Processed: pre-unblock: mariadb/1:10.11.3-1
Processing control commands: > affects -1 src:mariadb Bug #1036081 [release.debian.org] pre-unblock: mariadb/1:10.11.3-1 Added indication that 1036081 affects src:mariadb -- 1036081: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036081 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036081: pre-unblock: mariadb/1:10.11.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Control: affects -1 src:mariadb A new MariaDB 10.11 upstream minor maintenance 10.11.3 is pending at https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/46 This pre-unblock request is to get a decision from the Bookworm release team if you prefer to accept this 10.11.3 into Bookworm, or if you wish it to be postponed to a stable update in Bookworm some time later in fall 2023. As the main maintainer I suggest the release team would decide to include this 10.11.3 in Debian Bookworm at this point in time. There is extensive CI in place pre-upload, and extensive autopkgtests and other quality assurance post-upload. The MariaDB packages in stable releases have a good track record of having unsurprising minor maintenance releases. The MariaDB 10.11.2 release was the first one announced GA (general availability), so this 10.11.3 includes many important upstream bugfixes (though many of them were already cherry-picked into 10.11.2-4 in Debian). The benefit of having known important bugfixes included in Bookworm outweighs the risks of potential unknown and unlikely regressions in this case. This request does not have an exact debdiff, as the 10.11.3 import work was done today and later this week we might add one or two more bugfix commits to it.
Bug#1036078: unblock: docker-registry/2.8.2+ds1-1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: docker-regis...@packages.debian.org, z...@debian.org
Control: affects -1 + src:docker-registry
Please unblock package docker-registry
[ Reason ]
Upstream micro release for CVE-2023-2253 (Catalog API endpoint can lead to OOM
via malicious user input).
[ Impact ]
Fix security issue.
[ Tests ]
New unittest is added. The package has autopkgtest.
[ Risks ]
The debdiff contains some noise code style changes, otherwise they are trivial.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
I attached a filtered debdiff, with following command,
filterdiff --exclude '*/releases/*' --exclude '*/script/*' --exclude
'*/.github/*' \
--exclude '*.hcl' --exclude '*.yml' --exclude '*/Dockerfile' \
--exclude '*/Makefile' --exclude '*/.mailmap' --exclude '*_test.go'
unblock docker-registry/2.8.2+ds1-1
diff -Nru -w docker-registry-2.8.1+ds1/configuration/configuration.go
docker-registry-2.8.2+ds1/configuration/configuration.go
--- docker-registry-2.8.1+ds1/configuration/configuration.go2022-03-09
01:52:36.0 +0800
+++ docker-registry-2.8.2+ds1/configuration/configuration.go2023-05-11
18:11:57.0 +0800
@@ -194,6 +194,7 @@
} `yaml:"redis,omitempty"`
Health Health `yaml:"health,omitempty"`
+ Catalog Catalog `yaml:"catalog,omitempty"`
Proxy Proxy `yaml:"proxy,omitempty"`
@@ -244,6 +245,16 @@
} `yaml:"policy,omitempty"`
}
+// Catalog is composed of MaxEntries.
+// Catalog endpoint (/v2/_catalog) configuration, it provides the configuration
+// options to control the maximum number of entries returned by the catalog
endpoint.
+type Catalog struct {
+ // Max number of entries returned by the catalog endpoint. Requesting n
entries
+ // to the catalog endpoint will return at most MaxEntries entries.
+ // An empty or a negative value will set a default of 1000 maximum
entries by default.
+ MaxEntries int `yaml:"maxentries,omitempty"`
+}
+
// LogHook is composed of hook Level and Type.
// After hooks configuration, it can execute the next handling automatically,
// when defined levels of log message emitted.
@@ -670,6 +681,11 @@
if v0_1.Loglevel != Loglevel("") {
v0_1.Loglevel = Loglevel("")
}
+
+ if v0_1.Catalog.MaxEntries <= 0 {
+ v0_1.Catalog.MaxEntries = 1000
+ }
+
if v0_1.Storage.Type() == "" {
return nil, errors.New("no
storage configuration provided")
}
diff -Nru -w docker-registry-2.8.1+ds1/context/doc.go
docker-registry-2.8.2+ds1/context/doc.go
--- docker-registry-2.8.1+ds1/context/doc.go2022-03-09 01:52:36.0
+0800
+++ docker-registry-2.8.2+ds1/context/doc.go2023-05-11 18:11:57.0
+0800
@@ -15,7 +15,7 @@
// The above will store the version in the context and will be available to
// the logger.
//
-// Logging
+// # Logging
//
// The most useful aspect of this package is GetLogger. This function takes
// any context.Context interface and returns the current logger from the
@@ -65,7 +65,7 @@
// added to the request context, is unique to that context and can have
// request scoped variables.
//
-// HTTP Requests
+// # HTTP Requests
//
// This package also contains several methods for working with http requests.
// The concepts are very similar to those described above. We simply place the
diff -Nru -w docker-registry-2.8.1+ds1/context/http.go
docker-registry-2.8.2+ds1/context/http.go
--- docker-registry-2.8.1+ds1/context/http.go 2022-03-09 01:52:36.0
+0800
+++ docker-registry-2.8.2+ds1/context/http.go 2023-05-11 18:11:57.0
+0800
@@ -246,11 +246,7 @@
return ctx.vars
}
- if strings.HasPrefix(keyStr, "vars.") {
- keyStr = strings.TrimPrefix(keyStr, "vars.")
- }
-
- if v, ok := ctx.vars[keyStr]; ok {
+ if v, ok := ctx.vars[strings.TrimPrefix(keyStr, "vars.")]; ok {
return v
}
}
diff -Nru -w docker-registry-2.8.1+ds1/debian/changelog
docker-registry-2.8.2+ds1/debian/changelog
--- docker-registry-2.8.1+ds1/debian/changelog 2022-06-29 20:32:34.0
+0800
+++ docker-registry-2.8.2+ds1/debian/changelog 2023-05-13 23:21:12.0
+0800
@@ -1,3 +1,14 @@
+docker-registry (2.8.2+ds1-1) unstable; urgency=medium
+
+ * Team upload
+ * New upstream version 2.8.2+ds1
+
Processed: unblock: docker-registry/2.8.2+ds1-1
Processing control commands: > affects -1 + src:docker-registry Bug #1036078 [release.debian.org] unblock: docker-registry/2.8.2+ds1-1 Added indication that 1036078 affects src:docker-registry -- 1036078: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036078 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1035056: [pre-approval] plasma-desktop 5.27.X
Control: tags -1 moreinfo Hi, On 28-04-2023 15:29, Hefee wrote: before invest time, to do the debdiff and all paperwork for Plasma 5.27.X LTS packages, there's need to be a idea, how to get it into stable. Please read the freeze policy [2] and the FAQ [3] very carefully and make sure your request meets the requirements of this phase of the freeze and make sure you can answer every relevant question from the FAQ. Please only pursue if you convinced the answer is yes. Currently 5.27.3 on experimental. Upstream is relasing with a fibbonacci time frame, What does that mean (sorry, I don't have the energy to look this up, too many unblock requests to process)? when stable will be release, we would be at ~5.27.5. I wanted to ask, if we find a solution together to get the new version into bookworm. Upstream wants to give bugfix releases over 2 years. So you consider bumping 5.27.2 to 5.27.5 a targeted fix? Would you request the same in a stable point update (because that's about the same level at this phase of the release)? Plasma 5.27 is a LTS branch, that is stable and only bug fixes with be released with next minor versions. No transitions nor API changes. [From FAQ] can you point at an upstream document that explains their policy? Plasma is ~50 pacakges - see a list of packages: I think you know by now, this fits extremely bad with the way the Freeze is handled as we review everything and need to watch that everything migrates. We're not going to give a set of key packages a cart blanch this late in the freeze especially when we've NACK-ed already easier things. E.g. although we're convinced the MariaDB unblock [4] really had all best intentions and we hate to deny unblocks, it contained a bunch of changes not meeting the freeze policy. We're frozen to ensure stability and no surprises. The freeze policy is not ment to manage packages (that's up to the maintainers), it's meant to ensure we can manage the release process. In this particular case, we also don't have tools to ensure the set remains coherent, does the set ensure they migrate as a whole? If not, how bad would it be when some pieces migrate and others can't before the release? For your info, I'm going to try hard to ensure KDE and plasma are going to be removed from the key package set for trixie, which means that you don't need our involvement until much later in the trixie freeze. However, that won't help you anymore this time around because a) that key package set definition change isn't going to happen before the release and b) it's too late in the freeze to matter anymore. Paul [2] https://release.debian.org/testing/freeze_policy.html [3] https://release.debian.org/testing/FAQ.html [4] https://bugs.debian.org/1033811 OpenPGP_signature Description: OpenPGP digital signature
Processed: Re: Bug#1035056: [pre-approval] plasma-desktop 5.27.X
Processing control commands: > tags -1 moreinfo Bug #1035056 [release.debian.org] [pre-approval] plasma-desktop 5.27.X Added tag(s) moreinfo. -- 1035056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1035685: marked as done (unblock: mpdscribble/0.24-3)
Your message dated Sun, 14 May 2023 21:21:11 +0200 with message-id and subject line Re: Bug#1035685: unblock: mpdscribble/0.24-2+b1 has caused the Debian Bug report #1035685, regarding unblock: mpdscribble/0.24-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035685: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035685 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: mpdscrib...@packages.debian.org Control: affects -1 + src:mpdscribble Please unblock package mpdscribble [ Reason ] During bookworm development the package was refactored and a bug was introduced in the conf file management. piuparts recently spotted the issue and #1035603 was reported. https://bugs.debian.org/1035603 [ Impact ] Package will be removed from testing and not shipped in bookworm. [ Tests ] Tested with piuparts to ensure the bug is actually fixed [ Risks ] I don't believe there are risks with this trivial fix. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock mpdscribble/0.24-2+b1 diff -Nru mpdscribble-0.24/debian/changelog mpdscribble-0.24/debian/changelog --- mpdscribble-0.24/debian/changelog 2022-07-31 18:28:30.0 +0200 +++ mpdscribble-0.24/debian/changelog 2023-05-07 20:00:03.0 +0200 @@ -1,3 +1,10 @@ +mpdscribble (0.24-3) unstable; urgency=medium + + * Do not ship /etc/mpdscribble.conf as a conffile (already managed with ucf) +Thanks to Andreas Beckmann (Closes: #1035603) + + -- Geoffroy Youri Berret Sun, 07 May 2023 20:00:03 +0200 + mpdscribble (0.24-2) unstable; urgency=medium * Fixed FTBS (porting to gcc12) (Closes: #1016284) diff -Nru mpdscribble-0.24/debian/rules mpdscribble-0.24/debian/rules --- mpdscribble-0.24/debian/rules 2022-07-31 18:28:30.0 +0200 +++ mpdscribble-0.24/debian/rules 2023-05-07 19:58:53.0 +0200 @@ -16,6 +16,7 @@ override_dh_auto_install: dh_auto_install + rm debian/mpdscribble/etc/mpdscribble.conf rm debian/mpdscribble/usr/share/doc/mpdscribble/COPYING override_dh_clean: --- End Message --- --- Begin Message --- Hi, On 13-05-2023 08:50, kaliko wrote: Uploaded and unblocked and aged. Paul OpenPGP_signature Description: OpenPGP digital signature --- End Message ---
Bug#1035674: marked as done (pre-approval: unblock: puppetserver/7.9.5-2)
Your message dated Sun, 14 May 2023 21:19:01 +0200
with message-id <2332c8fd-f657-4852-15f1-5940e64ae...@debian.org>
and subject line Re: Bug#1035674: pre-approval: unblock: puppetserver/7.9.5-2
has caused the Debian Bug report #1035674,
regarding pre-approval: unblock: puppetserver/7.9.5-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: pkg-puppet-de...@alioth-lists.debian.net
Control: affects -1 + src:puppetserver
I would like to request an unblock to upload puppetserver/7.9.5-2 which
fixes two bugs using targeted fixes.
- #1032241 puppetserver - service unit fails to realize the main
process died
- #1035541 puppetserver: CVE-2023-1894
[ Reason ]
The main reason is to fix the denial-of-service security issue prior to
the release. The second fix has been in the source repository's main
branch for some time, awaiting release.
[ Impact ]
Accepting this release should not have any impact beyond puppetserver
itself.
[ Tests ]
Build and autopkgtest are passing. The service unit fix has been applied
locally on my production system for several weeks.
[ Risks ]
There is a (low) risk that the patches introduce new bugs.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
Thanks!
-- Jérômediff -Nru puppetserver-7.9.5/debian/changelog
puppetserver-7.9.5/debian/changelog
--- puppetserver-7.9.5/debian/changelog 2023-02-09 21:11:26.0 -0500
+++ puppetserver-7.9.5/debian/changelog 2023-05-07 11:09:17.0 -0400
@@ -1,3 +1,10 @@
+puppetserver (7.9.5-2) unstable; urgency=medium
+
+ * abort service start/reload if mainpid dies (Closes: #1032241)
+ * add patch fixing CVE-2023-1894 (Closes: #1035541)
+
+ -- Jérôme Charaoui Sun, 07 May 2023 11:09:17 -0400
+
puppetserver (7.9.5-1) unstable; urgency=medium
* New upstream version 7.9.5
diff -Nru
puppetserver-7.9.5/debian/patches/0010-Backport-fix-for-CVE-2023-1894.patch
puppetserver-7.9.5/debian/patches/0010-Backport-fix-for-CVE-2023-1894.patch
--- puppetserver-7.9.5/debian/patches/0010-Backport-fix-for-CVE-2023-1894.patch
1969-12-31 19:00:00.0 -0500
+++ puppetserver-7.9.5/debian/patches/0010-Backport-fix-for-CVE-2023-1894.patch
2023-05-07 11:09:17.0 -0400
@@ -0,0 +1,127 @@
+From: =?utf-8?b?SsOpcsO0bWUgQ2hhcmFvdWk=?=
+Date: Sun, 7 May 2023 11:00:09 -0400
+Subject: Backport fix for CVE-2023-1894
+
+Forwarded: not-needed
+Bug: https://tickets.puppetlabs.com/browse/PE-35786
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541
+Origin:
+ commit,
https://github.com/puppetlabs/puppetserver/commit/9e0239c19bc852b98c1a63fb33998de7eae388dc
+ backport,
https://github.com/puppetlabs/puppetserver/commit/545998b71baf70e35dc60c287f2cb2fc11ef9be2
+---
+ .../puppetserver/certificate_authority.clj | 33 +---
+ .../puppetserver/certificate_authority_test.clj| 36 ++
+ 2 files changed, 52 insertions(+), 17 deletions(-)
+
+diff --git a/src/clj/puppetlabs/puppetserver/certificate_authority.clj
b/src/clj/puppetlabs/puppetserver/certificate_authority.clj
+index 46429f4..16ab834 100644
+--- a/src/clj/puppetlabs/puppetserver/certificate_authority.clj
b/src/clj/puppetlabs/puppetserver/certificate_authority.clj
+@@ -787,6 +787,11 @@
+ (utils/subject-alt-names {:dns-name (conj default-alt-names host-name)}
false)
+ (utils/subject-alt-names (update alt-names-list :dns-name conj
host-name) false
+
++
++(def pattern-match-dot #"\.")
++(def pattern-starts-with-alphanumeric-or-underscore #"^[\p{Alnum}_].*")
++(def pattern-matches-alphanumeric-with-symbols-string
#"^[\p{Alnum}\-_]*[\p{Alnum}_]$")
++
+ (schema/defn validate-subject!
+ "Validate the CSR or certificate's subject name. The subject name must:
+ * match the hostname specified in the HTTP request (the `subject`
parameter)
+@@ -795,12 +800,16 @@
+ * not contain the wildcard character (*)"
+ [hostname :- schema/Str
+subject :- schema/Str]
++ (log/debug (i18n/trs "Checking \"{0}\" for validity" subject))
++
+ (when-not (= hostname subject)
++(log/infof "Rejecting subject \"%s\" because it doesn't match hostname
\"%s\"" subject hostname)
+ (sling/throw+
+ {:kind :hostname-mismatch
+- :msg
Bug#1036039: marked as done (unblock: debian-games/5)
Your message dated Sun, 14 May 2023 18:34:41 + with message-id and subject line unblock debian-games has caused the Debian Bug report #1036039, regarding unblock: debian-games/5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036039 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@debian.org Please unblock package debian-games [ Reason ] debian-games is a Debian Blend and a collection of metapackages. debian-games' purpose is to recommend or suggest games of a specific category. As usual I have updated and synced the list of packages with the actual situation in Bookworm and Sid because we are close to a release now. Packages which are not part of the next stable release but still in unstable have been downgraded to Suggests. Games which have been removed from Debian are no longer listed. Newly introduced games have been added to Recommends or Suggests. [ Impact ] The recommendations in Bookworm would be outdated. [ Tests ] I have verified that the changes work and the metapackages can be installed successfully. [ Risks ] There have been only changes in the Recommends or Suggests sections. No code changes. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock debian-games/5 diff -Nru debian-games-4/debian/changelog debian-games-5/debian/changelog --- debian-games-4/debian/changelog 2021-07-04 08:50:03.0 +0200 +++ debian-games-5/debian/changelog 2023-05-06 23:13:53.0 +0200 @@ -1,3 +1,31 @@ +debian-games (5) unstable; urgency=medium + + [ Andreas Tille ] + * Build-Depends: Drop versioned constraint on blends-dev. + + [ Markus Koschany ] + * Declare compliance with Debian Policy 4.6.2. + * New games: +- puzzle: chromono, explosive-c4, parolottero +- console: chroma-curses, nbsdgames, tty-solitaire +- platform: davegnukem +- fps: dsda-doom, ktx, mvdsv, woof-doom +- emulator: yuzu +- tetris: ghextris +- arcard: lbreakouthd +- toys: pipes-sh + * Removed games: (removed from Debian) +- education: childsplay, gcompris +- rpg: ember +- puzzle: gnubik +- emulator: higan +- arcade: monster-masher +- strategy: snowballz +- c++-dev: libogre-1.9-dev + * Update the blacklist + + -- Markus Koschany Sat, 06 May 2023 23:13:53 +0200 + debian-games (4) unstable; urgency=medium * Update the blacklist diff -Nru debian-games-4/debian/control debian-games-5/debian/control --- debian-games-4/debian/control 2021-07-04 08:50:03.0 +0200 +++ debian-games-5/debian/control 2023-05-06 23:13:53.0 +0200 @@ -4,8 +4,8 @@ Priority: optional Maintainer: Debian Games Team Uploaders: Markus Koschany -Build-Depends: debhelper-compat (= 13), blends-dev (>= 0.6.92.1) -Standards-Version: 4.5.1 +Build-Depends: debhelper-compat (= 13), blends-dev +Standards-Version: 4.6.2 Homepage: https://blends.debian.org/games/tasks/ Vcs-Git: https://salsa.debian.org/blends-team/games.git Vcs-Browser: https://salsa.debian.org/blends-team/games @@ -78,7 +78,7 @@ jzip, lure-of-the-temptress, onscripter, -qtads, +renpy-thequestion, rlvm, scottfree, scummvm, @@ -89,7 +89,7 @@ xzip, zoom-player Suggests: fizmo-ncursesw, - renpy-thequestion, + qtads, scummvm-tools Description: Debian's adventure games This metapackage will install adventure games, interpreter and engines. @@ -128,7 +128,6 @@ excellent-bifurcation, freedroid, freegish, -funguloids, funnyboat, garden-of-coloured-lights, gav, @@ -153,13 +152,13 @@ kraptor, late, lbreakout2, +lbreakouthd, lierolibre, luola, madbomber, maelstrom, marsshooter, mirrormagic, -monster-masher, moon-buggy, moon-lander, mousetrap, @@ -236,11 +235,9 @@ xsoldier, xtron, zatacka -Suggests: adanaxisgpl, - efp, - fretsonfire, +Suggests: efp, + funguloids, gnome-games, -
Bug#1036031: marked as done (unblock: python-mitogen/0.3.3-9)
Your message dated Sun, 14 May 2023 18:29:51 + with message-id and subject line unblock python-mitogen has caused the Debian Bug report #1036031, regarding unblock: python-mitogen/0.3.3-9 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036031 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: python-mito...@packages.debian.org Control: affects -1 + src:python-mitogen Please unblock package python-mitogen [ Reason ] This resolves bug 1036018. Apparently ansible has grown the number of open file handles over time, causing select() to become unusable. Use poll() instead of select. python-mitogen development is somewhat sporadic at the moment. We patched it to support Ansible 6, even though upstream hadn't declared support, yet. That probably contributed to this bug appearing. Upstream hasn't picked up this patch, yet. But it's been sitting on GitHub since early Feb, and resolves the issue. [ Impact ] Some users will hit "filedescriptor out of range in select()" errors when using ansible with miteogen. [ Tests ] I've manually tested ansible with mitogen, and it seems to work. The automated test suite passes. Some of the GitHub actions tests for this PR failed. But the affected platforms don't seem relevant to us. [ Risks ] Patch is relatively straightforward. Replacing one drop-in class in place of another. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock python-mitogen/0.3.3-9 diff -Nru python-mitogen-0.3.3/debian/changelog python-mitogen-0.3.3/debian/changelog --- python-mitogen-0.3.3/debian/changelog 2022-12-13 22:43:51.0 -0400 +++ python-mitogen-0.3.3/debian/changelog 2023-05-13 09:45:14.0 -0400 @@ -1,3 +1,10 @@ +python-mitogen (0.3.3-9) unstable; urgency=medium + + * Patch: Use poll() in the broker to handle more file descriptors. +(Closes: #1036018) + + -- Stefano Rivera Sat, 13 May 2023 09:45:14 -0400 + python-mitogen (0.3.3-8) unstable; urgency=medium * Team upload. diff -Nru python-mitogen-0.3.3/debian/patches/poll-poller python-mitogen-0.3.3/debian/patches/poll-poller --- python-mitogen-0.3.3/debian/patches/poll-poller 1969-12-31 20:00:00.0 -0400 +++ python-mitogen-0.3.3/debian/patches/poll-poller 2023-05-13 09:45:14.0 -0400 @@ -0,0 +1,28 @@ +From: Luca Berruti +Date: Wed, 8 Feb 2023 14:05:25 +0100 +Subject: Fix: filedescriptor out of range in select() + +Bug-Debian: https://bugs.debian.org/1036018 +Bug-Upstream: https://github.com/mitogen-hq/mitogen/issues/957 +Origin: https://github.com/mitogen-hq/mitogen/pull/984 +--- + ansible_mitogen/process.py | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/ansible_mitogen/process.py b/ansible_mitogen/process.py +index 63caa88..8c19c37 100644 +--- a/ansible_mitogen/process.py b/ansible_mitogen/process.py +@@ -285,8 +285,10 @@ class Broker(mitogen.master.Broker): + the exuberant syscall expense of EpollPoller, so override it and restore + the poll() poller. + """ +-poller_class = mitogen.core.Poller +- ++if mitogen.parent.PollPoller.SUPPORTED: ++poller_class = mitogen.parent.PollPoller ++else: ++poller_class = mitogen.core.Poller + + class Binding(object): + """ diff -Nru python-mitogen-0.3.3/debian/patches/series python-mitogen-0.3.3/debian/patches/series --- python-mitogen-0.3.3/debian/patches/series 2022-12-13 20:24:51.0 -0400 +++ python-mitogen-0.3.3/debian/patches/series 2023-05-13 09:45:14.0 -0400 @@ -6,3 +6,4 @@ skip-python2.7-test ansible-6 hack-remove-cleanup +poll-poller --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1036025: marked as done (unblock: exim4/4.96-15)
Your message dated Sun, 14 May 2023 18:28:34 +
with message-id
and subject line unblock exim4
has caused the Debian Bug report #1036025,
regarding unblock: exim4/4.96-15
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1036025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036025
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ex...@packages.debian.org
Control: affects -1 + src:exim4
Please unblock package exim4
This fixes an initialzation error which caused a crash in the smtp
transport. See https://bugs.exim.org/show_bug.cgi?id=2996
It is a one-line change, I have also removed garbage (unapplied patch)
from debian/patches.
cu Andreas
unblock exim4/4.96-15
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru exim4-4.96/debian/changelog exim4-4.96/debian/changelog
--- exim4-4.96/debian/changelog 2023-02-04 13:33:50.0 +0100
+++ exim4-4.96/debian/changelog 2023-05-10 18:30:35.0 +0200
@@ -1,3 +1,12 @@
+exim4 (4.96-15) unstable; urgency=medium
+
+ * Pull from upstream GIT master:
++ 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+ Fix a crash in the smtp transport.
+ https://bugs.exim.org/show_bug.cgi?id=2996
+
+ -- Andreas Metzler Wed, 10 May 2023 18:30:35 +0200
+
exim4 (4.96-14) unstable; urgency=medium
* Pull from upstream GIT master:
diff -Nru exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch
--- exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 2022-12-04 08:02:50.0 +0100
+++ exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 1970-01-01 01:00:00.0 +0100
@@ -1,99 +0,0 @@
-From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris
-Date: Sat, 3 Dec 2022 23:13:53 +
-Subject: [PATCH] Fix ${run } arg parsing
-
-Broken-by: cfe6acff2ddc
- doc/ChangeLog| 4
- src/expand.c | 13 ++---
- src/transport.c | 4 +++-
- test/scripts/-Basic/0002 | 2 ++
- test/stdout/0002 | 2 ++
- 5 files changed, 21 insertions(+), 4 deletions(-)
-
a/doc/ChangeLog
-+++ b/doc/ChangeLog
-@@ -28,10 +28,14 @@
- JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
- a capture group which obtained no text (eg. "(abc)*" matching zero
- occurrences) could cause a segfault if the corresponding $ was
- expanded.
-
-+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
-+ included a close-brace character (eg. it itself used an expansion) an
-+ error occurred.
-+
-
-
- Exim version 4.96
- -
-
a/src/expand.c
-+++ b/src/expand.c
-@@ -5529,11 +5529,11 @@
- {
- FILE * f;
- const uschar * arg, ** argv;
- BOOL late_expand = TRUE;
-
-- if ((expand_forbid & RDO_RUN) != 0)
-+ if (expand_forbid & RDO_RUN)
- {
- expand_string_message = US"running a command is not permitted";
- goto EXPAND_FAILED;
- }
-
-@@ -5561,16 +5561,23 @@
- }
- s++;
-
- if (late_expand) /* this is the default case */
- {
-- int n = Ustrcspn(s, "}");
-+ int n;
-+ const uschar * t;
-+ /* Locate the end of the args */
-+ (void) expand_string_internal(s,
-+ ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, , NULL, NULL);
-+ n = t - s;
- arg = skipping ? NULL : string_copyn(s, n);
- s += n;
- }
- else
- {
-+ DEBUG(D_expand)
-+ debug_printf_indent("args string for ${run} expand before split\n");
- if (!(arg = expand_string_internal(s, TRUE, , skipping, TRUE, )))
- goto EXPAND_FAILED;
- Uskip_whitespace();
- }
- /*{*/
a/src/transport.c
-+++ b/src/transport.c
-@@ -2187,10 +2187,12 @@
- BOOL allow_dollar_recipients = addr && addr->parent
- && Ustrcmp(addr->parent->address, "system-filter") == 0;
-
- for (int i = 0; argv[i]; i++)
- {
-+DEBUG(D_expand) debug_printf_indent("arg %d\n", i);
-+
- /* Handle special fudge for passing an address list */
-
- if (addr &&
- (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
- Ustrcmp(argv[i], "${pipe_addresses}") == 0))
-@@ -2361,11 +2363,11 @@
- }
- else *errptr = msg;
- return FALSE;
- }
-
-- if ( f.running_in_test_harness &&
Bug#1036003: marked as done (unblock: adacgi/1.6-32 and 20 Ada libraries)
Your message dated Sun, 14 May 2023 18:26:04 + with message-id and subject line unblock adacgi has caused the Debian Bug report #1036003, regarding unblock: adacgi/1.6-32 and 20 Ada libraries to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036003: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036003 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ada...@packages.debian.org Control: affects -1 + src:adacgi Please unblock package adacgi The -dev package for Ada libraries is renamed when the source changes. So libadacgi4-dev in bullseye and libadacgi6-dev in bullseye have some conflicting files. Each -dev package must Break/Replace previous -dev packages, else the upgrade fails: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034975 (This issue has been known for long, but depending on non coinstallable gnat versions seemed sufficient until now) The attached fix seems trivial and without risk. As far as I understand, an unblock is necessary even if these packages have autopkgtests because the freeze is planned in less than 20 days. All Ada libraries are affected by the same issue. Should I open several request? Here are the relevant bug numbers (some sources build several libraries). adacgi https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034975 adasockets https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034896 ahvenhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035011 anet https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035013 dbusada https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034914 gprbuild https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034913 libalog https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035004 libaunit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034934 libflorist https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035006 libgmpadahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034960 libgnatcoll-bindings https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034917 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034919 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034928 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034940 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034974 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034991 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035002 libgnatcoll-db https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034946 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034964 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034981 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035010 libgnatcoll https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034920 libgtkadahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034970 liblog4ada https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034916 libncursesadahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034977 libtemplates-parser https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034985 libtexttools https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034979 libxmladahttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034918 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034937 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034944 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034952 libxmlezout https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034965 pcscada https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034927 A similar fix for plplot/5.15.0+dfsg2-6 has been unblocked a few days ago: broken upgrade https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034936 unblock request https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035652 non-changelog part of the debdiff: +Replaces: libplplotada3-dev (<< 5.15.0+dfsg-26) +Breaks: libplplotada3-dev (<< 5.15.0+dfsg-26) This fixes upgrades from bullseye (...3-dev), but not from testing (...4-dev). Do you think that this is release-critical? If so, should we report a separate unblock request, or
Bug#1036006: marked as done (unblock: postgresql-15/15.3-0+deb12u1)
Your message dated Sun, 14 May 2023 18:27:24 + with message-id and subject line unblock postgresql-15 has caused the Debian Bug report #1036006, regarding unblock: postgresql-15/15.3-0+deb12u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036006: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036006 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: postgresql...@packages.debian.org Control: affects -1 + src:postgresql-15 Please unblock package postgresql-15. [ Reason ] The new version fixes CVE-2023-2454 and CVE-2023-2455. [ Impact ] CVE-2023-2454 and CVE-2023-2455. [ Tests ] The package passes all the built-in regression tests and the postgresql-common testsuite. [ Risks ] New PostgreSQL upstream releases are generally accepted. [ Checklist ] (No changes in debian/ except for the changelog) [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing postgresql-15 (15.3-0+deb12u1) unstable; urgency=medium * New upstream version. + Prevent CREATE SCHEMA from defeating changes in search_path (Report and fix by Alexander Lakhin, CVE-2023-2454) Within a CREATE SCHEMA command, objects in the prevailing search_path, as well as those in the newly-created schema, would be visible even within a called function or script that attempted to set a secure search_path. This could allow any user having permission to create a schema to hijack the privileges of a security definer function or extension script. + Enforce row-level security policies correctly after inlining a set-returning function (Report by Wolfgang Walther, CVE-2023-2455) If a set-returning SQL-language function refers to a table having row-level security policies, and it can be inlined into a calling query, those RLS policies would not get enforced properly in some cases involving re-using a cached plan under a different role. This could allow a user to see or modify rows that should have been invisible. -- Christoph Berg Tue, 09 May 2023 19:05:02 +0200 unblock postgresql-15/15.3-0+deb12u1 Thanks, Christoph signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1036060: unblock: libfinance-quote-perl/1.54-3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libfinance-quote-p...@packages.debian.org
Control: affects -1 + src:libfinance-quote-perl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I've uploaded libfinance-quote-perl/1.54-3 to unstable, targetting
bookworm.
In comparison to -2, the upload contains 4 patches from upstream Git
commits/PRs. While this sounds a bit scary at this stage of the
freeze, all changes are minimal and fix issues.
I'm attaching a full debdiff but in practice the code changes are as
follows (the rest is documentation, patch metadata, a skipped online
test, …):
1) debian/patches/GH263_URL_MorningstarJP.patch: 1 URL changed:
- --- a/lib/Finance/Quote/MorningstarJP.pm
+++ b/lib/Finance/Quote/MorningstarJP.pm
@@ -32,7 +32,7 @@
# NAV information (basis price)
$MORNINGSTAR_JP_URL =
- - ('https://www.morningstar.co.jp/FundData/DownloadStdYmd.do?fnc=');
+ ('https://www.wealthadvisor.co.jp/FundData/DownloadStdYmd.do?fnc=');
sub methods { return ( morningstarjp => \ ); }
sub labels { return ( morningstarjp => [qw/symbol date nav/] ); }
2) debian/patches/GH262_Regex_FTfunds.patch: 1 regexp changed:
- --- a/lib/Finance/Quote/FTfunds.pm
+++ b/lib/Finance/Quote/FTfunds.pm
@@ -182,7 +182,7 @@
my $currency;
my $price;
if ($webdoc->content =~
- - m[Price
[(]([A-Z]{3})[)]([\.\,0-9]*)] )
+ m[]*>Price
[(]([A-Z]{3})[)]([\.\,0-9]*)] )
{
$currency = $1;
$price= $2;
3) debian/patches/GH267_TRV_AlphaVantage.patch: 1 entry added to a
hash table:
- --- a/lib/Finance/Quote/AlphaVantage.pm
+++ b/lib/Finance/Quote/AlphaVantage.pm
@@ -58,6 +58,7 @@
'.SA' => "BRL",# Brazil Sao Paolo
'.BR' => "EUR",# Belgium Brussels
'.TO' => "CAD",# Canada Toronto
+'.TRV' => "CAD",# CanadaToronto Venture
'.V' => "CAD",# Toronto Venture
'.TRT' => "CAD",# CanadaToronto
'.SN' => "CLP",# ChileSantiago
4) debian/patches/GH268_URL_YahooJSON.patch: 1 URL changed:
- --- a/lib/Finance/Quote/YahooJSON.pm
+++ b/lib/Finance/Quote/YahooJSON.pm
@@ -35,7 +35,7 @@
our $VERSION = '1.54'; # VERSION
- -my $YIND_URL_HEAD =
'https://query1.finance.yahoo.com/v7/finance/quote?symbols=';
+my $YIND_URL_HEAD =
'https://query1.finance.yahoo.com/v6/finance/quote?symbols=';
my $YIND_URL_TAIL = '';
sub methods {
(This is Debian bug #1035690)
All these changes are also in the new 1.55 upstream release which
I've chosen not to take as it also contains other/more code changes.
Having these changes in bookworm would help users to have working
stock quote modules, and as the changes are minimal there should be
no risk for regressions.
unblock libfinance-quote-perl/1.54-3
age-days 5 libfinance-quote-perl/1.54-3
Thanks in advance,
gregor
-BEGIN PGP SIGNATURE-
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmRhJ9RfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgauYg/+IpHCLWKfRn18h5jiQruWhQkosM3n8cPaXVqiCbm2V1o/I4DC5Rx6xK4W
uZ/255jydt1DI771a4p2zlgl/svKIXCBCqsk9c3aUzpCrkeAVghOW6OGqD9X2P+Q
o8W1ADpEbG/gI6kGHn7Yj5x428L6PtG/t0rUTEKnEEUznPnLFufszFkr1/aifwbr
bbX1sjSxcdNQjtaiMVRusK7CD8sfqgRaDSZJC7iN9NjIbMnYEo/3UYiSDpBnXC6/
QP/VZrAdrbfsmWCahJtcZ/ZlvpKN1rmQI6fnaTIFFGewQmyj2uMAnVa1bLSm2lI0
6yo5oc33TDfxCR0nnJOr4jE3ruB1sYenIoUilNxLtglCRCJZhoZCQP6IPq2wCTe3
U18L4dH0lAppXGx7MHq2bnEXTV5JB6pcz0EBDe66iupmotQrgOwoNRVOt8A6GMah
2+MCWGSTub2Z0RAFQWv/HTdSZWhsjq+TgMNoxOcxGjXBUdgBAl+JkrfxeZ3e2RLd
oY42kFhTIimDKnyHOe9CdA2Zp/PvISnHdafiMoeHBrnZfMmvG3dttqcxDxn9GPAL
wievCeyj27th12taQN5/Rg5qPU07cr3yiFE9v8ccSsKPcQzmT27nx+qFEYALcYxn
fXlgcIMsRuWaIfc1okSgus7Q8QhxAQk3Ep2vZrPQ5cuoOC91so4=
=apkh
-END PGP SIGNATURE-
diff -Nru libfinance-quote-perl-1.54/debian/changelog
libfinance-quote-perl-1.54/debian/changelog
--- libfinance-quote-perl-1.54/debian/changelog 2023-02-05 14:24:34.0
+0100
+++ libfinance-quote-perl-1.54/debian/changelog 2023-05-14 20:04:45.0
+0200
@@ -1,3 +1,17 @@
+libfinance-quote-perl (1.54-3) unstable; urgency=medium
+
+ * Add patch GH263_URL_MorningstarJP.patch from upstream Git repo.
+URL change in MorningstarJP.pm. (GH#263)
+ * Add patch GH262_Regex_FTfunds.patch from upstream Git repo.
+Tweak regex to fix FTfunds.pm. (GH#262)
+ * Add patch GH267_TRV_AlphaVantage.patch from upstream Git repo.
+Added currency map .TRV => CAD. (GH#267)
+ * Add patch GH268_URL_YahooJSON.patch from upstream Git repo.
+Quick fix to YahooJSON.pm. (GH#268)
+Thanks to David Engel for the bug report. (Closes: #1035690)
+
+ -- gregor herrmann Sun, 14 May 2023 20:04:45 +0200
+
libfinance-quote-perl (1.54-2) unstable; urgency=medium
* Drop
Processed: unblock: libfinance-quote-perl/1.54-3
Processing control commands: > affects -1 + src:libfinance-quote-perl Bug #1036060 [release.debian.org] unblock: libfinance-quote-perl/1.54-3 Added indication that 1036060 affects src:libfinance-quote-perl -- 1036060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036060 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036059: unblock: resteasy3.0/3.0.26-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: resteasy...@packages.debian.org Control: affects -1 + src:resteasy3.0 Please unblock package resteasy3.0 This update drops the dependency on libtomcat9-java which won't be part of Bookworm (#1033366) Thank you, Emmanuel Bourg unblock resteasy3.0/3.0.26-6 diff --git a/debian/changelog b/debian/changelog index 68db1eab6..148149f7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +resteasy3.0 (3.0.26-6) unstable; urgency=medium + + * Team upload. + * Depend on libservlet-api-java and libel-api-java instead of libtomcat9-java +(Closes: #1033366) + + -- Emmanuel Bourg Sun, 14 May 2023 19:12:25 +0200 + resteasy3.0 (3.0.26-5) unstable; urgency=medium * patches: Replace javax/activation with jakarta/activation, fixes noise diff --git a/debian/control b/debian/control index bd18212da..47fdea4fd 100644 --- a/debian/control +++ b/debian/control @@ -10,6 +10,7 @@ Build-Depends-Indep: javahelper, junit4, libcommons-io-java, + libel-api-java, libgeronimo-annotation-1.3-spec-java, libhttpclient-java, libjackson2-core-java, @@ -22,8 +23,8 @@ Build-Depends-Indep: libjboss-logging-java, libjboss-logging-tools-java, libmaven-install-plugin-java, - libslf4j-java, - libtomcat9-java, + libservlet-api-java, + libslf4j-java Standards-Version: 4.5.1 Vcs-Git: https://salsa.debian.org/java-team/resteasy.git Vcs-Browser: https://salsa.debian.org/java-team/resteasy diff --git a/debian/libresteasy3.0-java.classpath b/debian/libresteasy3.0-java.classpath index 2dfc0599a..89a972771 100644 --- a/debian/libresteasy3.0-java.classpath +++ b/debian/libresteasy3.0-java.classpath @@ -1,2 +1,2 @@ -usr/share/java/resteasy-jaxrs.jar /usr/share/java/slf4j-api.jar /usr/share/java/httpclient.jar /usr/share/java/commons-io.jar /usr/share/java/geronimo-annotation-1.3-spec.jar /usr/share/java/tomcat9-el-api.jar /usr/share/java/jakarta-activation.jar +usr/share/java/resteasy-jaxrs.jar /usr/share/java/slf4j-api.jar /usr/share/java/httpclient.jar /usr/share/java/commons-io.jar /usr/share/java/geronimo-annotation-1.3-spec.jar /usr/share/java/jakarta-activation.jar usr/share/java/resteasy-jackson2-provider.jar /usr/share/java/jackson-core.jar /usr/share/java/jackson-databind.jar /usr/share/java/jackson-jaxrs-base.jar /usr/share/java/jackson-jaxrs-json-provider.jar /usr/share/java/jackson-module-jaxb-annotations.jar diff --git a/debian/maven.rules b/debian/maven.rules index 30c686e5e..51bec29df 100644 --- a/debian/maven.rules +++ b/debian/maven.rules @@ -12,7 +12,7 @@ org.yaml snakeyaml * s/.*/1.x/ * * com.sun.istack istack-commons-runtime * s/debian/2.17/ * * s/jboss/javassist/ javassist * s/.*/debian/ * * s/org.jboss.spec.javax.annotation/org.apache.geronimo.specs/ s/jboss-annotations-api_1.2_spec/geronimo-annotation_1.3_spec/ * s/.*/debian/ * * -s/org.jboss.spec.javax.servlet/org.apache.tomcat/ s/jboss-servlet-api_3.1_spec/tomcat-servlet-api/ * s/.*/9.x/ * * -s/org.jboss.spec.javax.el/org.apache.tomcat/ s/jboss-el-api_3.0_spec/tomcat-el-api/ * s/.*/9.x/ * * +s/org.jboss.spec.javax.servlet/javax.servlet/ s/jboss-servlet-api_3.1_spec/javax.servlet-api/ * s/.*/debian/ * * +s/org.jboss.spec.javax.el/javax.el/ s/jboss-el-api_3.0_spec/javax.el-api/ * s/.*/debian/ * * s/org.jboss.spec.javax.ws.rs/javax.ws.rs/ s/jboss-jaxrs-api_2.0_spec/javax.ws.rs-api/ * s/.*/debian/ * * s/javax.activation/jakarta.activation/ s/activation/jakarta.activation-api/ * s/.*/debian/ * *
Processed: unblock: resteasy3.0/3.0.26-6
Processing control commands: > affects -1 + src:resteasy3.0 Bug #1036059 [release.debian.org] unblock: resteasy3.0/3.0.26-6 Added indication that 1036059 affects src:resteasy3.0 -- 1036059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036059 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036058: unblock: qtbase-opensource-src/5.15.8+dfsg-8
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: qtbase-opensource-...@packages.debian.org
Control: affects -1 + src:qtbase-opensource-src
Please unblock package qtbase-opensource-src.
[ Reason ]
The new upload fixes bug #1035790 (missing Breaks+Replaces: libqtcore4).
[ Impact ]
Some Buster → Bullseye → Bookworm upgrades will fail with dpkg error about
overwriting files.
[ Tests ]
No tests, but the change is trivial and just partially reverts an older
change (where these Breaks/Replaces were removed).
[ Risks ]
Just adding Breaks/Replaces against an ancient package which is not even
present in stable. No risk.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock qtbase-opensource-src/5.15.8+dfsg-8
--
Dmitry Shachnev
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+qtbase-opensource-src (5.15.8+dfsg-8) unstable; urgency=medium
+
+ * Add back Breaks/Replaces for libqtcore4 (closes: #1035790).
+
+ -- Dmitry Shachnev Sat, 13 May 2023 14:12:14 +0300
+
qtbase-opensource-src (5.15.8+dfsg-7) unstable; urgency=medium
* Update a11y_root.diff. This time the code waits for Qt loop to process the
--- a/debian/control
+++ b/debian/control
@@ -89,6 +89,8 @@ Provides: qtbase-abi-5-15-8
Depends: shared-mime-info, ${misc:Depends}, ${shlibs:Depends}
Recommends: qttranslations5-l10n
Suggests: libthai0
+Breaks: libqtcore4 (<< 4:4.8.7+dfsg-20~)
+Replaces: libqtcore4 (<< 4:4.8.7+dfsg-20~)
Description: Qt 5 core module
Qt is a cross-platform C++ application framework. Qt's primary feature
is its rich set of widgets that provide standard GUI functionality.
signature.asc
Description: PGP signature
Processed: unblock: qtbase-opensource-src/5.15.8+dfsg-8
Processing control commands: > affects -1 + src:qtbase-opensource-src Bug #1036058 [release.debian.org] unblock: qtbase-opensource-src/5.15.8+dfsg-8 Added indication that 1036058 affects src:qtbase-opensource-src -- 1036058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Debian 8.3 Jessie KEYEXPIRED 11645052400
On Sat, May 13, 2023 at 12:56:45AM -0300, Alan Homobono wrote: > Trying to upgrade Debian 8.3 Jessie to Debian 10.13 Buster, I continue > getting "KEYEXPIRED" error message after run apt-get update, even > renewing expired keys: # wget https://archive.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2017.5+deb9u1_all.deb # dpkg -i debian-archive-keyring_2017.5+deb9u1_all.deb # apt-get update -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
NEW changes in stable-new
Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_source.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_all-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_amd64-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_arm64-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_armhf-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_i386-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: firefox-esr_102.11.0esr-1~deb11u1_s390x-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_source.changes ACCEPT Processing changes file: linux_5.10.179-1_all-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_amd64-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_arm64-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_armel-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_armhf-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_i386-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_mips64el-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_mipsel-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_ppc64el-buildd.changes ACCEPT Processing changes file: linux_5.10.179-1_s390x-buildd.changes ACCEPT Processing changes file: linux-signed-amd64_5.10.179+1_source.changes ACCEPT Processing changes file: linux-signed-amd64_5.10.179+1_amd64-buildd.changes ACCEPT Processing changes file: linux-signed-arm64_5.10.179+1_source.changes ACCEPT Processing changes file: linux-signed-arm64_5.10.179+1_arm64-buildd.changes ACCEPT Processing changes file: linux-signed-i386_5.10.179+1_source.changes ACCEPT Processing changes file: linux-signed-i386_5.10.179+1_i386-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_source.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_all-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_armel-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_i386-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: postgresql-13_13.11-0+deb11u1_s390x-buildd.changes ACCEPT
Bug#1036011: marked as done (unblock: slop/7.6-4)
Your message dated Sun, 14 May 2023 17:30:24 + with message-id and subject line unblock slop has caused the Debian Bug report #1036011, regarding unblock: slop/7.6-4 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1036011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036011 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: s...@packages.debian.org Control: affects -1 + src:slop Please unblock package slop This fixes RC bug #1034953 which could affect users upgrading from bullseye to bookworm. I did manual installation and update tests to ensure the bugs is fixed and everything works as expected. unblock slop/7.6-4 -- ceterum censeo microsoftem esse delendam. pgpuye0621d3I.pgp Description: OpenPGP digital signature --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1036005: marked as done (unblock: pcp/6.0.3-1.1)
Your message dated Sun, 14 May 2023 15:48:29 +
with message-id
and subject line unblock pcp
has caused the Debian Bug report #1036005,
regarding unblock: pcp/6.0.3-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1036005: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036005
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: p...@packages.debian.org, ametz...@bebt.de
Control: affects -1 + src:pcp
Hello,
Please unblock package pcp, this just adds missing Replaces: for
upgrades from stable to testing.
The NMU was originally uploaded to the delayed queue but I later got
the go ahead from the package maintainer(s) to move to 0-day.
unblock pcp/6.0.3-1.1
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru pcp-6.0.3/debian/changelog pcp-6.0.3/debian/changelog
--- pcp-6.0.3/debian/changelog 2023-02-23 00:52:31.0 +0100
+++ pcp-6.0.3/debian/changelog 2023-05-07 11:36:37.0 +0200
@@ -1,3 +1,18 @@
+pcp (6.0.3-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add missing replaces on pcp (<< 5.3.0):
++ pcp-export-pcp2elasticsearch Closes: #1034998
++ pcp-export-pcp2json Closes: #1034983
++ pcp-export-pcp2spark Closes: #1034932
++ pcp-export-pcp2xml Closes: #1034922
++ pcp-export-pcp2zabbix Closes: #1034973
++ pcp-doc Closes: #1034966
++ pcp-zeroconf Closes: #1034895
++ pcp-export-pcp2xlsx (unfiled)
+
+ -- Andreas Metzler Sun, 07 May 2023 11:36:37 +0200
+
pcp (6.0.3-1) unstable; urgency=low
* New release (full details in CHANGELOG).
diff -Nru pcp-6.0.3/debian/control pcp-6.0.3/debian/control
--- pcp-6.0.3/debian/control 2023-02-23 00:52:31.0 +0100
+++ pcp-6.0.3/debian/control 2023-05-07 07:37:15.0 +0200
@@ -385,6 +385,7 @@
Package: pcp-export-pcp2elasticsearch
Depends: python3-pcp, python3-requests, ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to Elasticsearch
Performance Co-Pilot (PCP) front-end tool for exporting data from PCP
@@ -409,6 +410,7 @@
Package: pcp-export-pcp2json
Depends: python3-pcp, ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to JSON
Performance Co-Pilot (PCP) front-end tool for exporting data from PCP
@@ -417,6 +419,7 @@
Package: pcp-export-pcp2spark
Depends: python3-pcp, python3-requests, ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to Apache Spark
Performance Co-Pilot (PCP) front-end tools for exporting metric values
@@ -425,6 +428,7 @@
Package: pcp-export-pcp2xml
Depends: python3-pcp, ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to XML
Performance Co-Pilot (PCP) front-end tool for exporting data from PCP
@@ -433,6 +437,7 @@
Package: pcp-export-pcp2zabbix
Depends: python3-pcp, ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to Zabbix
Performance Co-Pilot (PCP) front-end tool for exporting data from PCP
@@ -449,7 +454,7 @@
Section: doc
Depends: ${misc:Depends}
Breaks: pcp (<< 5.3.0), pcp-gui (<< 1.5.13)
-Replaces: pcp-gui (<< 1.5.13)
+Replaces: pcp (<< 5.3.0), pcp-gui (<< 1.5.13)
Suggests: pcp, pcp-gui
Architecture: all
Description: Documentation and tutorial for the Performance Co-Pilot
@@ -462,6 +467,7 @@
Package: pcp-zeroconf
Depends: ${misc:Depends}, ${shlibs:Depends}, pcp (= ${binary:Version})
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Performance Co-Pilot (PCP) Zeroconf Package
Contains configuration tweaks and files that increase metrics gathering
@@ -511,6 +517,7 @@
Package: pcp-export-pcp2xlsx
Depends: ${python:Depends}, ${misc:Depends}, ${shlibs:Depends}
Breaks: pcp (<< 5.3.0)
+Replaces: pcp (<< 5.3.0)
Architecture: any
Description: Tool for exporting data from PCP to Excel spreadsheets
Performance Co-Pilot (PCP) front-end tool for exporting data from PCP
Bug#1036002: marked as done (unblock: utf8-locale/1.0.0-2)
Your message dated Sun, 14 May 2023 15:47:13 +
with message-id
and subject line unblock utf8-locale
has caused the Debian Bug report #1036002,
regarding unblock: utf8-locale/1.0.0-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1036002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036002
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: utf8-loc...@packages.debian.org, r...@debian.org
Control: affects -1 + src:utf8-locale
Please unblock package utf8-locale
Version 1.0.0-2 fixes the #1035441 RC bug (serious, missing dependency
that breaks functionality). The package does have an autopkgtest suite,
and https://tracker.debian.org/pkg/utf8-locale seems to think that
everything is going to be just fine, but... I uploaded the package on
2023-05-04, which means that the 20-day wait before the testing
migration would place it *just* after the 2023-05-24 full freeze.
Any assistance would be appreciated :)
[ Reason ]
The C library's -dev package was missing a dependency on the C library
package itself, making the -dev package practically unusable.
[ Impact ]
Anyone who installs the -dev package and does not also explicitly
install the shared library package would not be able to link C programs
against the shared library.
[ Tests ]
The bug was caught by a piuparts run that flagged a dangling symlink.
I missed it because my autopkgtest suite installs all the packages
anyway, so there is no missing package :/
[ Risks ]
None at all, I believe.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock utf8-locale/1.0.0-2
diff -Nru utf8-locale-1.0.0/debian/changelog utf8-locale-1.0.0/debian/changelog
--- utf8-locale-1.0.0/debian/changelog 2022-10-23 00:55:41.0 +0300
+++ utf8-locale-1.0.0/debian/changelog 2023-05-04 21:30:41.0 +0300
@@ -1,3 +1,12 @@
+utf8-locale (1.0.0-2) unstable; urgency=medium
+
+ * Add the forgotten -dev package dependency on the library one.
+Closes: #1035441
+ * Add the year 2023 to my debian/* copyright notice
+ * Declare compliance with Policy 4.6.2 with no changes
+
+ -- Peter Pentchev Thu, 04 May 2023 21:30:41 +0300
+
utf8-locale (1.0.0-1) unstable; urgency=medium
* Declare compliance with Policy 4.6.1 with no changes.
diff -Nru utf8-locale-1.0.0/debian/control utf8-locale-1.0.0/debian/control
--- utf8-locale-1.0.0/debian/control2022-10-23 00:47:03.0 +0300
+++ utf8-locale-1.0.0/debian/control2023-05-04 21:26:59.0 +0300
@@ -9,7 +9,7 @@
pybuild-plugin-pyproject,
python3-all,
python3-setuptools,
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
Homepage: https://devel.ringlet.net/devel/utf8-locale/
Rules-Requires-Root: no
Vcs-Git: https://gitlab.com/ppentchev/utf8-locale.git -b debian/unstable
@@ -34,6 +34,7 @@
Section: libdevel
Architecture: any
Depends:
+ libutf8-locale0 (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
Description: Detect a UTF-8-capable locale for running programs in -
development files
diff -Nru utf8-locale-1.0.0/debian/copyright utf8-locale-1.0.0/debian/copyright
--- utf8-locale-1.0.0/debian/copyright 2022-10-23 00:39:50.0 +0300
+++ utf8-locale-1.0.0/debian/copyright 2023-05-04 21:26:31.0 +0300
@@ -9,7 +9,7 @@
License: BSD-2-clause
Files: debian/*
-Copyright: Copyright (c) 2022 Peter Pentchev
+Copyright: Copyright (c) 2022, 2023 Peter Pentchev
License: BSD-2-clause
License: BSD-2-clause
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---
Bug#1036000: marked as done (unblock: sniproxy/0.6.0-2.1)
Your message dated Sun, 14 May 2023 15:46:34 +
with message-id
and subject line unblock sniproxy
has caused the Debian Bug report #1036000,
regarding unblock: sniproxy/0.6.0-2.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1036000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036000
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: snipr...@packages.debian.org, snipr...@packages.debian.org,
r...@debian.org
Control: affects -1 + src:sniproxy
Please unblock package sniproxy
Version 0.6.0-2.1 fixes the #1033752 RC bug (grave, security)
about a buffer overflow that may lead to arbitrary code
execution. I am in the process of adopting the package
(see #1035759), and I'm in communication with Thorsten
Alteholz, who did the NMU to fix the bug.
[ Reason ]
Security issue, arbitrary code execution due to a buffer overflow.
See #1033752 for details.
[ Impact ]
Systems where sniproxy is used are currently vulnerable to
remote code execution.
[ Tests ]
The next upstream version of sniproxy, 0.6.1, that was
released with a single change - to fix this bug - and that
I will soon upload to experimental, contains a test case that
makes sure sniproxy does not die on such a malformed request:
https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583#diff-e1a0a6ea76cf301ec1fc8564ca08c0a20ae7fdc14f27355ab77a217e09efd833
(the bad_dns_request_test change)
The patch includes this change, although the tests are not
run during the Debian package build or afterwards; however,
a manual `make check` in the package build directory will
show the test passing.
I intend to try to run those tests both during the build and
as autopkgtests.
[ Risks ]
The fix is straightforward (for someone familiar with network
programming in C) and targeted. IMHO the risks are minimal,
if any at all.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock sniproxy/0.6.0-2.1
diff -Nru sniproxy-0.6.0/debian/changelog sniproxy-0.6.0/debian/changelog
--- sniproxy-0.6.0/debian/changelog 2020-07-23 23:27:57.0 +0300
+++ sniproxy-0.6.0/debian/changelog 2023-04-29 20:03:02.0 +0300
@@ -1,3 +1,11 @@
+sniproxy (0.6.0-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload by the LTS Team.
+ * CVE-2023-25076 (Closes: #1033752)
+fix buffer overflow while handling wildcard backend hosts
+
+ -- Thorsten Alteholz Sat, 29 Apr 2023 19:03:02 +0200
+
sniproxy (0.6.0-2) unstable; urgency=medium
* Fix "ftbfs with GCC-10" by applying patch
diff -Nru sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch
sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch
--- sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch 1970-01-01
02:00:00.0 +0200
+++ sniproxy-0.6.0/debian/patches/CVE-2023-25076.patch 2023-04-29
20:03:02.0 +0300
@@ -0,0 +1,71 @@
+commit f8d9a433fe22ab2fa15c00179048ab02ae23d583
+Author: Dustin Lundquist
+Date: Thu Mar 16 20:42:20 2023 -0700
+
+address: fix buffer overflow
+
+Update tests to work on Debian 11.
+
+Index: sniproxy-0.6.0/src/address.c
+===
+--- sniproxy-0.6.0.orig/src/address.c 2023-04-29 19:26:00.397699547 +0200
sniproxy-0.6.0/src/address.c 2023-04-29 19:26:00.397699547 +0200
+@@ -143,6 +143,8 @@
+ if (hostname_or_ip[0] == '[' &&
+ (port = strchr(hostname_or_ip, ']')) != NULL) {
+ len = (size_t)(port - hostname_or_ip - 1);
++if (len >= INET6_ADDRSTRLEN)
++return NULL;
+
+ /* inet_pton() will not parse the IP correctly unless it is in a
+ * separate string.
+Index: sniproxy-0.6.0/tests/Makefile.am
+===
+--- sniproxy-0.6.0.orig/tests/Makefile.am 2023-04-29 19:26:00.397699547
+0200
sniproxy-0.6.0/tests/Makefile.am 2023-04-29 19:26:25.017710380 +0200
+@@ -1,5 +1,7 @@
+ AM_CPPFLAGS = -I$(top_srcdir)/src -g $(LIBEV_CFLAGS) $(LIBPCRE_CFLAGS)
$(LIBUDNS_CFLAGS)
+
++.NOTPARALLEL:
++
+ TESTS = address_test \
+ buffer_test \
+ cfg_tokenizer_test \
+Index: sniproxy-0.6.0/tests/bad_dns_request_test
+===
+--- sniproxy-0.6.0.orig/tests/bad_dns_request_test 2023-04-29
19:26:00.397699547 +0200
Bug#1035927: marked as done (unblock: samba/2:4.17.8+dfsg-1)
Your message dated Sun, 14 May 2023 15:45:47 + with message-id and subject line unblock samba has caused the Debian Bug report #1035927, regarding unblock: samba/2:4.17.8+dfsg-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035927: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035927 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: sa...@packages.debian.org, pkg-samba-ma...@lists.alioth.debian.org Control: affects -1 + src:samba Please unblock package samba [ Reason ] This is a next upstream samba stable/bugfix release (4.17.8) fixing a long number of various bugs all over the place, including a security fix (additional changes addressing CVE-2020-25720). It is definitely a good thing to have it all in bookworm. [ Tests ] First of all, samba upstream has an excellent testsuite ensuring there's no regressions. Plus they pick changes for stable release series very carefully. This release is not an exception. My basic local tests of basic samba file server and AD/DC functionality does not reveal any issues either. [ Risks ] The risk of this update is quite low, due to the way how the upstream stable release is being done. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] The debdiff is rather large due to big number of changes. The complete changeset is available in git on salsa.d.o, https://salsa.debian.org/samba-team/samba/-/commits/upstream/4.17.8+dfsg/ When preparing debdiff, I filtered all manpages (*.[15678] - this goes for docs/manpages/ and ctdb/doc/, - unfortunately upstream includes generated manpages in the source tarball, and those are regenerated on every release with current timestamps. I'll strip it all out from the orig source tarball in trixie. The diffstat is still large. d/changelog is at the top. unblock samba/2:4.17.8+dfsg-1 diff -Nru --exclude '*.[1578]' samba-4.17.7+dfsg/debian/changelog samba-4.17.8+dfsg/debian/changelog --- samba-4.17.7+dfsg/debian/changelog 2023-03-29 17:59:17.0 +0300 +++ samba-4.17.8+dfsg/debian/changelog 2023-05-11 10:52:40.0 +0300 @@ -1,3 +1,56 @@ +samba (2:4.17.8+dfsg-1) unstable; urgency=medium + + * upstream stable/security/bugfix release, fixing the following issues: + * https://bugzilla.samba.org/show_bug.cgi?id=14810 + CVE-2020-25720 Create Child permission should not allow + full write to all attributes (additional changes) + * https://bugzilla.samba.org/show_bug.cgi?id=15143 + New filename parser doesn't check veto files smb.conf parameter + * https://bugzilla.samba.org/show_bug.cgi?id=15302 + log flood: smbd_calculate_access_mask_fsp: Access denied: message + level should be lower (this was included in Debian package already) + * https://bugzilla.samba.org/show_bug.cgi?id=15306 + Floating point exception (FPE) via cli_pull_send + at source3/libsmb/clireadwrite.c + * https://bugzilla.samba.org/show_bug.cgi?id=15313 + Large directory optimization broken for non-lcomp path elements + * https://bugzilla.samba.org/show_bug.cgi?id=15317 + winbindd idmap child contacts the domain controller without a need + * https://bugzilla.samba.org/show_bug.cgi?id=15318 + idmap_autorid may fail to map sids of trusted domains for the + * https://bugzilla.samba.org/show_bug.cgi?id=15319 + idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings + * https://bugzilla.samba.org/show_bug.cgi?id=15323 + net ads search -P doesn't work against servers in other domains + * https://bugzilla.samba.org/show_bug.cgi?id=15325 + dsgetdcname: assumes local system uses IPv4 + * https://bugzilla.samba.org/show_bug.cgi?id=15328 + test_tstream_more_tcp_user_timeout_spin fails intermittently + on Rackspace GitLab runners + * https://bugzilla.samba.org/show_bug.cgi?id=15329 + Reduce flapping of ridalloc test + * https://bugzilla.samba.org/show_bug.cgi?id=15329 + Reduce flapping of ridalloc test + * https://bugzilla.samba.org/show_bug.cgi?id=15338 + DS ACEs might be inherited to unrelated object classes + * https://bugzilla.samba.org/show_bug.cgi?id=15351 + large_ldap test is unreliable + * https://bugzilla.samba.org/show_bug.cgi?id=15353 + Temporary smbXsrv_tcon_global.tdb can't be parsed + * https://bugzilla.samba.org/show_bug.cgi?id=15354 + mdssvc may crash when
Bug#1035998: marked as done (unblock: cinnamon-settings-daemon/5.6.2-2)
Your message dated Sun, 14 May 2023 15:45:01 +
with message-id
and subject line unblock cinnamon-settings-daemon
has caused the Debian Bug report #1035998,
regarding unblock: cinnamon-settings-daemon/5.6.2-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035998
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: cinnamon-settings-dae...@packages.debian.org,
fantonifa...@tiscali.it
Control: affects -1 + src:cinnamon-settings-daemon
Please unblock package cinnamon-settings-daemon
5.6.2-2 Remove broken symlinks to csd-locate-pointer and
csd-list-wacom that was removed in a previous upstream version
but I missed to remove also symlinks in packaging.
I think is good to have in bookworm.
[ Risks ]
I consider the risk of regression very small
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
unblock cinnamon-settings-daemon/5.6.2-2diff --git a/debian/changelog b/debian/changelog
index f843ec7..1e1e385 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+cinnamon-settings-daemon (5.6.2-2) unstable; urgency=medium
+
+ * Remove broken symlinks to csd-locate-pointer and csd-list-wacom
+Thanks to Andreas Beckmann (Closes: #1035860)
+
+ -- Fabio Fantoni Wed, 10 May 2023 22:15:56 +0200
+
cinnamon-settings-daemon (5.6.2-1) unstable; urgency=medium
* New upstream bugfix version 5.6.2
diff --git a/debian/cinnamon-settings-daemon.links
b/debian/cinnamon-settings-daemon.links
index a4091cb..bb49c47 100644
--- a/debian/cinnamon-settings-daemon.links
+++ b/debian/cinnamon-settings-daemon.links
@@ -8,7 +8,6 @@
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-datetime-mechanism us
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-housekeeping
usr/bin/csd-housekeeping
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-input-helper
usr/bin/csd-input-helper
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-keyboard
usr/bin/csd-keyboard
-usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-locate-pointer
usr/bin/csd-locate-pointer
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-media-keys
usr/bin/csd-media-keys
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-power
usr/bin/csd-power
usr/lib/${DEB_HOST_MULTIARCH}/cinnamon-settings-daemon/csd-printer
usr/bin/csd-printer
diff --git a/debian/rules b/debian/rules
index 2d8df78..4db072e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -20,8 +20,7 @@ override_dh_link:
dh_link
ifeq ($(DEB_HOST_ARCH_OS),linux)
ifneq (${DEB_HOST_ARCH},s390x)
- dh_link -p cinnamon-settings-daemon
usr/lib/$(DEB_HOST_MULTIARCH)/cinnamon-settings-daemon/csd-list-wacom
usr/bin/csd-list-wacom \
- usr/lib/$(DEB_HOST_MULTIARCH)/cinnamon-settings-daemon/csd-wacom
usr/bin/csd-wacom
+ dh_link -p cinnamon-settings-daemon
usr/lib/$(DEB_HOST_MULTIARCH)/cinnamon-settings-daemon/csd-wacom
usr/bin/csd-wacom
endif
endif
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---
Bug#1035966: marked as done (unblock: google-android-installers/1675172738)
Your message dated Sun, 14 May 2023 15:45:21 +
with message-id
and subject line unblock google-android-installers
has caused the Debian Bug report #1035966,
regarding unblock: google-android-installers/1675172738
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035966
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package google-android-installers
At the time of writing this, I'm waiting for my sponsor to upload the latest
version to unstable. It is also tagged in the VCS if you want to upload it
yourself. See:
https://salsa.debian.org/google-android-tools-team/google-android-installers
https://salsa.debian.org/google-android-tools-team/google-android-installers/-/tags/debian%2F1675172738
[ Reason ]
(Explain what the reason for the unblock request is.)
A RC bug was filed towards the package: #1035713
[ Impact ]
(What is the impact for the user if the unblock isn't granted?)
[ Tests ]
(What automated or manual tests cover the affected code?)
- I tested that the binary package doesn't have any broken symbolic links, and
that the symbolic links target the correct file.
- I tested that the change didn't break installation with the other binary
packages.
[ Risks ]
(Discussion of the risks involved. E.g. code is trivial or
complex, key package vs leaf package, alternatives available.)
No particular risk AFAIK.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
(Anything else the release team should know.)
At the time of writing this, I'm waiting for my sponsor to upload the latest
version to unstable. It is also tagged in the VCS if you want to upload it
yourself.
unblock google-android-installers/1675172738
diff -Nru google-android-installers-1675172737/debian/changelog google-android-installers-1675172738/debian/changelog
--- google-android-installers-1675172737/debian/changelog 2023-04-09 22:31:58.0 +0200
+++ google-android-installers-1675172738/debian/changelog 2023-05-09 17:35:00.0 +0200
@@ -1,3 +1,9 @@
+google-android-installers (1675172738) unstable; urgency=medium
+
+ * Makefile: fix broken symbolic links (Closes: #1035713)
+
+ -- Fab Stz Tue, 09 May 2023 17:35:00 +0200
+
google-android-installers (1675172737) unstable; urgency=medium
* cmdline-tools: set Architecture to 'amd64 i386'
diff -Nru google-android-installers-1675172737/for-postinst/default/Makefile google-android-installers-1675172738/for-postinst/default/Makefile
--- google-android-installers-1675172737/for-postinst/default/Makefile 2023-04-09 22:31:58.0 +0200
+++ google-android-installers-1675172738/for-postinst/default/Makefile 2023-05-09 17:35:00.0 +0200
@@ -49,6 +49,34 @@
cd $(DL_DIR) && unzip -ouq $(DL_DIR)/$(PKG_SOURCE); \
fi
+# Search for broken symbolic links & fix them
+ @if [ $$(unzip -Z -1 $(DL_DIR)/$(PKG_SOURCE) | cut -d '/' -f1 | sort -u | wc -l) -gt 1 ]; then \
+ ZIP_ROOT_DIR=$(TRG_DIR) ;\
+ else \
+ ZIP_ROOT_DIR=$$(unzip -Z -1 $(DL_DIR)/$(PKG_SOURCE) | head -1 | cut -d '/' -f 1) ;\
+ fi && \
+ BROKEN_SYMLINKS=$$(cd $(DL_DIR)/$$ZIP_ROOT_DIR && find -xtype l -exec ls {} \;) && \
+ if [ -n "$$BROKEN_SYMLINKS" ]; then \
+ echo "\n Fixing broken symbolic links."; \
+ fi && \
+ for file in $$BROKEN_SYMLINKS; do \
+ cd $(DL_DIR)/$$ZIP_ROOT_DIR && \
+ LINK_TARGET=$$(readlink "$$file") && \
+ REL_PATH_TO_TARGET=$$(echo "$$LINK_TARGET" | sed "s|.*$$ZIP_ROOT_DIR/\(.*\)|\1|") && \
+ echo "Replacing symbolic link: $$file" && \
+ echo " Original target: $$LINK_TARGET" && \
+ echo " New target: $$REL_PATH_TO_TARGET" && \
+ ln -fsr "$$REL_PATH_TO_TARGET" "$$file"; \
+ done; \
+ BROKEN_SYMLINKS_AFTER=$$(cd $(DL_DIR)/$$ZIP_ROOT_DIR && find -xtype l -exec ls {} \;) && \
+ if [ -n "$$BROKEN_SYMLINKS_AFTER" ]; then \
+ echo "\n Some files have broken symbolic links. Please report a bug to the package maintainer\n"; \
+ for item in $$BROKEN_SYMLINKS_AFTER; do \
+ echo "$$item"; \
+ done && \
+ exit 1 ;\
+ fi
+
$(DL_DIR)/$(PKG_SOURCE):
cd $(DL_DIR) && \
su nobody -s /bin/sh -c "wget --continue $(PKG_SOURCE_URL) -O $(PKG_SOURCE).tmp && mv $(PKG_SOURCE).tmp $(PKG_SOURCE)"
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---
Bug#1035996: marked as done (unblock: apache-log4j-extras1.2/1.2.17-3)
Your message dated Sun, 14 May 2023 15:44:41 +
with message-id
and subject line unblock apache-log4j-extras1.2
has caused the Debian Bug report #1035996,
regarding unblock: apache-log4j-extras1.2/1.2.17-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035996
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: apache-log4j-extras...@packages.debian.org
Control: affects -1 + src:apache-log4j-extras1.2
Please unblock package apache-log4j-extras1.2
This package currently fails to build due to a javadoc (#1035992). This
update removes the unused -java-doc package which is causing this issue.
Thank you,
Emmanuel Bourg
unblock apache-log4j-extras1.2/1.2.17-3
diff --git a/debian/changelog b/debian/changelog
index 0c2656b..8cc7f9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache-log4j-extras1.2 (1.2.17-3) unstable; urgency=medium
+
+ * Removed the -java-doc package (Closes: #1035992)
+ * Use salsa.debian.org Vcs-* URLs
+
+ -- Emmanuel Bourg Fri, 12 May 2023 12:34:54 +0200
+
apache-log4j-extras1.2 (1.2.17-2) unstable; urgency=medium
* Team upload.
diff --git a/debian/control b/debian/control
index 6bbaa8a..8eefd91 100644
--- a/debian/control
+++ b/debian/control
@@ -6,34 +6,22 @@ Uploaders: Hilko Bengen
Build-Depends:
debhelper (>= 10),
default-jdk,
- default-jdk-doc,
libapache-pom-java (>= 10),
libgeronimo-jms-1.1-spec-java,
libhsqldb-java,
liblog4j1.2-java (>= 1.2.17-6~),
- liblog4j1.2-java-doc,
libmaven-bundle-plugin-java,
- libmaven-javadoc-plugin-java,
maven-debian-helper (>= 2.2)
Standards-Version: 4.1.0
-Vcs-Git: https://anonscm.debian.org/git/pkg-java/apache-log4j-extras1.2.git
-Vcs-Browser:
https://anonscm.debian.org/cgit/pkg-java/apache-log4j-extras1.2.git
+Vcs-Git: https://salsa.debian.org/java-team/apache-log4j-extras1.2.git
+Vcs-Browser: https://salsa.debian.org/java-team/apache-log4j-extras1.2
Homepage: http://logging.apache.org/log4j/extras
Package: liblog4j-extras1.2-java
Architecture: all
Depends: ${misc:Depends}, ${maven:Depends}
-Suggests: ${maven:OptionalDepends}, liblog4j-extras1.2-java-doc
+Suggests: ${maven:OptionalDepends}
Description: Extras for Apache log4j
This package provides additional appenders, filters and other capabilities
for version 1.2 of Apache log4j. Several of these were backported from
the abandoned log4j 1.3 development effort.
-
-Package: liblog4j-extras1.2-java-doc
-Architecture: all
-Section: doc
-Depends: ${misc:Depends}
-Recommends: ${maven:DocDepends}, ${maven:DocOptionalDepends}
-Suggests: liblog4j-extras1.2-java
-Description: Documentation for Extras for Apache log4j.
- This package contains the API documentation of liblog4j-extras1.2-java.
--- End Message ---
--- Begin Message ---
Unblocked.--- End Message ---
Bug#1035993: marked as done (unblock: biojava-live/1:1.9.5+dfsg-3)
Your message dated Sun, 14 May 2023 15:43:18 + with message-id and subject line unblock biojava-live has caused the Debian Bug report #1035993, regarding unblock: biojava-live/1:1.9.5+dfsg-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035993 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: biojava-l...@packages.debian.org Control: affects -1 + src:biojava-live Please unblock package biojava-live It holds an unused dependency on libcommons-dbcp-java-doc which blocks the transition of libcommons-dbcp-java/1.4-8 to testing. This is required to complete the migration to Tomcat 10. Thank you, Emmanuel Bourg unblock biojava-live/1:1.9.5+dfsg-3 diff --git a/debian/changelog b/debian/changelog index 0c4726b..8878215 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +biojava-live (1:1.9.5+dfsg-3) unstable; urgency=medium + + * Team upload. + * Removed the dependency on libcommons-dbcp-java-doc + + -- Emmanuel Bourg Fri, 12 May 2023 11:09:08 +0200 + biojava-live (1:1.9.5+dfsg-2) unstable; urgency=medium * Upload to unstable to start transition from libbiojava1.7-java to diff --git a/debian/control b/debian/control index 7ff66a2..ee197a4 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,6 @@ Build-Depends: debhelper-compat (= 13), Build-Depends-Indep: default-jdk, junit4 , libcommons-dbcp-java, - libcommons-dbcp-java-doc, libjaxb-api-java, libjgrapht0.8-java, libjgrapht0.8-java-doc, --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
Bug#1035989: marked as done (unblock: uima-as/2.3.1-11)
Your message dated Sun, 14 May 2023 15:42:45 +
with message-id
and subject line unblock uima-as
has caused the Debian Bug report #1035989,
regarding unblock: uima-as/2.3.1-11
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035989: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035989
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: uima...@packages.debian.org
Control: affects -1 + src:uima-as
Please unblock package uima-as
This package depends on libcommons-dbcp-java-doc which has been removed
in unstable. It blocks the migration of libcommons-dbcp-java/1.4-8 to
testing which is required to complete the transition to Tomcat 10.
This issue is addressed by removing the libuima-as-java-doc package
and its dependencies, including libcommons-dbcp-java-doc. The package
is unused and has a very low popcon.
Thank you,
Emmanuel Bourg
unblock uima-as/2.3.1-11
diff --git a/debian/changelog b/debian/changelog
index fc72c25..6a098db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+uima-as (2.3.1-11) unstable; urgency=medium
+
+ * Team upload.
+ * Removed the -java-doc package
+
+ -- Emmanuel Bourg Fri, 12 May 2023 11:00:53 +0200
+
uima-as (2.3.1-10) unstable; urgency=medium
* Team upload.
diff --git a/debian/control b/debian/control
index f2eebe1..130b247 100644
--- a/debian/control
+++ b/debian/control
@@ -14,14 +14,10 @@ Build-Depends:
libbuild-helper-maven-plugin-java,
libcommons-httpclient-java,
libcommons-codec-java,
- libcommons-codec-java-doc,
libcommons-dbcp-java,
- libcommons-dbcp-java-doc,
libcommons-logging-java,
- libcommons-logging-java-doc,
libcommons-net-java,
libcommons-pool-java,
- libcommons-pool-java-doc,
libgeronimo-j2ee-connector-1.5-spec-java,
libgeronimo-j2ee-management-1.1-spec-java,
libgeronimo-jms-1.1-spec-java,
@@ -30,7 +26,6 @@ Build-Depends:
libmaven-bundle-plugin-java,
libmaven-dependency-plugin-java,
libmaven-install-plugin-java,
- libmaven-javadoc-plugin-java,
libservlet-api-java,
libspring-beans-java,
libspring-context-java,
@@ -76,31 +71,3 @@ Description: Apache UIMA Asynch Scaleout framework
.
UIMA Asynch Scaleout (or UIMA AS) is an extension to the Apache UIMA
framework and SDK, using JMS messaging to support scaleout.
-
-Package: libuima-as-java-doc
-Architecture: all
-Section: doc
-Depends:
- ${maven:DocDepends},
- ${misc:Depends}
-Recommends:
- ${maven:DocOptionalDepends}
-Suggests:
- libuima-as-java
-Description: Documentation for Apache UIMA Asynch Scaleout framework
- Apache UIMA is an implementation of the OASIS-UIMA specifications.
- .
- OASIS UIMA Committee:
Bug#1035987: marked as done (unblock: ros-ros-comm/1.15.15+ds-2)
Your message dated Sun, 14 May 2023 15:42:07 + with message-id and subject line unblock ros-ros-comm has caused the Debian Bug report #1035987, regarding unblock: ros-ros-comm/1.15.15+ds-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035987: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035987 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ros-ros-c...@packages.debian.org Control: affects -1 + src:ros-ros-comm Please unblock package ros-ros-comm [ Reason ] python3-rospy extends the Python logging system with it's own API, overwriting the findCaller() function to get the filename and line number where the logging function was called. This broke with Python 3.11, resulting in a dead lock and I fixed it by importing the Python 3.11 function back then. While this worked in a simple case, it showed the wrong source code location when logging was called inside a submodule. The new version in 1.15.15+ds-2 uses the code from ros-ros-comm again, only fixing the deadlock. This is done with two changes: 1. The while hasattr(f, "f_code") looping over the stack, gains a break once there is no more f.f_back to fix the deadlock. 2. The test to find "the right frame" does no longer work with 3.11 as the stack is different. Instead it is identified by the name "_base_logger", as it is used by the code later anyhow. [ Impact ] Wrong filenames and line numbers in logs. [ Tests ] Unit test that the function does not fail, manual tests that it returns the correct value in different cases. [ Risks ] Minimal risk, the original code is part of the project for a long time and the changes are minimal and make sure that it always terminates. The only problem could be that it still prints the wrong value which would be unfortunate but not a big problem as it is used for debugging only. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] This was reported outside of Debian, thus no bug number. unblock ros-ros-comm/1.15.15+ds-2 diff --git a/debian/changelog b/debian/changelog index acd2cae..5193a76 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ros-ros-comm (1.15.15+ds-2) unstable; urgency=medium + + * Properly fix rospy logging in Python 3.11 + + -- Jochen Sprickerhof Wed, 10 May 2023 12:27:48 +0200 + ros-ros-comm (1.15.15+ds-1) unstable; urgency=medium * New upstream version 1.15.15+ds diff --git a/debian/patches/0015-rosgraph-update-code-from-Python-3.11.patch b/debian/patches/0015-rosgraph-update-code-from-Python-3.11.patch index dc20fa5..975aca1 100644 --- a/debian/patches/0015-rosgraph-update-code-from-Python-3.11.patch +++ b/debian/patches/0015-rosgraph-update-code-from-Python-3.11.patch @@ -3,102 +3,27 @@ Date: Sun, 13 Nov 2022 16:39:59 +0100 Subject: rosgraph: update code from Python 3.11 --- - tools/rosgraph/src/rosgraph/roslogging.py | 72 --- - 1 file changed, 47 insertions(+), 25 deletions(-) + tools/rosgraph/src/rosgraph/roslogging.py | 7 +++ + 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/rosgraph/src/rosgraph/roslogging.py b/tools/rosgraph/src/rosgraph/roslogging.py -index 9ecc121..0a94b2b 100644 +index 9ecc121..2df2f22 100644 --- a/tools/rosgraph/src/rosgraph/roslogging.py +++ b/tools/rosgraph/src/rosgraph/roslogging.py -@@ -50,32 +50,58 @@ from rospkg.environment import ROS_LOG_DIR - class LoggingException(Exception): pass - - class RospyLogger(logging.getLoggerClass()): --def findCaller(self, *args, **kwargs): -+# copied from python3.11/logging/__init__.py -+# _srcfile is only used in conjunction with sys._getframe(). -+# Setting _srcfile to None will prevent findCaller() from being called. This -+# way, you can avoid the overhead of fetching caller information. -+ -+# The following is based on warnings._is_internal_frame. It makes sure that -+# frames of the import mechanism are skipped when logging at module level and -+# using a stacklevel value greater than one. -+@staticmethod -+def _is_internal_frame(frame): -+"""Signal whether the frame is a CPython or logging module internal.""" -+filename = os.path.normcase(frame.f_code.co_filename) -+return filename == logging._srcfile or ( -+"importlib" in filename and "_bootstrap" in filename -+
Bug#1035980: marked as done (unblock: tiles/3.0.7-5)
Your message dated Sun, 14 May 2023 15:41:24 + with message-id and subject line unblock tiles has caused the Debian Bug report #1035980, regarding unblock: tiles/3.0.7-5 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1035980: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035980 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ti...@packages.debian.org Control: affects -1 + src:tiles Please unblock package tiles This update fixes the build failure with OpenJDK 17 (#1011597) and replaces the dependency on libtomcat9-java with libtomcat10-java. Thank you, Emmanuel Bourg unblock tiles/3.0.7-5 diff -Nru tiles-3.0.7/debian/changelog tiles-3.0.7/debian/changelog --- tiles-3.0.7/debian/changelog2018-12-03 17:47:30.0 +0100 +++ tiles-3.0.7/debian/changelog2023-05-12 08:42:15.0 +0200 @@ -1,3 +1,11 @@ +tiles (3.0.7-5) unstable; urgency=medium + + * Team upload. + * Fixed the build failure with Java 17 (Closes: #1011597) + * Depend on libtomcat10-java instead of libtomcat9-java + + -- Emmanuel Bourg Fri, 12 May 2023 08:42:15 +0200 + tiles (3.0.7-4) unstable; urgency=medium * Team upload. diff -Nru tiles-3.0.7/debian/control tiles-3.0.7/debian/control --- tiles-3.0.7/debian/control 2018-12-03 17:41:46.0 +0100 +++ tiles-3.0.7/debian/control 2023-05-12 02:02:57.0 +0200 @@ -19,9 +19,9 @@ libspring-web-java, libtiles-autotag-java, libtiles-request-java, - libtomcat9-java, + libtomcat10-java, libvelocity-tools-java, - maven-debian-helper + maven-debian-helper (>= 2.6.3~) Standards-Version: 4.2.1 Vcs-Git: https://salsa.debian.org/java-team/tiles.git Vcs-Browser: https://salsa.debian.org/java-team/tiles diff -Nru tiles-3.0.7/debian/maven.rules tiles-3.0.7/debian/maven.rules --- tiles-3.0.7/debian/maven.rules 2018-12-03 17:41:34.0 +0100 +++ tiles-3.0.7/debian/maven.rules 2023-05-12 02:02:57.0 +0200 @@ -3,4 +3,4 @@ javax.servlet s/servlet-api/javax.servlet-api/ jar s/.*/3.1/ javax.servlet.jsp s/jsp-api/javax.servlet.jsp-api/ jar s/.*/2.3/ javax.el s/el-api/javax.el-api/ jar s/.*/3.0/ -org.apache.tomcat s/jasper-el/tomcat-jasper-el/ * s/.*/9.x/ +org.apache.tomcat s/jasper-el/tomcat-jasper-el/ * s/.*/10.x/ diff -Nru tiles-3.0.7/debian/rules tiles-3.0.7/debian/rules --- tiles-3.0.7/debian/rules2018-09-19 10:55:29.0 +0200 +++ tiles-3.0.7/debian/rules2023-05-12 01:11:17.0 +0200 @@ -9,9 +9,11 @@ echo '4.0.0org.apache.tilestiles-test-pom2.2.2pom' > src/tiles-test-pom/pom.xml override_dh_auto_build: + MAVEN_OPTS="--add-opens java.base/java.util=ALL-UNNAMED" \ dh_auto_build -- --file src/pom.xml package javadoc:aggregate override_dh_auto_test: + MAVEN_OPTS="--add-opens java.base/java.util=ALL-UNNAMED" \ dh_auto_test -- --file src/pom.xml test override_dh_auto_install: --- End Message --- --- Begin Message --- Unblocked.--- End Message ---
CVE-2023-1289: hard to fix break ABI
Hi, I want to have some guidance about CVE-2023-1289 Fixing it will need to add a field recursion in an exported structure... It will therefore break ABI We could also disable internal svg coder and fallback on inkscape You marked the bug no DSA, so maybe we could postpone Bastien signature.asc Description: This is a digitally signed message part.
Bug#1035966: unblock: google-android-installers/1675172738
Control: tags 1035966 - moreinfo Le vendredi 12 mai 2023, 10:07:46 CEST Sebastian Ramacher a écrit : > Control: tags -1 moreinfo confirmed > > On 2023-05-11 21:48:18 +0200, Fab Stz wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > > > Please unblock package google-android-installers > > > > At the time of writing this, I'm waiting for my sponsor to upload the > > latest version to unstable. > > Please remove the moreinfo tag once the package is available in > unstable. > > Cheers
Processed: Re: Bug#1035966: unblock: google-android-installers/1675172738
Processing control commands: > tags 1035966 - moreinfo Bug #1035966 [release.debian.org] unblock: google-android-installers/1675172738 Removed tag(s) moreinfo. -- 1035966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: unblock: nlopt/2.7.1-5
Processing control commands: > affects -1 + src:nlopt Bug #1036047 [release.debian.org] unblock: nlopt/2.7.1-5 Added indication that 1036047 affects src:nlopt -- 1036047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036047 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036047: unblock: nlopt/2.7.1-5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: nl...@packages.debian.org Control: affects -1 + src:nlopt Please unblock package nlopt [ Reason ] This upload was done due to address a piuparts error while upgrading nlopt from bullseye -> bookworm, see #1035629. [ Impact ] Loss of files in usr/share/doc/libnlopt0 maybe observed, and over-writing files too, which is not desired. [ Tests ] Manual tests done locally by upgrading from version in bullseye to bookworm, and then removing packages individually, and inspected the contents of the doc directories -- did not see any surprises. [ Risks ] As the upload touches only the doc section only, the package is un-affected in terms of it's core (library) functionality. No big risks. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock nlopt/2.7.1-5 diff -Nru nlopt-2.7.1/debian/changelog nlopt-2.7.1/debian/changelog --- nlopt-2.7.1/debian/changelog2022-04-14 15:10:53.0 + +++ nlopt-2.7.1/debian/changelog2023-05-14 09:35:20.0 + @@ -1,3 +1,13 @@ +nlopt (2.7.1-5) unstable; urgency=medium + + * Team Upload. + * Add maintscript to convert libnlopt-dev doc +symlink to directory (Closes: #1035629) + * Add a preinst to remove examples directory in libnlopt0 +which should be present in -dev only + + -- Nilesh Patra Sun, 14 May 2023 09:35:20 + + nlopt (2.7.1-4) unstable; urgency=medium * Team upload diff -Nru nlopt-2.7.1/debian/libnlopt0.preinst nlopt-2.7.1/debian/libnlopt0.preinst --- nlopt-2.7.1/debian/libnlopt0.preinst1970-01-01 00:00:00.0 + +++ nlopt-2.7.1/debian/libnlopt0.preinst2023-05-14 09:35:20.0 + @@ -0,0 +1,6 @@ +#!/bin/sh -e +# directory moved to -dev package, the symlink from past upgrade should be removed +if [ -d /usr/share/doc/libnlopt0/examples ]; then + rm -rf /usr/share/doc/libnlopt0/examples +fi +#DEBHELPER# diff -Nru nlopt-2.7.1/debian/libnlopt-dev.maintscript nlopt-2.7.1/debian/libnlopt-dev.maintscript --- nlopt-2.7.1/debian/libnlopt-dev.maintscript 1970-01-01 00:00:00.0 + +++ nlopt-2.7.1/debian/libnlopt-dev.maintscript 2023-05-14 09:35:20.0 + @@ -0,0 +1 @@ +symlink_to_dir /usr/share/doc/libnlopt-dev libnlopt0 2.7.1-5~
Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system
Michael Biebl: Hello Niels, hello Sebastian Hi Michael, Am 24.03.23 um 16:28 schrieb Niels Thykier: Sebastian Ramacher: [...] Any progress here? If this issue should be fixed for bookworm, time is running short. Cheers I find that anytime I look at this bug my motivation to work on Debian instantly vanishes. In fact, I cannot even motivate myself to read the bug log to figure out what the consensus is. Accordingly, I will play the constitution 2.1.1 and step out of the way. My attempt to raise this issue with debhelper and the release-team was to gather a consensus with how to deal with the affected packages. A change to debhelper seemed liked the most straightforward approach to me. I agree with all of this and I think you were both entitled and correct in raising the issue. I am still open to this being a bug in debhelper. It was not meant as an attempt to force Niels into something he feels uncomfortable with, which he obviously does. I apologize to Niels for that and hereby close this bug report. Michael Your reaction here does not match what I had expected from my email and I suspect my intentions were not perceived by you as I intended them. To start with the most important points: You have done *nothing* to me that requires an apology from you. You have *not* forced me to do something I am uncomfortable with. As far as I am concerned, there was and is *no* conflict between you and I. We are good if you ask me. I am mostly sad that I made you think otherwise, but that is on me. Coming back to what I wanted to communicate: Starting with the context, the timing of my email came after two mails asking for an update on this bug that had not been answered by anyone. I.e., my email was a response to the requests for a update on the bug - both requests were in my view reasonable. As the named maintainer/uploader of debhelper, there is always an implicit assumption that I will be proactive in dealing with bugs, when there is no clear owner of the bug. Especially bugs that affect the upcoming release during the freeze. Given that I did not see a response and I could not easily identify a clear owner of the bug, I felt these emails hanged on me via the implicit assumption. I wanted to make it very clear that I would *not* be able to live up to that assumption. If someone wanted this change, they would have to do it without involving me at any point. I was hoping that someone would take end to end ownership and deliver it without involving me. As opposed to a PR/patch that I would have to review - or leaving me to discuss with the RT what kind of change was acceptable this stage - or leaving me to reopen the discussion with the tech-ctte whether allowing services in /usr is acceptable as it would open up for file moves between /lib and /usr/lib, which they said they would not want when the original bug was filed (#995569). I would not have been able to do that and I doubt I will be able to do that any time soon. But if someone wanted to do that. Great! It would have been a burden off my shoulder. On the flip-side, if no one else was willing to do the work, then I would not have to feel bad about not being able to do it either. Either way would relieve me of the pressure of this bug. Eventually, dh_installsystemd (et al.) will probably have to support /usr/lib. If someone fixes that now, great. If someone fixes later, great. I do not mind the change. I mind the assumption that I will be doing it (in this or in future releases). Feel free to reopen this bug. As long as we all agree that for the timing being, *I* will *not* be interacting with the bug, do any design or review of the solution, or deal with any fallout of implementing the solution. Whoever owns up to dealing with all of that gets to deliver this feature. They get to do it without having to follow the NMU rules as far as I am concerned unless a co-maintainer steps up and takes ownership of this bug, because to me that is part of "stepping out of the way" when you are not volunteering to do the work. In summary: * I do not feel you did anything wrong or owe me an apology. * I mind doing the work; not the change. If you (anyone) want this change and you commit to doing it. Please reopen the bug and go ahead as long as you do not "depend" on or "need" me for any part of it. I hope my intentions were more clear this time. Best regards, Niels
Bug#1036046: bullseye-pu: package debian-parl/1.9.27+deb11u1
Followup-For: Bug #1036046 diff --git a/debian/changelog b/debian/changelog index 3e541dc..632788c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +debian-parl (1.9.27+deb11u1) bullseye; urgency=medium + + * rebuild using newer boxer-data ++ stop include lightning; closes: bug#1035344 ++ stop include thunderbird-l10n-si; closes: bug#1000872 + + -- Andreas Beckmann Mon, 01 May 2023 15:51:40 +0200 + debian-parl (1.9.27) unstable; urgency=medium * rebuild using newer boxer-data diff --git a/debian/control b/debian/control index 6a1da5c..7ebcaf9 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Build-Depends: cdbs, boxer (>= 0.004~), shellcheck, # lock to boxer-data minor release: Feature additions should be documented - boxer-data (>= 10.8), + boxer-data (>= 10.8.28+deb11u1~), boxer-data (<< 10.9) Standards-Version: 4.4.0 Homepage: https://wiki.debian.org/DebianParl diff --git a/debian/gbp.conf b/debian/gbp.conf index dad7295..4cc4bf2 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,5 +1,6 @@ # Configuration file for git-buildpackage and friends [DEFAULT] +debian-branch = bullseye sign-tags = True filter = */.git*
Processed: bullseye-pu: package debian-parl/1.9.27+deb11u1
Processing control commands:
> affects -1 + src:debian-parl
Bug #1036046 [release.debian.org] bullseye-pu: package
debian-parl/1.9.27+deb11u1
Added indication that 1036046 affects src:debian-parl
> block 1035344 with -1
Bug #1035344 [parl-desktop] parl-desktop: depends on no longer installable
lightning
1035344 was blocked by: 1035347
1035344 was not blocking any bugs.
Added blocking bug(s) of 1035344: 1036046
> block 1000872 with -1
Bug #1000872 {Done: Jonas Smedegaard } [parl-desktop-world]
parl-desktop-world: depends on removed package thunderbird-l10n-si
1000872 was blocked by: 1035347
1000872 was not blocking any bugs.
Added blocking bug(s) of 1000872: 1036046
> affects 1036044 + src:debian-design
Bug #1036044 [release.debian.org] bullseye-pu: package
debian-design/3.0.22+deb11u1
Added indication that 1036044 affects src:debian-design
> block 1000737 with 1036044
Bug #1000737 {Done: Jonas Smedegaard } [design-desktop]
debian-design: Depends: lightning but it is not installable
1000737 was blocked by: 1035347
1000737 was not blocking any bugs.
Added blocking bug(s) of 1000737: 1036044
--
1000737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000737
1000872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000872
1035344: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035344
1036044: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036044
1036046: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036046
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1036046: bullseye-pu: package debian-parl/1.9.27+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
Control: affects -1 + src:debian-parl
Control: block 1035344 with -1
Control: block 1000872 with -1
Control: affects 1036044 + src:debian-design
Control: block 1000737 with 1036044
debian-parl needs to be rebuilt against newer boxer-data to drop
dependencies on packages lo longer built by src:thunderbird, e.g.
lightning. Currently design-parl* are uninstallable in bullseye.
Effective binary debdiff caused by this rebuild:
$ debdiff parl-desktop_1.9.27_all.deb parl-desktop_1.9.27+deb11u1_all.deb
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
Depends: task-laptop, acpi-support, acpi-support-base, alsa-utils, anacron,
apt-listchanges, aptitude, bash-completion, bluez, catfish,
debian-security-support, evince, firefox-esr, gnome-disk-utility,
jitterentropy-rngd, libgl1-mesa-dri, libreoffice-calc, libreoffice-gtk3,
libreoffice-impress, libreoffice-writer, lightdm, [-lightning,-] mlocate,
mousepad, mpv, needrestart, network-manager-gnome, nuntius, parcimonie,
pasystray, pavucontrol, pinentry-gtk2, popularity-contest, pulseaudio,
pulseaudio-utils, pulsemixer, shotwell, slick-greeter, systemd, thunar,
thunderbird, unattended-upgrades, unicode-screensaver, usermode, uuid-runtime,
volumeicon-alsa, webext-dav4tbsync, webext-https-everywhere,
webext-privacy-badger, webext-ublock-origin-firefox, xfce4-notifyd,
xfce4-panel, xfce4-power-manager, xfce4-power-manager-plugins,
xfce4-pulseaudio-plugin, xfce4-session, xserver-xorg
Version: [-1.9.27-] {+1.9.27+deb11u1+}
$ debdiff parl-desktop-world_1.9.27_all.deb
parl-desktop-world_1.9.27+deb11u1_all.deb
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
Depends: parl-desktop, firefox-esr-l10n-ach, firefox-esr-l10n-af,
firefox-esr-l10n-an, firefox-esr-l10n-ar, firefox-esr-l10n-ast,
firefox-esr-l10n-az, firefox-esr-l10n-be, firefox-esr-l10n-bg,
firefox-esr-l10n-bn, firefox-esr-l10n-br, firefox-esr-l10n-bs,
firefox-esr-l10n-ca, firefox-esr-l10n-cak, firefox-esr-l10n-cs,
firefox-esr-l10n-cy, firefox-esr-l10n-da, firefox-esr-l10n-de,
firefox-esr-l10n-dsb, firefox-esr-l10n-el, firefox-esr-l10n-en-ca,
firefox-esr-l10n-en-gb, firefox-esr-l10n-eo, firefox-esr-l10n-es-ar,
firefox-esr-l10n-es-cl, firefox-esr-l10n-es-es, firefox-esr-l10n-es-mx,
firefox-esr-l10n-et, firefox-esr-l10n-eu, firefox-esr-l10n-fa,
firefox-esr-l10n-ff, firefox-esr-l10n-fi, firefox-esr-l10n-fr,
firefox-esr-l10n-fy-nl, firefox-esr-l10n-ga-ie, firefox-esr-l10n-gd,
firefox-esr-l10n-gl, firefox-esr-l10n-gn, firefox-esr-l10n-gu-in,
firefox-esr-l10n-he, firefox-esr-l10n-hi-in, firefox-esr-l10n-hr,
firefox-esr-l10n-hsb, firefox-esr-l10n-hu, firefox-esr-l10n-hy-am,
firefox-esr-l10n-ia, firefox-esr-l10n-id, firefox-esr-l10n-is,
firefox-esr-l10n-it, firefox-esr-l10n-ja, firefox-esr-l10n-ka,
firefox-esr-l10n-kab, firefox-esr-l10n-kk, firefox-esr-l10n-km,
firefox-esr-l10n-kn, firefox-esr-l10n-ko, firefox-esr-l10n-lij,
firefox-esr-l10n-lt, firefox-esr-l10n-lv, firefox-esr-l10n-mk,
firefox-esr-l10n-mr, firefox-esr-l10n-ms, firefox-esr-l10n-my,
firefox-esr-l10n-nb-no, firefox-esr-l10n-ne-np, firefox-esr-l10n-nl,
firefox-esr-l10n-nn-no, firefox-esr-l10n-oc, firefox-esr-l10n-pa-in,
firefox-esr-l10n-pl, firefox-esr-l10n-pt-br, firefox-esr-l10n-pt-pt,
firefox-esr-l10n-rm, firefox-esr-l10n-ro, firefox-esr-l10n-ru,
firefox-esr-l10n-si, firefox-esr-l10n-sk, firefox-esr-l10n-sl,
firefox-esr-l10n-son, firefox-esr-l10n-sq, firefox-esr-l10n-sr,
firefox-esr-l10n-sv-se, firefox-esr-l10n-ta, firefox-esr-l10n-te,
firefox-esr-l10n-th, firefox-esr-l10n-tr, firefox-esr-l10n-uk,
firefox-esr-l10n-ur, firefox-esr-l10n-uz, firefox-esr-l10n-vi,
firefox-esr-l10n-xh, firefox-esr-l10n-zh-cn, firefox-esr-l10n-zh-tw,
hunspell-af, hunspell-an, hunspell-ar, hunspell-be, hunspell-bg, hunspell-bn,
hunspell-bo, hunspell-br, hunspell-bs, hunspell-ca, hunspell-cs,
hunspell-de-at, hunspell-de-ch, hunspell-de-de, hunspell-dz, hunspell-el,
hunspell-en-au, hunspell-en-ca, hunspell-en-gb, hunspell-en-us, hunspell-es,
hunspell-eu, hunspell-fr-classical, hunspell-gd, hunspell-gl, hunspell-gu,
hunspell-gug, hunspell-he, hunspell-hi, hunspell-hr, hunspell-hu, hunspell-id,
hunspell-is, hunspell-it, hunspell-kk, hunspell-kmr, hunspell-ko, hunspell-lo,
hunspell-lt, hunspell-lv, hunspell-ml, hunspell-ne, hunspell-nl, hunspell-no,
hunspell-oc, hunspell-pl, hunspell-pt-br, hunspell-pt-pt, hunspell-ro,
hunspell-ru, hunspell-si, hunspell-sk, hunspell-sl, hunspell-sr, hunspell-sv,
hunspell-sw, hunspell-te, hunspell-th, hunspell-tr, hunspell-uk, hunspell-uz,
hunspell-vi, hyphen-af, hyphen-as, hyphen-bn, hyphen-da, hyphen-de,
hyphen-en-gb, hyphen-kn, hyphen-mr, hyphen-pa, hyphen-ta, hyphen-zu,
libreoffice-l10n-af,
Bug#1036045: unblock: opencascade/7.6.3+dfsg1-6
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: opencasc...@packages.debian.org Control: affects -1 + src:opencascade Please unblock package opencascade Helmut Grohne reported in #1035009 a missing Conflict: on several package, leading in certtain circumstances to installation errors. (Details in the bug) Additionally, this upload fixes two lintian *errors*: (E: depends-on-obsolete-package), suggestiong renaming two Depends: libfreetype6-dev with libfreetype-dev libgl1-mesa-dev with libgl-dev [ Risks ] Changes are trivial piuparts is happy as well (CI: https://salsa.debian.org/science-team/opencascade/-/pipelines/527866, piuparts job: https://salsa.debian.org/science-team/opencascade/-/jobs/4214165) [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock opencascade/7.6.3+dfsg1-6 -- Cheers, tobi
Processed: unblock: opencascade/7.6.3+dfsg1-6
Processing control commands: > affects -1 + src:opencascade Bug #1036045 [release.debian.org] unblock: opencascade/7.6.3+dfsg1-6 Added indication that 1036045 affects src:opencascade -- 1036045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036044: bullseye-pu: package debian-design/3.0.22+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
debian-design needs to be rebuilt against newer boxer-data to drop
dependencies on packages lo longer built by src:thunderbird, e.g.
lightning. Currently design-desktop* are uninstallable in bullseye.
Effective binary debdiff caused by this rebuild:
$ debdiff design-desktop_3.0.22_all.deb design-desktop_3.0.22+deb11u1_all.deb
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
Depends: alsa-utils, apt-listchanges, aptitude, bzip2, debian-security-support,
dfc, evince, firefox-esr, less, libgl1-mesa-dri, libreoffice-calc,
libreoffice-gtk3, libreoffice-impress, libreoffice-writer, lightdm,
[-lightning,-] links, mc, mpv, mtr-tiny, nano, ncdu, needrestart,
network-manager-gnome, pasystray, pavucontrol, popularity-contest, pulseaudio,
pulseaudio-utils, pulsemixer, rsync, slick-greeter, thunar, thunderbird,
unicode-screensaver, usermode, volumeicon-alsa, webext-dav4tbsync, wget,
xfce4-notifyd, xfce4-panel, xfce4-power-manager, xfce4-power-manager-plugins,
xfce4-pulseaudio-plugin, xfce4-session, xserver-xorg
Version: [-3.0.22-] {+3.0.22+deb11u1+}
Andreas
diff --git a/debian/changelog b/debian/changelog
index d5bd904..0d3aa41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+debian-design (3.0.22+deb11u1) bullseye; urgency=medium
+
+ * rebuild using newer boxer-data
++ stop include lightning; closes: bug#1000737
+
+ -- Andreas Beckmann Mon, 01 May 2023 17:12:37 +0200
+
debian-design (3.0.22) unstable; urgency=medium
* rebuild using newer boxer-data
diff --git a/debian/control b/debian/control
index 3e204a3..0c74743 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Build-Depends: cdbs,
boxer (>= 1.1.0),
shellcheck,
# lock to boxer-data minor release: Feature additions should be documented
- boxer-data (>= 10.8),
+ boxer-data (>= 10.8.28+deb11u1~),
boxer-data (<< 10.9)
Standards-Version: 4.5.1
Homepage: https://wiki.debian.org/Design
diff --git a/debian/gbp.conf b/debian/gbp.conf
index dad7295..4cc4bf2 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,6 @@
# Configuration file for git-buildpackage and friends
[DEFAULT]
+debian-branch = bullseye
sign-tags = True
filter = */.git*
Bug#1036043: bullseye-pu: package boxer-data/10.8.28+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu Control: affects -1 + src:boxer-data Control: block 1035347 with -1 This is a data update to remove packages no longer built by src:thunderbird, e.g. lightning. This is needed for rebuilding src:debian-design and src:debian-parl in order to drop the unavailable dependencies and make their binary packages installable again in bullseye. Andreas diff --git a/buster/classes/Desktop/email/thunderbird/locale/ASIA.yml b/buster/classes/Desktop/email/thunderbird/locale/ASIA.yml index 9769349..17ae2c3 100644 --- a/buster/classes/Desktop/email/thunderbird/locale/ASIA.yml +++ b/buster/classes/Desktop/email/thunderbird/locale/ASIA.yml @@ -19,7 +19,6 @@ parameters: - thunderbird-l10n-ko - thunderbird-l10n-ms - thunderbird-l10n-ru -- thunderbird-l10n-si - thunderbird-l10n-tr - thunderbird-l10n-vi - thunderbird-l10n-zh-cn diff --git a/buster/classes/Desktop/scheduling/lightning/init.yml b/buster/classes/Desktop/scheduling/lightning/init.yml index 722a476..6a9d60e 100644 --- a/buster/classes/Desktop/scheduling/lightning/init.yml +++ b/buster/classes/Desktop/scheduling/lightning/init.yml @@ -5,7 +5,6 @@ parameters: doc: desktop-scheduling: pkg: -- include Thunderbird extension Lightning +- include Thunderbird extension DAV-4-TbSync pkg: -- lightning - webext-dav4tbsync diff --git a/debian/changelog b/debian/changelog index cd1891a..77ff1cd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +boxer-data (10.8.28+deb11u1) bullseye; urgency=medium + + [ Jonas Smedegaard ] + * update class Desktop.scheduling.lightning: +stop install package lightning (gone) + * update class Desktop.email.thunderbird.locale: ++ update subclass ASIA to stop include package thunderbird-l10n-si +(Closes: #1035347) + + -- Andreas Beckmann Mon, 01 May 2023 15:43:00 +0200 + boxer-data (10.8.28) unstable; urgency=medium * fix exclude node showmebox-gnustep in autopkgtests diff --git a/debian/gbp.conf b/debian/gbp.conf index dad7295..4cc4bf2 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,5 +1,6 @@ # Configuration file for git-buildpackage and friends [DEFAULT] +debian-branch = bullseye sign-tags = True filter = */.git*
Processed: bullseye-pu: package boxer-data/10.8.28+deb11u1
Processing control commands: > affects -1 + src:boxer-data Bug #1036043 [release.debian.org] bullseye-pu: package boxer-data/10.8.28+deb11u1 Added indication that 1036043 affects src:boxer-data > block 1035347 with -1 Bug #1035347 [boxer-data] boxer-data: generates dependencies on no longer installable lightning 1035347 was not blocked by any bugs. 1035347 was blocking: 1000737 1000872 1035344 Added blocking bug(s) of 1035347: 1036043 -- 1035347: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035347 1036043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: lttng-modules-dkms: fails to build module on bullseye for Linux 5.10.0-22-amd64
Processing control commands: > tag -1 bullseye Bug #1035364 [lttng-modules-dkms] lttng-modules-dkms: fails to build module on bullseye for Linux 5.10.0-22-amd64 Ignoring request to alter tags of bug #1035364 to the same tags previously set > block -1 with 1035464 Bug #1035364 [lttng-modules-dkms] lttng-modules-dkms: fails to build module on bullseye for Linux 5.10.0-22-amd64 1035364 was not blocked by any bugs. 1035364 was not blocking any bugs. Added blocking bug(s) of 1035364: 1035464 -- 1035364: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035364 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036040: unblock: qemu/1:7.2+dfsg-7
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: q...@packages.debian.org, pkg-qemu-de...@lists.alioth.debian.org
Control: affects -1 + src:qemu
Please unblock package qemu
This is an easy one.
[ Reason ]
This release contains a fix for a trivial packaging bug, --
a forgotten Depends during package split. See the changelog
entry for more details.
[ Risks ]
There's no risks. The fix just works (tm).
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
(even in such a trivial case, I managed to forget to format the Closes:
line properly, This does not affect the package thogh)
unblock qemu/1:7.2+dfsg-7
diff -Nru qemu-7.2+dfsg/debian/changelog qemu-7.2+dfsg/debian/changelog
--- qemu-7.2+dfsg/debian/changelog 2023-04-29 13:02:55.0 +0300
+++ qemu-7.2+dfsg/debian/changelog 2023-05-14 11:29:12.0 +0300
@@ -1,3 +1,24 @@
+qemu (1:7.2+dfsg-7) unstable; urgency=medium
+
+ * d/control: qemu-system-xen: add ipxe-qemu dependency (#1035676)
+
+When installing qemu-system-xen on a new system, the boot roms are
+not installed. Unfortunately this means HVM Xen DomUs can not be used
+at all, because the boot roms are hard requiriment for qemu since 2014,
+it fails to start without the boot roms even if (network) booting is
+not requested.
+
+Before bookworm, when qemu-system-xen was part of regular
+qemu-system-x86 package, the dependency on ipxe-qemu was coming from
+that package. But when splitting qemu-system-xen out of it, we forgot
+that the boot roms are hard dependency now. This makes qemu-system-xen
+unusable on a new install until ipxe-qemu is installed too.
+
+An alternative would be to revert upstream commit 178e785fb
+(from 2014) to make rom loading failure a non-fatal error.
+
+ -- Michael Tokarev Sun, 14 May 2023 11:29:12 +0300
+
qemu (1:7.2+dfsg-6) unstable; urgency=medium
[ Michael Tokarev ]
diff -Nru qemu-7.2+dfsg/debian/control qemu-7.2+dfsg/debian/control
--- qemu-7.2+dfsg/debian/control2023-04-29 12:31:07.0 +0300
+++ qemu-7.2+dfsg/debian/control2023-05-11 17:28:22.0 +0300
@@ -400,7 +400,7 @@
Multi-Arch: no
# do we really need qemu-system-data? keymaps only?
Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-data (>>
${source:Upstream-Version}~),
- seabios
+ seabios, ipxe-qemu
Recommends: qemu-utils,
ovmf,
Description: QEMU full system emulation (Xen helper package)
diff -Nru qemu-7.2+dfsg/debian/control-in qemu-7.2+dfsg/debian/control-in
--- qemu-7.2+dfsg/debian/control-in 2023-04-29 12:05:13.0 +0300
+++ qemu-7.2+dfsg/debian/control-in 2023-05-07 21:55:26.0 +0300
@@ -412,7 +412,7 @@
Multi-Arch: no
# do we really need qemu-system-data? keymaps only?
Depends: ${shlibs:Depends}, ${misc:Depends}, qemu-system-data (>>
${source:Upstream-Version}~),
- seabios
+ seabios, ipxe-qemu
Recommends: qemu-utils,
ovmf,
:ubuntu:# For the transition from the former qemu-system-x86-xen name
Processed: unblock: qemu/1:7.2+dfsg-7
Processing control commands: > affects -1 + src:qemu Bug #1036040 [release.debian.org] unblock: qemu/1:7.2+dfsg-7 Added indication that 1036040 affects src:qemu -- 1036040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036039: unblock: debian-games/5
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@debian.org Please unblock package debian-games [ Reason ] debian-games is a Debian Blend and a collection of metapackages. debian-games' purpose is to recommend or suggest games of a specific category. As usual I have updated and synced the list of packages with the actual situation in Bookworm and Sid because we are close to a release now. Packages which are not part of the next stable release but still in unstable have been downgraded to Suggests. Games which have been removed from Debian are no longer listed. Newly introduced games have been added to Recommends or Suggests. [ Impact ] The recommendations in Bookworm would be outdated. [ Tests ] I have verified that the changes work and the metapackages can be installed successfully. [ Risks ] There have been only changes in the Recommends or Suggests sections. No code changes. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock debian-games/5 diff -Nru debian-games-4/debian/changelog debian-games-5/debian/changelog --- debian-games-4/debian/changelog 2021-07-04 08:50:03.0 +0200 +++ debian-games-5/debian/changelog 2023-05-06 23:13:53.0 +0200 @@ -1,3 +1,31 @@ +debian-games (5) unstable; urgency=medium + + [ Andreas Tille ] + * Build-Depends: Drop versioned constraint on blends-dev. + + [ Markus Koschany ] + * Declare compliance with Debian Policy 4.6.2. + * New games: +- puzzle: chromono, explosive-c4, parolottero +- console: chroma-curses, nbsdgames, tty-solitaire +- platform: davegnukem +- fps: dsda-doom, ktx, mvdsv, woof-doom +- emulator: yuzu +- tetris: ghextris +- arcard: lbreakouthd +- toys: pipes-sh + * Removed games: (removed from Debian) +- education: childsplay, gcompris +- rpg: ember +- puzzle: gnubik +- emulator: higan +- arcade: monster-masher +- strategy: snowballz +- c++-dev: libogre-1.9-dev + * Update the blacklist + + -- Markus Koschany Sat, 06 May 2023 23:13:53 +0200 + debian-games (4) unstable; urgency=medium * Update the blacklist diff -Nru debian-games-4/debian/control debian-games-5/debian/control --- debian-games-4/debian/control 2021-07-04 08:50:03.0 +0200 +++ debian-games-5/debian/control 2023-05-06 23:13:53.0 +0200 @@ -4,8 +4,8 @@ Priority: optional Maintainer: Debian Games Team Uploaders: Markus Koschany -Build-Depends: debhelper-compat (= 13), blends-dev (>= 0.6.92.1) -Standards-Version: 4.5.1 +Build-Depends: debhelper-compat (= 13), blends-dev +Standards-Version: 4.6.2 Homepage: https://blends.debian.org/games/tasks/ Vcs-Git: https://salsa.debian.org/blends-team/games.git Vcs-Browser: https://salsa.debian.org/blends-team/games @@ -78,7 +78,7 @@ jzip, lure-of-the-temptress, onscripter, -qtads, +renpy-thequestion, rlvm, scottfree, scummvm, @@ -89,7 +89,7 @@ xzip, zoom-player Suggests: fizmo-ncursesw, - renpy-thequestion, + qtads, scummvm-tools Description: Debian's adventure games This metapackage will install adventure games, interpreter and engines. @@ -128,7 +128,6 @@ excellent-bifurcation, freedroid, freegish, -funguloids, funnyboat, garden-of-coloured-lights, gav, @@ -153,13 +152,13 @@ kraptor, late, lbreakout2, +lbreakouthd, lierolibre, luola, madbomber, maelstrom, marsshooter, mirrormagic, -monster-masher, moon-buggy, moon-lander, mousetrap, @@ -236,11 +235,9 @@ xsoldier, xtron, zatacka -Suggests: adanaxisgpl, - efp, - fretsonfire, +Suggests: efp, + funguloids, gnome-games, - jmdlx, kdegames, netrek-client-cow, spout @@ -346,7 +343,6 @@ libltdl-dev, libode-dev, libogg-dev, -libogre-1.9-dev, libopenal-dev, libopenscenegraph-dev, libphysfs-dev, @@ -387,7 +383,6 @@ openpref, pescetti, pokerth, -pysolfc, tenace, xmille, xpat2, @@ -395,6 +390,7 @@ xsol Suggests: gnome-games, kdegames, + pysolfc, yahtzeesharp Description: Debian's card games This metapackage will install card games. @@ -412,11 +408,12 @@ ethereal-chess, fairy-stockfish,
