Processed: unblock: doc-debian/11.3
Processing commands for cont...@bugs.debian.org: > reopen 1035710 Bug #1035710 {Done: Joost van Baal-Ilić } [release.debian.org] unblock: doc-debian/11.1 Bug reopened Ignoring request to alter fixed versions of bug #1035710 to the same values previously set > retitle 1035710 unblock: doc-debian/11.3 Bug #1035710 [release.debian.org] unblock: doc-debian/11.1 Changed Bug title to 'unblock: doc-debian/11.3' from 'unblock: doc-debian/11.1'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1035710: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035710 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1034824: tomcat9 should not be released with Bookworm
Le 2023-05-13 22:38, Markus Koschany a écrit : The question is: If we ship libtomcat9-java in Bookworm and change the dependency from tomcat9-user to tomcat10-user, will a web application like dogtag-pki, which is designed for Tomcat 9, continue to work with Tomcat 10? I'm pretty sure it won't work. dogtag-pki depends on tomcatjss which is tightly coupled with Tomcat's internal code. Unfortunately tomcatjss upstream is lagging with the Tomcat 10 adoption [1], and we can't hold back Tomcat 10 in Debian indefinitely just for that (for the reminder, Tomcat 10 is a very important release implementing the new Jakarta EE specification, not having it in Bookworm would be a real disservice to our users). The thing I don't understand is why a CA webapp needs a custom Tomcat connector (tomcatjss), maybe it could be patched to work without it? Emmanuel Bourg [1] https://github.com/dogtagpki/tomcatjss/issues/68
Bug#1036037: unblock: emacs/1:28.2+1-15
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: em...@packages.debian.org Control: affects -1 + src:emacs Please unblock package emacs The only changes are two bug fixes, one for a file conflict with bullseye emacs-bin-common and one for a conflict with older elpa-cider: https://bugs.debian.org/1034941 https://bugs.debian.org/1035781 diff -Nru emacs-28.2+1/debian/changelog emacs-28.2+1/debian/changelog --- emacs-28.2+1/debian/changelog 2023-04-01 22:38:56.0 -0500 +++ emacs-28.2+1/debian/changelog 2023-05-13 15:17:27.0 -0500 @@ -1,3 +1,16 @@ +emacs (1:28.2+1-15) unstable; urgency=medium + + * emacs-common: add breaks/replaces emacs-bin-common (<< 1:28) since the +emacs.service file moved from emacs-bin-common to emacs-common. +Thanks to Helmut Grohne for reporting the problem and Andreas Beckmann +for providing and testing the fix. (Closes: 1034941) + + * emacs-common: add breaks elpa-cider (<< 0.19.0+dfsg-4~). Thanks to +Andreas Beckmann for reporting the problem and providing and testing +the fix. (Closes: 1035781) + + -- Rob Browning Sat, 13 May 2023 15:17:27 -0500 + emacs (1:28.2+1-14) unstable; urgency=medium * Fix gnus nnml crash on some invalid headers. Add diff -Nru emacs-28.2+1/debian/control emacs-28.2+1/debian/control --- emacs-28.2+1/debian/control 2023-03-31 13:22:31.0 -0500 +++ emacs-28.2+1/debian/control 2023-05-13 14:31:35.0 -0500 @@ -142,7 +142,9 @@ apel (<< 10.8+0.20120427-4), edb (<< 1.32), egg (<< 4.2.0-2), + elpa-cider (<< 0.19.0+dfsg-4~), emacs (<< 1:25), + emacs-bin-common (<< 1:28), emacs-gtk (<< 1:25), emacs-lucid (<< 1:25), emacs-nox (<< 1:25), @@ -159,7 +161,9 @@ emacs24-nox, emacs25, emacs25-lucid, - emacs25-nox, + emacs25-nox +Replaces: + emacs-bin-common (<< 1:28) Description: GNU Emacs editor's shared, architecture independent infrastructure GNU Emacs is the extensible self-documenting text editor. This package contains the architecture independent infrastructure Thanks -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
Processed: unblock: emacs/1:28.2+1-15
Processing control commands: > affects -1 + src:emacs Bug #1036037 [release.debian.org] unblock: emacs/1:28.2+1-15 Added indication that 1036037 affects src:emacs -- 1036037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1034824: tomcat9 should not be released with Bookworm
Hi Salvatore, adding Timo Aaltonen, maintainer of dogtag-pki and tomcatjss, to CC Am Samstag, dem 13.05.2023 um 20:50 +0200 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote: > > I have just pushed the necessary changes to our Git repository. > > > > https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993 > > Do we need to have done more here? When Paul asked on #debian-release > I noted that pki-server depends on tomcat9-user, so reducing > libtomcat9-java only would now cause a broken dpeends for pki-server: > > $ dak rm --suite=bookworm -n -R -b tomcat9-user > Will remove the following packages from bookworm: > > tomcat9-user | 9.0.70-1 | all We could simply replace tomcat9-user with tomcat10-user because it only ships a script to create a standalone tomcat instance. We have to do s/tomcat9/tomcat10/ in some debian service files as well. The question is: If we ship libtomcat9-java in Bookworm and change the dependency from tomcat9-user to tomcat10-user, will a web application like dogtag-pki, which is designed for Tomcat 9, continue to work with Tomcat 10? I don't know yet and maybe Timo can chime in here. Regards, Markus signature.asc Description: This is a digitally signed message part
Re: Bug#1034824: tomcat9 should not be released with Bookworm
Hi Markus, On Sat, May 13, 2023 at 06:27:49PM +0200, Markus Koschany wrote: > I have just pushed the necessary changes to our Git repository. > > https://salsa.debian.org/java-team/tomcat9/-/commit/adbd0b0711de66b67278b10e258c47c805e9b993 Do we need to have done more here? When Paul asked on #debian-release I noted that pki-server depends on tomcat9-user, so reducing libtomcat9-java only would now cause a broken dpeends for pki-server: $ dak rm --suite=bookworm -n -R -b tomcat9-user Will remove the following packages from bookworm: tomcat9-user | 9.0.70-1 | all Maintainer: Debian Java Maintainers --- Reason --- -- Checking reverse dependencies... # Broken Depends: dogtag-pki: pki-server Dependency problem found. Does that means that though given the dependency on tomcat9-user only for pki-server that the package could switch to tomcat10-user instead? Would that already solve the problem? Regards, Salvatore
Processed: unblock: python-mitogen/0.3.3-9
Processing control commands: > affects -1 + src:python-mitogen Bug #1036031 [release.debian.org] unblock: python-mitogen/0.3.3-9 Added indication that 1036031 affects src:python-mitogen -- 1036031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036031 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036031: unblock: python-mitogen/0.3.3-9
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: python-mito...@packages.debian.org Control: affects -1 + src:python-mitogen Please unblock package python-mitogen [ Reason ] This resolves bug 1036018. Apparently ansible has grown the number of open file handles over time, causing select() to become unusable. Use poll() instead of select. python-mitogen development is somewhat sporadic at the moment. We patched it to support Ansible 6, even though upstream hadn't declared support, yet. That probably contributed to this bug appearing. Upstream hasn't picked up this patch, yet. But it's been sitting on GitHub since early Feb, and resolves the issue. [ Impact ] Some users will hit "filedescriptor out of range in select()" errors when using ansible with miteogen. [ Tests ] I've manually tested ansible with mitogen, and it seems to work. The automated test suite passes. Some of the GitHub actions tests for this PR failed. But the affected platforms don't seem relevant to us. [ Risks ] Patch is relatively straightforward. Replacing one drop-in class in place of another. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-mitogen/0.3.3-9 diff -Nru python-mitogen-0.3.3/debian/changelog python-mitogen-0.3.3/debian/changelog --- python-mitogen-0.3.3/debian/changelog 2022-12-13 22:43:51.0 -0400 +++ python-mitogen-0.3.3/debian/changelog 2023-05-13 09:45:14.0 -0400 @@ -1,3 +1,10 @@ +python-mitogen (0.3.3-9) unstable; urgency=medium + + * Patch: Use poll() in the broker to handle more file descriptors. +(Closes: #1036018) + + -- Stefano Rivera Sat, 13 May 2023 09:45:14 -0400 + python-mitogen (0.3.3-8) unstable; urgency=medium * Team upload. diff -Nru python-mitogen-0.3.3/debian/patches/poll-poller python-mitogen-0.3.3/debian/patches/poll-poller --- python-mitogen-0.3.3/debian/patches/poll-poller 1969-12-31 20:00:00.0 -0400 +++ python-mitogen-0.3.3/debian/patches/poll-poller 2023-05-13 09:45:14.0 -0400 @@ -0,0 +1,28 @@ +From: Luca Berruti +Date: Wed, 8 Feb 2023 14:05:25 +0100 +Subject: Fix: filedescriptor out of range in select() + +Bug-Debian: https://bugs.debian.org/1036018 +Bug-Upstream: https://github.com/mitogen-hq/mitogen/issues/957 +Origin: https://github.com/mitogen-hq/mitogen/pull/984 +--- + ansible_mitogen/process.py | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/ansible_mitogen/process.py b/ansible_mitogen/process.py +index 63caa88..8c19c37 100644 +--- a/ansible_mitogen/process.py b/ansible_mitogen/process.py +@@ -285,8 +285,10 @@ class Broker(mitogen.master.Broker): + the exuberant syscall expense of EpollPoller, so override it and restore + the poll() poller. + """ +-poller_class = mitogen.core.Poller +- ++if mitogen.parent.PollPoller.SUPPORTED: ++poller_class = mitogen.parent.PollPoller ++else: ++poller_class = mitogen.core.Poller + + class Binding(object): + """ diff -Nru python-mitogen-0.3.3/debian/patches/series python-mitogen-0.3.3/debian/patches/series --- python-mitogen-0.3.3/debian/patches/series 2022-12-13 20:24:51.0 -0400 +++ python-mitogen-0.3.3/debian/patches/series 2023-05-13 09:45:14.0 -0400 @@ -6,3 +6,4 @@ skip-python2.7-test ansible-6 hack-remove-cleanup +poll-poller
Bug#1036029: unblock: glewlwyd/2.7.5-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: debian-iot-maintain...@lists.alioth.debian.org Please unblock package glewlwyd 2.7.5-3 [ Reason ] This new version in unstable fixes #1035503 : glewlwyd-common: prompting due to modified conffiles which were not modified by the user: /etc/glewlwyd/config.json It also updates the default glewlwyd.conf file provided in the package which prevents a startup error due to missing empty directory /usr/lib/glewlwyd/user-middleware [ Impact ] The package glewlwyd will not be available in Debian Bookwork due to #1035503 [ Risks ] The change doesn't affect the program nor the build, only the upgrade procedure [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock glewlwyd/2.7.5-3 diff -Nru glewlwyd-2.7.5/debian/changelog glewlwyd-2.7.5/debian/changelog --- glewlwyd-2.7.5/debian/changelog 2023-01-17 07:24:23.0 -0500 +++ glewlwyd-2.7.5/debian/changelog 2023-05-04 07:21:27.0 -0400 @@ -1,3 +1,10 @@ +glewlwyd (2.7.5-3) unstable; urgency=medium + + * Install config.json as config-2.7.json (Closes: #1035503) + * d/glewlwyd-debian.conf.properties: disable user_middleware_module_path + + -- Nicolas Mora Thu, 04 May 2023 07:21:27 -0400 + glewlwyd (2.7.5-2) unstable; urgency=medium * d/control: add adduser as glewlwyd package dependency, fix piuparts issue diff -Nru glewlwyd-2.7.5/debian/glewlwyd-common.install glewlwyd-2.7.5/debian/glewlwyd-common.install --- glewlwyd-2.7.5/debian/glewlwyd-common.install 2023-01-17 07:24:23.0 -0500 +++ glewlwyd-2.7.5/debian/glewlwyd-common.install 2023-05-04 07:21:27.0 -0400 @@ -7,5 +7,5 @@ webapp-src/favicon.ico usr/share/glewlwyd/webapp/ debian/config.json usr/share/glewlwyd/templates/ -debian/config.json etc/glewlwyd/ +debian/config.json etc/glewlwyd/config-2.7.json debian/glewlwyd-apache.conf etc/glewlwyd/ diff -Nru glewlwyd-2.7.5/debian/glewlwyd-common.links glewlwyd-2.7.5/debian/glewlwyd-common.links --- glewlwyd-2.7.5/debian/glewlwyd-common.links 2023-01-17 07:24:23.0 -0500 +++ glewlwyd-2.7.5/debian/glewlwyd-common.links 2023-05-04 07:21:27.0 -0400 @@ -15,4 +15,4 @@ usr/share/fonts/woff/fork-awesome/forkawesome-webfont.woff usr/share/glewlwyd/webapp/fonts/forkawesome-webfont.woff usr/share/fonts/woff/fork-awesome/forkawesome-webfont.woff2 usr/share/glewlwyd/webapp/fonts/forkawesome-webfont.woff2 -etc/glewlwyd/config.json usr/share/glewlwyd/webapp/config.json +etc/glewlwyd/config-2.7.json usr/share/glewlwyd/webapp/config.json diff -Nru glewlwyd-2.7.5/debian/glewlwyd-debian.conf.properties glewlwyd-2.7.5/debian/glewlwyd-debian.conf.properties --- glewlwyd-2.7.5/debian/glewlwyd-debian.conf.properties 2023-01-17 07:24:23.0 -0500 +++ glewlwyd-2.7.5/debian/glewlwyd-debian.conf.properties 2023-05-04 07:21:27.0 -0400 @@ -94,7 +94,7 @@ user_module_path="/usr/lib/glewlwyd/user" # user_middleware_module path -user_middleware_module_path="/usr/lib/glewlwyd/user_middleware" +#user_middleware_module_path="/usr/lib/glewlwyd/user_middleware" # client_module path client_module_path="/usr/lib/glewlwyd/client" diff -Nru glewlwyd-2.7.5/debian/NEWS glewlwyd-2.7.5/debian/NEWS --- glewlwyd-2.7.5/debian/NEWS 2023-01-17 07:24:23.0 -0500 +++ glewlwyd-2.7.5/debian/NEWS 2023-05-04 07:21:27.0 -0400 @@ -9,13 +9,19 @@ -- Nicolas Mora Mon, 15 Mar 2021 18:18:01 -0400 -glewlwyd (2.7.5-2) unstable; urgency=medium +glewlwyd (2.7.5-3) unstable; urgency=medium Upgrading Glewlwyd package from Debian Bullseye requires to update the database. It's also recommended to disable the config property 'static_files_path', and serve the static files application located in /usr/share/glewlwyd/webapp/ using a static file web server (Apache, NGINX). + The webapp config.json has been updated, the new config.json file is now + located in /etc/glewlwyd/config-2.7.json and linked to + /usr/share/glewlwyd/webapp/config.json. + If you have made changes to your original config.json, you can backport them + to the new config-2.7.json file or keep your current config.json file if you + don't need the new properties. See /usr/share/doc/glewlwyd/INSTALL.md for more details.
Processed: unblock: kitty/0.26.5-5
Processing control commands: > affects -1 + src:kitty Bug #1036027 [release.debian.org] unblock: kitty/0.26.5-5 Added indication that 1036027 affects src:kitty -- 1036027: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036027 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036027: unblock: kitty/0.26.5-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ki...@packages.debian.org Control: affects -1 + src:kitty Please unblock package kitty [ Reason ] Kitty registers itself as a handler for various MIME types (via kitty-open.desktop), but some of those (e.g., application/x-sh) are unexpectedly executed instead of viewed. This upload removes the installation of the desktop file, instead providing it as an example. README.Debian is updated to explain how to enable the functionality as well as warning about the implications. [ Impact ] Untrusted files may be executed rather than viewed (e.g., trying to view a shell script attached to an email). [ Tests ] n/a [ Risks ] Trivial change in a leaf package. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock kitty/0.26.5-5
Bug#1036026: unblock: libssh/0.10.5-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: lib...@packages.debian.org Control: affects -1 + src:libssh Hello, a few days ago, a new libssh upstream microrelease [1] was published which fixes two CVEs. I packaged it for unstable four days ago, it built everywhere, and thus passed the (rather extensive) upstream tests, as well as the autopkgtest integration tests everywhere [2]. I know one big consumer of libssh well -- cockpit -- which also has successful tests against 0.10.5. The packaging git already had a few rather harmless updates from the Debian janitor [3] which I included into the unstable upload. I attached the debian/* parts of the debdiff between current testing and unstable. If you want to inspect the full upstream diff as well, I suggest the upstream git view for the stable 0.10 branch [4], or the full debdiff view on salsa[5]. Salvatore Bonaccorso from the security team pointed out that libssh won't auto-migrate any more at this point in time, so I'd like to coordinate these two CVEs with you for fixing testing. If you consider 0.10.5 too risky at this point, I can also prepare a backport similar to the update that I prepared for stable-security, but it's more work, and backporting non-trivial patches is also not risk-free. This gets coordinated in [6]. Thanksk, Martin unblock libssh/0.10.5-1 [1] https://www.libssh.org/2023/05/04/libssh-0-10-5-and-libssh-0-9-7-security-releases/ [2] https://tracker.debian.org/pkg/libssh [3] https://salsa.debian.org/debian/libssh/-/commit/45b9437b4c4711584dba7debe6600aa2a2d7f6c4 https://salsa.debian.org/debian/libssh/-/commit/5feb4c4e0405e6af69d6d448ab934f7876d2ea90 https://salsa.debian.org/debian/libssh/-/commit/8e55b07477c194630bd60c049ca28c57da2881fd [4] https://git.libssh.org/projects/libssh.git/log/?h=stable-0.10 [5] https://salsa.debian.org/debian/libssh/-/compare/4066480562aa1d2682bd5c831c1acd2a2777...debian?from_project_id=20695=false [6] https://bugs.debian.org/1035832 --- libssh-0.10.4/debian/changelog 2022-09-19 08:41:22.0 + +++ libssh-0.10.5/debian/changelog 2023-05-10 06:00:26.0 + @@ -1,3 +1,26 @@ +libssh (0.10.5-1) unstable; urgency=high + + [ Martin Pitt ] + * New upstream security release (thus high urgency): +- Fix authenticated remote DoS through potential NULL dereference during rekeying + with algorithm guessing (CVE-2023-1667) + https://www.libssh.org/security/advisories/CVE-2023-1667.txt +- Client authentication bypass in pki_verify_data_signature() in low-memory + conditions with OpenSSL backend; gcrypt backend is not affected + https://www.libssh.org/security/advisories/CVE-2023-2283.txt + (CVE-2023-2283, Closes: #1035832) + * Bump Standards-Version to 4.6.2. No changes necessary. + * Drop debian/source/lintian-overrides. It now causes a "mismatched-override" +warning, and apparently is not necessary any more. + * debian/copyright: Drop files which don't exist any more. +Spotted by lintian's "superfluous-file-pattern" warnings. + + [ Debian Janitor ] + * Bump debhelper from old 12 to 13. + * Avoid explicitly specifying -Wl,--as-needed linker flag. + + -- Martin Pitt Wed, 10 May 2023 08:00:26 +0200 + libssh (0.10.4-2) unstable; urgency=medium * autopkgtest: Drop valgrind run. This hasn't worked for years on many diff -Nru libssh-0.10.4/debian/control libssh-0.10.5/debian/control --- libssh-0.10.4/debian/control2022-09-19 08:41:22.0 + +++ libssh-0.10.5/debian/control2023-05-10 06:00:26.0 + @@ -4,7 +4,7 @@ Maintainer: Laurent Bigonville Uploaders: Mike Gabriel , Martin Pitt Build-Depends: cmake (>= 2.8.5), - debhelper-compat (= 12), + debhelper-compat (= 13), libcmocka-dev , libgcrypt-dev, libkrb5-dev | heimdal-dev, @@ -15,7 +15,7 @@ pkg-config, python3:any , Build-Depends-Indep: doxygen , graphviz -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Rules-Requires-Root: no Vcs-Git: https://salsa.debian.org/debian/libssh.git Vcs-Browser: https://salsa.debian.org/debian/libssh @@ -97,6 +97,7 @@ Suggests: doc-base Depends: ${misc:Depends} Build-Profiles: +Multi-Arch: foreign Description: tiny C SSH library - Documentation files The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client diff -Nru libssh-0.10.4/debian/copyright libssh-0.10.5/debian/copyright --- libssh-0.10.4/debian/copyright 2022-09-19 08:41:22.0 + +++ libssh-0.10.5/debian/copyright 2023-05-10 06:00:26.0 + @@ -23,7 +23,6 @@ tests/client/torture_connect.c tests/client/torture_knownhosts.c tests/client/torture_session.c - tests/test_pcap.c
Processed: unblock: libssh/0.10.5-1
Processing control commands: > affects -1 + src:libssh Bug #1036026 [release.debian.org] unblock: libssh/0.10.5-1 Added indication that 1036026 affects src:libssh -- 1036026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036026 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: unblock: exim4/4.96-15
Processing control commands: > affects -1 + src:exim4 Bug #1036025 [release.debian.org] unblock: exim4/4.96-15 Added indication that 1036025 affects src:exim4 -- 1036025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036025 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036025: unblock: exim4/4.96-15
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ex...@packages.debian.org Control: affects -1 + src:exim4 Please unblock package exim4 This fixes an initialzation error which caused a crash in the smtp transport. See https://bugs.exim.org/show_bug.cgi?id=2996 It is a one-line change, I have also removed garbage (unapplied patch) from debian/patches. cu Andreas unblock exim4/4.96-15 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' diff -Nru exim4-4.96/debian/changelog exim4-4.96/debian/changelog --- exim4-4.96/debian/changelog 2023-02-04 13:33:50.0 +0100 +++ exim4-4.96/debian/changelog 2023-05-10 18:30:35.0 +0200 @@ -1,3 +1,12 @@ +exim4 (4.96-15) unstable; urgency=medium + + * Pull from upstream GIT master: ++ 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch + Fix a crash in the smtp transport. + https://bugs.exim.org/show_bug.cgi?id=2996 + + -- Andreas Metzler Wed, 10 May 2023 18:30:35 +0200 + exim4 (4.96-14) unstable; urgency=medium * Pull from upstream GIT master: diff -Nru exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch --- exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 2022-12-04 08:02:50.0 +0100 +++ exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 1970-01-01 01:00:00.0 +0100 @@ -1,99 +0,0 @@ -From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Sat, 3 Dec 2022 23:13:53 + -Subject: [PATCH] Fix ${run } arg parsing - -Broken-by: cfe6acff2ddc - doc/ChangeLog| 4 - src/expand.c | 13 ++--- - src/transport.c | 4 +++- - test/scripts/-Basic/0002 | 2 ++ - test/stdout/0002 | 2 ++ - 5 files changed, 21 insertions(+), 4 deletions(-) - a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -28,10 +28,14 @@ - JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96 - a capture group which obtained no text (eg. "(abc)*" matching zero - occurrences) could cause a segfault if the corresponding $ was - expanded. - -+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument -+ included a close-brace character (eg. it itself used an expansion) an -+ error occurred. -+ - - - Exim version 4.96 - - - a/src/expand.c -+++ b/src/expand.c -@@ -5529,11 +5529,11 @@ - { - FILE * f; - const uschar * arg, ** argv; - BOOL late_expand = TRUE; - -- if ((expand_forbid & RDO_RUN) != 0) -+ if (expand_forbid & RDO_RUN) - { - expand_string_message = US"running a command is not permitted"; - goto EXPAND_FAILED; - } - -@@ -5561,16 +5561,23 @@ - } - s++; - - if (late_expand) /* this is the default case */ - { -- int n = Ustrcspn(s, "}"); -+ int n; -+ const uschar * t; -+ /* Locate the end of the args */ -+ (void) expand_string_internal(s, -+ ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, , NULL, NULL); -+ n = t - s; - arg = skipping ? NULL : string_copyn(s, n); - s += n; - } - else - { -+ DEBUG(D_expand) -+ debug_printf_indent("args string for ${run} expand before split\n"); - if (!(arg = expand_string_internal(s, TRUE, , skipping, TRUE, ))) - goto EXPAND_FAILED; - Uskip_whitespace(); - } - /*{*/ a/src/transport.c -+++ b/src/transport.c -@@ -2187,10 +2187,12 @@ - BOOL allow_dollar_recipients = addr && addr->parent - && Ustrcmp(addr->parent->address, "system-filter") == 0; - - for (int i = 0; argv[i]; i++) - { -+DEBUG(D_expand) debug_printf_indent("arg %d\n", i); -+ - /* Handle special fudge for passing an address list */ - - if (addr && - (Ustrcmp(argv[i], "$pipe_addresses") == 0 || - Ustrcmp(argv[i], "${pipe_addresses}") == 0)) -@@ -2361,11 +2363,11 @@ - } - else *errptr = msg; - return FALSE; - } - -- if ( f.running_in_test_harness && is_tainted(expanded_arg) -+ if ( f.running_in_test_harness && is_tainted(expanded_arg) - && Ustrcmp(etext, "queryprogram router") == 0) - { /* hack, would be good to not need it */ - DEBUG(D_transport) - debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n", - expanded_arg); diff -Nru exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch --- exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 1970-01-01 01:00:00.0 +0100 +++ exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 2023-05-10 18:30:35.0 +0200 @@ -0,0 +1,46 @@ +From
Debian 8.3 Jessie KEYEXPIRED 11645052400
Hello, On Sat, May 13, 2023, 11:31 Pierre-Elliott Bécue wrote: > > The only way to avoid that would be to first add stretch to your > sources.list, update, install debian-archive-keyring, and then add > buster to your sources.list. > By the way, this is the recommended approach, please don't try to upgrade from 8 directly to 10, this is not officially supported. Do an upgrade to 9 first, then another one to 10, and also consider upgrading to 11, if possible, since the next stable release (12) will happen in a few months. Make sure you're following the official instructions to perform release upgrades as well. In order to use the repositories for old releases (to upgrade to 9), you will need to use Freexian's repository [0] (which provides LTS and ELTS support), alternatively you can also point to the "archives" repositories [1]. When upgrading to 10 or 11, you should be good to use the regular repositories, this happens because releases 8 and 9 are not officially supported anymore (support being provided by Freexian instead). Trying to generalize the support provided by Debian releases, it's mostly like this: 3 years of official support +2 years of LTS support provided by Freexian (you need to use their repositories) +5 years of ELTS support, also provided by Freexian (and so you need to use their repositories). In total that's 10 years. Note that LTS and ELTS support does not cover all packages (just as you would get with other enterprise distros). Also note that Freexian's support, although not officially affiliated to Debian (as far as I know), it's done by Debian Developers. Their work is funded through customers/sponsors of Freexian and provided for free for everyone to use (so consider sponsoring it if you use it in a company, I think they can also provide direct support to you). Check their website for more info [3]. Disclaimer: I am not affiliated with Freexian. [0] https://www.freexian.com/lts/extended/docs/how-to-use-extended-lts/ [1] https://www.debian.org/distrib/archive [2] https://www.freexian.com
Re: Debian 8.3 Jessie KEYEXPIRED 11645052400
Alan Homobono wrote on 13/05/2023 at 05:56:45+0200: > Trying to upgrade Debian 8.3 Jessie to Debian 10.13 Buster, I continue > getting "KEYEXPIRED" error message after run apt-get update, even renewing > expired keys: > > # apt-key list | grep -A 1 expired > pub 1024D/5072E1F5 2003-02-03 [expired: 2022-02-16] > uid MySQL Release Engineering > > -- > pub 4096R/518E17E1 2013-08-17 [expired: 2021-08-15] > uid Jessie Stable Release Key > > -- > pub 4096R/65FFB764 2012-05-08 [expired: 2019-05-07] > uid Wheezy Stable Release Key > > > > # apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > ; apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.dux8x5wGCC --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 5072E1F5 > gpg: requesting key 5072E1F5 from hkp server keyserver.ubuntu.com > gpg: key 5072E1F5: "MySQL Release Engineering > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.4zdbdTUejR --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 518E17E1 > gpg: requesting key 518E17E1 from hkp server keyserver.ubuntu.com > gpg: key 518E17E1: "Jessie Stable Release Key > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > Executing: gpg --ignore-time-conflict --no-options --no-default-keyring > --homedir /tmp/tmp.SxFd1nEp2W --no-auto-check-trustdb --trust-model always > --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg > --keyring /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg > --keyring /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring > /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver > hkp://keyserver.ubuntu.com:80 --recv-keys 65FFB764 > gpg: requesting key 65FFB764 from hkp server keyserver.ubuntu.com > gpg: key 65FFB764: "Wheezy Stable Release Key > " not changed > gpg: Número total processado: 1 > gpg: não modificados: 1 > > > # apt-get update > ... > Lendo listas de pacotes... Pronto > W: Ocorreu um erro durante a verificação da assinatura. O repositório não > está actualizado e serão utilizados os ficheiros
Processed: Re: Bug#1035685: unblock: mpdscribble/0.24-2+b1
Processing control commands: > tags -1 - moreinfo Bug #1035685 [release.debian.org] unblock: mpdscribble/0.24-3 Removed tag(s) moreinfo. -- 1035685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035685 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1035685: unblock: mpdscribble/0.24-2+b1
control: tags -1 - moreinfo On 11/05/23, Paul Gevers wrote: > Control: tags -1 confirmed moreinfo > Control: retitle -1 unblock: mpdscribble/0.24-3 > > Hi, > > On 07-05-2023 20:58, kaliko wrote: > > During bookworm development the package was refactored and > > a bug was introduced in the conf file management. > > piuparts recently spotted the issue and #1035603 was reported. > > Please go ahead and remove the moreinfo tag once the upload happened. Uploaded Thanks signature.asc Description: PGP signature