Bug#1040519: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1

[Michael Tokarev]

07.07.2023 10:58, Jonathan Wiltshire wrote:

Control: tag -1 confirmed

On Fri, Jul 07, 2023 at 10:03:07AM +0300, Michael Tokarev wrote:

[ Reason ]
Here's the next stable/bugfix release of samba, 4.17.9.
As has been the case with samba stable/bugfix releases, this
one is of an excellent quality, well tested and with all changes
well selected as well.


Please go ahead with the full proposal (upstream and your package fixes).


Uploaded just now instead of yesterday, - I wanted to verify once more it
is in a good shape after the above two additional modifications.

Thank you!

/mjt

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: yajl_2.1.0-3+deb11u1_all-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_amd64-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_arm64-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_armel-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_armhf-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_i386-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: yajl_2.1.0-3+deb11u1_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_s390x-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: aide_0.18.3-1+deb12u2_all-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_amd64-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_arm64-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_armel-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_armhf-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_i386-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_mipsel-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: aide_0.18.3-1+deb12u2_s390x-buildd.changes
  ACCEPT

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: yajl_2.1.0-3+deb11u1_source.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: 
rime-cantonese_0.0~git20230209.e0295fa-2~deb12u1_source.changes
  ACCEPT
Processing changes file: 
rime-luna-pinyin_0.0~git20230204.79aeae2-3~deb12u1_source.changes
  ACCEPT

Bug#1040137: yajl 2.1.0-3+deb11u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040137 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==

Package: yajl
Version: 2.1.0-3+deb11u1

Explanation: memory leak security fix

Processed: rime-luna-pinyin 0.0~git20230204.79aeae2-3~deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040502 = bookworm pending
Bug #1040502 [release.debian.org] bookworm-pu: package 
rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: yajl 2.1.0-3+deb11u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040137 = bullseye pending
Bug #1040137 [release.debian.org] bullseye-pu: package yajl/2.1.0-3+deb11u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040505: rime-cantonese 0.0~git20230209.e0295fa-2~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040505 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: rime-cantonese
Version: 0.0~git20230209.e0295fa-2~deb12u1

Explanation: sort words and characters by frequency

Bug#1040502: rime-luna-pinyin 0.0~git20230204.79aeae2-3~deb12u1 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040502 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: rime-luna-pinyin
Version: 0.0~git20230204.79aeae2-3~deb12u1

Explanation: install missing pinyin schema data

Processed: rime-cantonese 0.0~git20230209.e0295fa-2~deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040505 = bookworm pending
Bug #1040505 [release.debian.org] bookworm-pu: package 
rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040505: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040505
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1036676: transition: nvidia-cuda-toolkit 12

[Andreas Beckmann]

On 07/07/2023 22.30, Sebastian Ramacher wrote:

Have all bugs been filed for these issues?


Yes. The FTBFS ones are already autoremoved. mumax3 builds, but has a 
hardcoded dependency on a CUDA 11 library.


I'm currently testing nvidia-cuda-samples 12 ...


Andreas

Bug#1039961: marked as done (transition: libexecs)

[Debian Bug Tracking System]

Your message dated Fri, 7 Jul 2023 22:25:26 +0200
with message-id 
and subject line Re: Bug#1039961: transition: libexecs
has caused the Debian Bug report #1039961,
regarding transition: libexecs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039961
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: libex...@packages.debian.org
Control: affects -1 + src:libexecs
Control: submitter -1 Renzo Davoli 

Hi,

I'd like to ask for permission to carry out this small transition here:
https://release.debian.org/transitions/html/auto-libexecs.html

All the relevant rev-deps are OK and binNMUs would take care of them.

-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
On 2023-07-01 09:59:15 +0200, Sebastian Ramacher wrote:
> Control: tags -1 confirmed
> 
> On 2023-06-30 09:46:54 +0200, Mattia Rizzolo wrote:
> > Package: release.debian.org
> > User: release.debian@packages.debian.org
> > Usertags: transition
> > X-Debbugs-Cc: libex...@packages.debian.org
> > Control: affects -1 + src:libexecs
> > Control: submitter -1 Renzo Davoli 
> > 
> > Hi,
> > 
> > I'd like to ask for permission to carry out this small transition here:
> > https://release.debian.org/transitions/html/auto-libexecs.html
> > 
> > All the relevant rev-deps are OK and binNMUs would take care of them.
> 
> Please go ahead

The old binaries got removed from testing.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Processed: Re: Bug#1039030: transition: qtbase-abi-5-15-10

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed
Bug #1039030 [release.debian.org] transition: qtbase-abi-5-15-10
Added tag(s) confirmed.

-- 
1039030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1039030: transition: qtbase-abi-5-15-10

[Sebastian Ramacher]

Control: tags -1 confirmed

On 2023-06-24 23:13:44 +0300, Dmitry Shachnev wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> Control: block -1 by 1038402 1038737
> Control: affects -1 + src:qtbase-opensource-src
> 
> Dear Release team,
> 
> We skipped Qt 5.15.9 release because of the freeze, so now I would like to
> upgrade from 5.15.8 to 5.15.10 — a version which was published on June 6th.

Please go ahead.

Cheers
-- 
Sebastian Ramacher

Processed: Re: Bug#1036676: transition: nvidia-cuda-toolkit 12

[Debian Bug Tracking System]

Processing control commands:

> tags -1 moreinfo
Bug #1036676 [release.debian.org] transition: nvidia-cuda-toolkit 12
Added tag(s) moreinfo.

-- 
1036676: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036676
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1036676: transition: nvidia-cuda-toolkit 12

[Sebastian Ramacher]

Control: tags -1 moreinfo

On 2023-05-24 12:07:19 +0200, Andreas Beckmann wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> 
> The switch from CUDA 11 to CUDA 12 seems to have bigger impact on the
> dependencies, thus I'm going to block this bug with the corresponding
> FTBFS bugs.
> (There are no binNMUs to be scheduled by the release team as
> nvidia-cuda-toolkit is in non-free.)
> 
> First rebuild test with 12.0.0:
> FAILamd64   astra-toolbox/sid
> OK  amd64   bart-cuda/sid
> FAILamd64   eztrace-contrib/sid
> OK  amd64   hwloc-contrib/sid
> FAILamd64   magma/sid
> OK  amd64   mumax3/sid
> OK  amd64   nvidia-nccl/sid
> OK  amd64   pycuda/sid
> FAILamd64   pyhst2/sid
> OK  amd64   pyvkfft/sid
> FAILamd64   relion-cuda/sid
> FAILamd64   slurm-wlm-contrib/sid
> FAILamd64   starpu-contrib/sid
> FAILamd64   tomopy/sid

Have all bugs been filed for these issues?

Cheers
-- 
Sebastian Ramacher

Bug#1038820: marked as done (transition: glibc 2.37)

[Debian Bug Tracking System]

Your message dated Fri, 7 Jul 2023 22:26:40 +0200
with message-id 
and subject line Re: Bug#1038820: transition: glibc 2.37
has caused the Debian Bug report #1038820,
regarding transition: glibc 2.37
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038820
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: debian-gl...@lists.debian.org
Control: affects -1 + src:glibc

Dear release team,

I would like to get a transition slot for glibc 2.37. It has been
available in experimental for a bit more than a month and does not have
any known issue. It has been built successfully on all release
architectures and many ports architectures (technically 2.37-2 hasn't
been built yet on mipsel and mips64el due to the buildds lagging, but
2.37-1 has been built successfully).

As glibc is using symbol versioning, there is no soname change. That
said a few packages are using libc internal symbols and have to be
rebuilt for this transition. Here is the corresponding ben file:

  title = "glibc";
  is_affected = .depends ~ /libc[0-9.]* \(<--- End Message ---
--- Begin Message ---
On 2023-07-01 14:16:54 +0200, Aurelien Jarno wrote:
> Hi Sebastian,
> 
> On 2023-07-01 10:14, Sebastian Ramacher wrote:
> > Control: forwarded -1 
> > https://release.debian.org/transitions/html/glibc-2.37.html
> > Control: tags -1 confirmed
> > 
> > On 2023-06-21 20:53:54 +0200, Aurelien Jarno wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > X-Debbugs-Cc: debian-gl...@lists.debian.org
> > > Control: affects -1 + src:glibc
> > > 
> > > Dear release team,
> > > 
> > > I would like to get a transition slot for glibc 2.37. It has been
> > > available in experimental for a bit more than a month and does not have
> > > any known issue. It has been built successfully on all release
> > > architectures and many ports architectures (technically 2.37-2 hasn't
> > > been built yet on mipsel and mips64el due to the buildds lagging, but
> > > 2.37-1 has been built successfully).
> > 
> > Please go ahead.
> 
> Thanks, I have just uploaded it.

glibc mirated.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Bug#1038933: marked as done (transition: octave)

[Debian Bug Tracking System]

Your message dated Fri, 7 Jul 2023 22:27:14 +0200
with message-id 
and subject line Re: Bug#1038933: transition: octave
has caused the Debian Bug report #1038933,
regarding transition: octave
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: oct...@packages.debian.org, debian-oct...@lists.debian.org
Control: affects -1 + src:octave

Dear Release Team,

Please schedule a transition for the latest major upstream version of Octave,
version 8. All the arch:any Octave addons need to be rebuild.

Octave 8 has already been uploaded to experimental.

A rebuild of all the packages affected by the transition has been performed.
Several problems were fixed, and to the best of our knowledge, only one package
is not ready (octave-stk; since it is a leaf package, it will be possible to
temporarily exclude it from testing if it is not fixed by the time of the
transition). We stand ready to upload and NMU as needed if other issues arise.

Ben file:

title = "octave";
is_affected = .depends ~ "octave-abi-57" | .depends ~ "octave-abi-58";
is_good = .depends ~ "octave-abi-58";
is_bad = .depends ~ "octave-abi-57";

--
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄  https://www.debian.org
--- End Message ---
--- Begin Message ---
On 2023-07-04 12:20:18 +0200, Sébastien Villemot wrote:
> Le samedi 01 juillet 2023 à 10:15 +0200, Sebastian Ramacher a écrit :
> > On 2023-06-23 10:32:52 +0200, Sébastien Villemot wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian@packages.debian.org
> > > Usertags: transition
> > > X-Debbugs-Cc: oct...@packages.debian.org, debian-oct...@lists.debian.org
> > > Control: affects -1 + src:octave
> > > 
> > > Dear Release Team,
> > > 
> > > Please schedule a transition for the latest major upstream version of 
> > > Octave,
> > > version 8. All the arch:any Octave addons need to be rebuild.
> > 
> > Please go ahead.
> 
> Thanks for your help! It looks like the transition is complete.

Indeed, let's close the bug report.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Bug#1040418: marked as done (nmu: libheif_1.16.2-1)

[Debian Bug Tracking System]

Your message dated Fri, 7 Jul 2023 21:47:00 +0200
with message-id 
and subject line Re: Bug#1040418: nmu: libheif_1.16.2-1
has caused the Debian Bug report #1040418,
regarding nmu: libheif_1.16.2-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040418: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040418
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: binnmu
X-Debbugs-Cc: libh...@packages.debian.org, ba...@struktur.de, 
sramac...@debian.org
Control: affects -1 + src:libheif

nmu libheif_1.16.2-1 . ANY . unstable . -m "rebuild on buildd"

Please rebuild libheif (on all architectures, as it has M-A:same
binaries), so it can migrate to testing; kimageformat will need it
soon.

Thanks,
-- 
Pino
--- End Message ---
--- Begin Message ---
On 2023-07-05 19:31:48 +0200, Pino Toscano wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: binnmu
> X-Debbugs-Cc: libh...@packages.debian.org, ba...@struktur.de, 
> sramac...@debian.org
> Control: affects -1 + src:libheif
> 
> nmu libheif_1.16.2-1 . ANY . unstable . -m "rebuild on buildd"
> 
> Please rebuild libheif (on all architectures, as it has M-A:same
> binaries), so it can migrate to testing; kimageformat will need it
> soon.

This was scheduled some time ago.

Cheers
-- 
Sebastian Ramacher--- End Message ---

Processed: Re: Bug#1040335: transition: gnustep-sqlclient

[Debian Bug Tracking System]

Processing control commands:

> tags -1 confirmed
Bug #1040335 [release.debian.org] transition: gnustep-sqlclient
Added tag(s) confirmed.

-- 
1040335: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040335
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040335: transition: gnustep-sqlclient

[Sebastian Ramacher]

Control: tags -1 confirmed

On 2023-07-04 18:07:11 +0300, Yavor Doganov wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: transition
> X-Debbugs-Cc: gnustep-sqlcli...@packages.debian.org
> Control: affects -1 + src:gnustep-sqlclient
> Control: forwarded -1 
> https://release.debian.org/transitions/html/auto-gnustep-sqlclient.html
> 
> We would like to have release team's permission to update the
> gnustep-sqlclient library (libsqlclient1.8 -> 1.9).
> The only rdep is adun.app, it builds fine and can be safely binNMUed.

Please go ahead

Cheers
-- 
Sebastian Ramacher

Bug#1040001: adds unnecessarily strict versioned Depends on r-base-core

[Andreas Tille]

Control: reopen -1

Thanks for watching me, Bas.

Am Fri, Jul 07, 2023 at 05:09:31PM +0200 schrieb Sebastiaan Couwenberg:
> It seems that dh-r (20230707) should have closed #1040515 instead of the
> transition bug report (#1040001).

-- 
http://fam-tille.de

Processed: Re: adds unnecessarily strict versioned Depends on r-base-core

[Debian Bug Tracking System]

Processing control commands:

> reopen -1
Bug #1040001 [release.debian.org] transition: r-base
Bug 1040001 is not marked as done; doing nothing.

-- 
1040001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in oldstable-new

[Debian FTP Masters]

Processing changes file: mediawiki_1.35.11-1~deb11u1_source.changes
  ACCEPT
Processing changes file: mediawiki_1.35.11-1~deb11u1_all-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: aide_0.18.3-1+deb12u2_source.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_source.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_all-buildd.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: chromium_114.0.5735.198-1~deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: 
chromium_114.0.5735.198-1~deb12u1_ppc64el-buildd.changes
  ACCEPT

Processed: Re: Bug#1040563: bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 moreinfo
Bug #1040563 [release.debian.org] bookworm-pu: package 
node-tough-cookie/4.0.0-2+deb12u1
Added tag(s) moreinfo.

-- 
1040563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040563: bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1

[Jonathan Wiltshire]

Control: tag -1 moreinfo

On Fri, Jul 07, 2023 at 09:01:40PM +0400, Yadd wrote:
> [ Reason ]
> node-tough-cookie is vulnerable to prototype pollution

How has this been fixed in unstable? You'll need an upload there anyway for
version ordering.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: aide 0.18.3-1+deb12u2 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040142 = bookworm pending
Bug #1040142 [release.debian.org] bookworm-pu: package aide/0.18.3-1+deb12u2
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040142: aide 0.18.3-1+deb12u2 flagged for acceptance

[Jonathan Wiltshire]

package release.debian.org
tags 1040142 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: aide
Version: 0.18.3-1+deb12u2

Explanation: fix child directory processing on equal match

Bug#1040563: bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1

[Yadd]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: node-tough-coo...@packages.debian.org
Control: affects -1 + src:node-tough-cookie

[ Reason ]
node-tough-cookie is vulnerable to prototype pollution

[ Impact ]
Littel security issue

[ Tests ]
Test updated, passed

[ Risks ]
No risk, patch is trivial and tested

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Create new object instead of using default {}

Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3652359..a8e8b7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-tough-cookie (4.0.0-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload
+  * Fix prototype pollution (Closes: CVE-2023-26136)
+
+ -- Yadd   Fri, 07 Jul 2023 20:57:36 +0400
+
 node-tough-cookie (4.0.0-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/CVE-2023-26136.patch 
b/debian/patches/CVE-2023-26136.patch
new file mode 100644
index 000..05e6372
--- /dev/null
+++ b/debian/patches/CVE-2023-26136.patch
@@ -0,0 +1,71 @@
+Description: Fix prototype pollution
+ CVE-2023-26136
+Author: Yadd 
+Forwarded: not-needed
+Last-Update: 2023-07-07
+
+--- a/lib/memstore.js
 b/lib/memstore.js
+@@ -39,7 +39,7 @@
+   constructor() {
+ super();
+ this.synchronous = true;
+-this.idx = {};
++this.idx = Object.create(null);
+ if (util.inspect.custom) {
+   this[util.inspect.custom] = this.inspect;
+ }
+@@ -109,10 +109,10 @@
+ 
+   putCookie(cookie, cb) {
+ if (!this.idx[cookie.domain]) {
+-  this.idx[cookie.domain] = {};
++  this.idx[cookie.domain] = Object.create(null);
+ }
+ if (!this.idx[cookie.domain][cookie.path]) {
+-  this.idx[cookie.domain][cookie.path] = {};
++  this.idx[cookie.domain][cookie.path] = Object.create(null);
+ }
+ this.idx[cookie.domain][cookie.path][cookie.key] = cookie;
+ cb(null);
+@@ -144,7 +144,7 @@
+ return cb(null);
+   }
+   removeAllCookies(cb) {
+-this.idx = {};
++this.idx = Object.create(null);
+ return cb(null);
+   }
+   getAllCookies(cb) {
+--- a/test/cookie_jar_test.js
 b/test/cookie_jar_test.js
+@@ -669,4 +669,29 @@
+   }
+ }
+   })
++  .addBatch({
++"Issue #282 - Prototype pollution": {
++  "when setting a cookie with the domain __proto__": {
++topic: function() {
++  const jar = new tough.CookieJar(undefined, {
++rejectPublicSuffixes: false
++  });
++  // try to pollute the prototype
++  jar.setCookieSync(
++"Slonser=polluted; Domain=__proto__; Path=/notauth",
++"https://__proto__/admin;
++  );
++  jar.setCookieSync(
++"Auth=Lol; Domain=google.com; Path=/notauth",
++"https://google.com/;
++  );
++  this.callback();
++},
++"results in a cookie that is not affected by the attempted prototype 
pollution": function() {
++  const pollutedObject = {};
++  assert(pollutedObject["/notauth"] === undefined);
++}
++  }
++}
++  })
+   .export(module);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..67af372
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2023-26136.patch

Processed: bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + src:node-tough-cookie
Bug #1040563 [release.debian.org] bookworm-pu: package 
node-tough-cookie/4.0.0-2+deb12u1
Added indication that 1040563 affects src:node-tough-cookie

-- 
1040563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: autofs_5.1.8-2+deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: autofs_5.1.8-2+deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: autofs_5.1.8-2+deb12u1_s390x-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_all-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_amd64-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_arm64-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_armel-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_armhf-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_i386-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_s390x-buildd.changes
  ACCEPT
Processing changes file: smarty4_4.3.0-1+deb12u1_all-buildd.changes
  ACCEPT

Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2

[Marc Haber]

On Thu, Jul 06, 2023 at 07:25:35PM +0100, Adam D. Barratt wrote:
> Please go ahead.

Thanks for your advice. Uploaded.

Greetings
Marc

-- 
-
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany|  lose things."Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Processed: reopening 1040001

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 1040001
Bug #1040001 {Done: Andreas Tille } [release.debian.org] 
transition: r-base
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions dh-r/20230707.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040001: marked as done (transition: r-base)

[Debian Bug Tracking System]

Your message dated Fri, 07 Jul 2023 08:57:16 +
with message-id 
and subject line Bug#1040001: fixed in dh-r 20230707
has caused the Debian Bug report #1040001,
regarding transition: r-base
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040001
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: transition
X-Debbugs-Cc: r-b...@packages.debian.org, debia...@lists.debian.org
Control: affects -1 + src:r-base

Hi,

I'm not sure that we are in the right status to ask for a transition bug
since the affected package was just uploaded some time ago by its
maintainer who did not considered a proper transition.  This was discussed
on debia...@lists.debian.org in several postings - I try to point you to
the most relevant ones

  https://lists.debian.org/debian-r/2023/06/msg00011.html
as a response to >30 bugs against single packages all affecting
the r-base migration due to (to be expected) autopkgtest errors
in testing.  You can basically get this list of now all RC buggy
packages from the tracker page or r-base[1]

  https://lists.debian.org/debian-r/2023/06/msg00017.html
suggests r-graphics-api-* after r-base maintainer confirmed
"they cheated _a little_ and changes the graphics API" (probably
meaning ABI not API)

  https://lists.debian.org/debian-r/2023/06/msg00016.html
Reference to the docs

  https://lists.debian.org/debian-r/2023/06/msg00025.html
In the end of this mail three options are listed which I simply
repeat here for your comfort:

   1. implement the r-graphics-api-*
  This might be a bit complex since for the moment I do not know
  any means how to detect the packages that need this dependency
  (and how we can implement this into dh-update-R)  So this might
  become technically complex in the first case

   2. Just do a full r-api transition
  This would work but affects more packages than strictly
  necessary.  My gut feeling says we will be able to finish this
  earlier than 1. despite technically not perfect

   3. Blindly ignore the fact that we need a transition and follow
  the hackish workaround by using random versioned Depends as
  suggested by Nilesh for r-cran-epi.

  https://lists.debian.org/debian-r/2023/06/msg00027.html
Confirmation for option 1.


While I would love to hear the opinion of the release team what kind of
transition (1. or 2.) should be prefered (if this is possible now at all
since the affected package r-base 4.3.1 is in the archive since some
time and also the most urgent packages are rebuild manually) or whether
we need to fight manually through this mess (option 3.)  I confirm that
I agree with Johannes Ranke to prefer option 1. and do it "right" to be
safe for the next time.

To support this idea I just commited some proof of concept change to
dh-r which would support injecting a virtual package in case r-base
would define it.  This requires confirmation of the r-base maintainer.

Sorry that this transition bug is that complex.  I would have loved if
it would went more coordinated but unfortunately that's not in my hands
and I simply try to reassemble the pieces.

Kind regards
Andreas.

[1] https://tracker.debian.org/pkg/r-base
[2] 
https://salsa.debian.org/r-pkg-team/dh-r/-/commit/f79e2573a59c1ff01c526a7dcf15b7f85263cc29

Ben file:

title = "r-base";
is_affected = ;
is_good = ;
is_bad = ;
--- End Message ---
--- Begin Message ---
Source: dh-r
Source-Version: 20230707
Done: Andreas Tille 

We believe that the bug you reported is fixed in the latest version of
dh-r, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1040...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille  (supplier of updated dh-r package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 07 Jul 2023 10:29:11 +0200
Source: dh-r
Architecture: source
Version: 20230707
Distribution: unstable
Urgency: med

Processed: Re: Bug#1040519: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed
Bug #1040519 [release.debian.org] bookworm-pu: package 
samba/2:4.17.9+dfsg-0+deb12u1
Added tag(s) confirmed.

-- 
1040519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040519: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Fri, Jul 07, 2023 at 10:03:07AM +0300, Michael Tokarev wrote:
> [ Reason ]
> Here's the next stable/bugfix release of samba, 4.17.9.
> As has been the case with samba stable/bugfix releases, this
> one is of an excellent quality, well tested and with all changes
> well selected as well.

Please go ahead with the full proposal (upstream and your package fixes).

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040505: bookworm-pu: package rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed
Bug #1040505 [release.debian.org] bookworm-pu: package 
rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1
Added tag(s) confirmed.

-- 
1040505: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040505
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040505: bookworm-pu: package rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Thu, Jul 06, 2023 at 04:45:41PM -0400, Boyuan Yang wrote:
> This upload adds a missing file (word frequency file) to the
> installation of binary package rime-data-jyut6ping3 to fix
> https://bugs.debian.org/1037022 .

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040502: bookworm-pu: package rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed
Bug #1040502 [release.debian.org] bookworm-pu: package 
rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1
Added tag(s) confirmed.

-- 
1040502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040502: bookworm-pu: package rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Thu, Jul 06, 2023 at 04:27:46PM -0400, Boyuan Yang wrote:
> Fix input method deployment error and bug in customizing input method
> as reported in https://bugs.debian.org/1040403 . It is caused by
> missing installation of pinyin.yaml from upstream source code to
> binary package according to the upstream bug report at
> https://github.com/rime/home/issues/1326 .

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

NEW changes in stable-new

[Debian FTP Masters]

Processing changes file: autofs_5.1.8-2+deb12u1_source.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_source.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_all-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_amd64-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_arm64-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_armel-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_armhf-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_i386-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_mips64el-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_mipsel-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: linux_6.1.37-1_s390x-buildd.changes
  ACCEPT
Processing changes file: linux-signed-amd64_6.1.37+1_source.changes
  ACCEPT
Processing changes file: linux-signed-amd64_6.1.37+1_amd64-buildd.changes
  ACCEPT
Processing changes file: linux-signed-arm64_6.1.37+1_source.changes
  ACCEPT
Processing changes file: linux-signed-arm64_6.1.37+1_arm64-buildd.changes
  ACCEPT
Processing changes file: linux-signed-i386_6.1.37+1_source.changes
  ACCEPT
Processing changes file: linux-signed-i386_6.1.37+1_i386-buildd.changes
  ACCEPT
Processing changes file: postfix_3.7.6-0+deb12u2_source.changes
  ACCEPT
Processing changes file: smarty4_4.3.0-1+deb12u1_source.changes
  ACCEPT

Processed: Re: Bug#1040415: bullseye-pu: package pacemaker/2.1.5-1+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> tag -1 confirmed
Bug #1040415 [release.debian.org] bookworm-pu: package pacemaker/2.1.5-1+deb12u1
Added tag(s) confirmed.

-- 
1040415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040415: bullseye-pu: package pacemaker/2.1.5-1+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Wed, Jul 05, 2023 at 07:14:09PM +0200, Ferenc Wágner wrote:
> [ Reason ]
> Shortly after the release of bookworm we got a report that Pacemaker
> regressed in certain migration scenarios when compared to the bullseye
> version.  Upstream identified the cause (a bug already fixed in 2.1.6),
> and after backporting the fix the submitter acknowledged that they can't
> reproduce the bug anymore with the proposed packages.
> https://bugs.clusterlabs.org/show_bug.cgi?id=5521
> Pacemaker package bug opened after discussion on the mailing list:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040165

Please go ahead, and bear in mind the upload window closes next weekend.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: smarty4 4.3.0-1+deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040449 = bookworm pending
Bug #1040449 [release.debian.org] bookworm-pu: package smarty4/4.3.0-1+deb12u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: autofs 5.1.8-2+deb12u1 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040448 = bookworm pending
Bug #1040448 [release.debian.org] bookworm-pu: package autofs/5.1.8-2+deb12u1
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040449: smarty4 4.3.0-1+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1040449 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: smarty4
Version: 4.3.0-1+deb12u1

Explanation: fix arbitrary code execution issue [CVE-2023-28447]

Processed: postfix 3.7.6-0+deb12u2 flagged for acceptance

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040435 = bookworm pending
Bug #1040435 [release.debian.org] bookworm-pu: package postfix/3.7.4-2
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040435: postfix 3.7.6-0+deb12u2 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1040435 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: postfix
Version: 3.7.6-0+deb12u2

Explanation: fix "postfix set-permissions"

Bug#1040448: autofs 5.1.8-2+deb12u1 flagged for acceptance

[Adam D Barratt]

package release.debian.org
tags 1040448 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: autofs
Version: 5.1.8-2+deb12u1

Explanation: fix hang when using Kerberos-authenticated LDAP

Bug#1040519: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1

[Michael Tokarev]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sa...@packages.debian.org
Control: affects -1 + src:samba

[ Reason ]
Here's the next stable/bugfix release of samba, 4.17.9.
As has been the case with samba stable/bugfix releases, this
one is of an excellent quality, well tested and with all changes
well selected as well.

Usually in debian we patched previous stable samba release,
picking up just some changes from upstream.  But I believe
every bit fixed by samba upstream project deserves to come
to debian, together with their version number, - there's no
reason for patching and especially for picking a subset of
changes from a well-selected and well-tested upstream bugfix
release.

As is usual for samba stable/bugfix releases again, this release
fixes a bunch of bugs which affects users of samba in one way or
another, despite the fact there's no corresponding bug reports
in debian.  All bugs fixed in this release are linked to in the
new changelog entry.  One of the patches has been already applied
in the previous debian release of samba, so that patch is removed
from d/patches.

[ Impact ]
The list of bugs fixed isn't large, but some of the bugs are
annoying and serious enough.  For example,
https://bugzilla.samba.org/show_bug.cgi?id=15361 "wibindd
recurses into itself via rpcd_lsad" affects getpwnam() lookups
when nss_winbind is used, - it's quite severe issue.
(the patchset fixing it is also quite large).

[ Tests ]
This is samba upstream stable/bugfix release, which passes whole
upstream testsuite and wider testing by the users. The debian
package is running on my sites already, and passes my real-life
test scenarious.

[ Risks ]
The changes aren't trivial. And there's always risks.  Still,
this release brings real fixes for real issues which is better
to fix anyway.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
  * new upstream stable/bugfix release, with the following fixes:
   * https://bugzilla.samba.org/show_bug.cgi?id=14030
 named crashes on DLZ zone update
 (this was in debian in previous upload)
   * https://bugzilla.samba.org/show_bug.cgi?id=15275
 smbd_scavenger crashes when service smbd is stopped
   * https://bugzilla.samba.org/show_bug.cgi?id=15361
 winbind recurses into itself via rpcd_lsad
   * https://bugzilla.samba.org/show_bug.cgi?id=15374
 aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse()
   * https://bugzilla.samba.org/show_bug.cgi?id=15378
 vfs_fruit might cause a failing open for delete
   * https://bugzilla.samba.org/show_bug.cgi?id=15382
 cli_list loops 100% CPU against pre-lanman2 servers
   * https://bugzilla.samba.org/show_bug.cgi?id=15391
 smbclient leaks fds with showacls
   * https://bugzilla.samba.org/show_bug.cgi?id=15403
 smbget memory leak if failed to download files recursively
   * https://bugzilla.samba.org/show_bug.cgi?id=15404
 Backport --pidl-developer fixes
   * https://bugzilla.samba.org/show_bug.cgi?id=15413
 winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR
  * remove dnsserver-rename-dns_name_equal.patch
(included upstream)

[ Other info ]
In the debdiff below, I filtered out *.[1-8] and *.[1-8].html -
these are auto-generated manpages which gets updated for the
current version number and release date, making the debdiff
really huge.  In trixie I removed these generated manpages at
the dfsg-repack stage so it is not an issue anymore there,
but for bookworm it hasn't been done in time.

Each bug report linked to from the changelog has a patch(set)
fixing it in this (4.17) release, which are included in the
upstream tarball.  To simplify review, it might be good idea
to take a look there.  Also, each individual commit is available at
https://gitlab.com/samba-team/samba/-/commits/samba-4.17.9
(up to previous tag therem samba-4.17.8).  The diff itself
between 4.17.8 and 4.17.9 is rather difficult to read as a whole,
while individual logical changes/commits are more manageable.

While at it, I'm asking about 2 more possible changes in this
package for bookworm, if it is okay with the release team to
have them or not.  If yes, I'll prepare another upload with
them included.

First, I'd love to get rid of the autogenerated manpages in
the orig.tar.gz during the dfsg-repack stage, which has been
noticed too late in the bookworm release cycle.  Upstream
ships auto-generated manpages (in man and html format) in the
source tarball, and the boilerplates in these manpages are
updated for each version number and the release date.  During
build, the manpages are regenerated (actually this happens
sometimes only, the upstream build system is difficult to
follow; at least the patched manpages are regenerated).  This
makes difference 

Processed: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u1

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + src:samba
Bug #1040519 [release.debian.org] bookworm-pu: package 
samba/2:4.17.9+dfsg-0+deb12u1
Added indication that 1040519 affects src:samba

-- 
1040519: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040519
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040001: To strict version restrictions injected by dh-r (Was: Bug#1040001: Seeking advise how to proceed with the transition / move R stack to testing)

[Sébastien Villemot]

Le jeudi 06 juillet 2023 à 22:09 +0200, Andreas Tille a écrit :
> Am Thu, Jul 06, 2023 at 09:13:46PM +0200 schrieb Sébastien Villemot:
> > > I'm not sure so please explain in more detail.  dh-r was designed to put
> > > the lowest restriction regarding the versions.  I remember some
> > > discussion some time ago that Dirk thought we should put stronger
> > > restrictions (and he is sometimes adding version restrictions manually
> > > that are not helpful for backporting).  If I will be sure I understand
> > > your point exactly I can check the code and the relevant discussion.
> > > (Feel free to file a bug report about this and we can discuss it there
> > > if you think this makes more sense.)
> > 
> > It comes from this line:
> > https://salsa.debian.org/r-pkg-team/dh-r/-/blob/master/dh/R.pm#L272
> > 
> > More precisely the “r-base-core (>= $rbase_version)” part, which
> > imposes an unnecessarily tight restriction on the r-base-core version.
> 
> Got it, thanks for the explanation.
[…]
> I'd consider it sensible if you open a bug against dh-r where we can
> document the change you are suggesting.

Done in #1040515.

-- 
⢀⣴⠾⠻⢶⣦⠀  Sébastien Villemot
⣾⠁⢠⠒⠀⣿⡁  Debian Developer
⢿⡄⠘⠷⠚⠋⠀  https://sebastien.villemot.name
⠈⠳⣄  https://www.debian.org



signature.asc
Description: This is a digitally signed message part