls-0.20:@
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -27,7 +27,7 @@
 Features: test-name=rust-rustls-0.20:dangerous_configuration
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -48,7 +48,7 @@
 Features: test-name=rust-rustls-0.20:quic
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -69,7 +69,7 @@
 Features: test-name=rust-rustls-0.20:secret_extraction
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -90,7 +90,7 @@
 Features: test-name=rust-rustls-0.20:tls12
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  librust-docopt-1+default-dev,
  librust-env-logger-0.9+default-dev,
@@ -111,7 +111,7 @@
 Features: test-name=rust-rustls-0.20:read_buf
 Depends:
  dh-cargo (>= 18),
- librust-base64-0.13+default-dev,
+ librust-base64-0.21+default-dev,
  librust-criterion-0.3+default-dev,
  

Processed: Re: Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Debian Bug Tracking System]

Processing control commands:

> reassign -1 ruby-activerecord 2:6.1.7.3+dfsg-1
Bug #1038935 [schleuder] schleuder: fails to upgrade buster -> bullseye -> 
bookworm: NoMethodError: undefined method `preparable='
Bug reassigned from package 'schleuder' to 'ruby-activerecord'.
No longer marked as found in versions schleuder/4.0.3-7.
Ignoring request to alter fixed versions of bug #1038935 to the same values 
previously set
Bug #1038935 [ruby-activerecord] schleuder: fails to upgrade buster -> bullseye 
-> bookworm: NoMethodError: undefined method `preparable='
Marked as found in versions rails/2:6.1.7.3+dfsg-1.
> retitle -1 ruby-activerecord: missing Conflicts: ruby-arel
Bug #1038935 [ruby-activerecord] schleuder: fails to upgrade buster -> bullseye 
-> bookworm: NoMethodError: undefined method `preparable='
Changed Bug title to 'ruby-activerecord: missing Conflicts: ruby-arel' from 
'schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: 
undefined method `preparable=''.
> affects -1 + src:schleuder
Bug #1038935 [ruby-activerecord] ruby-activerecord: missing Conflicts: ruby-arel
Added indication that 1038935 affects src:schleuder
> clone -1 -2 -3
Bug #1038935 [ruby-activerecord] ruby-activerecord: missing Conflicts: ruby-arel
Bug 1038935 cloned as bugs 1039034-1039035
> reassign -2 ruby-arel 9.0.0-2
Bug #1039034 [ruby-activerecord] ruby-activerecord: missing Conflicts: ruby-arel
Bug reassigned from package 'ruby-activerecord' to 'ruby-arel'.
No longer marked as found in versions rails/2:6.1.7.3+dfsg-1.
Ignoring request to alter fixed versions of bug #1039034 to the same values 
previously set
Bug #1039034 [ruby-arel] ruby-activerecord: missing Conflicts: ruby-arel
Marked as found in versions ruby-arel/9.0.0-2.
> tag -2 sid trixie
Bug #1039034 [ruby-arel] ruby-activerecord: missing Conflicts: ruby-arel
Added tag(s) trixie and sid.
> retitle -2 ruby-arel: obsolete, integrated into ruby-activerecord, 
> incompatible with ruby-activerecord 6.1.x
Bug #1039034 [ruby-arel] ruby-activerecord: missing Conflicts: ruby-arel
Changed Bug title to 'ruby-arel: obsolete, integrated into ruby-activerecord, 
incompatible with ruby-activerecord 6.1.x' from 'ruby-activerecord: missing 
Conflicts: ruby-arel'.
> reassign -3 src:ruby-premailer-rails 1.10.3-3
Bug #1039035 [ruby-activerecord] ruby-activerecord: missing Conflicts: ruby-arel
Bug reassigned from package 'ruby-activerecord' to 'src:ruby-premailer-rails'.
No longer marked as found in versions rails/2:6.1.7.3+dfsg-1.
Ignoring request to alter fixed versions of bug #1039035 to the same values 
previously set
Bug #1039035 [src:ruby-premailer-rails] ruby-activerecord: missing Conflicts: 
ruby-arel
Marked as found in versions ruby-premailer-rails/1.10.3-3.
> tag -3 sid trixie bookworm
Bug #1039035 [src:ruby-premailer-rails] ruby-activerecord: missing Conflicts: 
ruby-arel
Added tag(s) sid and trixie.
> retitle -3 ruby-premailer-rails: B-D on obsolete ruby-arel, incompatible with 
> ruby-activerecord 6.1.x
Bug #1039035 [src:ruby-premailer-rails] ruby-activerecord: missing Conflicts: 
ruby-arel
Changed Bug title to 'ruby-premailer-rails: B-D on obsolete ruby-arel, 
incompatible with ruby-activerecord 6.1.x' from 'ruby-activerecord: missing 
Conflicts: ruby-arel'.

-- 
1038935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038935
1039034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039034
1039035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039035
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Andreas Beckmann]

Control: reassign -1 ruby-activerecord 2:6.1.7.3+dfsg-1
Control: retitle -1 ruby-activerecord: missing Conflicts: ruby-arel
Control: affects -1 + src:schleuder
Control: clone -1 -2 -3
Control: reassign -2 ruby-arel 9.0.0-2
Control: tag -2 sid trixie
Control: retitle -2 ruby-arel: obsolete, integrated into ruby-activerecord, 
incompatible with ruby-activerecord 6.1.x
Control: reassign -3 src:ruby-premailer-rails 1.10.3-3
Control: tag -3 sid trixie bookworm
Control: retitle -3 ruby-premailer-rails: B-D on obsolete ruby-arel, 
incompatible with ruby-activerecord 6.1.x

On 24/06/2023 15.07, Georg Faerber wrote:

So, given the above, I believe this bug should be reassigned to
ruby-activerecord, and schleuder should be marked as affected? Also, I


Doing that, and cloning it for ruby-arel and ruby-premailer-rails.


guess, as this issue is not specific to schleuder, probably more
packages which rely on ruby-activerecord are affected.


But schleuder seems to be the only one using it "sufficiently" to expose
the bug already in the maintainer scripts.


I'll prepare a ruby-activerecord proposed-update targeting bookworm.


This needs to be fixed in sid first.

Adding the Conflicts against ruby-arel in ruby-activerecord requires
changes in src:ruby-premailer-rails, too, since that (directly)
build-depends on ruby-arel and indirectly on ruby-activerecord.
Maybe dropping the B-D: ruby-arel is already sufficient.
These changes need to be backported to bookworm-pu as well.
If that is fixed, ruby-arel can be removed from sid (and it could be
considered to remove it from bookworm as well).


Andreas

Processed: Adding package name to #1038737

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> retitle 1038737 photoqt: FTBFS on mips64el: Unable to import PyChromecast
Bug #1038737 [src:photoqt] FTBFS on mips64el: Unable to import PyChromecast
Changed Bug title to 'photoqt: FTBFS on mips64el: Unable to import 
PyChromecast' from 'FTBFS on mips64el: Unable to import PyChromecast'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1038737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038737
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: transition: qtbase-abi-5-15-10

[Debian Bug Tracking System]

Processing control commands:

> block -1 by 1038402 1038737
Bug #1039030 [release.debian.org] transition: qtbase-abi-5-15-10
1039030 was not blocked by any bugs.
1039030 was not blocking any bugs.
Added blocking bug(s) of 1039030: 1038402 and 1038737
> affects -1 + src:qtbase-opensource-src
Bug #1039030 [release.debian.org] transition: qtbase-abi-5-15-10
Added indication that 1039030 affects src:qtbase-opensource-src

-- 
1039030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038762: marked as done ([src:systemd]: login (gnome) uses wrong keyboard layout)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 19:51:55 +
with message-id 
and subject line Bug#1038762: fixed in systemd 253-4
has caused the Debian Bug report #1038762,
regarding [src:systemd]: login (gnome) uses wrong keyboard layout
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: src:systemd
version: 253-3
severity: critical

The latest package update (to unstable) has broken login keyboard-
layout support. I'm marking this as critical due to the chaotic
potential for locking many users out of their accounts / systems, some
of whom unlike myself may have no clue what's wrong and how to get
around it, if they can.

I'm from the UK and my locale / keyboard-layout is setup accordingly.

Systemd packages were updated from 252.11-1 to 253-3 today on my
unstable/sid system. I happened to hit an OOM condition that killed my
user session a little while after having installed these updates,
kicking me back to the Gnome login screen. I tried to log back in but I
couldn't. After many tries, confident I was typing in my password
correctly, and rebooting having made no difference, I toggled the
feature to see what I was typing and discovered that a certain special
character was not matching what I typed. I was able to find a key with
which to enter the correct symbol and thus was able to get back in. I
presume it's defaulting to US layout for some reason.

I checked out the updates that had been installed today and I then
tried downgrading all of the systemd packages (listed below) to those
from testing (252.11-1). This solves the problem.

With 253-3 installed, if I lock my account it seems to be using the
correct layout, but if I logout or reboot then it's using the wrong
one. With the 252.11-1 downgrade everything uses the correct layout
again. Reinstating 253-3 the problem is back, confirming that the
problem relates to the upgrade of systemd packages.

Apt package log (systemd only):
Install: systemd-dev:amd64 (253-3, automatic)
Upgrade: udev:amd64 (252.11-1, 253-3), systemd-container:amd64 (252.11-
1, 253-3), libnss-myhostname:amd64 (252.11-1, 253-3), libpam-
systemd:amd64 (252.11-1, 253-3), libsystemd0:amd64 (252.11-1, 253-3),
libudev-dev:amd64 (252.11-1, 253-3), systemd:amd64 (252.11-1, 253-3),
libudev1:amd64 (252.11-1, 253-3), libnss-mymachines:amd64 (252.11-1,
253-3), libsystemd-shared:amd64 (252.11-1, 253-3), systemd-sysv:amd64
(252.11-1, 253-3), libsystemd-dev:amd64 (252.11-1, 253-3)

Apt term log (systemd only):
Preparing to unpack .../0-libnss-mymachines_253-3_amd64.deb ...
Unpacking libnss-mymachines:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../1-systemd-container_253-3_amd64.deb ...
Unpacking systemd-container (253-3) over (252.11-1) ...
Preparing to unpack .../2-systemd-oomd_253-3_amd64.deb ...
Unpacking systemd-oomd (253-3) over (252.11-1) ...
Preparing to unpack .../3-libpam-systemd_253-3_amd64.deb ...
Unpacking libpam-systemd:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../4-systemd_253-3_amd64.deb ...
Unpacking systemd (253-3) over (252.11-1) ...
Preparing to unpack .../5-libsystemd-shared_253-3_amd64.deb ...
Unpacking libsystemd-shared:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../6-libsystemd0_253-3_amd64.deb ...
Unpacking libsystemd0:amd64 (253-3) over (252.11-1) ...
Setting up libsystemd0:amd64 (253-3) ...
Preparing to unpack .../archives/udev_253-3_amd64.deb ...
Unpacking udev (253-3) over (252.11-1) ...
Selecting previously unselected package systemd-dev.
Preparing to unpack .../systemd-dev_253-3_all.deb ...
Unpacking systemd-dev (253-3) ...
Setting up systemd-dev (253-3) ...
Setting up libsystemd-shared:amd64 (253-3) ...
Setting up systemd (253-3) ...
Installing new version of config file /etc/systemd/journald.conf ...
Installing new version of config file /etc/systemd/system.conf ...
Installing new version of config file /etc/systemd/user.conf ...
Preparing to unpack .../systemd-sysv_253-3_amd64.deb ...
Unpacking systemd-sysv (253-3) over (252.11-1) ...
Preparing to unpack .../libsystemd-dev_253-3_amd64.deb ...
Unpacking libsystemd-dev:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../libudev-dev_253-3_amd64.deb ...
Unpacking libudev-dev:amd64 (253-3) over (252.11-1) ...
Preparing to unpack .../libudev1_253-3_amd64.deb ...
Unpacking libudev1:amd64 (253-3) over (252.11-1) ...
Setting up libudev1:amd64 (253-3) ...
Preparing to unpack .../libnss-myhostname_253-3_amd64.deb ...
Unpacking libnss-myhostname:amd64 

Bug#996878: marked as done (python3-prelude: python3 import prelude throws an ImportError exception)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 19:47:57 +
with message-id 
and subject line Bug#996878: fixed in libprelude 5.2.0-3+deb11u1
has caused the Debian Bug report #996878,
regarding python3-prelude: python3 import prelude throws an ImportError 
exception
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
996878: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996878
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python3-prelude
Version: 5.2.0-4
Severity: grave
Justification: renders package unusable


Dear Maintainer,

   * What led up to the situation?
Installing python3-prelude on a fresh bullseye, then importing
"prelude" in the python3 interpreter
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
I tried to use python3-prelude from unstable with no luck
   * What was the outcome of this action?
Importing generates :
:~# python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44) 
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import prelude
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3/dist-packages/prelude.py", line 15, in 
from _prelude import *
ImportError: 
/usr/lib/python3/dist-packages/_prelude.cpython-39-x86_64-linux-gnu.so: 
undefined symbol: PyIOBase_Type

   * What outcome did you expect instead?
I expected it to load prelude. It seems to also affect prewikka which
does this import (my first problem was related to prewikka, I digged it
to python3-prelude)

Cheers
François Lesueur


-- System Information:
Debian Release: 11.1
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-9-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-prelude depends on:
ii  libc62.31-13+deb11u2
ii  libgcc-s110.2.1-6
ii  libprelude28 5.2.0-4
ii  libpreludecpp12  5.2.0-3+b1
ii  libstdc++6   10.2.1-6
ii  python3  3.9.2-3

python3-prelude recommends no packages.

python3-prelude suggests no packages.

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libprelude
Source-Version: 5.2.0-3+deb11u1
Done: Andreas Beckmann 

We believe that the bug you reported is fixed in the latest version of
libprelude, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 996...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Beckmann  (supplier of updated libprelude package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sun, 18 Jun 2023 00:27:52 +0200
Source: libprelude
Architecture: source
Version: 5.2.0-3+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Pierre Chifflier 
Changed-By: Andreas Beckmann 
Closes: 996878
Changes:
 libprelude (5.2.0-3+deb11u1) bullseye; urgency=medium
 .
   * Non-maintainer upload.
   * Backport Python module fixes from 5.2.0-4/5.2.0-5.
 .
   [ Thomas Andrejak ]
   * d.patches: Add new patch 025-Fix-PyIOBase_Type.patch
 - Fix PyIOBase_Type for Python 3.10 compatibility
   * d.patches: Update 025-Fix-PyIOBase_Type.patch because swig is not
 executed (Closes: #996878)
   * d.tests: Add test to valid that we can load prelude as a python module
Checksums-Sha1:
 e718bebc39b27b262dd30efb119f8b48cb5f8a03 2893 libprelude_5.2.0-3+deb11u1.dsc
 35019b48088797824a4aeef8e14a2c751ef7 28084 
libprelude_5.2.0-3+deb11u1.debian.tar.xz
 10d36523354fc87b37bf5c23a5873c93f8e14e82 10555 
libprelude_5.2.0-3+deb11u1_source.buildinfo
Checksums-Sha256:
 73918d130d2c5949f98bc8507ea9c47bf885a6bfba8f30a2cbf174fff316cd43 2893 
libprelude_5.2.0-3+deb11u1.dsc
 894484db12086fadf8505eb57dfb2ce6d797d293ab91cc2627db54570082b0d9 28084 
libprelude_5.2.0-3+deb11u1.debian.tar.xz
 1ea6978df6c5f3a0272e3680345c025c7b0c8d1616fbea29841dbfe096e077f7 10555 

Bug#1038860: marked as done (trafficserver: Wrong version for trafficserver security-update in DSA-5435-1)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 19:47:12 +
with message-id 
and subject line Bug#1038860: fixed in trafficserver 9.2.0+ds-2+deb12u1
has caused the Debian Bug report #1038860,
regarding trafficserver: Wrong version for trafficserver security-update in 
DSA-5435-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038860: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038860
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: trafficserver
Version: 9.2.0+ds-1~deb12u1
Severity: serious
Justification: wrong version number, does not allow updates to fixed version
X-Debbugs-Cc: car...@debian.org,t...@security.debian.org
Control: affects -1 + security.debian.org,release.debian.org

Hi

The update for trafficserver in DSA-5435-1 for bookworm, while
sourcewise built on top of 9.2.0+ds-2, has an odd version going
backwards, 9.2.0+ds-1~deb12u1.

This should bee 9.2.0+ds-2+deb12u1 instead (as the patches are applied
on top of 9.2.0+ds-2).

Currently it's not possible to install the security update as

$ dpkg --compare-versions 9.2.0+ds-1~deb12u1 gt 9.2.0+ds-2
$ echo $?
1

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 9.2.0+ds-2+deb12u1
Done: Jean Baptiste Favre 

We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jean Baptiste Favre  (supplier of updated trafficserver 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2023 08:43:18 +0200
Source: trafficserver
Architecture: source
Version: 9.2.0+ds-2+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Jean Baptiste Favre 
Changed-By: Jean Baptiste Favre 
Closes: 1038860
Changes:
 trafficserver (9.2.0+ds-2+deb12u1) bookworm-security; urgency=medium
 .
   * Fix version number (Closes: #1038860)
Checksums-Sha1:
 42593a38c00be2947ebfb574aa8d06a45c46663e 3024 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 8c11ed54bd0f4f131051ef4adab5e3f92b0b3e77 8865636 
trafficserver_9.2.0+ds.orig.tar.xz
 b687c6b546a83166fcff6906b5e01778c0551351 39856 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 f93e4dbb02cb97f65e773ba84952bfa7965b076b 12368 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo
Checksums-Sha256:
 87bd95046ec543296432647015e7507c0ca5f2a542455a2ebf4ecd7f5068506c 3024 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 11be65a2b118646fcc3500e63dd1ecce9951f814b02fd3e4d6b8070dc8c1f192 8865636 
trafficserver_9.2.0+ds.orig.tar.xz
 21544c735c7a28a12618196c86dea591943581c4944ec573cf086cf091f00e88 39856 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 6d871be9c62b5b191df744faca184a92904e829e3d1c3b102f4c9d113081f0a7 12368 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo
Files:
 03814fa9358c4b5444c66a29fa9c643d 3024 web optional 
trafficserver_9.2.0+ds-2+deb12u1.dsc
 342e06e020b6e3916ab892a29b479414 8865636 web optional 
trafficserver_9.2.0+ds.orig.tar.xz
 cb37d0778fbf394cb55214fa2a384ad2 39856 web optional 
trafficserver_9.2.0+ds-2+deb12u1.debian.tar.xz
 52592a52fdc00fa5e94588b847bc9cbb 12368 web optional 
trafficserver_9.2.0+ds-2+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmST8IZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hzci1w//baGIj52aBpX9PJVJzGCGK0JjqZwnaiU3sQAZRZb28oQgwlnWqnavjrxv
xRR0WsMxOKwi9dvFKBSGh40NW7EShrLCGARGwE3LZIImyTTdJuEybVq/xF32wM1S
e+o1uH0mQQUqBB4O+t0ao6mBe2C/EF9WP5+stUSrz+7wzdSQHATygJoTP0ocHwMK
h/lsQ1Nx1Xvb+vZw+06Z19s1vmUJItqpC+SGlqSzyv8dndnlhMaKho0YnDwCP5LY
z2LdYXiw8Hom/wJJTJE3nxSVNdcbmSS+9hIqquGwqNfvqeOcDXEJolhfZZEEnhpE
U5rCGEWgsqfW6QhC/H7KXdti4IVW64HDiyZTPsDdxiH8kCNvnp/F4nc0SVvqkdqQ
4vD0tCMeyNkY8XREqP58CCJEjpAHRJJ0mBBpHbZxpZJuyj7FoUNZM7yoSatQMxtU
LA4f6/ZGls70Bbct4EW/roao32Uf5XXf7+CIVUOvH7+2gFXLCQtu7QK2ZkuABbWF
K/EU1ZbTuBUm51TRXkA3YfUsvCQq0Tpku5Tx+msYzjxZ/m+AIba20qI+GURIxxYg
oIfs67Z9O8eQ5zvy39lPVmwKoMBi9x4yM5fGWILjpoBHK5ffxCG61r2+RwrqSnB5

Bug#1038133: marked as done (libx11: CVE-2023-3138)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 19:47:58 +
with message-id 
and subject line Bug#1038133: fixed in libx11 2:1.7.2-1+deb11u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libx11
Source-Version: 2:1.7.2-1+deb11u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:58:56 +0200
Source: libx11
Architecture: source
Version: 2:1.7.2-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian X Strike Force 
Changed-By: Salvatore Bonaccorso 
Closes: 1038133
Changes:
 libx11 (2:1.7.2-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
 (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 4f7e5027d215d1614e904478c77b7eec3289620f 2726 libx11_1.7.2-1+deb11u1.dsc
 d819692b11813732a14924fe28d443e20876429e 3181228 libx11_1.7.2.orig.tar.gz
 ed2f1e2800ec9b113c5f32f3aa736384cf8a2db9 833 libx11_1.7.2.orig.tar.gz.asc
 cff63fb9ae99b29648d0c1a32e726615b298948d 77935 libx11_1.7.2-1+deb11u1.diff.gz
Checksums-Sha256: 
 ec0dcab068d361357957338097b8e5afea57d864c85485db57d74fefd133812d 2726 
libx11_1.7.2-1+deb11u1.dsc
 2c26ccd08f43a6214de89110554fbe97c71692eeb7e7d4829f3004ae6fafd2c0 3181228 
libx11_1.7.2.orig.tar.gz
 509d0ed983ff3aed0dbfb070dabfce82b5787e626f2fd0bfb2a5887918fcd967 833 
libx11_1.7.2.orig.tar.gz.asc
 e1991b48759c51f7bfb765d582311d8ac2ef4b5d6aa951fec1608982e1d8cdcd 77935 
libx11_1.7.2-1+deb11u1.diff.gz
Files: 
 9494a043c90aa4f625232a746fe1ca77 2726 x11 optional libx11_1.7.2-1+deb11u1.dsc
 1012753f3aa3ff4d6a4375aad752e6ba 3181228 x11 optional libx11_1.7.2.orig.tar.gz
 eacbee1e89f81382a0f0a6e88e602c89 833 x11 optional libx11_1.7.2.orig.tar.gz.asc
 bd70895eece14f5607bd1a0ecf43d8dc 77935 x11 optional 
libx11_1.7.2-1+deb11u1.diff.gz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLb4BfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESNoP/R5Do424Msjs+maPx92bZZeorlHPDDS2
+FxQpBf4pQ32chlfDtJdsean1S3cQkQLUGFP3SYQoDUBqDyd+R2BcfWgWWp2+Qig
Q8aHUqFNFCMHICGbt0PQIW+gjLN0dDoZsVfZg9NbYhSIZrT1ro82C8TcDvqgJRYo
K4BmGlRiCaqklQ38fNttKSYIC/kh/gfW8L57dRYKX1m8yClj5znNfnIMqw3J77u1
A5+6mWnfl3fxteWta4nDCNpz9CWKKjDS7+CC9J3Sl3GHmi1+/dq3x9FZ4jBPa2WW
MuRtofNbpmocuaM712uBgJiHgxUyXhQ4GifjyU4N/SOmdtlwhWlUqRvF69MF/+W0
wUOFH9d9vz/NZHkMI6mFulEdQKgneYpdb+6kZb/Nb1VUTY+/GIZmMDFhH3sqgf2S
APiSawgZg6tMhx2GX/mnlK/b9eFvczUnURf6BVPIFnY3ztmRMX7t9OyCEZSW1EmC
pWdrPzjza4qA+QVl6ZTRxK0iCUg3tGDdaVmkyyCj+6z8uXbr34R5pcAl6ULn+jqT
SZ/BSqq84prpt9EFErA0ysDr6p+uoE+nNNCHu0QXI4dOmNfBVBnchQ7KiFa3FEu0
FF82umHh7226grhU0mj5T07jn8g+CtWP3R33TT4LZdCfC6XAgxZ9Os6eQd+FsJHL
XxWwaeY9qOlb
=9mMS
-END PGP 

Bug#1037052: marked as done (minidlna: CVE-2023-33476)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 19:48:05 +
with message-id 
and subject line Bug#1037052: fixed in minidlna 1.3.0+dfsg-2+deb11u2
has caused the Debian Bug report #1037052,
regarding minidlna: CVE-2023-33476
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minidlna
Version: 1.3.2+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for minidlna.

CVE-2023-33476[0]:
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
| to Buffer Overflow. The vulnerability is caused by incorrect
| validation logic when handling HTTP requests using chunked transport
| encoding. This results in other code later using attacker-controlled
| chunk values that exceed the length of the allocated buffer, resulting
| in out-of-bounds read/write.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33476
https://www.cve.org/CVERecord?id=CVE-2023-33476
[1] https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
[2] 
https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minidlna
Source-Version: 1.3.0+dfsg-2+deb11u2
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
minidlna, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated minidlna package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 21:40:21 +0200
Source: minidlna
Architecture: source
Version: 1.3.0+dfsg-2+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Alexander GQ Gerasiov 
Changed-By: Salvatore Bonaccorso 
Closes: 1037052
Changes:
 minidlna (1.3.0+dfsg-2+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052)
Checksums-Sha1: 
 55113d3da854c43f6a5b6115db29f9b5a0c6a837 2214 minidlna_1.3.0+dfsg-2+deb11u2.dsc
 00ff222b4e2a3ea3267e04a06d64e69fa2fd25c6 24540 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz
Checksums-Sha256: 
 f8f61dcb58ede35ea0ef742332cf130cf7df45b2d4f2aa051eead313898665e9 2214 
minidlna_1.3.0+dfsg-2+deb11u2.dsc
 5ab753036173c19f61e7cb6c0033b6c30f104bf68ffcfd9a7dc6f32ae8d2fdae 24540 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz
Files: 
 20b900186e0a8d00a3e5a0c5a5511b6b 2214 net optional 
minidlna_1.3.0+dfsg-2+deb11u2.dsc
 b0d272b4a2c52a9d3658ab3de90fc142 24540 net optional 
minidlna_1.3.0+dfsg-2+deb11u2.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSQsvpfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EyMAP/22S5br+oY0iC5UWjEnm/XWYC4hhj2Ww
MlvjIWNGQWcPdv+OSz8ce/c2ClfYQLewNKtLlOpPxaQbd0M6z6L4zxD0RmJk44bU
VkeiWufFIM+f6xD46CDWP2EjoKLLz584/6Xn1al6Fo4lnZt3q4EDT9RQDR1BQ5tE
qFM+efv3kVR/r5unHEOXZPhNxa/LZJyZyeuwZ/dJt95DEdbBfNG2Fs15SOHF3CH1
P6kOz2jSihyo2DHEvUQvsUO7TQ/lX1amhYEYx+HkixZbIib9bLjQROaASKtPHzuA
6Wg1H144QEFdgRn5yKvaJAZpAEvd42vl8ibFtZtNcZ64ibbS2G3LPArh/wyO1WD8
O4Oye8lQqj/x0JvcZPgQRSkpXoxajKpShX0XVQdf5gjpYfi2eQ++RHC6nmXSqhgQ
AohFlWEVTpyOGCtshwncXgDwvt/UmPitblsgh9ghbo4GvOnC3Pzd0SweZDlVcdPq
fdLe316o/v/Pio99+udshfsfVvhWdbo0QxLVNxOG4MHA2+LKdMf/GYg6QtYjZr8I
SOJczw9WSTDgOTMMV28Jmr27YQW+4lk8waIFKKvIgT2wjsY2iJjRc99rHmBMR4z8
yiRj9T6J4EQXb44juMY4vpvcwoTJN/2tmnNEywPfyV7WAPDi6B2VAOreFGHU7Gjh
ASpCWCgYIR3G
=kXml
-END PGP SIGNATURE End Message ---

Processed: Bug#1038762 marked as pending in systemd

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1038762 [src:systemd] [src:systemd]: login (gnome) uses wrong keyboard 
layout
Added tag(s) pending.

-- 
1038762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038762
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038762: marked as pending in systemd

[Michael Biebl]

Control: tag -1 pending

Hello,

Bug #1038762 in systemd reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/systemd-team/systemd/-/commit/23aa01874155dffb67ca69e576eb82f7ebc8ef46


Stop localed from writing to /etc/default/keyboard and symlink it to 
/etc/vconsole.conf

Integration is not set up for now, but GDM needs to query the configured values.
Allow reading, but disallow setting keymaps.

Closes: #1038762


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1038762

Bug#1039022: obsoleted fork, can be replaced by golang-github-creack-pty-dev

[Shengjing Zhu]

Source: golang-github-elisescu-pty
Version: 1.1.9-1
Severity: serious
X-Debbugs-Cc: z...@debian.org

This fork only contains one change:

https://github.com/elisescu/pty/commit/b36ef7cd (Add a Setsize function to set
the size of the terminal)

This is already merged in https://github.com/creack/pty/commit/f4f01f59

Reverse dependencies should migrate to golang-github-creack-pty-dev.


-- System Information:
Debian Release: 12.0
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#1036950: schleuder: fails to upgrade from 'buster': insufficient dependency on ruby-activerecord (>= 2:6)

[Georg Faerber]

Hi,

On 23-06-23 20:14:59, Georg Faerber wrote:
> Unfortunately, up until now, there wasn't a proposed update targeting
> bullseye.
> 
> Andreas, how do you want to proceed? Do you have any spare cycles to
> handle this? This would be great -- but please don't hesitate to tell me
> if that's not the case, if so, I'll take over.

The pu targeting bullseye is now tracked via #1039020.

Cheers,
Georg

Bug#1037171: marked as done (aide: fresh aide package install fails to add the requried _aide user to system)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 15:32:09 +
with message-id 
and subject line Bug#1037171: fixed in aide 0.18.3-1+deb12u1
has caused the Debian Bug report #1037171,
regarding aide: fresh aide package install fails to add the requried _aide user 
to system
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037171: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037171
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: aide
Version: 0.18.3-1
Severity: serious
Justification: 5.d

Dear Maintainer,

A fresh aide package install on debina buster fails to add the requried _aide 
user to system. This block the ability to run 'aideinit' script.

While this is mentioned in /usr/share/doc/aide-common/README.Debian.gz there 
are no clear instrucntions as to whar range of UID/GID to give the _aide user 
when cerating them manually.

Pleas resolve as this blocks upgarde on most of my systems as I use aide across 
all of them.


-- System Information:
Debian Release: 12.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages aide depends on:
ii  libacl1   2.3.1-3
ii  libaudit1 1:3.0.9-1
ii  libc6 2.36-9
ii  libcap2   1:2.66-4
ii  libext2fs21.47.0-2
ii  libmhash2 0.9.9.9-9
ii  libpcre2-8-0  10.42-1
ii  libselinux1   3.4-1+b6
ii  zlib1g1:1.2.13.dfsg-1

Versions of packages aide recommends:
ii  aide-common  0.18.3-1

Versions of packages aide suggests:
pn  figlet  

-- no debconf information
--- End Message ---
--- Begin Message ---
Source: aide
Source-Version: 0.18.3-1+deb12u1
Done: Marc Haber 

We believe that the bug you reported is fixed in the latest version of
aide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber  (supplier of updated aide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 14 Jun 2023 17:04:20 +0200
Source: aide
Architecture: source
Version: 0.18.3-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Aide Maintainers 
Changed-By: Marc Haber 
Closes: 1037171 1037436
Changes:
 aide (0.18.3-1+deb12u1) bookworm; urgency=medium
 .
   * call dh_installsysusers manually in debian/rules
 Thanks to Tomasz Ciolek (Closes: #1037171)
   * Fix handling of extended attributes on symlinks. (Closes: #1037436)
Checksums-Sha1:
 b315073d184ce6b20b0394cf9e838146612e669a 2611 aide_0.18.3-1+deb12u1.dsc
 5b04a3a650b66cf4f55d4c80e2155da513c29156 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 2773a5ee67abee4c34cdb40924e5b98b1930f4f5 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Checksums-Sha256:
 5881b8e7f6ed00860483721b25ca4d7add6a34b528f5e1d0ce21ec0709bdf7bd 2611 
aide_0.18.3-1+deb12u1.dsc
 bffc0a574f438369e42656667b9aece2859de6253704d6c6be0e5abeca3c1f81 108080 
aide_0.18.3-1+deb12u1.debian.tar.xz
 ccef71f1962f7b78ab2b4fc65a60b2ad17d8083f92d6d5497b9c2f656664fa5d 6629 
aide_0.18.3-1+deb12u1_source.buildinfo
Files:
 adc1d44f43452420566bdee37d3301f6 2611 admin optional aide_0.18.3-1+deb12u1.dsc
 4caf068b32e15a9185833c3ffb8bd365 108080 admin optional 
aide_0.18.3-1+deb12u1.debian.tar.xz
 4f531bf05d42d5924766427615de91ee 6629 admin optional 
aide_0.18.3-1+deb12u1_source.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmSWzq4ACgkQj3cgEwEy
BEJ/7RAAwOoyRBMWEclxTqyGOpHNdLD8Cn1jAwvIOJUQItiTkhUw/0Bdz206xvMV
2hjxxKj0+IZfyRc+9VBKj9CqY/7Dpg68uwVhzORZmCQkhP/OkGZTDMZ47KMVTx1/
5u9ddZdpLoSa3i981cW+atfHGLijXnzQovVZ7cM7H6jg9zofT04PyqC3yg0Jp2fp
06CpuqhDs9oRKbMehSrsmmnGI1WFJojiW3FGmr6rKSo9+CIIWwSU+ecwwqMehnRu
CG/Q13/FaFgQKySrHz8E3JYgPA9ZtZvtCk8eaXXlo/mbU4tb+MtvfGQLtIeloYJg
1ExNar4Q/j2yVc+04aU2xd6XkvIHQDhLgJQ/YYQtcjBGudw6P96f3dUUBMwWuiwr
TA6PotHzwwmFIrIdzi8q8aN7ODIdeJWqEDIiNpqDzHz98Pv3fI2IKDrgnAnQarwl

Bug#1036706: marked as done (xerial-sqlite-jdbc: CVE-2023-32697)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 15:32:09 +
with message-id 
and subject line Bug#1036706: fixed in xerial-sqlite-jdbc 
3.40.1.0+dfsg-1+deb12u1
has caused the Debian Bug report #1036706,
regarding xerial-sqlite-jdbc: CVE-2023-32697
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xerial-sqlite-jdbc
Version: 3.40.1.0+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for xerial-sqlite-jdbc.

CVE-2023-32697[0]:
| SQLite JDBC is a library for accessing and creating SQLite database
| files in Java. Sqlite-jdbc addresses a remote code execution
| vulnerability via JDBC URL. This issue impacting versions 3.6.14.1
| through 3.41.2.1 and has been fixed in version 3.41.2.2.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-32697
https://www.cve.org/CVERecord?id=CVE-2023-32697
[1] 
https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xerial-sqlite-jdbc
Source-Version: 3.40.1.0+dfsg-1+deb12u1
Done: Pierre Gruet 

We believe that the bug you reported is fixed in the latest version of
xerial-sqlite-jdbc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Gruet  (supplier of updated xerial-sqlite-jdbc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 13 Jun 2023 23:19:59 +0200
Source: xerial-sqlite-jdbc
Architecture: source
Version: 3.40.1.0+dfsg-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers 

Changed-By: Pierre Gruet 
Closes: 1036706
Changes:
 xerial-sqlite-jdbc (3.40.1.0+dfsg-1+deb12u1) bookworm; urgency=medium
 .
   * Using a random UUID for the connection (Fixes CVE-2023-32697 in Bookworm,
 Closes: #1036706)
Checksums-Sha1:
 f68b6003914af37fed89e8f11cf15acf3ef3dcbf 2507 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 94f5faa87dc3cbdb175d1a610d1753376c76bf6e 10536 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 c7585c19c01091ac3a36df09cc31057191cd1731 14560 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
 1f15e8285dd0212f780ecd23c70ded841dabeda00a3548e23ed6aed9fe4af91e 2507 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 4369c7cefb09afc82f27840d95b09054c619cfe84b2525786fad441305493ffa 10536 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 f49b13976f6c659c65d7e03310864cbfff3c2ebbeeeb945c88680f5bf6f4e4f0 14560 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo
Files:
 d9d1daf9a3b899223b8e91dbe1fe5eda 2507 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.dsc
 1e94cbaffba18ce93b60bc3ad55ee960 10536 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1.debian.tar.xz
 a224929a138f7c752b080e7c9c4ae598 14560 java optional 
xerial-sqlite-jdbc_3.40.1.0+dfsg-1+deb12u1_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmSOCQ8ACgkQYAMWptwn
dHYFChAAtqLRAgc+JR6ClN7iRQ85Fxu9L2yeAibs3hq/oPFPObyfpyqyRhbj83Fy
rjjXQH96KvkKiJ5yn5nOmHdZZ9UPDoKv8S69ZMEwGb+3qbma+x0KRfrRtq6nLG0o
RKDG1Hlr0ZArqQhQIufN2HIL4M8oq7QjTT92aLHrjeGeLuL1GVE+MBvliEsCLvhZ
zMxyvwbdZIl97cw1dEv3R72OEoGeKle+CBlvHvpZQ822A5XFTzH3YOraLdcxJxJW
NOrd52t/6Pf7buVQ4NUiy2wWnYO8it/w5JS9u9xHaO26wXeUJAvykQPOgnGpKCG9
QNIzsDbcRnUpkFARtSclp7F6/T15+2YKqfJzFf40UlOhLfne/a0RjlcRRGjLD+ij
Nlroearr6IQsEq9bLG7Asyd/Rp8t91V+/B1kMQe7UD7eHXzfRuVdStlDLZwRwv5K
k5PIYPYmmrBWO7Qdi2wE6uwCODvJ/WekmXKfLpe8sDUl0bu27ZrJmXkISWMFjwax
dMEaaDlnUAaKBCXar+wIg9wKfNCJv4zeC10LK1IZlTqxHLKHxEtic6AKrfwCQOOw
fXRBxQyueQa5nQ3Zx8OJs8jCSTUSkcNwTQeEFddgsTFRjHiyU9PWUnKOzskgMVcg
2y1PFTUevrTziPdChfQXGqujR5l64NMMLsbQAWQ9KJ9gHOEqXG8=
=18Mp
-END PGP SIGNATURE End Message ---

Bug#1039015: About bug #1038014 and this one

[Antonio Miguel Ferreira Marques Trindade]

The patch included in bug #1038014 does not full resolve this issue.

I still got the following build error:

/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.c: 
In function ‘nv_drm_internal_framebuffer_create’:
/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.c:180:5: 
error: implicit declaration of function ‘drm_helper_mode_fill_fb_struct’ 
[-Werror=implicit-function-declaration]

  180 | drm_helper_mode_fill_fb_struct(
  | ^~
cc1: some warnings being treated as errors
make[3]: *** 
[/usr/src/linux-headers-6.3.0-1-common/scripts/Makefile.build:257: 
/var/lib/dkms/nvidia-legacy-390xx/390.157/build/nvidia-drm/nvidia-drm-fb.o] 
Error 1

make[3]: *** Waiting for unfinished jobs
[...]
make[2]: *** [/usr/src/linux-headers-6.3.0-1-common/Makefile:2050: 
/var/lib/dkms/nvidia-legacy-390xx/390.157/build] Error 2

make[2]: Leaving directory '/usr/src/linux-headers-6.3.0-1-amd64'
make[1]: *** [Makefile:238: __sub-make] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-6.3.0-1-common'
make: *** [Makefile:82: modules] Error 2

The included patch solves both #1038014 
 and the 
error above.

Bug#1036950: marked as done (schleuder: fails to upgrade from 'buster': insufficient dependency on ruby-activerecord (>= 2:6))

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 15:07:10 +
with message-id 
and subject line Bug#1036950: fixed in schleuder 4.0.3-8
has caused the Debian Bug report #1036950,
regarding schleuder: fails to upgrade from 'buster': insufficient dependency on 
ruby-activerecord (>= 2:6)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1036950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: schleuder
Version: 3.6.0-3+deb11u1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package fails to upgrade from
'buster'.
It installed fine in 'buster', then the upgrade to 'bullseye' fails.

Note that this failure only occurs during a 2-stage upgrade
(apt-get upgrade && apt-get distupgrade) in the apt-get upgrade step,
while a single-stage upgrade (only apt-get dist-upgrade) works fine.

>From the attached log (scroll to the bottom...):

  Setting up schleuder (3.6.0-3+deb11u1) ...
  Installing new version of config file /etc/schleuder/list-defaults.yml ...
  dpkg: error processing package schleuder (--configure):
   installed schleuder package post-installation script subprocess returned 
error exit status 1

I tried injecting 'set -x' into the postinst, but the output is not very
helpful:

Setting up schleuder (3.6.0-3+deb11u1) ...
+ set -e
+ id schleuder
+ chown schleuder /etc/schleuder
+ chown root:schleuder /etc/schleuder/schleuder.yml 
/etc/schleuder/list-defaults.yml
+ chmod 0640 /etc/schleuder/schleuder.yml /etc/schleuder/list-defaults.yml
+ chmod 0750 /var/lib/schleuder /var/log/schleuder
+ chown schleuder:schleuder /var/lib/schleuder /var/log/schleuder
+ [ -z 3.4.0-2+deb10u3 ]
+ dpkg --compare-versions 3.4.0-2+deb10u3 lt 3.0
+ SCHEMA=SCHEMA=/dev/null
+ runuser -u schleuder -- sh -c SCHEMA=/dev/null schleuder install >/dev/null
dpkg: error processing package schleuder (--configure):
 installed schleuder package post-installation script subprocess returned error 
exit status 1
Errors were encountered while processing:
 schleuder

Entering the chroot after the failure and runnign 
  runuser -u schleuder -- sh -c 'SCHEMA=/dev/null schleuder install'
does not give any output either.

My guess is that there is some insufficiently versioned dependency that
has not yet been upgraded during 'apt-get upgrade' is required for this
comand to succeed.


cheers,

Andreas


schleuder_3.6.0-3+deb11u1.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: schleuder
Source-Version: 4.0.3-8
Done: Georg Faerber 

We believe that the bug you reported is fixed in the latest version of
schleuder, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1036...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Georg Faerber  (supplier of updated schleuder package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 24 Jun 2023 13:57:43 +
Source: schleuder
Architecture: source
Version: 4.0.3-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Team 

Changed-By: Georg Faerber 
Closes: 1036950
Changes:
 schleuder (4.0.3-8) unstable; urgency=medium
 .
   * debian/control:
 - Add missing versioning on ruby-activerecord dependency. Thanks to
   Hendrik Jäger and Andreas Beckmann for reporting this issue.
   (Closes: #1036950)
   * debian/patches:
 - Add patch to relax mail version in gemspec.
 - Refresh two patches to handle fuzz introduced via the added patch.
   * debian/salsa-ci.yml:
 - Add an experimental piuparts multi distro upgrade test job. This should
   ease future maintenance, and help to ensure upgrades of schleuder across
   distros work as expected.
Checksums-Sha1:
 45674a1fe29922affefc9d93ad76e95ecb2e600f 1677 schleuder_4.0.3-8.dsc
 8e5b4dd945aa618f8e7e836a41ebe33a8f56dba6 291499 schleuder_4.0.3.orig.tar.gz
 df4017b8a2b63804ad3f579f4b557a4f16b6e987 24164 schleuder_4.0.3-8.debian.tar.xz
 669dd4b161831e97f6a8a11e497e5679a2c2e3f8 9881 schleuder_4.0.3-8_amd64.buildinfo
Checksums-Sha256:
 

Bug#1038645: marked as done (haskell-tldr FTBFS: dh_installman: error: Cannot find (any matches for) "tldr-hs.1")

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 14:35:38 +
with message-id 
and subject line Bug#1038645: fixed in haskell-tldr 0.9.2-4
has caused the Debian Bug report #1038645,
regarding haskell-tldr FTBFS: dh_installman: error: Cannot find (any matches 
for) "tldr-hs.1"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038645: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: haskell-tldr
Version: 0.9.2-3
Severity: serious
Tags: ftbfs

https://buildd.debian.org/status/logs.php?pkg=haskell-tldr=0.9.2-3

...
dh_installexamples -ptldr-hs 
dh_installman -ptldr-hs 
dh_installman: error: Cannot find (any matches for) "tldr-hs.1" (tried in .)

dh_installman: error: Aborting due to earlier error
make: *** [/usr/share/cdbs/1/rules/debhelper.mk:238: binary-install/tldr-hs] 
Error 25
--- End Message ---
--- Begin Message ---
Source: haskell-tldr
Source-Version: 0.9.2-4
Done: Ilias Tsitsimpis 

We believe that the bug you reported is fixed in the latest version of
haskell-tldr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ilias Tsitsimpis  (supplier of updated haskell-tldr 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sat, 24 Jun 2023 16:43:18 +0300
Source: haskell-tldr
Architecture: source
Version: 0.9.2-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Haskell Group 

Changed-By: Ilias Tsitsimpis 
Closes: 1038645
Changes:
 haskell-tldr (0.9.2-4) unstable; urgency=medium
 .
   * Fix ARCH_ANY build (Closes: #1038645)
Checksums-Sha1:
 7327d2d3abc9db279220bce4b51750c9ddb070ab 2990 haskell-tldr_0.9.2-4.dsc
 6a74c2b995a6a3caa88f8939ea2e4d2fc36c34d5 3668 
haskell-tldr_0.9.2-4.debian.tar.xz
 ce46e1f1e626f6aca7f8c6ba8b542d7c65573fbd 17373 
haskell-tldr_0.9.2-4_amd64.buildinfo
Checksums-Sha256:
 c6a90435b0d26e2c7d3add1a3cabf0789ed06f2d376e55e7d91582036fad5478 2990 
haskell-tldr_0.9.2-4.dsc
 d98da0eb6a3737bdac1a605b1010190cee0da5e54e2d54b3c27170b58f7da2f8 3668 
haskell-tldr_0.9.2-4.debian.tar.xz
 717ca480a0b96a4b67f3dff65b037cbc1bf236aa7e5c0237f271999398fcbed1 17373 
haskell-tldr_0.9.2-4_amd64.buildinfo
Files:
 89744cf179a823bb6062e2e172bc8245 2990 haskell optional haskell-tldr_0.9.2-4.dsc
 bb4dcd67ec8113d9d13045c2193c1e41 3668 haskell optional 
haskell-tldr_0.9.2-4.debian.tar.xz
 6292cf25667e43449b1c0b0a25677871 17373 haskell optional 
haskell-tldr_0.9.2-4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJIBAEBCgAyFiEEJ9c8pfW11+AaUTb116hngMxkQDwFAmSW9IUUHGlsaWFzdHNp
QGRlYmlhbi5vcmcACgkQ16hngMxkQDyFABAAnVkFumMQodMPm2R8tjAC50BrMuDg
feBbRfZgaqEpaMBiRp4uKUBARXTo7leuomxbCchLLI4Ft3Kwe2oW4a4/DyoHzUM8
flRzSSWFu+TtHUO0V/jL3VQygccyzS5v2V9I1SsseS8oQHu08s0hq1zJ97b4sgnM
ahSYoPTOUeUMNUX0sDGGxebIsdyo/2hXLRvussxskQ7hmV/ikt7Lrb5I3z11VdlH
JPUlfhZszms21o0QJhcgLvMIeWffqVYySc6zedvJ3OohAVE7U3OL2Az0Oy6yHwvO
zID+vzlfk7n9zQmY2sO51eS/K95zeX1xeFSKQe9278/pwfAJvL9Ytmv0m/Gu3Uq6
LaPMLC+gl9ar9zd+l9X+dEzAybnC/P6G/yy0DjVSAmMseuwThSVNOXFY1DPErVTP
xW+OP8fgirXw6Y+vGF/Ufm8VLiy1TBjNQbr/pZAXkSeiETjhZN+ImgEvO6n//MNv
2Bp637tmH6wUYVNTZZV7OIYtpGRpVCJ1WnTw6mHpbfiUf+QCUXl6uMtUPoCpiW1L
TtekMg6Jxp/hbO/cTKZA2+1pGjm5LHlH1l3tHe7TZ0h3cfRJzd2bL2u6GSkJUusu
RihrjnGcphH0+T63nEPQD42DbMBSooPKBDQ+Ts3dk/Jt4RF1w426G1m6UKDiiShw
kYGlV5iDPr0J1lU=
=VDrp
-END PGP SIGNATURE End Message ---

Bug#1038133: marked as done (libx11: CVE-2023-3138)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 14:32:09 +
with message-id 
and subject line Bug#1038133: fixed in libx11 2:1.8.4-2+deb12u1
has caused the Debian Bug report #1038133,
regarding libx11: CVE-2023-3138
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038133
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libx11
Version: 2:1.8.4-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for libx11.

CVE-2023-3138[0]:
| Buffer overflows in InitExt.c in libX11

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3138
https://www.cve.org/CVERecord?id=CVE-2023-3138
[1] 
https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
[2] https://www.openwall.com/lists/oss-security/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libx11
Source-Version: 2:1.8.4-2+deb12u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
libx11, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated libx11 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jun 2023 21:54:32 +0200
Source: libx11
Architecture: source
Version: 2:1.8.4-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian X Strike Force 
Changed-By: Salvatore Bonaccorso 
Closes: 1038133
Changes:
 libx11 (2:1.8.4-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * InitExt.c: Add bounds checks for extension request, event, & error codes
 (CVE-2023-3138) (Closes: #1038133)
Package-Type: udeb
Checksums-Sha1: 
 1b29f8777a0f0d1181c37aff0b788f177da15ffe 2670 libx11_1.8.4-2+deb12u1.dsc
 008e30d9d2d1458f4645755e99c56750cebeec1a 3168573 libx11_1.8.4.orig.tar.gz
 12a8c1b57916a6bc12c99ef9fcdd5e473431e64f 801 libx11_1.8.4.orig.tar.gz.asc
 58af89a9b8fb6d09fdbef380272a7c83ed1d48a9 112336 libx11_1.8.4-2+deb12u1.diff.gz
Checksums-Sha256: 
 52f4dbdadc4426c49052758b8019dda5ce2f8d90ef14ab63c7541009c4d21e45 2670 
libx11_1.8.4-2+deb12u1.dsc
 efd3a3a43c1f177edc2c205bedb0719b6648203595e54c0b83a32576aeaca7cd 3168573 
libx11_1.8.4.orig.tar.gz
 9d9a6bcdd81a40ed377b2981a4d40a0db1315d095e9ccc35a0ba78e692df8591 801 
libx11_1.8.4.orig.tar.gz.asc
 a76755e21b268222e8e5f02cc6032655c83d180c8df6a201b08e3ea71cc6a4c4 112336 
libx11_1.8.4-2+deb12u1.diff.gz
Files: 
 88a8fa591a9a0965bd7a14efe207ab1c 2670 x11 optional libx11_1.8.4-2+deb12u1.dsc
 b568618f2f9f5e3ff348f7ab985ea2d8 3168573 x11 optional libx11_1.8.4.orig.tar.gz
 ee8f1c527a875662b7ca070302054b40 801 x11 optional libx11_1.8.4.orig.tar.gz.asc
 71ed2ad77561b2a7dd1c8e5365bb7974 112336 x11 optional 
libx11_1.8.4-2+deb12u1.diff.gz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSLcJxfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7ZoP/29WGq+N/ouGYI/rMwvbPXqsrTWmOPsy
YgmVmj89py+Pkk1My1TQo9vjF0Rqs6g8ns2OLPGQJ4uAloFn7pcqhMlHOe3HbSlR
sSAZP8uRetNqNJMAPAnn14Ktd7g4/8SI0wM7CntzpzVSNM9C7dsHESL0fc0Jy+Ef
gxz5kcAKieTp2p7OsLLbKZ2V7218GdQnB91psoHx3/lw5JGEMp9sEdBRZ4o1xjvh
jDiUErEd7DWjvXVe4uOzjDqOQ3kTPgl3Cd80OnxYh1VaaD6yLrjVVwF3uy44QprJ
5uKvJk2wxp1A8c8VZz5Jo8+7es7yCPuysqsCJW7NHJCLzaxq6eLm1yw0RF6mIQ+s
ySG8Sjm+arAR0TMBjy5Onh5UqEMlVwdkh8Q0PsLjA6XNyZvTXbSOhQvLdwWwNDp1
seUMEnep8Sth782gvwMIQd/Z5qoQxeSm7AX067ISbvf/Zqx4hmUVvHybYKoy+d78
jZYXbcjtBqtyWZdvD19Rtmw3ryVzN9z4QIp8dXyBpjQUXTLSNcZZT+a5catY4L6z
rHO/DDvEni1ai4Xm2qh1vBRcEtzNWXEtKKNTgV4f/yISFtPrYMzOtJCtTUjEt7CK
o1zyv0E2FZAH8lH0CZk7YrqgOw/KmE+zUlpk7dlPC2CuXNBASk4A7TPVAhtpputp
XUuhe5mAk0XY
=DtCd
-END PGP 

Bug#1037052: marked as done (minidlna: CVE-2023-33476)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 14:32:16 +
with message-id 
and subject line Bug#1037052: fixed in minidlna 1.3.0+dfsg-2.2+deb12u1
has caused the Debian Bug report #1037052,
regarding minidlna: CVE-2023-33476
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1037052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037052
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: minidlna
Version: 1.3.2+dfsg-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for minidlna.

CVE-2023-33476[0]:
| ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
| to Buffer Overflow. The vulnerability is caused by incorrect
| validation logic when handling HTTP requests using chunked transport
| encoding. This results in other code later using attacker-controlled
| chunk values that exceed the length of the allocated buffer, resulting
| in out-of-bounds read/write.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-33476
https://www.cve.org/CVERecord?id=CVE-2023-33476
[1] https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html
[2] 
https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: minidlna
Source-Version: 1.3.0+dfsg-2.2+deb12u1
Done: Salvatore Bonaccorso 

We believe that the bug you reported is fixed in the latest version of
minidlna, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1037...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso  (supplier of updated minidlna package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 19 Jun 2023 21:34:02 +0200
Source: minidlna
Architecture: source
Version: 1.3.0+dfsg-2.2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Alexander GQ Gerasiov 
Changed-By: Salvatore Bonaccorso 
Closes: 1037052
Changes:
 minidlna (1.3.0+dfsg-2.2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * upnphttp: Fix chunk length parsing (CVE-2023-33476) (Closes: #1037052)
Checksums-Sha1: 
 4464ffe7fe55f745e05aa9a1233a4ff4d50c  
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 7bb3e75cd7c64d7136b95dc138f71b6d55fb29ae 165464 minidlna_1.3.0+dfsg.orig.tar.xz
 243544fe7d3ba9905ba13d99c5489eb38d8368ba 25044 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz
Checksums-Sha256: 
 6e98bd8af8483a481ba29c661dd9320415e98b1e8b08b1066dafc5a5bbcb498b  
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 0b536ff6c689973781f23fb9f9decb7f5ab902b39d57e1991789574de8d5ea5c 165464 
minidlna_1.3.0+dfsg.orig.tar.xz
 cdc849436dc6cac0dd368b808c34f81584e75835540905aaaf7534b4583cce45 25044 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz
Files: 
 68b7747431cdb9b9e0a8ca8a6f9daa2a  net optional 
minidlna_1.3.0+dfsg-2.2+deb12u1.dsc
 d35382198df6ad1020d27fa6971b4795 165464 net optional 
minidlna_1.3.0+dfsg.orig.tar.xz
 32288decd7e5beff6f4b917f3a01df69 25044 net optional 
minidlna_1.3.0+dfsg-2.2+deb12u1.debian.tar.xz

-BEGIN PGP SIGNATURE-

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSQri1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EIJgP/2qthbFwJfK/CoFw5mh3OEKcy/ObUXyk
47Wy8aTR+2rPCn/uYGYZGI7XluZXoP8w61Myyt0TE25nZgcPeWvM+QKUnAgdm61E
JGWi9HQpVN0QDBUUg8sKP2BYfios8P6Yafk24h3CWuBj61055mQh/FS2khXBqkah
2doHDkxcQ/iTqhBnnwpbtaf4ot1U04krt9lvrfD/a4icNgmcLEVY0wyIldyGAwx1
A7KZtXODMHIu0bEAFeXhtaYSLORyVGy8ixrxtXUmSQxOSdakrWKsIe6c7gncfwum
BODgQSmeAzlQNVHG+HpXibDxpVLERSPEoHlwbbKeAtBDZdVlZmEYd9FwhZqAThSk
m9xI8kMsVRy6sXqIgzdq/XS5jRycCmzIC/KiyNVo/u6flZBOqHJcNDYpQLH5BF8T
MzMG1xYC+hMz0BW0DGfZKL7xaSyAP0uRjn5E9Z6wCz9l30hvA5nkOHeG6H54/FXF

Bug#1020246: Not an active maintainer, but

[Iustin Pop]

On 2023-06-24 16:58:15, Ilias Tsitsimpis wrote:
> Control: forwarded -1 https://github.com/ndmitchell/hoogle/issues/359
> 
> Hi Iustin,
> 
> On Sun, Apr 23, 2023 at 11:25PM, Iustin Pop wrote:
> > AFAIK, both armel and armfh are low-powered/"slow" arches, but i386 is
> > surprising. Maybe due to memory limits?
> > 
> > I wonder if tests shouldn't simply be restricted to amd64, arm64, ppc64el 
> > and
> > s390x? This should give it enough of architecture heterogeneity to catch
> > any problems that simply do not appear on amd64 (mainstream arch) (yes,
> > I've been bitten by this in one package of mine).
> > 
> > This would be a cheap fix (one entry in the control file). Thoughts?
> > (Anyone?) It seems this bug is the only one that prevents it from
> > entering testing (and it's a leaf package).
> 
> Unfortunately it's not just the tests that fail, hoogle is currently
> completely broken on all 32-bit architectures. We need to either fix it,
> or remove hoogle from these architectures.

Ooh, interesting.

I agree with Neil's last comment in the upstream bug - Hoogle was even
years ago when I last built it a memory/CPU hog, so I think restricting
to 64 bit is better than not having it. My 2c.

iustin

Processed: Re: Bug#1020246: Not an active maintainer, but

[Debian Bug Tracking System]

Processing control commands:

> forwarded -1 https://github.com/ndmitchell/hoogle/issues/359
Bug #1020246 [src:haskell-hoogle] apt install hoogle takes forever on armel, 
armhf and i386
Set Bug forwarded-to-address to 
'https://github.com/ndmitchell/hoogle/issues/359'.

-- 
1020246: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020246
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1020246: Not an active maintainer, but

[Ilias Tsitsimpis]

Control: forwarded -1 https://github.com/ndmitchell/hoogle/issues/359

Hi Iustin,

On Sun, Apr 23, 2023 at 11:25PM, Iustin Pop wrote:
> AFAIK, both armel and armfh are low-powered/"slow" arches, but i386 is
> surprising. Maybe due to memory limits?
> 
> I wonder if tests shouldn't simply be restricted to amd64, arm64, ppc64el and
> s390x? This should give it enough of architecture heterogeneity to catch
> any problems that simply do not appear on amd64 (mainstream arch) (yes,
> I've been bitten by this in one package of mine).
> 
> This would be a cheap fix (one entry in the control file). Thoughts?
> (Anyone?) It seems this bug is the only one that prevents it from
> entering testing (and it's a leaf package).

Unfortunately it's not just the tests that fail, hoogle is currently
completely broken on all 32-bit architectures. We need to either fix it,
or remove hoogle from these architectures.

Best,

-- 
Ilias

Bug#1037494: marked as pending in redmine

[Jakob Haufe]

Control: tag -1 pending

Hello,

Bug #1037494 in redmine reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/redmine/-/commit/db3cc98104c8136b82a093d8178b5101be71e505


Bump nokogiri (Closes: #1037494)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1037494

Processed: Bug#1037494 marked as pending in redmine

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1037494 [src:redmine] FTBFS, fails to install on sid due to updated 
nokogiri
Ignoring request to alter tags of bug #1037494 to the same tags previously set

-- 
1037494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037494
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Georg Faerber]

Hi,

On 23-06-24 14:58:21, Andreas Beckmann wrote:
> Shouldn't these conflicts rather be in ruby-activerecord?

Yes, I agree, that's the correct place.

> As I understand the history, arel has been merged into activerecord (5 years
> ago, probably version 6.0.x) and the "old" arel 9 is no longer compatible
> with current activerecord 6.1.x. This is probably unrelated to schleuder
> (which only exposes the bug).

That's my understanding as well.

> Interestingly this didn't happen on buster->bullseye upgrades, but perhaps
> arel 9 was still compatible with activerecord 6.0.x.

Yeah, I wondered about this also, but I'm unsure why is that, so far.

> Should ruby-arel be RM:ed?
> Note: one reverse build dependency
> # Broken Build-Depends:
> ruby-premailer-rails: ruby-arel

Yes -- I sent a mail about this to the Ruby team, see [1] for details.

> I'll give it a try... yes, the conflict against ruby-arel fixes the
> upgrade path.

Great, thanks.

So, given the above, I believe this bug should be reassigned to
ruby-activerecord, and schleuder should be marked as affected? Also, I
guess, as this issue is not specific to schleuder, probably more
packages which rely on ruby-activerecord are affected.

I'll prepare a ruby-activerecord proposed-update targeting bookworm.

Cheers,
Georg


[1] https://lists.debian.org/debian-ruby/2023/06/msg4.html

Bug#1037494: marked as pending in redmine

[Jakob Haufe]

Control: tag -1 pending

Hello,

Bug #1037494 in redmine reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/ruby-team/redmine/-/commit/db3cc98104c8136b82a093d8178b5101be71e505


Bump nokogiri (Closes: #1037494)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1037494

Processed: Bug#1037494 marked as pending in redmine

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1037494 [src:redmine] FTBFS, fails to install on sid due to updated 
nokogiri
Ignoring request to alter tags of bug #1037494 to the same tags previously set

-- 
1037494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037494
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1038935: schleuder: fails to upgrade buster -> bullseye -> bookworm: NoMethodError: undefined method `preparable='

[Andreas Beckmann]

On 24/06/2023 02.22, Georg Faerber wrote:

I believe that's caused by ruby-arel, the attached patches fix the issue
in my tests.


Shouldn't these conflicts rather be in ruby-activerecord?
As I understand the history, arel has been merged into activerecord (5 
years ago, probably version 6.0.x) and the "old" arel 9 is no longer 
compatible with current activerecord 6.1.x. This is probably unrelated 
to schleuder (which only exposes the bug).
Interestingly this didn't happen on buster->bullseye upgrades, but 
perhaps arel 9 was still compatible with activerecord 6.0.x.


Should ruby-arel be RM:ed?
Note: one reverse build dependency
# Broken Build-Depends:
ruby-premailer-rails: ruby-arel


Andreas, are you able to test these in your environment?


I'll give it a try... yes, the conflict against ruby-arel fixes the 
upgrade path.


Andreas,
who has no clue at all about ruby

Bug#1033852: racket-mode: autopkgtest regression: Process *Racket REPL* connection broken by remote peer

[David Bremner]

Paul Gevers  writes:

> Source: racket-mode
> Version: 20210916git0-2
> Severity: serious
> Control: tags -1 bookworm-ignore
> User: debian...@lists.debian.org
> Usertags: regression

This bug should be fixed in testing as soon as the just-uploaded
20230425git0-2 migrates to testing (a few days?). I'm not sure if that
will beat the autoremoval, but perhaps this nudge to the bug will
prevent some disruption for testing users.

Bug#1033852: marked as done (racket-mode: autopkgtest regression: Process *Racket REPL* connection broken by remote peer)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2023 09:05:09 +
with message-id 
and subject line Bug#1033852: fixed in racket-mode 20230425git0-2
has caused the Debian Bug report #1033852,
regarding racket-mode: autopkgtest regression: Process *Racket REPL* connection 
broken by remote peer
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1033852: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033852
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Source: racket-mode
Version: 20210916git0-2
Severity: serious
Control: tags -1 bookworm-ignore
User: debian...@lists.debian.org
Usertags: regression

Dear maintainer(s),

Your package has an autopkgtest, great. However, it fails since December 
2022 in testing. Can you please investigate the situation and fix it? I 
copied some of the output at the bottom of this report.


The release team has announced [1] that failing autopkgtest on amd64 and 
arm64 are considered RC in testing. [Release Team member hat on] Because 
we're currently in the hard freeze for bookworm, I have marked this bug 
as bookworm-ignore. Targeted fixes are still welcome.


More information about this bug and the reason for filing it can be 
found on 
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation


Paul

[1] https://lists.debian.org/debian-devel-announce/2019/07/msg2.html

https://ci.debian.net/data/autopkgtest/testing/amd64/r/racket-mode/32133920/log.gz

racket-tests/repl

Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Indenting region...
Indenting region...done
Test racket-tests/repl backtrace:
  signal(ert-test-failed (((should (racket-tests/see-back expected)) :
  ert-fail(((should (racket-tests/see-back expected)) :form (racket-te
  (if (unwind-protect (setq value-37 (apply fn-35 args-36)) (setq form
  (let (form-description-39) (if (unwind-protect (setq value-37 (apply
  (let ((value-37 'ert-form-evaluation-aborted-38)) (let (form-descrip
  (let* ((fn-35 #'racket-tests/see-back) (args-36 (condition-case err
  (closure ((expected . "(cond [(values 1) #t] [else #f])\n#t\n> ") (t
  mapc((closure ((expected . "(cond [(values 1) #t] [else #f])\n#t\n>
  (let ((typing "[cond [[values 1] #t] [else #f]]") (expected "(cond [
  (closure (t) nil (let* ((fn-0 #'racket-tests/see-back-rx) (args-1 (c
  racket--call-with-repl-buffer((closure (t) nil (let* ((fn-0 #'racket
  (closure (t) nil (racket-repl) (racket-tests/call-until-true #'(lamb
  funcall((closure (t) nil (racket-repl) (racket-tests/call-until-true
  (unwind-protect (funcall thunk) (racket-stop-back-end))
  (let ((racket-command-timeout racket-tests/timeout)) (unwind-protect
  racket-tests/call-with-back-end-settings((closure (t) nil (racket-re
  (let ((lexical-binding t)) (message "racket-tests/repl") (racket-tes
  (closure (t) nil (let ((lexical-binding t)) (message "racket-tests/r
  ert--run-test-internal(#s(ert--test-execution-info :test #s(ert-test
  ert-run-test(#s(ert-test :name racket-tests/repl :documentation "Sta
  ert-run-or-rerun-test(#s(ert--stats :selector t :tests ... :test-map
  ert-run-tests(t #f(compiled-function (event-type  event-args) #
  ert-run-tests-batch(nil)
  ert-run-tests-batch-and-exit()
  command-line-1(("-l" "package" "--eval" "(add-to-list 'package-direc
  command-line()
  normal-top-level()
Test racket-tests/repl condition:
(ert-test-failed
 ((should
   (racket-tests/see-back expected))
  :form
  (racket-tests/see-back "(cond [(values 1) #t] [else #f])\n#t\n> ")
  :value nil :explanation
  (actual . "; \n; Welcome to Racket v8.7 [cs].\n; \n> 
current-output-port\n#\n> (if 1\n 
2\n  3)\n2\n> (cond [(values 1) #t] [else #f])\n#t\n> (cond [(values 
1) #t] [else #f])\n#t\n> (cond [(values 1) #t] [else #f])\n")))

   FAILED  10/12  racket-tests/repl (15.518214 sec)
racket-tests/run
run: current-repl-msg-chan was #f; current-session-id=#f

Test racket-tests/run backtrace:
  signal(ert-test-failed (((should (racket-tests/see-back (concat "\n"
  ert-fail(((should (racket-tests/see-back (concat "\n" name "> "))) :
  (if (unwind-protect (setq value-72 (apply fn-70 args-71)) (setq form
  (let (form-description-74) (if (unwind-protect (setq value-72 (apply
  (let ((value-72 'ert-form-evaluation-aborted-73)) (let (form-descrip
  (let* ((fn-70 #'racket-tests/see-back) (args-71 (condition-case err
  (closure ((code . "#lang racket/base\n(define foobar 42)\nfoobar\n")
  racket--call-with-repl-buffer((closure ((code . 

Bug#1038747: software-properties-gtk: may overwrite debian-security with non-working entry

[Kovacs Lajos]

Hi!

Same issue in Hungary. I use software-properties-gtk with Xfce. After I
change mirror, it can't refresh (screenshot included), because the security
entry doesn't work:

root@home:~# grep ^[^#] /etc/apt/sources.list
deb http://ftp.hu.debian.org/debian/ bookworm main non-free-firmware
contrib non-free
deb http://ftp.hu.debian.org/debian/ bookworm-security main
non-free-firmware contrib non-free
deb http://ftp.hu.debian.org/debian/ bookworm-updates main
non-free-firmware contrib non-free
root@home:~# apt update
Találat:1 http://ftp.hu.debian.org/debian bookworm InRelease
Mellőz:2 http://ftp.hu.debian.org/debian bookworm-security InRelease
Találat:3 http://ftp.hu.debian.org/debian bookworm-updates InRelease
Hiba:4 http://ftp.hu.debian.org/debian bookworm-security Release
  404  Not Found [IP: 195.228.252.133 80]
Csomaglisták olvasása... Kész
E: A(z) „http://ftp.hu.debian.org/debian bookworm-security Release”
tárolónak nincs Release fájlja.
N: Az ilyen tárolóból való frissítés nem végezhető el biztonságosan, így
alapesetben ki van kapcsolva.
N: Lásd az apt-secure(8) kézikönyvoldalt a tárolólétrehozással és
felhasználói beállításokkal kapcsolatos részletekért.
root@home:~#

Yours,
kovaax