NEW changes in stable-new
Processing changes file: libreoffice_7.4.7-1_armel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_mips64el-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: libreoffice_7.4.7-1_ppc64el-buildd.changes ACCEPT Processing changes file: libreoffice_7.4.7-1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: libreoffice_7.4.7-1_all-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: qemu_7.2+dfsg-7+deb12u1_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_mipsel-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: sra-sdk_3.0.3+dfsg-6~deb12u1_source.changes REJECT Processing changes file: libreoffice_7.4.7-1_source.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_arm64-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_amd64-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_i386-buildd.changes ACCEPT
Processed: libreoffice 7.4.7-1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1036904 = bookworm pending Bug #1036904 [release.debian.org] bookworm-pu: package libreoffice/4:7.4.7-1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1036904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036904 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1036904: libreoffice 7.4.7-1 flagged for acceptance
package release.debian.org tags 1036904 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libreoffice Version: 7.4.7-1 Explanation: new upstream bugfix release
Bug#1040953: bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1
On Fri, 2023-07-14 at 15:09 -0400, Aaron M. Ucko wrote: > "Adam D. Barratt" writes: > > > FWIW the auto-generated debdiff disagrees - > > https://release.debian.org/proposed-updates/bookworm_diffs/sra-sdk_3.0.3+dfsg-6~deb12u1.debdiff > > Please clear the path for another 3.0.3+dfsg-6~deb12u1 upload, > thanks. > Thanks for the quick follow-up. I've flagged the current upload for rejection. Feel free to re-upload once that gets actioned. Regards, Adam
Bug#1040953: bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1
"Adam D. Barratt" writes: > FWIW the auto-generated debdiff disagrees - > https://release.debian.org/proposed-updates/bookworm_diffs/sra-sdk_3.0.3+dfsg-6~deb12u1.debdiff Please clear the path for another 3.0.3+dfsg-6~deb12u1 upload, thanks. Sorry about that -- I'd compared against my -6 because that was handier on the relevant host, but my so-far customary workflow turned out to have yielded the same exclusion. I found a reasonably clean way of dropping the exclusion without needing a new tag: manually running dpkg-source -b . -Inonexistent I will look into adjusting my workflow to DTRT. -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) http://www.mit.edu/~amu/ | http://stuff.mit.edu/cgi/finger/?a...@monk.mit.edu
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_armhf-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_all-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_armel-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_all-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_mips64el-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: qemu_7.2+dfsg-7+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: qemu_7.2+dfsg-7+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_arm64-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_armel-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_armhf-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_mipsel-buildd.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_ppc64el-buildd.changes ACCEPT
Bug#1041074: bookworm-pu: package cpp-httplib/0.11.4+ds-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cpp-http...@packages.debian.org
Control: affects -1 + src:cpp-httplib
Hi all, I'd like to push a stable update for cpp-httplib fixing a security
vulnerability. Since the vulnerability is not that serious (no-dsa) the
security team advised me to send it here instead of pushing it to bookworm-
security.
[ Reason ]
This fixes a security vulnerability (CRLF Injection).
[ Impact ]
cpp-httplib will have a security vulnerability in bookworm.
[ Tests ]
Upstream CI, autopkgtest, lintian, manual review.
[ Risks ]
This should be completely risk free.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
cpp-httplib (0.11.4+ds-1+deb12u1) bookworm; urgency=medium
* d/gbp.conf: adjust branch names for bookworm
* d/patches: fix fox CVE-2023-26130.
Backport of the security fix for CVE-2023-26130, a CRLF Injection, from
upstream commit 5b397d455d25a391ba346863830c1949627b4d08 included in
upstream release 0.12.4 and newer. (Closes: #1037100)
-- Andrea Pappacoda Thu, 13 Jul 2023 00:26:06 +0200
[ Other info ]
That's it. This is a small update.
diff -Nru cpp-httplib-0.11.4+ds/debian/changelog
cpp-httplib-0.11.4+ds/debian/changelog
--- cpp-httplib-0.11.4+ds/debian/changelog 2023-01-12 16:39:07.0
+0100
+++ cpp-httplib-0.11.4+ds/debian/changelog 2023-07-13 00:26:06.0
+0200
@@ -1,3 +1,13 @@
+cpp-httplib (0.11.4+ds-1+deb12u1) bookworm; urgency=medium
+
+ * d/gbp.conf: adjust branch names for bookworm
+ * d/patches: fix fox CVE-2023-26130.
+Backport of the security fix for CVE-2023-26130, a CRLF Injection, from
+upstream commit 5b397d455d25a391ba346863830c1949627b4d08 included in
+upstream release 0.12.4 and newer. (Closes: #1037100)
+
+ -- Andrea Pappacoda Thu, 13 Jul 2023 00:26:06 +0200
+
cpp-httplib (0.11.4+ds-1) unstable; urgency=medium
* New upstream version 0.11.4+ds
diff -Nru cpp-httplib-0.11.4+ds/debian/gbp.conf
cpp-httplib-0.11.4+ds/debian/gbp.conf
--- cpp-httplib-0.11.4+ds/debian/gbp.conf 2023-01-12 16:39:07.0
+0100
+++ cpp-httplib-0.11.4+ds/debian/gbp.conf 2023-07-13 00:26:06.0
+0200
@@ -1,8 +1,8 @@
[DEFAULT]
dist = DEP14
-debian-branch = debian/latest
-upstream-branch = upstream/latest
+debian-branch = debian/bookworm
+upstream-branch = upstream/0.11.x
pristine-tar = True
pristine-tar-commit = True
sign-tags = True
diff -Nru cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch
cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch
--- cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch 1970-01-01
01:00:00.0 +0100
+++ cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch 2023-07-13
00:26:06.0 +0200
@@ -0,0 +1,173 @@
+Description: Fix for CVE-2023-26130
+Author: Andrea Pappacoda
+Origin: backport,
https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08
+Bug-Debian: https://bugs.debian.org/1037100
+Last-Update: 2023-07-12
+
+--- cpp-httplib-0.11.4+ds.orig/httplib.h
cpp-httplib-0.11.4+ds/httplib.h
+@@ -5707,8 +5707,8 @@ inline void Server::apply_ranges(const R
+ res.headers.erase(it);
+ }
+
+-res.headers.emplace("Content-Type",
+-"multipart/byteranges; boundary=" + boundary);
++res.set_header("Content-Type",
++ "multipart/byteranges; boundary=" + boundary);
+ }
+
+ auto type = detail::encoding_type(req, res);
+@@ -6385,32 +6385,32 @@ inline bool ClientImpl::write_request(St
+ // Prepare additional headers
+ if (close_connection) {
+ if (!req.has_header("Connection")) {
+- req.headers.emplace("Connection", "close");
++ req.set_header("Connection", "close");
+ }
+ }
+
+ if (!req.has_header("Host")) {
+ if (is_ssl()) {
+ if (port_ == 443) {
+-req.headers.emplace("Host", host_);
++req.set_header("Host", host_);
+ } else {
+-req.headers.emplace("Host", host_and_port_);
++req.set_header("Host", host_and_port_);
+ }
+ } else {
+ if (port_ == 80) {
+-req.headers.emplace("Host", host_);
++req.set_header("Host", host_);
+ } else {
+-req.headers.emplace("Host", host_and_port_);
++req.set_header("Host", host_and_port_);
+ }
+ }
+ }
+
+- if (!req.has_header("Accept")) { req.headers.emplace("Accept", "*/*"); }
++ if (!req.has_header("Accept")) { req.set_header("Accept", "*/*"); }
+
+ #ifndef CPPHTTPLIB_NO_DEFAULT_USER_AGENT
+ if (!req.has_header("User-Agent")) {
+ auto agent = std::string("cpp-httplib/") + CPPHTTPLIB_VERSION;
+-req.headers.emplace("User-Agent", agent);
++req.set_header("User-Agent", agent);
+ }
+ #end
Processed: bookworm-pu: package cpp-httplib/0.11.4+ds-1+deb12u1
Processing control commands: > affects -1 + src:cpp-httplib Bug #1041074 [release.debian.org] bookworm-pu: package cpp-httplib/0.11.4+ds-1+deb12u1 Added indication that 1041074 affects src:cpp-httplib -- 1041074: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041074 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1039604: glusterfs: Drop support for 32-bit architectures
*ping* (also adding some other maintainers of reverse depends) Am 04.07.2023 um 16:12 schrieb Patrick Matthäi: Hey, (@debian-release, pls CC me) Am 27.06.2023 um 20:13 schrieb Sergio Durigan Junior: Source: glusterfs Version: 10.3-5 Severity: important Hi, Upstream glusterfs has given several indications that they do not care about/support 32-bit architectures, as can be seen in this (non-exhaustive) list of issues: - https://github.com/gluster/glusterfs/issues/3911 - https://github.com/gluster/glusterfs/issues/702 Moreover, in Ubuntu, where glusterfs is built for armhf, some issues have been filed about problems related to this lack of 32-bit support, like: - https://bugs.launchpad.net/ubuntu/+source/glusterfs/+bug/1991441 - https://bugs.launchpad.net/ubuntu/+source/glusterfs/+bug/1951408 The underlying issue in these two bugs happen to be correlated: glusterfs requires that the host supports 64-bit atomic operations, but armhf and other 32-bit architectures don't offer such feature. Therefore, I would like to request that the support for 32-bit architecture in Debian's glusterfs package be dropped, please. A quick investigation tells me that these packages will likely need to be adjusted because they depend on glusterfs: Reverse-Build-Depends * fio (for libglusterfs-dev) * libvirt (for libglusterfs-dev) * nfs-ganesha (for libglusterfs-dev) * qemu (for libglusterfs-dev) * qemu (for glusterfs-common) * tgt (for libglusterfs-dev) * uwsgi (for libglusterfs-dev) Reverse-Build-Depends-Arch * samba (for libglusterfs-dev) Let me know if there's anything I can do to help here. Thanks, OK I think this is a realy bad situation, also just so short after the bookworm release.. @Release team: What is your opinion about it, should we remove glusterfs on 32 bit platforms from bookworm? How should we coordinate it also with the other reverse dependencies? Or should we leave it as it is (for bookworm) and change it for the upcoming releases?
Processed: bookworm-pu: package usb.ids/2023.05.17-0+deb12u1
Processing control commands: > affects -1 + src:usb.ids Bug #1041069 [release.debian.org] bookworm-pu: package usb.ids/2023.05.17-0+deb12u1 Added indication that 1041069 affects src:usb.ids -- 1041069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041069 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: samba_4.17.9+dfsg-0+deb12u3_s390x-buildd.changes ACCEPT
Bug#1040953: bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1
On Thu, 2023-07-13 at 23:21 -0400, Aaron M. Ucko wrote: > u...@debian.org (Aaron M. Ucko) writes: > > > > The fix itself looks fine, so please feel free to go ahead (with > > > the > > > Closes: removed and possibly with .gitignore restored if > > > appropriate). > > > > Will do, thanks! > > Uploaded, final debdiff confirmed not to touch .gitignore. Thanks! > FWIW the auto-generated debdiff disagrees - https://release.debian.org/proposed-updates/bookworm_diffs/sra-sdk_3.0.3+dfsg-6~deb12u1.debdiff .gitignore | 16 Assuming that you would prefer not to include that change, it's up to you whether you'd prefer to upload ~deb12u2 as an additional revision that simply re-adds the file, or we can reject the current package and you can re-upload as ~deb12u1 again. Regards, Adam
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_amd64-buildd.changes ACCEPT Processing changes file: linux_6.1.38-1_armel-buildd.changes ACCEPT
Re: Debian Kernel version and ABI in respect of #1040901
On Thu, 2023-07-13 at 21:16 +0200, Bastian Blank wrote: [...] > ## Proposed behaviour > > This tries to make sure everything apart from experimental gets new > names and ABI on every upload. > > * experimental: > Keep version 6.1~rc2-3~exp4, 6.1.2-3~exp4 > Keep ABI 6.1.0-0-arm64 [...] Why would that still be acceptable in experimental? Ben. -- Ben Hutchings Hoare's Law of Large Problems: Inside every large problem is a small problem struggling to get out. signature.asc Description: This is a digitally signed message part
NEW changes in stable-new
Processing changes file: qemu_7.2+dfsg-7+deb12u1_source.changes ACCEPT Processing changes file: samba_4.17.9+dfsg-0+deb12u3_source.changes ACCEPT Processing changes file: linux_6.1.38-1_i386-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: glibc_2.36-9+deb12u1_mips64el-buildd.changes ACCEPT
Processed: qemu 7.2+dfsg-7+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1040875 = bookworm pending Bug #1040875 [release.debian.org] bookworm-pu: package qemu/1:7.2+dfsg-7+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1040875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040875 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: samba 4.17.9+dfsg-0+deb12u3 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1041037 = bookworm pending Bug #1041037 [release.debian.org] bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1041037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1041037: samba 4.17.9+dfsg-0+deb12u3 flagged for acceptance
package release.debian.org tags 1041037 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: samba Version: 4.17.9+dfsg-0+deb12u3 Explanation: fix windows logon/trust issues with 2023-07 windows updates
Bug#1040875: qemu 7.2+dfsg-7+deb12u1 flagged for acceptance
package release.debian.org tags 1040875 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: qemu Version: 7.2+dfsg-7+deb12u1 Explanation: new upstream stable release; fix USB devices not being available to XEN HVM domUs; 9pfs: prevent opening special files [CVE-2023-2861]; fix reentrancy issues in the LSI controller [CVE-2023-0330]
NEW changes in stable-new
Processing changes file: glibc_2.36-9+deb12u1_mipsel-buildd.changes ACCEPT
Bug#1041037: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3
This is https://bugs.debian.org/1041043 - #1041043, I forgot to file debian bug report about this issue. It's closed now by the sid upload of samba. /mjt
Bug#1041045: bookworm-pu: package indent/2.2.12-4+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent
[ Reason ]
This upload fixes Bug #1036851, where indent crashes with the following message
on a real file from the gstreamer project:
indent: Virtual memory exhausted.
free(): double free detected in tcache 2
[ Impact ]
Currently users of stable can't use indent with certain inputs,
as it crashes.
[ Tests ]
The upstream package has a test suite, which still passes.
[ Risks ]
The patch is already part of indent 2.2.13 and it's taken directly
from the git repository, and it fixes the memory handling problem
and nothing else.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Add 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch.
No other changes.
[ Other info ]
The package is already uploaded.diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog 2023-01-25 19:35:00.0 +0100
+++ indent-2.2.12/debian/changelog 2023-07-14 13:40:00.0 +0200
@@ -1,3 +1,11 @@
+indent (2.2.12-4+deb12u1) bookworm; urgency=medium
+
+ * Restore the ROUND_UP macro and adjust the initial buffer size.
+Patch from the author, backported from 2.2.13.
+Fix memory handling problem. Closes: #1036851.
+
+ -- Santiago Vila Fri, 14 Jul 2023 13:40:00 +0200
+
indent (2.2.12-4) unstable; urgency=medium
[ Helge Deller ]
diff -Nru
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
---
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
1970-01-01 01:00:00.0 +0100
+++
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
2023-07-14 12:02:00.0 +0200
@@ -0,0 +1,59 @@
+From: Andrej Shadura
+Subject: Restore the ROUND_UP macro and adjust the initial buffer size.
+Bug-Debian: https://bugs.debian.org/1036851
+
+When need_chars was moved from "handletoken.h" to "handletoken.c",
+the ROUND_UP macro was removed, but the replacement was incorrect.
+
+This caused the program to exit with a "Virtual memory exhausted"
+error when it tried to reallocate 0 bytes (thus freeing the memory).
+It reallocated to 0 bytes because the initial buffer size was less
+than 1024, and the size calculation rounds down instead of up.
+
+Bug: #56644
+Fixes: c89d32a
+---
+ src/handletoken.c | 2 +-
+ src/indent.h | 8
+ src/parse.c | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/src/handletoken.c
b/src/handletoken.c
+@@ -85,7 +85,7 @@
+
+ if (current_size + needed >= (size_t)bp->size)
+ {
+-bp->size = ((current_size + needed) & (size_t)~1023);
++bp->size = ROUND_UP (current_size + needed, 1024);
+ bp->ptr = xrealloc(bp->ptr, bp->size);
+ if (bp->ptr == NULL)
+ {
+--- a/src/indent.h
b/src/indent.h
+@@ -66,6 +66,14 @@
+
+ #include "lexi.h"
+
++/**
++ * Round up P to be a multiple of SIZE.
++ */
++
++#ifndef ROUND_UP
++#define ROUND_UP(p, size) (((unsigned long) (p) + (size) - 1) & ~((size) - 1))
++#endif
++
+ /** Values that `indent' can return for exit status.
+ *
+ * `total_success' means no errors or warnings were found during a successful
+--- a/src/parse.c
b/src/parse.c
+@@ -53,7 +53,7 @@
+
+ parser_state_ty *parser_state_tos = NULL;
+
+-#define INITIAL_BUFFER_SIZE 1000
++#define INITIAL_BUFFER_SIZE 1024
+ #define INITIAL_STACK_SIZE 2
+
+ /**
diff -Nru indent-2.2.12/debian/patches/series
indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series 2023-01-25 18:00:00.0 +0100
+++ indent-2.2.12/debian/patches/series 2023-07-14 12:00:00.0 +0200
@@ -1 +1,2 @@
01-add-missing-shebang.patch
+02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
Processed: bookworm-pu: package indent/2.2.12-4+deb12u1
Processing control commands: > affects -1 + src:indent Bug #1041045 [release.debian.org] bookworm-pu: package indent/2.2.12-4+deb12u1 Added indication that 1041045 affects src:indent -- 1041045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041045 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Give-backs of linux/mips{,64}el / bookworm this morning
On Fri, Jul 14, 2023 at 11:03:39AM +0100, Adam D. Barratt wrote: > Hi Adrian, Hi Adam, > While checking the status of the linux upload to proposed-updates this > morning, I noticed that the packages for mipsel and mips64el were still > in the BD-Uninstallable state, whereas those for some other > architectures had already started building. > > Further investigation showed that you requested a give-back for the > package on those architectures while they were in Needs-Build. Could > you please explain why you did so? >... to avoid building on a buildd where it would take until Monday, like one of you did in a different way afterwards when killing the mips64el build on mipsel-aql-02. The next fast buildds mipsel-osuosl-04 and mipsel-osuosl-05 were still busy for an hour in unstable,[1] I would have given back when they would have been certain to be the next available buildds. > Regards, > > Adam cu Adrian [1] https://buildd.debian.org/status/recent.php?pkg=&a=mipsel%2Cmips64el
NEW changes in stable-new
Processing changes file: linux_6.1.38-1_all-buildd.changes ACCEPT Processing changes file: linux_6.1.38-1_ppc64el-buildd.changes ACCEPT Processing changes file: linux_6.1.38-1_s390x-buildd.changes ACCEPT
Bug#1041039: bookworm-pu: package nvidia-open-gpu-kernel-modules/525.125.06-1~deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu [ Reason ] This is the last package in the current nvidia driver update round, fixing some CVEs. [ Impact ] package would become uninstallable due to the firmware package (from src:nvidia-graphics-drivers(-tesla) getting a version bump. [ Tests ] only module compilation was tested [ Risks ] updating the nvidia driver to a new upstream release is a well established procedure, I hope we can handle nvidia-open-gpu-kernel-modules in the same quality. [ Checklist ] [*] *all* changes are documented in the d/changelog [ ] I reviewed all changes and I approve them Honestly, I didn't verify the upstream diff. 141 files changed, 8435 insertions(+), 6089 deletions(-) But most of that code is also part of the blob in src:nvidia-graphics-drivers. [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] A new upstream release. Our patches are in sync with src:nvidia-graphics-drivers (same upstream version branch). [ Other info ] The package is already uploaded. Andreas
Give-backs of linux/mips{,64}el / bookworm this morning
Hi Adrian, While checking the status of the linux upload to proposed-updates this morning, I noticed that the packages for mipsel and mips64el were still in the BD-Uninstallable state, whereas those for some other architectures had already started building. Further investigation showed that you requested a give-back for the package on those architectures while they were in Needs-Build. Could you please explain why you did so? For (o-)p-u, this is particularly disruptive, as packages only automatically transition from BD-Uninstallable to Needs-Build at each dinstall. If I hadn't spotted the situation and intervened, we would have had at least a further 6 hour delay before either of the builds started. This would be annoying at the best of times, but with the freeze for 6.1 coming this weekend was even more so in this instance. Regards, Adam
Bug#1041037: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sa...@packages.debian.org, pkg-samba-de...@lists.alioth.debian.org
Control: affects -1 + src:samba
[ Reason ]
Microsoft released Jul-2023 updates for current windows versions,
with some changes in the auth/trust process. This revealed a bug
in samba, which result in a serious loss of service not only within
samba itself but also within whole windows domain network, resulting
in users not being able to log in to their windows computers anymore.
This is tracked in the samba bug tracker, see
https://bugzilla.samba.org/show_bug.cgi?id=15418
and on the samba mailing list. A lot of users are affected worldwide.
The problem is that with this update, windows started trying to negotiate
a new security level (l2) which isn't documented. Per the specs, an
implementation should reject unknown security levels with "unsupported"
error, so the client trying a new level knows it not supported. But
samba does not reject it immediately and tries to process, just to reject
it later with a different error. As a result, windows treats this as
actual trust error instead of an unsupported optional feature.
[ Impact ]
Many users are affected worldwide after the current windows update has
been installed, being unable to log in to their windows computers.
[ Tests ]
The fix has been verified by multiple independent users. I can confirm
the updated package fixes the issue on our site too.
[ Risks ]
The change is rather simple, - it is just moving the check for unsupported
level to be one of the first checks and return correct code immediately
instead of trying to process an unknown-format request.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
(See debdiff below)
[ Other info ]
The same fix is already uploaded to sid (for the version of samba in sid)
and is released by other major distributions. The fix is on top of a previous
bookworm-pu update which has been discussed and accepted previously.
I'm uploading the updated package while sending this email,
hopefully it is okay.
Thanks,
/mjt
diff -Nru samba-4.17.9+dfsg/debian/changelog samba-4.17.9+dfsg/debian/changelog
--- samba-4.17.9+dfsg/debian/changelog 2023-07-09 09:44:29.0 +0300
+++ samba-4.17.9+dfsg/debian/changelog 2023-07-14 12:34:30.0 +0300
@@ -1,3 +1,11 @@
+samba (2:4.17.9+dfsg-0+deb12u3) bookworm; urgency=medium
+
+ * +fix-unsupported-netr_LogonGetCapabilities-l2.patch
+Fix windows logon/trust issues with 2023-07 windows updates:
+https://bugzilla.samba.org/show_bug.cgi?id=15418
+
+ -- Michael Tokarev Fri, 14 Jul 2023 12:34:30 +0300
+
samba (2:4.17.9+dfsg-0+deb12u2) bookworm; urgency=medium
* link with -latomic explicitly on a few architectures where gcc misses it
diff -Nru
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
---
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
1970-01-01 03:00:00.0 +0300
+++
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
2023-07-14 12:33:32.0 +0300
@@ -0,0 +1,68 @@
+From af355243e55a4baf17126339eb66432d438c4f16 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher
+Date: Fri, 14 Jul 2023 10:20:05 +0200
+Subject: [PATCH] s3+s3/rpc_server: fix unsupported netr_LogonGetCapabilities
+ level 2
+Origin: upstream, https://bugzilla.samba.org/attachment.cgi?id=17983
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 9 +
+ source4/rpc_server/netlogon/dcerpc_netlogon.c | 8
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 3ba58e61206f..2018dc28eb67 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -2284,6 +2284,11 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct
*p,
+ struct netlogon_creds_CredentialState *creds;
+ NTSTATUS status;
+
++ if (r->in.query_level != 1) {
++ p->fault_state = DCERPC_NCA_S_FAULT_INVALID_TAG;
++ return NT_STATUS_NOT_SUPPORTED;
++ }
++
+ become_root();
+ status = dcesrv_netr_creds_server_step_check(p->dce_call,
+ p->mem_ctx,
+@@ -2296,10 +2301,6 @@ NTSTATUS _netr_LogonGetCapabilities(struct pipes_struct
*p,
+ return status;
+ }
+
+- if (r->in.query_level != 1) {
+- return NT_STATUS_NOT_SUPPORTED;
+- }
+-
+ r->out.capabilities->server_capabilitie
Processed: bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3
Processing control commands: > affects -1 + src:samba Bug #1041037 [release.debian.org] bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3 Added indication that 1041037 affects src:samba -- 1041037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041037 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in stable-new
Processing changes file: glibc_2.36-9+deb12u1_amd64-buildd.changes ACCEPT
