date:20230722

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: libxnvctrl_525.85.05-3~deb12u1_s390x-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_s390x-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: libxnvctrl_525.85.05-3~deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-settings-tesla_525.125.06-1~deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_mipsel-buildd.changes
  ACCEPT

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: 
nvidia-settings-tesla_525.125.06-1~deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_all-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_ppc64el-buildd.changes
  ACCEPT

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: boxer-data_10.9.12+deb12u1_all-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-settings_525.125.06-1~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: 
nvidia-settings-tesla_525.125.06-1~deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_all-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_ppc64el-buildd.changes
  ACCEPT

Re: Uploading linux (6.4.4-1)

2023-07-22 Thread Ben Hutchings

On Sat, 2023-07-22 at 22:57 +0200, Salvatore Bonaccorso wrote:
[...]
> Having 6.3.11-1 into testing would really have been preferred but I understand
> people do not want to have #1040178 exposed, so let's try to move ahead with
> the 6.4.y series.
> 
> Ben and Bastian, let me know loudly if you disagree on the plan to upload
> 6.4.4-1 for unstable.

No objection here.

Ben.

-- 
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams

Uploading linux (6.4.4-1)

2023-07-22 Thread Salvatore Bonaccorso

Hi

I would like to upload linux version 6.4.4-1 later the upcoming days
to unstable. This is quite unfortunate as i wanted to have the
security fixes from 6.3.11-1 for a while now in unstable, but
transition is blocked due #1040178.

The new upload would consist of a new upstream version switching to
the 6.4.y series in unstable. An ABi bump is included.

Prominently the new version will finally fix CVE-2023-3269 (StackRot,
cf. DSA-5448-1), and as well CVE-2023-31248 and CVE-2023-35001 in
nf_tables.

Apart from switching from 6.3.y to 6.4.y series there are additional
changes covering:

  * [riscv64] enable CONFIG_SND_HDA_INTEL as module
  * Compile with gcc-13 on all architectures
  * [rt] Refresh "serial: 8250: implement non-BKL console"
  * kernel/trace: Enable FPROBE
  * d/rules.real: Fix CROSS_COMPILE definition for hppa native build
(regression in 6.4~rc7-1~exp1)
  * Include kbuild package into ABI. (closes: #1040178)
  * [powerpc,riscv64,s390x] Enable DEBUG_INFO_BTF.
  * [riscv64] Enable devices added in 6.4 for StarFive JH7110 RISC-V SoC:
SENSORS_SFCTEMP, MMC_DW, MMC_DW_STARFIVE and STARFIVE_WATCHDOG.
  * [hppa] Allow up to 16 CPUs with 32-bit kernel
  * [hppa] Build some more fbdev graphic card drivers as modules
  * Enable all RTW88 variants (USB + SDIO). (Closes: #1038409)
  * [rt] Update to 6.4-rt6
  * [x86] drivers/platform/x86/hp: Enable X86_PLATFORM_DRIVERS_HP
(Closes: #1038799)
  * mm: Enable Multi-Gen LRU implementation (by default) (Closes: #1030617)
  * linux-perf: Add libtraceevent-dev to Build-Depends (fixes FTBFS on several
architectures)
  * linux-image: Define CROSS_COMPILE and CROSS_COMPILE_COMPAT more consistently
  * [hppa] linux-headers: Fix toolchain dependencies
  * [hppa] Make cross-builds work
  * [m68k] Fix invalid .section syntax (fixes FTBFS)
  * d/rules.real: Also remove executable bit from dtbo files
  * [mips*]: Enable more drivers for boston
  * [mips*]: Install dtbs for mipsel and mips64el
  * linux-perf: Update build rules and dependencies for change to
demangling
  * linux-perf: Build C++ code with Debian standard compiler flags

Having 6.3.11-1 into testing would really have been preferred but I understand
people do not want to have #1040178 exposed, so let's try to move ahead with
the 6.4.y series.

Ben and Bastian, let me know loudly if you disagree on the plan to upload
6.4.4-1 for unstable.

Regards,
Salvatore


signature.asc
Description: PGP signature

NEW changes in oldstable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_amd64.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_amd64-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_arm64-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_armel-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_armhf-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_i386-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_mips64el-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_mipsel-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_ppc64el-buildd.changes
  ACCEPT
Processing changes file: gpac_1.0.1+dfsg1-4+deb11u3_s390x-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_source.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_amd64-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_arm64-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_armel-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_armhf-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_i386-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.9-1+deb11u1_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: iperf3_3.12-1+deb12u1_source.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_amd64-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_arm64-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_armel-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_armhf-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_i386-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_mips64el-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_mipsel-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_ppc64el-buildd.changes
  ACCEPT
Processing changes file: iperf3_3.12-1+deb12u1_s390x-buildd.changes
  ACCEPT

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Adam D. Barratt

On Sat, 2023-07-22 at 19:29 +0300, Martin-Éric Racine wrote:
> On Sat, Jul 22, 2023 at 7:26 PM Adam D. Barratt
>  wrote:
> > On Sat, 2023-07-22 at 18:03 +0300, Martin-Éric Racine wrote:
> > > Sure enough, I had forgotten to change the version used in
> > > dhcpcd.preinst to the tilde one. Fixed as per attachment.
> > 
> > Please could we have an interdiff from ~deb12u1, to make seeing the
> > specific change simpler?
> 
> Sure. Attached.
> 

Thanks, please feel free upload with that diff.

Regards,

Adam

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Martin-Éric Racine

On Sat, Jul 22, 2023 at 7:26 PM Adam D. Barratt
 wrote:
>
> On Sat, 2023-07-22 at 18:03 +0300, Martin-Éric Racine wrote:
> > Sure enough, I had forgotten to change the version used in
> > dhcpcd.preinst to the tilde one. Fixed as per attachment.
>
> Please could we have an interdiff from ~deb12u1, to make seeing the
> specific change simpler?

Sure. Attached.

Martin-Éric
diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
--- dhcpcd5-9.4.1/debian/changelog  2023-07-22 17:00:48.0 +0300
+++ dhcpcd5-9.4.1/debian/changelog  2023-07-22 17:56:49.0 +0300
@@ -1,3 +1,9 @@
+dhcpcd5 (9.4.1-24~deb12u2) bookworm; urgency=medium
+
+  * Fixed dhcpcd.preinst with the tilde version.
+
+ -- Martin-Éric Racine   Sat, 22 Jul 2023 17:56:49 
+0300
+
 dhcpcd5 (9.4.1-24~deb12u1) bookworm; urgency=medium
 
   * Backported Wheezy upgrade mitigation from unstable (Closes: #1037190).
diff -Nru dhcpcd5-9.4.1/debian/dhcpcd.preinst 
dhcpcd5-9.4.1/debian/dhcpcd.preinst
--- dhcpcd5-9.4.1/debian/dhcpcd.preinst 2023-07-22 17:00:48.0 +0300
+++ dhcpcd5-9.4.1/debian/dhcpcd.preinst 2023-07-22 17:56:40.0 +0300
@@ -2,7 +2,7 @@
 # As per Debian bug #1037190.
 # Copyright 2023 Andreas Beckmann 
 set -e
-if dpkg --compare-versions "$2" lt-nl "1:9.4.1-24+deb12u1~" ; then
+if dpkg --compare-versions "$2" lt-nl "1:9.4.1-24~deb12u2~" ; then
   # Cleanup leftovers from dhcpcd 1:3.* in Wheezy.
   # Can be removed after Trixie is released.
   update-alternatives --remove dhcpcd /sbin/dhcpcd3

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Adam D. Barratt

On Sat, 2023-07-22 at 18:03 +0300, Martin-Éric Racine wrote:
> Sure enough, I had forgotten to change the version used in
> dhcpcd.preinst to the tilde one. Fixed as per attachment.

Please could we have an interdiff from ~deb12u1, to make seeing the
specific change simpler?

Regards,

Adam

NEW changes in oldstable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: linux_5.10.179-2_source.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_all-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_amd64-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_arm64-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_armel-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_armhf-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_i386-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_mips64el-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_mipsel-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: linux_5.10.179-2_s390x-buildd.changes
  ACCEPT
Processing changes file: linux-signed-amd64_5.10.179+2_source.changes
  ACCEPT
Processing changes file: linux-signed-amd64_5.10.179+2_amd64-buildd.changes
  ACCEPT
Processing changes file: linux-signed-arm64_5.10.179+2_source.changes
  ACCEPT
Processing changes file: linux-signed-arm64_5.10.179+2_arm64-buildd.changes
  ACCEPT
Processing changes file: linux-signed-i386_5.10.179+2_source.changes
  ACCEPT
Processing changes file: linux-signed-i386_5.10.179+2_i386-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_source.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_all-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_amd64-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_arm64-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_armel-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_armhf-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_i386-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_mips64el-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_mipsel-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_ppc64el-buildd.changes
  ACCEPT
Processing changes file: webkit2gtk_2.40.3-2~deb11u2_s390x-buildd.changes
  ACCEPT

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: kanboard_1.2.26+ds-2+deb12u2_source.changes
  ACCEPT
Processing changes file: kanboard_1.2.26+ds-2+deb12u2_all-buildd.changes
  ACCEPT
Processing changes file: libxnvctrl_525.85.05-3~deb12u1_amd64.changes
  ACCEPT
Processing changes file: nvidia-settings_525.125.06-1~deb12u1_amd64.changes
  ACCEPT
Processing changes file: 
nvidia-settings-tesla_525.125.06-1~deb12u1_source.changes
  ACCEPT
Processing changes file: rmlint_2.9.0-2.3+deb12u1_source.changes
  ACCEPT
Processing changes file: transmission_3.00-2.1+deb12u1_source.changes
  ACCEPT

Processed: nvidia-settings 525.125.06-1~deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040770 = bookworm pending
Bug #1040770 [release.debian.org] bookworm-pu: package 
nvidia-settings/525.125.06-1~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040770
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: rmlint 2.9.0-2.3+deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040939 = bookworm pending
Bug #1040939 [release.debian.org] bookworm-pu: package rmlint/2.9.0-2.3+deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040939: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040939
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: transmission 3.00-2.1+deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1041272 = bookworm pending
Bug #1041272 [release.debian.org] bookworm-pu: package 
transmission/3.00-2.1+deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1041272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: libxnvctrl 525.85.05-3~deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040768 = bookworm pending
Bug #1040768 [release.debian.org] bookworm-pu: package 
libxnvctrl/525.85.05-3~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040768
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: nvidia-settings-tesla 525.125.06-1~deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1040890 = bookworm pending
Bug #1040890 [release.debian.org] bookworm-pu: package 
nvidia-settings-tesla/525.125.06-1~deb12u1
Added tag(s) pending; removed tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040890: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040890
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041272: transmission 3.00-2.1+deb12u1 flagged for acceptance

2023-07-22 Thread Adam D Barratt

package release.debian.org
tags 1041272 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: transmission
Version: 3.00-2.1+deb12u1

Explanation: replace openssl3 compat patch to fix memory leak

Bug#1040939: rmlint 2.9.0-2.3+deb12u1 flagged for acceptance

2023-07-22 Thread Adam D Barratt

package release.debian.org
tags 1040939 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: rmlint
Version: 2.9.0-2.3+deb12u1

Explanation: fix error in other packages caused by invalid python package 
version

Bug#1040890: nvidia-settings-tesla 525.125.06-1~deb12u1 flagged for acceptance

2023-07-22 Thread Adam D Barratt

package release.debian.org
tags 1040890 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-settings-tesla
Version: 525.125.06-1~deb12u1

Explanation: new upstream bugfix release

Bug#1040770: nvidia-settings 525.125.06-1~deb12u1 flagged for acceptance

2023-07-22 Thread Adam D Barratt

package release.debian.org
tags 1040770 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: nvidia-settings
Version: 525.125.06-1~deb12u1

Explanation: new upstream bugfix release

Bug#1040768: libxnvctrl 525.85.05-3~deb12u1 flagged for acceptance

2023-07-22 Thread Adam D Barratt

package release.debian.org
tags 1040768 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: libxnvctrl
Version: 525.85.05-3~deb12u1

Explanation: new source package split from nvidia-settings

Processed: retitle 1040951 to bookworm-pu: package dhcpcd5/9.4.1-24~deb12u2

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> retitle 1040951 bookworm-pu: package dhcpcd5/9.4.1-24~deb12u2
Bug #1040951 [release.debian.org] bookworm-pu: package dhcpcd5/9.4.1-24+deb12u1
Changed Bug title to 'bookworm-pu: package dhcpcd5/9.4.1-24~deb12u2' from 
'bookworm-pu: package dhcpcd5/9.4.1-24+deb12u1'.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1040951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040951
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1

2023-07-22 Thread Étienne Mollier

Hi Jonathan,

Jonathan Wiltshire, on 2023-07-22:
> Control: tag -1 confirmed
> 
> On Wed, Jul 19, 2023 at 12:04:04PM +0200, Étienne Mollier wrote:
> > hnswlib is affected by CVE-2023-37365 marked no-dsa, documented
> > through the important bug #1041426.  Quoting the CVE for short:
> > hnswlib has a double free in init_index when the M argument is a
> > large integer.
> 
> Please go ahead,

I went ahead and got feedback the package was accepted in stable
proposed updates.  Thanks!

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier 
 : :' :  gpg: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/6, please excuse my verbosity
   `-


signature.asc
Description: PGP signature

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Martin-Éric Racine

On Sat, Jul 22, 2023 at 5:25 PM Martin-Éric Racine
 wrote:
>
> On Sat, Jul 22, 2023 at 5:07 PM Adam D. Barratt
>  wrote:
> >
> > On Sat, 2023-07-22 at 14:57 +0100, Jonathan Wiltshire wrote:
> > > Control: tag -1 confirmed
> > >
> > > On Sat, Jul 22, 2023 at 02:54:18PM +0300, Martin-Éric Racine wrote:
> > > > Since 
> > > > posed
> > > > some reservations about the suitability of changes since 9.4.1-22,
> > > > here's the debdiff compared to that.
> > > >
> > > > It should also be noted that src:dhcpcd5 has been replaced by
> > > > src:dhcpcd in testing/unstable, which ships a newer upstream
> > > > release,
> > > > thus the version of this bookworm update is not higher.
> > > >
> >
> > For the record, it has *not* been replaced, at least at this point in
> > time. Both source packages still exist in both testing and unstable.
> >
> > dhcpcd | 1:10.0.1-3| unstable   | source
> > dhcpcd | 1:10.0.2-1| testing| source, all
> > dhcpcd | 1:10.0.2-1| unstable   | source, all
> > dhcpcd | 1:10.0.2-1| unstable-debug | source
> >
> > dhcpcd5| 9.4.1-24 | testing| source, all
> > dhcpcd5| 9.4.1-24 | unstable   | source
> > dhcpcd5| 9.4.1-24 | unstable-debug | source
> > dhcpcd5| 9.4.1-24+deb12u1 | stable-new | source
> > dhcpcd5| 1:10.0.1-3   | unstable   | all
>
> Bug#1041712: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in
> testing/unstable

Sure enough, I had forgotten to change the version used in
dhcpcd.preinst to the tilde one. Fixed as per attachment.

Martin-Éric
diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
--- dhcpcd5-9.4.1/debian/changelog  2023-05-24 15:03:22.0 +0300
+++ dhcpcd5-9.4.1/debian/changelog  2023-07-22 17:56:49.0 +0300
@@ -1,3 +1,37 @@
+dhcpcd5 (9.4.1-24~deb12u2) bookworm; urgency=medium
+
+  * Fixed dhcpcd.preinst with the tilde version.
+
+ -- Martin-Éric Racine   Sat, 22 Jul 2023 17:56:49 
+0300
+
+dhcpcd5 (9.4.1-24~deb12u1) bookworm; urgency=medium
+
+  * Backported Wheezy upgrade mitigation from unstable (Closes: #1037190).
++ Include /usr/share/dpkg/pkg-info.mk needed for target version mingling.
++ Add epoch to bin:dhcpcd via override_dh_gencontrol.
+  Wheezy had (1:3.2.3-11+deb7u1) so reintroduce the epoch for one target.
++ Add dhcpcd.preinst by Andreas Beckmann to clean up upgrade leftovers.
+
+ -- Martin-Éric Racine   Sat, 22 Jul 2023 17:00:48 
+0300
+
+dhcpcd5 (9.4.1-24) unstable; urgency=medium
+
+  * Upload to unstable.
+
+ -- Martin-Éric Racine   Mon, 29 May 2023 15:45:31 
+0800
+
+dhcpcd5 (9.4.1-23) experimental; urgency=medium
+
+  [ Martin-Éric Racine ]
+  * Migrate both VCS addresses to 5-less ones.
+
+  [ Shengjing Zhu ]
+  * Drop Conflicts/Replaces dhcp-client (Closes: #1036085).
+  * Drop deprecated ntpd integration (Closes: #1036092).
+No longer working since ntpd was superseded by ntpsec.
+
+ -- Martin-Éric Racine   Sun, 28 May 2023 06:02:59 
+0300
+
 dhcpcd5 (9.4.1-22) unstable; urgency=medium
 
   [ Martin-Éric Racine ]
diff -Nru dhcpcd5-9.4.1/debian/control dhcpcd5-9.4.1/debian/control
--- dhcpcd5-9.4.1/debian/control2023-05-24 15:03:22.0 +0300
+++ dhcpcd5-9.4.1/debian/control2023-05-28 05:57:38.0 +0300
@@ -8,15 +8,13 @@
pkg-config
 Rules-Requires-Root: no
 Standards-Version: 4.6.2
-Vcs-Browser: https://salsa.debian.org/debian/dhcpcd5
-Vcs-Git: https://salsa.debian.org/debian/dhcpcd5.git
+Vcs-Browser: https://salsa.debian.org/debian/dhcpcd
+Vcs-Git: https://salsa.debian.org/debian/dhcpcd.git
 
 Package: dhcpcd-base
 Architecture: any
-Conflicts: dhcp-client
 Provides: dhcp-client
-Replaces: dhcp-client,
-  dhcpcd5 (<< 9.4.1-2)
+Replaces: dhcpcd5 (<< 9.4.1-2)
 Breaks: dhcpcd5 (<< 9.4.1-2)
 Depends: adduser,
  ${misc:Depends},
diff -Nru dhcpcd5-9.4.1/debian/copyright dhcpcd5-9.4.1/debian/copyright
--- dhcpcd5-9.4.1/debian/copyright  2023-05-24 15:03:22.0 +0300
+++ dhcpcd5-9.4.1/debian/copyright  2023-07-09 22:09:15.0 +0300
@@ -4,7 +4,7 @@
 Upstream-Contact: Roy Marples 
 
 Files: *
-Copyright: 2006-2018  Roy Marples 
+Copyright: 2006-2023  Roy Marples 
1999, 2016 The NetBSD Foundation, Inc.
2005 Colin Percival
2005 The DragonFly Project.  All rights reserved.
@@ -68,6 +68,7 @@
2015 Daniel Echeverry 
2018 Scott Leggett 
2022-2023 Martin-Éric Racine 
+   2023 Andreas Beckmann 
 License: BSD-2
 
 Files: debian/hooks/*
diff -Nru dhcpcd5-9.4.1/debian/dhcpcd.preinst 
dhcpcd5-9.4.1/debian/dhcpcd.preinst
--- dhcpcd5-9.4.1/debian/dhcpcd.preinst 1970-01-01 02:00:00.0 +0200
+++ dhcpcd5-9.4.1/debian/dhcpcd.preinst 2023-07-22 17:56:40.0 +0300
@@ -0,0 +1,14 @@
+#!/bin/sh
+# As per Debian bug #1037190.
+# Copyright 2023 Andreas Beckmann 
+set -e
+if dpkg

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: boxer-data_10.9.12+deb12u1_source.changes
  ACCEPT

Bug#1041498: bookworm-pu: package testng7/7.5-2~deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Wed, Jul 19, 2023 at 09:08:11PM +0200, Moritz Muehlenhoff wrote:
> We need to introduce a backport of testng7 in the version found in trixie
> to bookworm (and TBD, also for bullseye).
> 
> It's needed for the latest versions of openjdk-17 LTS (as part of the
> test suite).

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1041498: bookworm-pu: package testng7/7.5-2~deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1041498 [release.debian.org] bookworm-pu: package testng7/7.5-2~deb12u1
Added tag(s) confirmed.

-- 
1041498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041498
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1041712: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in testing/unstable

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> reassign -1 ftp.debian.org
Bug #1041712 [release.debian.org] RM: dhcpcd5/9.4.1-24; ROM; replaced by 
src:dhcpcd in testing/unstable
Bug reassigned from package 'release.debian.org' to 'ftp.debian.org'.
Ignoring request to alter found versions of bug #1041712 to the same values 
previously set
Ignoring request to alter fixed versions of bug #1041712 to the same values 
previously set

-- 
1041712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041712: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in testing/unstable

2023-07-22 Thread Adam D. Barratt

Control: reassign -1 ftp.debian.org

On Sat, 2023-07-22 at 17:20 +0300, Martin-Éric Racine wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: rm
> X-Debbugs-Cc: dhcp...@packages.debian.org
> Control: affects -1 + src:dhcpcd5
> 
> Please remove src:dhcp5 from testing/unstable. It is replaced by
> src:dhcpcd starting with Trixie.
> 

Removals that affect both unstable and testing happen in unstable and
then get automatically reflected in testing once possible. Reassigning
to ftp.d.o.

Regards,

Adam

Processed: boxer-data 10.9.12+deb12u1 flagged for acceptance

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> package release.debian.org
Limiting to bugs with field 'package' containing at least one of 
'release.debian.org'
Limit currently set to 'package':'release.debian.org'

> tags 1041446 = bookworm pending
Bug #1041446 [release.debian.org] bookworm-pu: package boxer-data/10.9.12
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1041446: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041446
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Martin-Éric Racine

On Sat, Jul 22, 2023 at 5:07 PM Adam D. Barratt
 wrote:
>
> On Sat, 2023-07-22 at 14:57 +0100, Jonathan Wiltshire wrote:
> > Control: tag -1 confirmed
> >
> > On Sat, Jul 22, 2023 at 02:54:18PM +0300, Martin-Éric Racine wrote:
> > > Since 
> > > posed
> > > some reservations about the suitability of changes since 9.4.1-22,
> > > here's the debdiff compared to that.
> > >
> > > It should also be noted that src:dhcpcd5 has been replaced by
> > > src:dhcpcd in testing/unstable, which ships a newer upstream
> > > release,
> > > thus the version of this bookworm update is not higher.
> > >
>
> For the record, it has *not* been replaced, at least at this point in
> time. Both source packages still exist in both testing and unstable.
>
> dhcpcd | 1:10.0.1-3| unstable   | source
> dhcpcd | 1:10.0.2-1| testing| source, all
> dhcpcd | 1:10.0.2-1| unstable   | source, all
> dhcpcd | 1:10.0.2-1| unstable-debug | source
>
> dhcpcd5| 9.4.1-24 | testing| source, all
> dhcpcd5| 9.4.1-24 | unstable   | source
> dhcpcd5| 9.4.1-24 | unstable-debug | source
> dhcpcd5| 9.4.1-24+deb12u1 | stable-new | source
> dhcpcd5| 1:10.0.1-3   | unstable   | all

Bug#1041712: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in
testing/unstable

Martin-Éric

NEW changes in stable-new

2023-07-22 Thread Debian FTP Masters

Processing changes file: dhcpcd5_9.4.1-24+deb12u1_source.changes
  REJECT

Bug#1041446: boxer-data 10.9.12+deb12u1 flagged for acceptance

2023-07-22 Thread Jonathan Wiltshire

package release.debian.org
tags 1041446 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into 
the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==

Package: boxer-data
Version: 10.9.12+deb12u1

Explanation: no longer install https-everywhere for Firefox

Processed: Re: Bug#1036797: Acknowledgement (bullseye-pu: package mariadb-10.5 10.5.20-0+deb11u1)

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #1036797 [release.debian.org] bullseye-pu: package mariadb-10.5 
10.5.20-0+deb11u1
Added tag(s) confirmed.

-- 
1036797: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036797
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1036797: Acknowledgement (bullseye-pu: package mariadb-10.5 10.5.20-0+deb11u1)

2023-07-22 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Mon, 2023-07-03 at 16:26 +0300, Otto Kekäläinen wrote:
> Can you please grant permission to upload this to oldstable-proposed-
> updates?
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Processed: tagging 1041348

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tags 1041348 + pending
Bug #1041348 [release.debian.org] RM: https-everywhere -- ROM; obsolete;major 
browsers offer native support now
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1041348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: tagging 1041348

2023-07-22 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

> tags 1041348 + confirmed
Bug #1041348 [release.debian.org] RM: https-everywhere -- ROM; obsolete;major 
browsers offer native support now
Added tag(s) confirmed.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1041348: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041348
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041712: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in testing/unstable

2023-07-22 Thread Martin-Éric Racine

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: rm
X-Debbugs-Cc: dhcp...@packages.debian.org
Control: affects -1 + src:dhcpcd5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Please remove src:dhcp5 from testing/unstable. It is replaced by src:dhcpcd 
starting with Trixie.

Thanks!
Martin-Éric

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmS75aYACgkQrh+Cd8S0
17Zhpg//VHDct8WT3fH5HsZorpF3NCgeV5cMrM9cI303l/Of1Ns0vtCqb4t5eYcX
4pipEjKY24fdRCOhQOqyUJzx5TV+HT26g2eG5nsNOwj04UyCPDSX2qyy8r4gwAr1
JQxqaEi4sDJVtSw7kfp/LMCCbt+s2cMJduAwtXIUxxFYKwxjcEygpj60ctyd57mf
vFRSBOBG7bGXfHJYumHlamQL9VpdnNuOiP/PO8TOOkdGgpm51lBJPnGy5H6F9VI7
tixOWPxDtEbs8Gi6KbMND5Fk3utZPeYi1URnUZDUsxhJz0jCv0mcyeKpxaUsNkGL
4yBP2t8HIOFyNi69FXl0NZsRONxe4l0GJHhNkm9JDqrLLL3pxTNSiaTf2L8Oo5QI
YgghHA+o9lhtyMGnZ4gZQoQfNOwt+kjhiNkziPiNvcbNby5UtBzqeYGZDwcsZW8X
tN+yckTDKJ/8sd/7WD8cBuG03ZgIkjRfKJmCsMdxONyx+Cnlqc5ph7zS2BzSiEzY
S9EuBYmRuz/qvCyBzL/IfUFhICkOfqvgNWM8CBhrj5N2Gwc0F9JctCSGz2pqLjiH
howD48RhlV1iXcQIyyU/lEaDC+QG88rB3ZsNKRAC8ydhjc8OJGrmWH05RdFUpT2S
EgItznhpzTS+XXA8XohDGPjlyRMQ6iNWzXQx2JN1T+CZUR81+UM=
=UquD
-END PGP SIGNATURE-

Processed: RM: dhcpcd5/9.4.1-24; ROM; replaced by src:dhcpcd in testing/unstable

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> affects -1 + src:dhcpcd5
Bug #1041712 [release.debian.org] RM: dhcpcd5/9.4.1-24; ROM; replaced by 
src:dhcpcd in testing/unstable
Added indication that 1041712 affects src:dhcpcd5

-- 
1041712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1037107: Acknowledgement (pre-unblock: bookworm-pu: mariadb/1:10.11.3-2/+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 = bookworm moreinfo
Bug #1037107 [release.debian.org] bookworm-pu: mariadb/1:10.11.4-0+deb12u1
Added tag(s) moreinfo; removed tag(s) confirmed.

-- 
1037107: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037107
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1037107: Acknowledgement (pre-unblock: bookworm-pu: mariadb/1:10.11.3-2/+deb12u1)

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 = bookworm moreinfo

On Thu, Jul 13, 2023 at 11:02:24PM -0700, Otto Kekäläinen wrote:
> I propose that the latest version of MariaDB 10.11.4 be included in
> the upcoming stable release update of Debian. Package ready at
> https://salsa.debian.org/mariadb-team/mariadb-server/-/commits/debian/bookworm
> 
> Current changelog:
> 
> mariadb (1:10.11.4-0+deb12u1) bookworm; urgency=medium
> 
>   [ Andreas Beckmann ]
>   * Introduce transitional mariadb-server-10.5 (Closes: #1035949)
> 
>   [ Otto Kekäläinen ]
>   * Duplicate selected Lintian overrides in old Lintian syntax for NEW queue
> (this might strictly not be needed for bookworm but does not hurt either)
> 
>  -- Otto Kekäläinen   Thu, 13 Jul 2023 21:17:18 -0700

This doesn't seem to mention the new upstream release at all?

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1041555: bookworm-pu: package stunnel4/3:5.68-2+deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Thu, Jul 20, 2023 at 10:58:08PM +0300, Peter Pentchev wrote:
> This is a pre-approval request before I upload an update to
> the stunnel4 package targetting bookworm to fix a bug in
> the handling of improperly closed TLS connections; see #1041545.
> The patch was taken from stunnel4 version 5.70 that I just
> uploaded to unstable.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1041555: bookworm-pu: package stunnel4/3:5.68-2+deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1041555 [release.debian.org] bookworm-pu: package stunnel4/3:5.68-2+deb12u1
Added tag(s) confirmed.

-- 
1041555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041555
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1041554: bookworm-pu: package openscap/1.3.7+dfsg-1+deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1041554 [release.debian.org] bookworm-pu: package 
openscap/1.3.7+dfsg-1+deb12u1
Added tag(s) confirmed.

-- 
1041554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041554
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041554: bookworm-pu: package openscap/1.3.7+dfsg-1+deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Thu, Jul 20, 2023 at 09:48:01PM +0200, Håvard Flaget Aasen wrote:
> The application 'oscap-docker' in openscap-utils is non-functional
> because of a missing dependency on python3-openscap, python3-openscap is
> also missing a dependency on python3-docker, this release fixes both
> issues and closes: #1040936.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Adam D. Barratt

On Sat, 2023-07-22 at 14:57 +0100, Jonathan Wiltshire wrote:
> Control: tag -1 confirmed
> 
> On Sat, Jul 22, 2023 at 02:54:18PM +0300, Martin-Éric Racine wrote:
> > Since 
> > posed
> > some reservations about the suitability of changes since 9.4.1-22,
> > here's the debdiff compared to that.
> > 
> > It should also be noted that src:dhcpcd5 has been replaced by
> > src:dhcpcd in testing/unstable, which ships a newer upstream
> > release,
> > thus the version of this bookworm update is not higher.
> > 

For the record, it has *not* been replaced, at least at this point in
time. Both source packages still exist in both testing and unstable.

dhcpcd | 1:10.0.1-3| unstable   | source
dhcpcd | 1:10.0.2-1| testing| source, all
dhcpcd | 1:10.0.2-1| unstable   | source, all
dhcpcd | 1:10.0.2-1| unstable-debug | source

dhcpcd5| 9.4.1-24 | testing| source, all
dhcpcd5| 9.4.1-24 | unstable   | source
dhcpcd5| 9.4.1-24 | unstable-debug | source
dhcpcd5| 9.4.1-24+deb12u1 | stable-new | source
dhcpcd5| 1:10.0.1-3   | unstable   | all

Regards,

Adam

Processed: Re: Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1041468 [release.debian.org] bookworm-pu: package hnswlib/0.6.2-2+deb12u1
Added tag(s) confirmed.

-- 
1041468: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041468
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041468: bookworm-pu: package hnswlib/0.6.2-2+deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Wed, Jul 19, 2023 at 12:04:04PM +0200, Étienne Mollier wrote:
> hnswlib is affected by CVE-2023-37365 marked no-dsa, documented
> through the important bug #1041426.  Quoting the CVE for short:
> hnswlib has a double free in init_index when the M argument is a
> large integer.

Please go ahead,

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1041272 [release.debian.org] bookworm-pu: package 
transmission/3.00-2.1+deb12u1
Added tag(s) confirmed.

-- 
1041272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Martin-Éric Racine

On Sat, Jul 22, 2023 at 4:57 PM Jonathan Wiltshire  wrote:
>
> Control: tag -1 confirmed
>
> On Sat, Jul 22, 2023 at 02:54:18PM +0300, Martin-Éric Racine wrote:
> > Since  posed
> > some reservations about the suitability of changes since 9.4.1-22,
> > here's the debdiff compared to that.
> >
> > It should also be noted that src:dhcpcd5 has been replaced by
> > src:dhcpcd in testing/unstable, which ships a newer upstream release,
> > thus the version of this bookworm update is not higher.
> >
> > Martin-Éric
>
> > diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
> > --- dhcpcd5-9.4.1/debian/changelog2023-05-24 15:03:22.0 +0300
> > +++ dhcpcd5-9.4.1/debian/changelog2023-07-13 07:56:52.0 +0300
> > @@ -1,3 +1,31 @@
> > +dhcpcd5 (9.4.1-24+deb12u1) bookworm; urgency=medium
>
> With the version as 9.4.1-24~deb12u1, please go ahead. The existing upload
> will be rejected.

Alright. Uploading again with corrected version. Thanks.

Matin-Éric

Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Sun, Jul 16, 2023 at 07:29:31PM +0200, Sebastian Ramacher wrote:
> transmission in bookworm suffers from a memory leak in bookworm (see
> #1015003). This issue was fixed in unstable in the new upstream
> releaase.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Sat, Jul 22, 2023 at 02:54:18PM +0300, Martin-Éric Racine wrote:
> Since  posed
> some reservations about the suitability of changes since 9.4.1-22,
> here's the debdiff compared to that.
> 
> It should also be noted that src:dhcpcd5 has been replaced by
> src:dhcpcd in testing/unstable, which ships a newer upstream release,
> thus the version of this bookworm update is not higher.
> 
> Martin-Éric

> diff -Nru dhcpcd5-9.4.1/debian/changelog dhcpcd5-9.4.1/debian/changelog
> --- dhcpcd5-9.4.1/debian/changelog2023-05-24 15:03:22.0 +0300
> +++ dhcpcd5-9.4.1/debian/changelog2023-07-13 07:56:52.0 +0300
> @@ -1,3 +1,31 @@
> +dhcpcd5 (9.4.1-24+deb12u1) bookworm; urgency=medium

With the version as 9.4.1-24~deb12u1, please go ahead. The existing upload
will be rejected.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040951: bookworm-pu: package dhcpcd5/9.4.1-24 deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1040951 [release.debian.org] bookworm-pu: package dhcpcd5/9.4.1-24+deb12u1
Added tag(s) confirmed.

-- 
1040951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040951
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040925: bookworm-pu: package ca-certificates-java/20230103+x

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Sat, Jul 15, 2023 at 11:39:02PM +0200, Andreas Beckmann wrote:
> Followup-For: Bug #1040925
> Control: retitle -1 bookworm-pu: package ca-certificates-java/20230620~deb12u1
> 
> my suggestion: rebuild the 20230620 package from sid

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040925: bookworm-pu: package ca-certificates-java/20230103+x

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1040925 [release.debian.org] bookworm-pu: package 
ca-certificates-java/20230620~deb12u1
Added tag(s) confirmed.

-- 
1040925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#1040890: bullseye-pu: package nvidia-settings-tesla/525.125.06-1~deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1040890 [release.debian.org] bookworm-pu: package 
nvidia-settings-tesla/525.125.06-1~deb12u1
Added tag(s) confirmed.

-- 
1040890: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040890
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040890: bullseye-pu: package nvidia-settings-tesla/525.125.06-1~deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Wed, Jul 12, 2023 at 01:31:34AM +0200, Andreas Beckmann wrote:
> [ Other info ]
> I prefer to keep nvidia-settings and nvidia-settings-tesla in sync.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040881: bookworm-pu: package llvm-defaults/0.55.7~deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1040881 [release.debian.org] bookworm-pu: package 
llvm-defaults/0.55.7~deb12u1
Added tag(s) confirmed.

-- 
1040881: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040881
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1040881: bookworm-pu: package llvm-defaults/0.55.7~deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Tue, Jul 11, 2023 at 11:11:29PM +0200, Andreas Beckmann wrote:
> Since some of the libraries build from the llvm suites are not
> co-installable (this is expressed by Conflicts/Replaces/Provides of a
> virtual package), this is sometimes tricky for apt to figure out since
> it involves removing an installed package in order to install another
> one with the same score ...
> Adding more Breaks against the default versions from oldstable moves the
> scores in favor of installing the new packages and removing the obsolete
> ones.
> There was also a bad symlink in the liblld-dev package, which as
> pointing to lldb headers ...

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1040206: bullseye-pu: package debianutils/5.7-0.5~deb12u1

2023-07-22 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Mon, Jul 03, 2023 at 02:39:58PM +0200, Andreas Beckmann wrote:
> There is a path canonicalization bug in update-shells that may lead to
> - insertion of duplicate entries in /etc/shells
> - failure to remove obsolete entries from /etc/shells
> on merged-/usr systems. This is triggered if the shell itself is a
> symlink, e.g. in 9base it is managed via update-alternatives.
> Furthermore the handling of /bin/sh by update-shells was inconsistent
> with all other shells, e.g. update-shells didn't generate the
> corresponding /usr/bin/sh entry (while usrmerge did).
> Miscanonicalization could also lead to invalid (i.e. nonexistent) paths
> added to /etc/shells, although that does not happen with the packages
> currently in the archive.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Processed: Re: Bug#1040206: bullseye-pu: package debianutils/5.7-0.5~deb12u1

2023-07-22 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 confirmed
Bug #1040206 [release.debian.org] bookworm-pu: package 
debianutils/5.7-0.5~deb12u1
Added tag(s) confirmed.

-- 
1040206: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040206
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1041074: marked as done (bookworm-pu: package cpp-httplib/0.11.4+ds-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041074,
regarding bookworm-pu: package cpp-httplib/0.11.4+ds-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041074: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041074
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cpp-http...@packages.debian.org
Control: affects -1 + src:cpp-httplib

Hi all, I'd like to push a stable update for cpp-httplib fixing a security
vulnerability. Since the vulnerability is not that serious (no-dsa) the
security team advised me to send it here instead of pushing it to bookworm-
security.

[ Reason ]
This fixes a security vulnerability (CRLF Injection).

[ Impact ]
cpp-httplib will have a security vulnerability in bookworm.

[ Tests ]
Upstream CI, autopkgtest, lintian, manual review.

[ Risks ]
This should be completely risk free.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
cpp-httplib (0.11.4+ds-1+deb12u1) bookworm; urgency=medium

  * d/gbp.conf: adjust branch names for bookworm
  * d/patches: fix fox CVE-2023-26130.
Backport of the security fix for CVE-2023-26130, a CRLF Injection, from
upstream commit 5b397d455d25a391ba346863830c1949627b4d08 included in
upstream release 0.12.4 and newer. (Closes: #1037100)

 -- Andrea Pappacoda   Thu, 13 Jul 2023 00:26:06 +0200

[ Other info ]
That's it. This is a small update.
diff -Nru cpp-httplib-0.11.4+ds/debian/changelog 
cpp-httplib-0.11.4+ds/debian/changelog
--- cpp-httplib-0.11.4+ds/debian/changelog  2023-01-12 16:39:07.0 
+0100
+++ cpp-httplib-0.11.4+ds/debian/changelog  2023-07-13 00:26:06.0 
+0200
@@ -1,3 +1,13 @@
+cpp-httplib (0.11.4+ds-1+deb12u1) bookworm; urgency=medium
+
+  * d/gbp.conf: adjust branch names for bookworm
+  * d/patches: fix fox CVE-2023-26130.
+Backport of the security fix for CVE-2023-26130, a CRLF Injection, from
+upstream commit 5b397d455d25a391ba346863830c1949627b4d08 included in
+upstream release 0.12.4 and newer. (Closes: #1037100)
+
+ -- Andrea Pappacoda   Thu, 13 Jul 2023 00:26:06 +0200
+
 cpp-httplib (0.11.4+ds-1) unstable; urgency=medium
 
   * New upstream version 0.11.4+ds
diff -Nru cpp-httplib-0.11.4+ds/debian/gbp.conf 
cpp-httplib-0.11.4+ds/debian/gbp.conf
--- cpp-httplib-0.11.4+ds/debian/gbp.conf   2023-01-12 16:39:07.0 
+0100
+++ cpp-httplib-0.11.4+ds/debian/gbp.conf   2023-07-13 00:26:06.0 
+0200
@@ -1,8 +1,8 @@
 [DEFAULT]
 
 dist = DEP14
-debian-branch = debian/latest
-upstream-branch = upstream/latest
+debian-branch = debian/bookworm
+upstream-branch = upstream/0.11.x
 pristine-tar = True
 pristine-tar-commit = True
 sign-tags = True
diff -Nru cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch 
cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch
--- cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch   1970-01-01 
01:00:00.0 +0100
+++ cpp-httplib-0.11.4+ds/debian/patches/cve-2023-26130.patch   2023-07-13 
00:26:06.0 +0200
@@ -0,0 +1,173 @@
+Description: Fix for CVE-2023-26130
+Author: Andrea Pappacoda 
+Origin: backport, 
https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08
+Bug-Debian: https://bugs.debian.org/1037100
+Last-Update: 2023-07-12
+
+--- cpp-httplib-0.11.4+ds.orig/httplib.h
 cpp-httplib-0.11.4+ds/httplib.h
+@@ -5707,8 +5707,8 @@ inline void Server::apply_ranges(const R
+   res.headers.erase(it);
+ }
+ 
+-res.headers.emplace("Content-Type",
+-"multipart/byteranges; boundary=" + boundary);
++res.set_header("Content-Type",
++   "multipart/byteranges; boundary=" + boundary);
+   }
+ 
+   auto type = detail::encoding_type(req, res);
+@@ -6385,32 +6385,32 @@ inline bool ClientImpl::write_request(St
+   // Prepare additional headers
+   if (close_connection) {
+ if (!req.has_header("Connection")) {
+-  req.headers.emplace("Connection", "close");
++  req.set_header("Connection", "close");
+ }
+   }
+ 
+   if (!req.has_header("Host")) {
+ if (is_ssl()) {
+   if (port_ == 443) {
+-req.headers.emplace("Host", host_);
++req.set_header("Host", host_);
+   } else

Bug#1041163: marked as done (bookworm-pu: package crowdsec/1.4.6-6~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041163,
regarding bookworm-pu: package crowdsec/1.4.6-6~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041163: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041163
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian.pack...@crowdsec.net

Hi,

[ Reason ]
I'd like to fix serious bug #1040976 in bookworm. In a nutshell, both
upstream and I missed the fact Debian 12 comes without rsyslog by
default now, meaning /var/log/auth.log stays empty and the detection of
failed SSH logins is ineffective.


[ Impact ]
There's still some protection provided by the crowd-generated decisions,
but for a tool that's commonly described as a fail2ban on steroids, this
is a very bad bug, giving users some illusion of security.


[ Tests ]
Both upstream and I have tested the package uploaded to unstable and the
one prepared with the attached debdiff in bookworm VMs, “attacking” them
over SSH, and checking that:
 - `cscli metrics` reports SSH lines under both “Acquisition Metrics”
   (confirming the update of the default config for the acquisition part
   is fine) and “Parser Metrics” (confirming the relevant parser are
   indeed able to parse and extract information from those lines).
   Sample output can be found at the bottom of this mail — keeping in
   mind it's fine to have unparsed lines, we're focussing on some
   specific strings to identify unwanted activity.
 - An online machine would report the unwanted activity to the Central
   API, which confirms that we're indeed participating in the bad agent
   reporting effort. (Upstream uses disposable VMs in the cloud to test
   this: some whitelists are in place, and local IPs are never reported,
   so I haven't tested that myself.) That's confirmed via such lines in
   the logs: “Signal push: 1 signals to push”.

I also verified that installing bookworm's version and upgrading to the
proposed package doesn't trigger any undesired prompts about conffiles,
does deploy the updated config, and does activate the detection of
failed SSH logins immediately.


[ Risks ]
Trying to have some edits in /etc/crowdsec/acquis.yaml depending on
what's installed on a system definitely seemed riskier, and more
cumbersome for users (leading to prompts during upgrades etc.). That's
why we went for the 0017 patch instead (enabling journalctl
unconditionally). Upstream anticipated the obvious problem: the engine
would error out if it's not available, that's why there's a longer 0018
patch to allow for unavailable datasources (that part has been tested by
me as well, moving the journalctl executable out of the way).

Regarding patches:
 - 0017 is only in a PR for the time being; some colleagues of my usual
   contact (who is very well versed into Debian topics) would like some
   more time to think about the impact for other distributions before
   merging it into master, but it seems very clear to me we should go
   this route for Debian.
 - 0018 was merged into master, and backported to their releases/1.4.x
   branch.
 - 0019 is just about disabling a buggy test.


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable


[ Changes ]
Since we're talking about a configuration file (marked conffiles), the
easiest is to enable the journalctl datasource in all cases [0017], but
that required another patch to make sure the engine doesn't error out
when that datasource is present but not available [0018]; the resulting
1.4.6-5 package uploaded to unstable then uncovered flaws in a test case
during autopkgtest runs (the test seems fine during a normal build, but
errors out when autopkgtest runs build + test — which happens for most
if not all Go packages), hence another patch [0019]. The tracker page
doesn't list all autopkgtest runs yet, but that seems greener with
1.4.6-6 than it was with 1.4.6-5…


[ Other info ]
As mentioned above, some parts of `clsci metrics`'s output confirming
things are much better with the proposed package:

Acquisition Metrics:

╭─┬┬──┬┬╮
│ Source  │

Bug#1041069: marked as done (bookworm-pu: package usb.ids/2023.05.17-0+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041069,
regarding bookworm-pu: package usb.ids/2023.05.17-0+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: usb@packages.debian.org
Control: affects -1 + src:usb.ids

[ Reason ]
This new upstream version of the USB ID database adds a few USB devices.

[ Impact ]
New USB devices will not be displayed with a human readable name for
packages using this database.

[ Tests ]
There is no test associated with this database. This package only
contains data, no code.

[ Risks ]
Risks are very low, such update are routinely done in stable.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
I would like to do an update of the usb.ids package to add/update around
~120USB devices to the usb.ids database. Those changes are already in
testing/sid.

I have figured out that it's easier to just upload the package from
testing/sid with a new changelog entry.

[ Other info ]
I have already uploaded the package to the archive. Thanks for
considering.
diff -Nru usb.ids-2023.01.16/debian/changelog 
usb.ids-2023.05.17/debian/changelog
--- usb.ids-2023.01.16/debian/changelog 2023-02-04 11:50:18.0 +0100
+++ usb.ids-2023.05.17/debian/changelog 2023-07-14 18:30:52.0 +0200
@@ -1,3 +1,15 @@
+usb.ids (2023.05.17-0+deb12u1) bookworm; urgency=medium
+
+  * Upload to bookworm.
+
+ -- Aurelien Jarno   Fri, 14 Jul 2023 18:30:52 +0200
+
+usb.ids (2023.05.17-1) unstable; urgency=medium
+
+  * New upstream version. 
+
+ -- Aurelien Jarno   Sun, 09 Jul 2023 12:53:42 +0200
+
 usb.ids (2023.01.16-1) unstable; urgency=medium
 
   * New upstream version. 
diff -Nru usb.ids-2023.01.16/usb.ids usb.ids-2023.05.17/usb.ids
--- usb.ids-2023.01.16/usb.ids  2023-01-16 21:34:10.0 +0100
+++ usb.ids-2023.05.17/usb.ids  2023-05-17 21:34:13.0 +0200
@@ -9,8 +9,8 @@
 #  The latest version can be obtained from
 #  http://www.linux-usb.org/usb.ids
 #
-# Version: 2023.01.16
-# Date:2023-01-16 20:34:10
+# Version: 2023.05.17
+# Date:2023-05-17 20:34:13
 #
 
 # Vendors, devices and interfaces. Please keep sorted.
@@ -259,7 +259,7 @@
0507  DVD+RW
050c  5219 Wireless Keyboard
0511  OfficeJet K60
-   0512  DeckJet 450
+   0512  DeskJet 450
0517  LaserJet 1000
051d  Bluetooth Interface
052a  LaserJet M1212nf MFP
@@ -271,6 +271,7 @@
0612  business inkjet 3000
0624  Bluetooth Dongle
0641  X1200 Optical Mouse
+   0653  DeskJet 3700 series
0701  ScanJet 5300c/5370c
0704  DeskJet 825c
0705  ScanJet 4400c
@@ -964,6 +965,7 @@
fc0b  Crystalfontz CFA-633 USB LCD
fc0c  Crystalfontz CFA-631 USB LCD
fc0d  Crystalfontz CFA-635 USB LCD
+   fc0e  Crystalfontz CFA-533
fc82  SEMC DSS-20/DSS-25 SyncStation
fd48  ShipModul MiniPlex-4xUSB NMEA Multiplexer
fd49  ShipModul MiniPlex-4xUSB-AIS NMEA Multiplexer
@@ -1970,6 +1972,7 @@
9800  Remote Control Receiver_iMON
9803  eHome Infrared Receiver
9804  DMB Receiver Control
+   9a39  27UP850 - WK.AEUDCSN - External Monitor 4K
9c01  LGE Sync
 043f  RadiSys Corp.
 0440  Eizo Nanao Corp.
@@ -2372,7 +2375,6 @@
029d  Xbox360 HD-DVD Drive
029e  Xbox360 HD-DVD Memory Unit
02a0  Xbox360 Big Button IR
-   02a1  Xbox 360 Wireless Receiver for Windows
02a8  Xbox360 Wireless N Networking Adapter [Atheros AR7010+AR9280]
02ad  Xbox NUI Audio
02ae  Xbox NUI Camera
@@ -2387,11 +2389,9 @@
02dd  Xbox One Controller (Firmware 2015)
02e0  Xbox One Wireless Controller
02e3  Xbox One Elite Controller
-   02e6  Wireless XBox Controller Dongle
-   02ea  Xbox One S Controller
+   02e6  Xbox Wireless Adapter for Windows
+   02ea  Xbox One Controller
02fd  Xbox One S Controller [Bluetooth]
-   02fe  Xbox Wireless Adapter for Windows
-   02ff  Xbox One S Controller [Bluetooth]
0400  Windows Powered Pocket PC 2002

Bug#1041045: marked as done (bookworm-pu: package indent/2.2.12-4+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041045,
regarding bookworm-pu: package indent/2.2.12-4+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ind...@packages.debian.org, sanv...@debian.org
Control: affects -1 + src:indent

[ Reason ]
This upload fixes Bug #1036851, where indent crashes with the following message
on a real file from the gstreamer project:

indent: Virtual memory exhausted.
free(): double free detected in tcache 2

[ Impact ]
Currently users of stable can't use indent with certain inputs,
as it crashes.

[ Tests ]
The upstream package has a test suite, which still passes.

[ Risks ]
The patch is already part of indent 2.2.13 and it's taken directly
from the git repository, and it fixes the memory handling problem
and nothing else.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Add 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch.
No other changes.

[ Other info ]
The package is already uploaded.diff -Nru indent-2.2.12/debian/changelog indent-2.2.12/debian/changelog
--- indent-2.2.12/debian/changelog  2023-01-25 19:35:00.0 +0100
+++ indent-2.2.12/debian/changelog  2023-07-14 13:40:00.0 +0200
@@ -1,3 +1,11 @@
+indent (2.2.12-4+deb12u1) bookworm; urgency=medium
+
+  * Restore the ROUND_UP macro and adjust the initial buffer size.
+Patch from the author, backported from 2.2.13.
+Fix memory handling problem. Closes: #1036851.
+
+ -- Santiago Vila   Fri, 14 Jul 2023 13:40:00 +0200
+
 indent (2.2.12-4) unstable; urgency=medium
 
   [ Helge Deller ]
diff -Nru 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
--- 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 1970-01-01 01:00:00.0 +0100
+++ 
indent-2.2.12/debian/patches/02-restore-round-up-macro-and-adjust-initial-buffer-size.patch
 2023-07-14 12:02:00.0 +0200
@@ -0,0 +1,59 @@
+From: Andrej Shadura 
+Subject: Restore the ROUND_UP macro and adjust the initial buffer size.
+Bug-Debian: https://bugs.debian.org/1036851
+
+When need_chars was moved from "handletoken.h" to "handletoken.c",
+the ROUND_UP macro was removed, but the replacement was incorrect.
+
+This caused the program to exit with a "Virtual memory exhausted"
+error when it tried to reallocate 0 bytes (thus freeing the memory).
+It reallocated to 0 bytes because the initial buffer size was less
+than 1024, and the size calculation rounds down instead of up.
+
+Bug: #56644
+Fixes: c89d32a
+---
+ src/handletoken.c | 2 +-
+ src/indent.h  | 8 
+ src/parse.c   | 2 +-
+ 3 files changed, 10 insertions(+), 2 deletions(-)
+
+--- a/src/handletoken.c
 b/src/handletoken.c
+@@ -85,7 +85,7 @@
+ 
+ if (current_size + needed >= (size_t)bp->size)
+ {
+-bp->size = ((current_size + needed) & (size_t)~1023);
++bp->size = ROUND_UP (current_size + needed, 1024);
+ bp->ptr = xrealloc(bp->ptr, bp->size);
+ if (bp->ptr == NULL)
+ {
+--- a/src/indent.h
 b/src/indent.h
+@@ -66,6 +66,14 @@
+ 
+ #include "lexi.h"
+ 
++/**
++ * Round up P to be a multiple of SIZE.
++ */
++
++#ifndef ROUND_UP
++#define ROUND_UP(p, size) (((unsigned long) (p) + (size) - 1) & ~((size) - 1))
++#endif
++
+ /** Values that `indent' can return for exit status.
+  *
+  *  `total_success' means no errors or warnings were found during a successful
+--- a/src/parse.c
 b/src/parse.c
+@@ -53,7 +53,7 @@
+ 
+ parser_state_ty *parser_state_tos = NULL;
+ 
+-#define INITIAL_BUFFER_SIZE 1000
++#define INITIAL_BUFFER_SIZE 1024
+ #define INITIAL_STACK_SIZE 2
+ 
+ /**
diff -Nru indent-2.2.12/debian/patches/series 
indent-2.2.12/debian/patches/series
--- indent-2.2.12/debian/patches/series 2023-01-25 18:00:00.0 +0100
+++ indent-2.2.12/debian/patches/series 2023-07-14 12:00:00.0 +0200
@@ -1 +1,2 @@
 01-add-missing-shebang.patch

Bug#1040949: marked as done (bookworm-pu: package gosa/2.8~git20230203.10abe45+dfsg-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040949,
regarding bookworm-pu: package gosa/2.8~git20230203.10abe45+dfsg-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040949: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040949
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: g...@packages.debian.org
Control: affects -1 + src:gosa

GOsa²'s PHP 8.2 support was rather poor at the release time of Debian 12.
This update will amend various issues found while testing GOsa² with
Debian Edu.

[ Reason ]
Various issues could be resolved:

  * deprecation warnings
  * missing smarty template file
  * broken debug support

[ Impact ]
Only GOsa² users will be affected by this upload.

[ Tests ]
Manual tests on Debian Edu TJENER system.

[ Risks ]
Introduction of regressions in GOsa² in Debian 12.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  [ Mike Gabriel ]
+  * debian/patches:
++ Add 1003_php-deprecations.patch. Silence various PHP 8.2 deprecation
+  warnings. (Closes: #1038682).
+
+  [ Daniel Teichmann ]
+  * debian/patches:
++ Add 1004_missing_templates.patch. (Closes: #1039697)
++ Update 1002_php82-allow-dynamic-properties.patch: Tolerate dyn. prop. for
+  ALL PHP classes. (Closes: #1039894)
++ Add 1005_preg_replace_deprecation.patch.
++ Add 1006_fix-overflow-debug-print_a-func.patch. (Closes: #1040839)


[ Other info ]
This might not be the last pu of GOsa² to bookworm. But various noises
should be reduced after this update has landed. We also work with
upstream on amending the patched issues there.
diff -Nru gosa-2.8~git20230203.10abe45+dfsg/debian/changelog 
gosa-2.8~git20230203.10abe45+dfsg/debian/changelog
--- gosa-2.8~git20230203.10abe45+dfsg/debian/changelog  2023-02-06 
20:43:44.0 +0100
+++ gosa-2.8~git20230203.10abe45+dfsg/debian/changelog  2023-07-12 
23:12:05.0 +0200
@@ -1,3 +1,20 @@
+gosa (2.8~git20230203.10abe45+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  [ Mike Gabriel ]
+  * debian/patches:
++ Add 1003_php-deprecations.patch. Silence various PHP 8.2 deprecation
+  warnings. (Closes: #1038682).
+
+  [ Daniel Teichmann ]
+  * debian/patches:
++ Add 1004_missing_templates.patch. (Closes: #1039697)
++ Update 1002_php82-allow-dynamic-properties.patch: Tolerate dyn. prop. for
+  ALL PHP classes. (Closes: #1039894)
++ Add 1005_preg_replace_deprecation.patch.
++ Add 1006_fix-overflow-debug-print_a-func.patch. (Closes: #1040839)
+
+ -- Mike Gabriel   Wed, 12 Jul 2023 23:12:05 +0200
+
 gosa (2.8~git20230203.10abe45+dfsg-1) unstable; urgency=medium
 
   * New upstream Git snapshot.
diff -Nru 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
--- 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
  2023-01-21 20:42:25.0 +0100
+++ 
gosa-2.8~git20230203.10abe45+dfsg/debian/patches/1002_php82-allow-dynamic-properties.patch
  2023-07-12 23:10:08.0 +0200
@@ -1,6 +1,200 @@
-Description: Tolerate dynamic properties in managepws class, deprecated in PHP 
8.2
-Author: Mike Gabriel 
-
+Description: Tolerate dynamic properties in all classes, deprecated in PHP 8.2
+Author: Daniel Teichmann 
+ 
+--- a/include/class_CopyPasteHandler.inc
 b/include/class_CopyPasteHandler.inc
+@@ -22,6 +22,7 @@
+ 
+ define("LDAP_DUMP_PATH","/var/cache/gosa/tmp");
+ 
++#[\AllowDynamicProperties]
+ class CopyPasteHandler {
+ 
+   var $config;
+--- a/include/class_GOsaRegistration.inc
 b/include/class_GOsaRegistration.inc
+@@ -1,5 +1,6 @@
+ "
+ 
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_formula {
+ 
+ 
###
+--- a/include/utils/excel/class.writeexcel_olewriter.inc.php
 b/include/utils/excel/class.writeexcel_olewriter.inc.php
+@@ -24,6 +24,7 @@
+  * Spreadsheet::WriteExcel was written by John McNamara, jmcnam...@cpan.org
+  */
+ 
++#[\AllowDynamicProperties]
+ class writeexcel_olewriter {
+ var $_OLEfilename;
+ var $_OLEtmpfilename; /*

Bug#1041039: marked as done (bookworm-pu: package nvidia-open-gpu-kernel-modules/525.125.06-1~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041039,
regarding bookworm-pu: package 
nvidia-open-gpu-kernel-modules/525.125.06-1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041039: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041039
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
This is the last package in the current nvidia driver update round,
fixing some CVEs.

[ Impact ]
package would become uninstallable due to the firmware package (from
src:nvidia-graphics-drivers(-tesla) getting a version bump.

[ Tests ]
only module compilation was tested

[ Risks ]
updating the nvidia driver to a new upstream release is a well
established procedure, I hope we can handle
nvidia-open-gpu-kernel-modules in the same quality.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [ ] I reviewed all changes and I approve them
  Honestly, I didn't verify the upstream diff.
  141 files changed, 8435 insertions(+), 6089 deletions(-)
  But most of that code is also part of the blob in
  src:nvidia-graphics-drivers.
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
A new upstream release.
Our patches are in sync with src:nvidia-graphics-drivers (same upstream
version branch).

[ Other info ]
The package is already uploaded.

Andreas
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1041037: marked as done (bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1041037,
regarding bookworm-pu: package samba/2:4.17.9+dfsg-0+deb12u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041037
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sa...@packages.debian.org, pkg-samba-de...@lists.alioth.debian.org
Control: affects -1 + src:samba

[ Reason ]
Microsoft released Jul-2023 updates for current windows versions,
with some changes in the auth/trust process. This revealed a bug
in samba, which result in a serious loss of service not only within
samba itself but also within whole windows domain network, resulting
in users not being able to log in to their windows computers anymore.

This is tracked in the samba bug tracker, see
https://bugzilla.samba.org/show_bug.cgi?id=15418
and on the samba mailing list. A lot of users are affected worldwide.

The problem is that with this update, windows started trying to negotiate
a new security level (l2) which isn't documented.  Per the specs, an
implementation should reject unknown security levels with "unsupported"
error, so the client trying a new level knows it not supported.  But
samba does not reject it immediately and tries to process, just to reject
it later with a different error.  As a result, windows treats this as
actual trust error instead of an unsupported optional feature.

[ Impact ]
Many users are affected worldwide after the current windows update has
been installed, being unable to log in to their windows computers.

[ Tests ]
The fix has been verified by multiple independent users. I can confirm
the updated package fixes the issue on our site too.

[ Risks ]
The change is rather simple, - it is just moving the check for unsupported
level to be one of the first checks and return correct code immediately
instead of trying to process an unknown-format request.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
(See debdiff below)

[ Other info ]
The same fix is already uploaded to sid (for the version of samba in sid)
and is released by other major distributions.  The fix is on top of a previous
bookworm-pu update which has been discussed and accepted previously.

I'm uploading the updated package while sending this email,
hopefully it is okay.

Thanks,

/mjt

diff -Nru samba-4.17.9+dfsg/debian/changelog samba-4.17.9+dfsg/debian/changelog
--- samba-4.17.9+dfsg/debian/changelog  2023-07-09 09:44:29.0 +0300
+++ samba-4.17.9+dfsg/debian/changelog  2023-07-14 12:34:30.0 +0300
@@ -1,3 +1,11 @@
+samba (2:4.17.9+dfsg-0+deb12u3) bookworm; urgency=medium
+
+  * +fix-unsupported-netr_LogonGetCapabilities-l2.patch
+Fix windows logon/trust issues with 2023-07 windows updates:
+https://bugzilla.samba.org/show_bug.cgi?id=15418
+
+ -- Michael Tokarev   Fri, 14 Jul 2023 12:34:30 +0300
+
 samba (2:4.17.9+dfsg-0+deb12u2) bookworm; urgency=medium
 
   * link with -latomic explicitly on a few architectures where gcc misses it
diff -Nru 
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
 
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
--- 
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
 1970-01-01 03:00:00.0 +0300
+++ 
samba-4.17.9+dfsg/debian/patches/fix-unsupported-netr_LogonGetCapabilities-l2.patch
 2023-07-14 12:33:32.0 +0300
@@ -0,0 +1,68 @@
+From af355243e55a4baf17126339eb66432d438c4f16 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher 
+Date: Fri, 14 Jul 2023 10:20:05 +0200
+Subject: [PATCH] s3+s3/rpc_server: fix unsupported netr_LogonGetCapabilities
+ level 2
+Origin: upstream, https://bugzilla.samba.org/attachment.cgi?id=17983
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418
+---
+ source3/rpc_server/netlogon/srv_netlog_nt.c   | 9 +
+ source4/rpc_server/netlogon/dcerpc_netlogon.c | 8 
+ 2 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c 
b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 3ba58e61206f..2018dc28eb67 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c

Bug#1040953: marked as done (bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040953,
regarding bookworm-pu: package sra-sdk/3.0.3+dfsg-6~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: sra-...@packages.debian.org
Control: affects -1 + src:sra-sdk

[ Reason ]
Per #1039621, the new libngs-jni package accidentally wound up with
bad content (unexpanded variables in the key symlink's source *and*
target) that rendered it useless.

[ Impact ]
This package's reverse dependencies, from libngs-java on up, will be
broken unless libncbi-ngs-dev happens to be installed.

[ Tests ]
Various affected packages have autopkgtests, but they evidently missed
the relevant bug, having presumably wound up running with
libncbi-ngs-dev additionally installed.  (The tests did catch the
need for architecture restrictions that made it into bookworm, FWIW.)

[ Risks ]
Minimal -- trivial fix, working in testing and unstable with no
further changes from stable.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [v] I reviewed all changes and I approve them
  [v] attach debdiff against the package in (old)stable
  [v] the issue is verified as fixed in unstable

[ Changes ]
Tweak debian/rules to make the necessary substitutions in
libngs-java.links.in.

[ Other info ]
In reviewing the debdiff, I see that one of my teammates pushed a
debian/salsa-ci.yml update without a corresponding changelog note that
consequently slipped into -6 undocumented; what should I do about it
at this point?

I've held off on cleaning up a long-dangling symlink in a different
binary package (sra-toolkit, #1040391) but can readily throw that in
if you'd like.
diff -Nru sra-sdk-3.0.3+dfsg/debian/.gitignore 
sra-sdk-3.0.3+dfsg/debian/.gitignore
--- sra-sdk-3.0.3+dfsg/debian/.gitignore2023-02-24 05:52:27.0 
-0500
+++ sra-sdk-3.0.3+dfsg/debian/.gitignore1969-12-31 19:00:00.0 
-0500
@@ -1,16 +0,0 @@
-*.debhelper
-*.substvars
-.debhelper
-.javahelper_clean
-debhelper-build-stamp
-files
-lib*-dev
-lib*[0-9]
-libngs-java
-libngs-java-doc
-libngs-java-doc.doc-base.javadoc
-libngs-jni
-libngs-jni.links
-python3-ngs
-sra-toolkit
-tmp
diff -Nru sra-sdk-3.0.3+dfsg/debian/changelog 
sra-sdk-3.0.3+dfsg/debian/changelog
--- sra-sdk-3.0.3+dfsg/debian/changelog 2023-02-24 05:52:27.0 -0500
+++ sra-sdk-3.0.3+dfsg/debian/changelog 2023-07-12 22:20:14.0 -0400
@@ -1,3 +1,16 @@
+sra-sdk (3.0.3+dfsg-6~deb12u1) bookworm; urgency=medium
+
+  * Reupload to bookworm (stable).  (Closes: #10n).
+
+ -- Aaron M. Ucko   Wed, 12 Jul 2023 22:20:14 -0400
+
+sra-sdk (3.0.3+dfsg-6) unstable; urgency=high
+
+  * debian/rules: Expand $(DEB_HOST_MULTIARCH) in libngs-java.links.in.
+(Closes: #1039621.)
+
+ -- Aaron M. Ucko   Tue, 27 Jun 2023 22:14:41 -0400
+
 sra-sdk (3.0.3+dfsg-5) unstable; urgency=medium
 
   * Limit libngs-java to those architectures where libs are available
diff -Nru sra-sdk-3.0.3+dfsg/debian/rules sra-sdk-3.0.3+dfsg/debian/rules
--- sra-sdk-3.0.3+dfsg/debian/rules 2023-02-24 05:52:27.0 -0500
+++ sra-sdk-3.0.3+dfsg/debian/rules 2023-07-12 22:19:10.0 -0400
@@ -152,7 +152,10 @@
 execute_before_dh_link:
# Putting the upstream version number (without the dfsg part) at the 
end of
# symlink source in the -jni package.
-   sed 's/\(#STRIPPED_UPSTREAM_VERSION#\)/\1$(DEB_VERSION_UPSTREAM)/; 
s/#STRIPPED_UPSTREAM_VERSION#\(.*\)+dfsg[0-9]*/\1/' debian/libngs-jni.links.in 
> debian/libngs-jni.links
+   sed -e 's/\(#STRIPPED_UPSTREAM_VERSION#\)/\1$(DEB_VERSION_UPSTREAM)/' \
+   -e 's/#STRIPPED_UPSTREAM_VERSION#\(.*\)+dfsg[0-9]*/\1/' \
+   -e 's/\$$[({]DEB_HOST_MULTIARCH[)}]/$(DEB_HOST_MULTIARCH)/g' \
+   debian/libngs-jni.links.in > debian/libngs-jni.links
 
 # require network, not automatically run
 # use it when the pom file must be re-downloaded from maven repo
diff -Nru sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml 
sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml
--- sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml  2023-02-24 05:52:27.0 
-0500
+++ sra-sdk-3.0.3+dfsg/debian/salsa-ci.yml  2023-07-12 22:19:10.0 
-0400
@@ -2,3 +2,7 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml

Bug#1040932: marked as done (bookworm-pu: package nvidia-graphics-drivers/525.125.06-1~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040932,
regarding bookworm-pu: package nvidia-graphics-drivers/525.125.06-1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040932: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040932
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Let's update nvidia-graphics-drivers in bookworm to a new
upstream release fixing some CVEs.

[ Impact ]
A proprietary graphics driver with more CVEs open.

[ Tests ]
Only module building has been tested. Anything else would require
certain hardware and driver usage.

[ Risks ]
Low. Upgrading to a new nvidia driver release in stable is an
established procedure.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  (excluding the blobs)
  [x] attach debdiff against the package in (old)stable
  (excluding the blobs)
  [x] the issue is verified as fixed in unstable

[ Changes ]
This is a rebuild of src:nvidia-graphics-drivers/sid with no further
changes.

[ Other info ]
The package is already uploaded.

Andreas
diff --git a/debian/README.source b/debian/README.source
index 05196920..4c3ae0a0 100644
--- a/debian/README.source
+++ b/debian/README.source
@@ -33,8 +33,9 @@ Upstream support timeframes
 Tesla 460 (PB)  01/2022 EoL
 Tesla 470 (LTSB)07/2024
 Tesla 510 (PB)  01/2023 EoL
-Tesla 515 (PB)  05/2023
+Tesla 515 (PB)  05/2023 EoL
 Tesla 525 (PB)  12/2023
+Tesla 535 (LTSB)06/2026
 
 
 The branch structure in the GIT repository
@@ -67,20 +68,15 @@ The branch structure in the GIT repository
 460-tesla   EoL   (bullseye)  470-tesla, tesla-460/main
 tesla-460/main  EoL   (bullseye),(sid)tesla-470/main, 
tesla-460/transition-470
 tesla-460/transition-470  bullseye,sid
-470   bullseye510, 470-tesla
-470-tesla (bullseye)  510-tesla, tesla-470/main
-tesla-470/mainbullseye,bookworm,sid tesla-510/main
-510 EoL   (bookworm),sid  515, 510-tesla
-510-tesla   EoL   (bookworm)  515-tesla, tesla-510/main
-tesla-510/main  EoL   (bookworm),(sid)tesla/510, 
tesla-510/transition
-tesla-510/transition  sid
-tesla/510   EoL   (bookworm),sid  tesla/515
-515   (bookworm),sid  525, 515-tesla
-515-tesla (bookworm)  525-tesla, tesla/515
-tesla/515 (bookworm),sid  tesla/525
-525   (bookworm),sid  YYY, 525-tesla
-525-tesla (bookworm)  ZZZ-tesla, tesla/525
-tesla/525 (bookworm),sid  tesla/ZZZ
+470   bullseye525, 470-tesla
+470-tesla (bullseye)  525-tesla, tesla-470/main
+tesla-470/mainbullseye,bookworm,sid tesla/525
+525   bookworm,sid535, 525-tesla
+525-tesla (bookworm)  535-tesla, tesla/525
+tesla/525 bookworm,sidtesla/535
+535   bookworm,sidYYY, 535-tesla
+535-tesla (bookworm)  ZZZ-tesla, tesla/535
+tesla/535 bookworm,sidtesla/ZZZ
 main  sid YYY
 tesla/mainsid
 YYY   experimentalZZZ, (main)
diff --git a/debian/changelog b/debian/changelog
index dd18087f..edd3661c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
+nvidia-graphics-drivers (525.125.06-1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm.
+
+ -- Andreas Beckmann   Wed, 12 Jul 2023 16:16:16 +0200
+
+nvidia-graphics-drivers (525.125.06-1) unstable; urgency=medium
+
+  * New upstream production branch release 525.125.06 (2023-05-09).
+* Fixed CVE-2023-25515, CVE-2023-25516.  (Closes: #1039678)
+  https://nvidia.custhelp.com/app/answers/detail/a_id/5468
+- Fixed a bug which prevented running a Wayland compositor in headless
+  mode on GPUs without display hardware.
+
+  [ Andreas Beckmann ]
+  * Update nv-readme.ids.
+
+ -- Andreas Beckmann   Wed, 12 Jul 2023 09:52:32 +0200
+

Bug#1040921: marked as done (bookworm-pu: package dkms/3.0.10-8+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040921,
regarding bookworm-pu: package dkms/3.0.10-8+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040921: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040921
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
While earlier dkms versions didn't return an error if dkms failed to
build a kernel module for some kernel (one had to check the log output
to notice this), the version in bookworm does actually indicate that in
the return code. This causes unwanted failures if some cruft *-dkms
packages predating bullseye are still installed and fail to build a
module for the bookworm kernel.
Let's add some Breaks against such *-dkms packages that have no upgrade
path (because there is no newer version in bookworm), to ensure they get
removed early enough during the upgrade.

[ Impact ]
Upgrade from bullseye to bookworm fails if some pre-bullseye cruft
*-dkms in stil installed and needs manual fixup.

[ Tests ]
local piuparts tests starting from ancient releases that exposed these
bugs are now passing again

[ Risks ]
None, the breaks are against package versions neither in bookworm or
bullseye.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
Add Breaks against some ancient *-dkms packages not in bullseye and
bookworm. Versioned in a way to not be broken in case fixed versions
would appear in bookworm-backports.

[ Other info ]
The package is already uploaded.


Andreas
diff --git a/debian/changelog b/debian/changelog
index 24da0ec..a5d87cd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+dkms (3.0.10-8+deb12u1) bookworm; urgency=medium
+
+  * Add Breaks against obsolete *-dkms packages that are incompatible with the
+Linux 6.1 kernel in bookworm.  (Closes: #1037425)
+
+ -- Andreas Beckmann   Wed, 12 Jul 2023 13:43:22 +0200
+
 dkms (3.0.10-8) unstable; urgency=medium
 
   * Disable tests broken by fix-builtin-archive-dkms-coinstallation.patch.
diff --git a/debian/control b/debian/control
index 73a13db..69d328c 100644
--- a/debian/control
+++ b/debian/control
@@ -28,6 +28,15 @@ Recommends: fakeroot,
  sudo,
  linux-headers-generic | linux-headers-686-pae | linux-headers-amd64 | 
linux-headers,
 Suggests: menu, e2fsprogs
+Breaks:
+# in buster, not in bullseye
+ sl-modem-dkms (<< 2.9.11~20110321-16.0),
+# in stretch, not in buster
+ blktap-dkms (<< 2.0.93-0.10.0),
+# in jessie, not in stretch
+ oss4-dkms (<< 4.2-build2020-1~),
+# in wheezy, not in jessie
+ blcr-dkms (<< 0.8.6~b3-1.0),
 Provides:
  dkms-autopkgtest (= ${binary:Version}),
 Description: Dynamic Kernel Module System (DKMS)
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cec628c..cabf8bc 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = bookworm
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040938: marked as done (bookworm-pu: package nvidia-graphics-drivers-tesla/525.125.06-1~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040938,
regarding bookworm-pu: package 
nvidia-graphics-drivers-tesla/525.125.06-1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040938
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
Let's update nvidia-graphics-drivers-tesla in bookworm to a new
upstream release fixing some CVEs.

[ Impact ]
A proprietary graphics driver with more CVEs open.

[ Tests ]
Only module building has been tested. Anything else would require
certain hardware and driver usage.

[ Risks ]
Low. Upgrading to a new nvidia driver release in stable is an
established procedure.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  (excluding the blobs)
  [*] attach debdiff against the package in (old)stable
  (excluding the blobs)
  [*] the issue is verified as fixed in unstable

[ Changes ]
This is a rebuild of src:nvidia-graphics-drivers-tesla/sid with no further
changes. It is more or less identical to src:nvidia-graphics-drivers in
sid and bookworm(-pu).

[ Other info ]
The package is already uploaded.

Andreas
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040915: marked as done (bookworm-pu: package dbus/1.14.8-2~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040915,
regarding bookworm-pu: package dbus/1.14.8-2~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: d...@packages.debian.org, debian-b...@lists.debian.org
Control: affects -1 + src:dbus

[ Reason ]
https://bugs.debian.org/1040790

[ Impact ]
A regression in bookworm's dbus packaging led to /etc/machine-id and
/var/lib/dbus/machine-id having different contents in fresh installations
of bookworm or later. The machine ID is an opaque hex string analogous
to a MAC address, intended to identify the machine in contexts where the
hostname would traditionally have been used, but avoiding the risk that
a sysadmin setting an aesthetically appealing hostname will result in
non-uniqueness (either the same hostname on more than one concurrently
used installation, or the same installation having more than one hostname
over time).

Some packages that rely on this interface try /etc/machine-id first and
fall back to /var/lib/dbus/machine-id if it doesn't exist, while others
do the opposite, so this bug leads to those packages disagreeing on what
the machine ID is, and therefore potentially behaving as though they
are running on two different machines with a shared (NFS) home directory.
The full user-visible impact of this is unknown: the machine ID is
intentionally quite a general feature, so we cannot know all the things
that might use it.

pulseaudio, ibus, dbus-x11 and maybe others have autostart protocols that
involve it, so non-uniqueness could result in unintentionally running
two instances of the same service on the same machine.

Conversely, GNOME and maybe others store per-machine data in the user's
home directory (in particular, GNOME screen settings) keyed by the
machine ID, so the apparent machine ID changing could result in apparent
configuration data loss.

[ Tests ]
The majority of the changes are new automated test coverage.

I can reproduce the problem with mmdebstrap, and I have confirmed that
replacing packages from src:dbus with the proposed version resolves it.

I have not attempted to provide the updated dbus to a d-i image and do an
install from first principles.

[ Risks ]
Low-risk change, reverting unnecessary complexity in the postinst and
returning to what we did in bullseye.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
All changes are part of resolving or testing #1040790.

[ Other info ]
dbus technically has a udeb, but it's essentially unused, and in any case
dbus-udeb.postinst never had this bug (so it has not changed here).

I have not attempted to retroactively fix the machine ID of existing
installations: that would be much higher-risk and will require
considerably more thought. It's entirely possible that the best approach
to existing installations is to ignore the mismatch and hope that it
doesn't cause any user-visible symptoms.
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040863: marked as done (bookworm-pu: package yajl/2.1.0-3+deb12u2)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040863,
regarding bookworm-pu: package yajl/2.1.0-3+deb12u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040863: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040863
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: y...@packages.debian.org
Control: affects -1 + src:yajl

Previous s-p-u upload was #1040136, two additional CVEs have
been fixed since then and the fix for CVE-2023-33460 has been found
to be incomplete.

This upload is part of fixing yajl for every release. So far sid, buster
(DLA-3492), stretch and jessie (ELA-892-1) has been targeted.

CVE-2017-16516

When a crafted JSON file is supplied to yajl, the process might
crash with a SIGABRT in the yajl_string_decode function in
yajl_encode.c. This results potentially in a denial of service.

CVE-2022-24795

The 1.x branch and the 2.x branch of `yajl` contain an integer overflow
which leads to subsequent heap memory corruption when dealing with large
(~2GB) inputs.

CVE-2023-33460

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function,
which potentially cause out-of-memory in server and cause crash.


[ Risks ]
Required changes are minimal, see debdiff. Package testsuite passes.

[ Checklist ]
  [x *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable


For unstable, the fixes are in 2.1.0-5. I have already uploaded to the s-p-u 
queue.
diff -Nru yajl-2.1.0/debian/changelog yajl-2.1.0/debian/changelog
--- yajl-2.1.0/debian/changelog 2023-07-01 14:55:44.0 +0200
+++ yajl-2.1.0/debian/changelog 2023-07-10 18:06:21.0 +0200
@@ -1,3 +1,15 @@
+yajl (2.1.0-3+deb12u2) bookworm; urgency=medium
+
+  [Tobias Frost]
+  * Non-maintainer upload.
+  * Cherry pick John's CVE fixes from 2.1.0-4 and 2.1.0-5
+
+  [John Stamp]
+  * Patch CVE-2017-16516 and CVE-2022-24795 (Closes: #1040036)
+  * The patch for CVE-2023-33460 turned out to be incomplete. Fix that. 
(Closes: #1039984)
+
+ -- Tobias Frost   Mon, 10 Jul 2023 18:06:21 +0200
+
 yajl (2.1.0-3+deb12u1) bookworm; urgency=medium
 
   * Non-maintainer upload.
diff -Nru yajl-2.1.0/debian/patches/CVE-2017-16516.patch 
yajl-2.1.0/debian/patches/CVE-2017-16516.patch
--- yajl-2.1.0/debian/patches/CVE-2017-16516.patch  1970-01-01 
01:00:00.0 +0100
+++ yajl-2.1.0/debian/patches/CVE-2017-16516.patch  2023-07-10 
18:06:21.0 +0200
@@ -0,0 +1,22 @@
+Description: Fix for CVE-2017-16516
+ Potential buffer overread: A JSON file can cause denial of service.
+Origin: 
https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
+Bug: https://github.com/lloyd/yajl/issues/248
+---
+ src/yajl_encode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/src/yajl_encode.c
 b/src/yajl_encode.c
+@@ -139,8 +139,8 @@
+ end+=3;
+ /* check if this is a surrogate */
+ if ((codepoint & 0xFC00) == 0xD800) {
+-end++;
+-if (str[end] == '\\' && str[end + 1] == 'u') {
++if (end + 2 < len && str[end + 1] == '\\' && str[end 
+ 2] == 'u') {
++end++;
+ unsigned int surrogate = 0;
+ hexToDigit(, str + end + 2);
+ codepoint =
diff -Nru yajl-2.1.0/debian/patches/CVE-2022-24795.patch 
yajl-2.1.0/debian/patches/CVE-2022-24795.patch
--- yajl-2.1.0/debian/patches/CVE-2022-24795.patch  1970-01-01 
01:00:00.0 +0100
+++ yajl-2.1.0/debian/patches/CVE-2022-24795.patch  2023-07-10 
18:06:21.0 +0200
@@ -0,0 +1,30 @@
+Description: Fix for CVE-2022-24795
+ An integer overflow will lead to heap memory corruption with large (~2GB) 
inputs.
+Origin: 
https://github.com/ppisar/yajl/commit/23cea2d7677e396efed78bbf1bf153961fab6bad
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040036
+Bug: https://github.com/lloyd/yajl/issues/239
+---
+ src/yajl_buf.c | 12 +++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/src/yajl_buf.c
 b/src/yajl_buf.c
+@@ -45,7 +45,17 @@

Bug#1040791: marked as done (bookworm-pu: package schleuder-cli/0.1.0-4+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040791,
regarding bookworm-pu: package schleuder-cli/0.1.0-4+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040791: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040791
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debianb...@s3lph.me
Control: affects -1 + src:schleuder-cli

Dear release team,

[ Reason ]
Ruby 3.1, as shipped in bookworm, changes the way values are escaped, in
contrast to Ruby <= 3.0. This was fixed upstream in schleuder-cli quite
some time ago, but so far not released.

The patch was pulled into Debian unstable via 0.1.0-5.

[ Impact ]
Severe, as schleuder-cli ceases to work, and throws a traceback due to
an "undefined method".

[ Tests ]
Tests were done both manually and via the upstream CI. The correctness
of the patch was confirmed via #1040257.

[ Risks ]
There should be none.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
An upstream patch was pulled in to correctly handle escaping values in
Ruby 3.1.

For details, see the attached debdiff of 0.1.0-4, as currently present
in bookworm, and 0.1.0-4+deb12u1.

Thanks for your work!

Cheers,
Georg
diff -Nru schleuder-cli-0.1.0/debian/changelog schleuder-cli-0.1.0/debian/changelog
--- schleuder-cli-0.1.0/debian/changelog	2021-02-01 22:47:06.0 +
+++ schleuder-cli-0.1.0/debian/changelog	2023-07-10 16:06:00.0 +
@@ -1,3 +1,11 @@
+schleuder-cli (0.1.0-4+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+- Pull in upstream patch to fix escaping values in Ruby 3.
+  (Closes: #1040257)
+
+ -- Georg Faerber   Mon, 10 Jul 2023 16:06:00 +
+
 schleuder-cli (0.1.0-4) unstable; urgency=medium
 
   [ Utkarsh Gupta ]
diff -Nru schleuder-cli-0.1.0/debian/patches/0004-Ruby-3-fix-escaping-values.patch schleuder-cli-0.1.0/debian/patches/0004-Ruby-3-fix-escaping-values.patch
--- schleuder-cli-0.1.0/debian/patches/0004-Ruby-3-fix-escaping-values.patch	1970-01-01 00:00:00.0 +
+++ schleuder-cli-0.1.0/debian/patches/0004-Ruby-3-fix-escaping-values.patch	2023-07-10 16:06:00.0 +
@@ -0,0 +1,31 @@
+Description: Ruby 3: fix escaping values
+Origin: https://0xacab.org/schleuder/schleuder-cli/-/commit/68754cf94cc2d9b2a400ff19d2e48a7ffa2ec1f2
+Reviewed-by: Georg Faerber 
+Last-Update: 2023-07-10
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: schleuder-cli/lib/schleuder-cli.rb
+===
+--- schleuder-cli.orig/lib/schleuder-cli.rb	2023-07-10 15:42:53.037304520 +
 schleuder-cli/lib/schleuder-cli.rb	2023-07-10 15:42:53.029303960 +
+@@ -3,6 +3,7 @@
+ require 'pathname'
+ require 'net/https'
+ require 'uri'
++require 'cgi'
+ require 'singleton'
+ require 'yaml'
+ require 'base64'
+Index: schleuder-cli/lib/schleuder-cli/helper.rb
+===
+--- schleuder-cli.orig/lib/schleuder-cli/helper.rb	2023-07-10 15:42:53.037304520 +
 schleuder-cli/lib/schleuder-cli/helper.rb	2023-07-10 15:42:53.029303960 +
+@@ -19,7 +19,7 @@
+   u = "/#{args.join('/')}.json"
+   if params
+ paramstring  = params.map do |k,v|
+-  "#{URI.escape(k.to_s)}=#{URI.escape(v.to_s)}"
++  "#{CGI.escape(k.to_s)}=#{CGI.escape(v.to_s)}"
+ end.join('&')
+ u << "?#{paramstring}"
+   end
diff -Nru schleuder-cli-0.1.0/debian/patches/series schleuder-cli-0.1.0/debian/patches/series
--- schleuder-cli-0.1.0/debian/patches/series	2021-02-01 22:47:06.0 +
+++ schleuder-cli-0.1.0/debian/patches/series	2023-07-10 16:06:00.0 +
@@ -1,3 +1,4 @@
+0004-Ruby-3-fix-escaping-values.patch
 0003-gemspec-relax-thor-version.patch
 0002-spec-remove-bundler.patch
 0001-lib-use-require-instead-of-require-relative.patch
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040818: marked as done (bookworm-pu: package libxml2/2.9.14+dfsg-1.3~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040818,
regarding bookworm-pu: package libxml2/2.9.14+dfsg-1.3~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040818: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040818
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libx...@packages.debian.org, car...@debian.org
Control: affects -1 + src:libxml2

Hi stable release managers,

[ Reason ]
libxml2 in bookworm and older is affected by CVE-2022-2309.
The issue does not warrant a DSA, so I prepared an update to be
included in the next point release.

[ Impact ]
CVE-2022-2309 remains open for bookworm.

[ Tests ]
None specifically.

[ Risks ]
The two commits are isolated.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The two commits from upstream do reset ctxt->nsNr to 0 in xmlCtxtReset
(the original report) and as well in htmlCtxtReset to address the
issue in libxml2.

[ Other info ]
None.

Thanks for considering accepting the update as well for bookworm. I'm
aiming as well to do the same for bullseye-pu, but this has not been
done yet.

Regards,
Salvatore
diff -Nru libxml2-2.9.14+dfsg/debian/changelog 
libxml2-2.9.14+dfsg/debian/changelog
--- libxml2-2.9.14+dfsg/debian/changelog2023-04-15 16:25:06.0 
+0200
+++ libxml2-2.9.14+dfsg/debian/changelog2023-07-10 21:58:07.0 
+0200
@@ -1,3 +1,17 @@
+libxml2 (2.9.14+dfsg-1.3~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm
+
+ -- Salvatore Bonaccorso   Mon, 10 Jul 2023 21:58:07 +0200
+
+libxml2 (2.9.14+dfsg-1.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Reset nsNr in xmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+  * Also reset nsNr in htmlCtxtReset (CVE-2022-2309) (Closes: #1039991)
+
+ -- Salvatore Bonaccorso   Sat, 08 Jul 2023 21:18:29 +0200
+
 libxml2 (2.9.14+dfsg-1.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru 
libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch 
libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch
--- libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch   
1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/Also-reset-nsNr-in-htmlCtxtReset.patch   
2023-07-10 21:58:07.0 +0200
@@ -0,0 +1,27 @@
+From: Nick Wellnhofer 
+Date: Thu, 28 Jul 2022 21:35:17 +0200
+Subject: Also reset nsNr in htmlCtxtReset
+origin: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2309
+Bug-Debian: https://bugs.debian.org/1039991
+
+---
+ HTMLparser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index 9079fa8aa52d..1520663ba2af 100644
+--- a/HTMLparser.c
 b/HTMLparser.c
+@@ -6743,6 +6743,8 @@ htmlCtxtReset(htmlParserCtxtPtr ctxt)
+ ctxt->nameNr = 0;
+ ctxt->name = NULL;
+ 
++ctxt->nsNr = 0;
++
+ DICT_FREE(ctxt->version);
+ ctxt->version = NULL;
+ DICT_FREE(ctxt->encoding);
+-- 
+2.40.1
+
diff -Nru libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch 
libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch
--- libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch 
1970-01-01 01:00:00.0 +0100
+++ libxml2-2.9.14+dfsg/debian/patches/Reset-nsNr-in-xmlCtxtReset.patch 
2023-07-10 21:58:07.0 +0200
@@ -0,0 +1,27 @@
+From: Nick Wellnhofer 
+Date: Mon, 18 Jul 2022 20:59:45 +0200
+Subject: Reset nsNr in xmlCtxtReset
+origin: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2309
+Bug-Debian: https://bugs.debian.org/1039991
+
+---
+ parser.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d278638dd6d4..e660b0a7d499 100644
+--- a/parser.c
 b/parser.c
+@@ -14820,6 +14820,8 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
+ ctxt->nameNr = 0;
+ ctxt->name = NULL;
+ 
++ctxt->nsNr = 0;
++
+ DICT_FREE(ctxt->version);
+ ctxt->version = NULL;
+ DICT_FREE(ctxt->encoding);
+--

Bug#1040799: marked as done (nmu: libnginx-mod-http-modsecurity_1.0.3-1+b1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040799,
regarding nmu: libnginx-mod-http-modsecurity_1.0.3-1+b1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040799: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040799
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:libnginx-mod-http-modsecurity
X-Debbugs-Cc: libnginx-mod-http-modsecur...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal

nmu libnginx-mod-http-modsecurity_1.0.3-1+b1 . ANY . bookworm . -m "Closes: 
1037226"
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040765: marked as done (bookworm-pu: package nvidia-modprobe/535.54.03-1~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040765,
regarding bookworm-pu: package nvidia-modprobe/535.54.03-1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040765: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040765
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
In prepararion to upgrading nvidia-graphics-drivers(-tesla) to the 535
series (a new LTSB branch announced last week and supported until
June 2026, i.e. sufficient for bookworm) I'd like to update
nvidia-modprobe to a new upstream release.

[ Impact ]
The 525 series currently in sid/bookworm is only supported until the end
of this year.

[ Tests ]
n/a

[ Risks ]
Low. No functional changes.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Except for the version bump there are no code changes. The backported
patch is now part of the upstream release. This is a rebuild of the
package from sid with no further changes.

[ Other info ]
nvidia-graphics-drivers has a versioned dependency on nvidia-modprobe
(>= $MAJOR_VERSION) to ensure we don't miss (again) the rare cases where
nvidia-modprobe actually had code changes. That version works with all
driver series, so we can start with uploading nvidia-modprobe even if
the driver packages are not yet ready.


Andreas
diff --git a/debian/changelog b/debian/changelog
index 0ad05af..9ce25ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+nvidia-modprobe (535.54.03-1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm.
+
+ -- Andreas Beckmann   Mon, 10 Jul 2023 00:10:07 +0200
+
+nvidia-modprobe (535.54.03-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Andreas Beckmann   Sun, 02 Jul 2023 20:36:35 +0200
+
 nvidia-modprobe (530.30.02-2) unstable; urgency=medium
 
   * Updated nvidia-modprobe to create symbolic links in /dev/char when
@@ -73,6 +85,18 @@ nvidia-modprobe (495.44-1) experimental; urgency=medium
 
  -- Andreas Beckmann   Sun, 07 Nov 2021 09:19:56 +0100
 
+nvidia-modprobe (470.182.03-1) bullseye; urgency=medium
+
+  * New upstream release.
+- Updated nvidia-modprobe to create symbolic links in /dev/char when
+  creating the /dev/nvidia* device nodes. This resolves an issue that
+  prevented the device nodes from working with newer versions of runc:
+  https://github.com/opencontainers/runc/issues/3708
+  * Update Lintian overrides.
+  * Upload to bullseye.
+
+ -- Andreas Beckmann   Sun, 16 Apr 2023 21:40:37 +0200
+
 nvidia-modprobe (470.103.01-1~deb11u1) bullseye; urgency=medium
 
   * Rebuild for bullseye.
diff --git a/debian/copyright b/debian/copyright
index 415c397..26ebb3f 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -9,7 +9,8 @@ Disclaimer:
  NVIDIA drivers in non-free.
 
 Files: *
-Copyright: Copyright (C) 2004-2021 NVIDIA Corporation
+Copyright:
+ Copyright (C) 2004-2023 NVIDIA Corporation
 License: Expat
 
 Files: modprobe-utils/pci-enum.h
diff --git a/debian/patches/dev-char-symlink.patch 
b/debian/patches/dev-char-symlink.patch
deleted file mode 100644
index b7e7994..000
--- a/debian/patches/dev-char-symlink.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-commit ec487af278c3603f785e6829023dc1675c66a236
-Author: Aaron Plattner 
-Date:   Thu Mar 30 11:10:10 2023 -0700
-
-525.105.17
-
-diff --git a/modprobe-utils/nvidia-modprobe-utils.c 
b/modprobe-utils/nvidia-modprobe-utils.c
-index 7437751..1a2144f 100644
 a/modprobe-utils/nvidia-modprobe-utils.c
-+++ b/modprobe-utils/nvidia-modprobe-utils.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2013, NVIDIA CORPORATION.
-+ * Copyright (c) 2013-2023, NVIDIA CORPORATION.
-  *
-  * Permission is hereby granted, free of charge, to any person
-  * obtaining a copy of this software and associated documentation
-@@ -42,6 +42,7 @@
- #include "nvidia-modprobe-utils.h"
- #include "pci-enum.h"
- 
-+#define NV_DEV_PATH "/dev/"
- #define NV_PROC_MODPROBE_PATH "/proc/sys/kernel/modprobe"
- #define NV_PROC_MODULES_PATH "/proc/modules"
- #define NV_PROC_DEVICES_PATH "/proc/devices"
-@@ -502,6 +503,75 @@ int nvidia_get_file_state(int minor)
- return state;
- }
- 
-+/*
-+ * Symbolically link the /dev/char/ file to the given
-+ * device node.
-+ */

Bug#1040760: marked as done (bookworm-pu: package marco/1.26.1-3+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040760,
regarding bookworm-pu: package marco/1.26.1-3+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040760: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040760
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ma...@packages.debian.org
Control: affects -1 + src:marco

[ Reason ]
In cases where users run KDE apps such as kwrite or kcalc in a MATE
desktop session as superuser it happens that window titles in
mate-panel/tasklist (libwnck) show only " (as superuser)". When trying
nedit, nedit-ng, and gedit, etc. those don't seem to trigger this.

[ Impact ]
UI/UX improvement for MATE users using KDE apps.

[ Tests ]
Code review. Local test on bookworm system (launch kwrite as root in
MATE desktop session). Issue reported in #1040752 could be reproduced.
Updating to marco 1.26.1-3+deb12u1 resolves the issue.

[ Risks ]
Minimal. MATE's window manager might show regressions in handling window
titles.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
++ Add 0004_show-correct-window-title-when-owned-by-superuser.patch. Fix
+  window titles sometimes shown incorrectly when owned as root. This
+  affects mostly KDE apps if they are run on MATE. (Closes: #1040752).

[ Other info ]
None.
diff -Nru marco-1.26.1/debian/changelog marco-1.26.1/debian/changelog
--- marco-1.26.1/debian/changelog   2023-04-26 07:46:12.0 +0200
+++ marco-1.26.1/debian/changelog   2023-07-10 06:47:02.0 +0200
@@ -1,3 +1,12 @@
+marco (1.26.1-3+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
++ Add 0004_show-correct-window-title-when-owned-by-superuser.patch. Fix
+  window titles sometimes shown incorrectly when owned as root. This
+  affects mostly KDE apps if they are run on MATE. (Closes: #1040752).
+
+ -- Mike Gabriel   Mon, 10 Jul 2023 06:47:02 
+0200
+
 marco (1.26.1-3) unstable; urgency=medium
 
   * Revert "debian/control: Drop B-D: libxpresent-dev." introduced with
diff -Nru 
marco-1.26.1/debian/patches/0004_show-correct-window-title-when-owned-by-superuser.patch
 
marco-1.26.1/debian/patches/0004_show-correct-window-title-when-owned-by-superuser.patch
--- 
marco-1.26.1/debian/patches/0004_show-correct-window-title-when-owned-by-superuser.patch
1970-01-01 01:00:00.0 +0100
+++ 
marco-1.26.1/debian/patches/0004_show-correct-window-title-when-owned-by-superuser.patch
2023-07-10 06:44:37.0 +0200
@@ -0,0 +1,22 @@
+From 730ed9dc454e97f569df8a92ac065a1afcc05baa Mon Sep 17 00:00:00 2001
+From: insaner 
+Date: Wed, 25 Jan 2023 21:35:07 -0500
+Subject: [PATCH] Show correct window title when owned by superuser. Issue #749
+
+---
+ src/core/window-props.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/window-props.c b/src/core/window-props.c
+index 71c9d203c..3a01f6f6f 100644
+--- a/src/core/window-props.c
 b/src/core/window-props.c
+@@ -489,7 +489,7 @@ set_title_text (MetaWindow  *window,
+ 
+   g_free (*target);
+ 
+-  if (!title)
++  if (!title || g_utf8_strlen (title, 2) < 1)
+ *target = g_strdup ("");
+   else if (g_utf8_strlen (title, MAX_TITLE_LENGTH + 1) > MAX_TITLE_LENGTH)
+ {
diff -Nru marco-1.26.1/debian/patches/series marco-1.26.1/debian/patches/series
--- marco-1.26.1/debian/patches/series  2023-04-25 15:34:49.0 +0200
+++ marco-1.26.1/debian/patches/series  2023-07-10 06:45:35.0 +0200
@@ -1,6 +1,6 @@
-
 _shadows.patch
 1001_marco-Add-cmdline-option-no-keybindings-for-disablin.patch
 0001_test-retval-from-XResQueryClientIds.patch
 0002_test-xres-1.2-is-present.patch
 0003_test-if-XResQueryClientIds-is-available.patch
+0004_show-correct-window-title-when-owned-by-superuser.patch
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040739: marked as done (bookworm-pu: package desktop-base/12.0.6+nmu1~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040739,
regarding bookworm-pu: package desktop-base/12.0.6+nmu1~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040739: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040739
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
When the emeral theme was added to the alternatives, it was forgotten to
add that to the alternatives removal, too.

[ Impact ]
Leaving broken alternatives after package removal, probably only
noticable by QA tooling.

[ Tests ]
local piuparts tests of all bullseye->bookworm upgrades that have
desktop-base installed, using the new package version in the bookworm
upgrade target.

[ Risks ]
low, alternatives addition/removal is using for loops, this patch
just adds some entries to each of the removal loops

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [ ] the issue is verified as fixed in unstable
  the NMU will come out of DELAYED in 12 hours

[ Changes ]
prerm: remove all emerald alternatives created by the postinst

[ Other info ]
This is a rebuild of the package (soon) from sid with no further
changes.


Andreas
diff -Nru desktop-base-12.0.6/debian/changelog 
desktop-base-12.0.6+nmu1~deb12u1/debian/changelog
--- desktop-base-12.0.6/debian/changelog2023-04-13 21:58:23.0 
+0200
+++ desktop-base-12.0.6+nmu1~deb12u1/debian/changelog   2023-07-09 
23:27:38.0 +0200
@@ -1,3 +1,16 @@
+desktop-base (12.0.6+nmu1~deb12u1) bookworm; urgency=medium
+
+  * Rebuild for bookworm.
+
+ -- Andreas Beckmann   Sun, 09 Jul 2023 23:27:38 +0200
+
+desktop-base (12.0.6+nmu1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * prerm: Remove the emerald alternatives, too.  (Closes: #1035431)
+
+ -- Andreas Beckmann   Fri, 30 Jun 2023 12:36:56 +0200
+
 desktop-base (12.0.6) unstable; urgency=medium
 
   * Fix LUKS password not being shown in multi-screen setup with mixed aspect
diff -Nru desktop-base-12.0.6/debian/prerm 
desktop-base-12.0.6+nmu1~deb12u1/debian/prerm
--- desktop-base-12.0.6/debian/prerm2022-10-02 21:24:41.0 +0200
+++ desktop-base-12.0.6+nmu1~deb12u1/debian/prerm   2023-06-30 
12:36:11.0 +0200
@@ -16,6 +16,7 @@
 desktop-background \
 
/usr/share/desktop-base/$theme-theme/wallpaper/contents/images/$filename
 done << EOF
+emerald 1920x1080.svg
 homeworld 1920x1080.svg
 futureprototype 1920x1080.svg
 moonlight 1920x1080.svg
@@ -58,6 +59,7 @@
 desktop-background.xml \
 /usr/share/desktop-base/$theme-theme/wallpaper/gnome-background.xml
 done << EOF
+emerald
 homeworld
 futureprototype
 moonlight
@@ -79,6 +81,7 @@
 desktop-lockscreen.xml \
 
/usr/share/desktop-base/$theme-theme/lockscreen/gnome-background.xml
 done << EOF
+emerald
 homeworld
 futureprototype
 moonlight
@@ -99,6 +102,7 @@
 desktop-plasma5-wallpaper \
 /usr/share/desktop-base/$theme-theme/wallpaper
 done << EOF
+emerald
 homeworld
 futureprototype
 moonlight
@@ -121,6 +125,7 @@
 desktop-login-background \
 /usr/share/desktop-base/$theme-theme/login/$background
 done << EOF
+emerald background.svg
 homeworld background.svg
 futureprototype background.svg
 moonlight background.svg
@@ -141,6 +146,8 @@
 desktop-grub \
 /usr/share/desktop-base/$theme-theme/grub/grub-$ratio.png
 done << EOF
+emerald 4x3
+emerald 16x9
 homeworld 4x3
 homeworld 16x9
 futureprototype 4x3
@@ -182,6 +189,7 @@
 desktop-theme \
 /usr/share/desktop-base/$theme-theme
 done << EOF
+emerald
 futureprototype
 moonlight
 softwaves
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040756: marked as done (bookworm-pu: package spip/4.1.9+dfsg-1+deb12u2)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:43 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040756,
regarding bookworm-pu: package spip/4.1.9+dfsg-1+deb12u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040756
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: s...@packages.debian.org
Control: affects -1 + src:spip

Another upstream release fixed a security issue. It introduces some
factorisation adding two more clean up in sessions. We agreed with the
security team that this don’t warrant a DSA.

https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-4-SPIP-4-1-11.html

The 4.1 branch is mostly in maintenance mode, and the patches have been
cherry-picked directly from upstream.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Thanks in advance.

Regards,

taffit
diff -Nru spip-4.1.9+dfsg/debian/changelog spip-4.1.9+dfsg/debian/changelog
--- spip-4.1.9+dfsg/debian/changelog	2023-06-11 15:38:54.0 +0200
+++ spip-4.1.9+dfsg/debian/changelog	2023-07-08 20:29:04.0 +0200
@@ -1,3 +1,11 @@
+spip (4.1.9+dfsg-1+deb12u2) bookworm; urgency=medium
+
+  * Backport security fix from 4.1.11
+- use an auth_desensibiliser_session() function to centralize extended
+  authentification data filtering.
+
+ -- David Prévot   Sat, 08 Jul 2023 20:29:04 +0200
+
 spip (4.1.9+dfsg-1+deb12u1) bookworm; urgency=medium
 
   [ David Prévot ]
diff -Nru spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une-fonction-d-di-e-pour-nettoyer-.patch spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une-fonction-d-di-e-pour-nettoyer-.patch
--- spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une-fonction-d-di-e-pour-nettoyer-.patch	1970-01-01 01:00:00.0 +0100
+++ spip-4.1.9+dfsg/debian/patches/0009-security-Utiliser-une-fonction-d-di-e-pour-nettoyer-.patch	2023-07-08 20:25:35.0 +0200
@@ -0,0 +1,69 @@
+From: Cerdic 
+Date: Mon, 3 Jul 2023 10:23:02 +0200
+Subject: =?utf-8?q?security=3A_Utiliser_une_fonction_d=C3=A9di=C3=A9e_pour_?=
+ =?utf-8?q?nettoyer_les_donn=C3=A9es_d=E2=80=99auteur_lors_de_la_pr=C3=A9pa?=
+ =?utf-8?q?ration_d=E2=80=99une_session?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+- Ajout d’une fonction `auth_desensibiliser_session()` pour desensibiliser une ligne auteur,
+- qu'on utilise lors de la preparation d'une session
+- et dans informer_login
+
+Refs:  spip-team/securite#4847
+(cherry picked from commit 2e4d6273cee8ec63ce7f565a73262a8aae70b7bb)
+
+Origin: upstream, https://git.spip.net/spip/spip/commit/f1d2351c90a6127cab354be1647662ec5e941676
+---
+ ecrire/inc/auth.php | 23 ++-
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/ecrire/inc/auth.php b/ecrire/inc/auth.php
+index 85d5ab1..6185aff 100644
+--- a/ecrire/inc/auth.php
 b/ecrire/inc/auth.php
+@@ -250,11 +250,7 @@ function auth_init_droits($row) {
+ 	$GLOBALS['visiteur_session'] = array_merge((array)$GLOBALS['visiteur_session'], $row);
+ 
+ 	// au cas ou : ne pas memoriser les champs sensibles
+-	unset($GLOBALS['visiteur_session']['pass']);
+-	unset($GLOBALS['visiteur_session']['htpass']);
+-	unset($GLOBALS['visiteur_session']['alea_actuel']);
+-	unset($GLOBALS['visiteur_session']['alea_futur']);
+-	unset($GLOBALS['visiteur_session']['ldap_password']);
++	$GLOBALS['visiteur_session'] = auth_desensibiliser_session($GLOBALS['visiteur_session']);
+ 
+ 	// creer la session au besoin
+ 	if (!isset($_COOKIE['spip_session'])) {
+@@ -314,6 +310,22 @@ function auth_init_droits($row) {
+ 	return ''; // i.e. pas de pb.
+ }
+ 
++/**
++ * Enlever les clés sensibles d'une ligne auteur
++ * @param array $auteur
++ * @return array
++ */
++function auth_desensibiliser_session(array $auteur) {
++	$cles_sensibles = ['pass', 'htpass', 'alea_actuel', 'alea_futur', 'ldap_password', 'backup_cles'];
++	foreach ($cles_sensibles as $cle) {
++		if (isset($auteur[$cle])) {
++			unset($auteur[$cle]);
++		}
++	}
++
++	return $auteur;
++}
++
+ /**
+  * Retourne l'url de connexion
+  *
+@@ -480,6 +492,7 @@ function auth_informer_login($login, $serveur = '') {
+ 	}
+ 
+ 	$prefs = @unserialize($row['prefs']);

Bug#1040713: marked as done (bookworm-pu: package installation-guide/20230508+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040713,
regarding bookworm-pu: package installation-guide/20230508+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040713: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040713
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

Hi,

some months ago, we received a new, complete translation of the 
installation-guide
into Indonesian.
However, I failed to turn all needed wheels, to get this translation into the
package completely. 
Therefore, Indonesian translation is currently not visible on debian.org :-(

So I ask for this minor update to get that into stable (bookworm).

debdiff attached.

Thanks for considering.


Holger

-- 
Holger Wansing 
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076
diff -Nru installation-guide-20230508/debian/changelog 
installation-guide-20230508+deb12u1/debian/changelog
--- installation-guide-20230508/debian/changelog2023-05-08 
22:47:33.0 +0200
+++ installation-guide-20230508+deb12u1/debian/changelog2023-07-09 
15:25:17.0 +0200
@@ -1,3 +1,11 @@
+installation-guide (20230508+deb12u1) bookworm; urgency=medium
+
+  [ Holger Wansing ]
+  * Add Indonesian (as a recently added new translation) to langlist, to get
+this translation into the package.
+
+ -- Samuel Thibault   Sun, 09 Jul 2023 15:25:17 +0200
+
 installation-guide (20230508) unstable; urgency=medium
 
   [ Samuel Thibault ]
diff -Nru installation-guide-20230508/debian/langlist 
installation-guide-20230508+deb12u1/debian/langlist
--- installation-guide-20230508/debian/langlist 2023-05-08 22:47:33.0 
+0200
+++ installation-guide-20230508+deb12u1/debian/langlist 2023-06-23 
01:16:32.0 +0200
@@ -12,6 +12,7 @@
 #fiFinnish
 fr French
 #huHungarian
+id Indonesian
 it Italian
 ja Japanese
 #kab   Kabyle
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040683: marked as done (bookworm-pu: package node-webpack/5.75.0+dfsg+~cs17.16.14-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040683,
regarding bookworm-pu: package node-webpack/5.75.0+dfsg+~cs17.16.14-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: node-webp...@packages.debian.org
Control: affects -1 + src:node-webpack

[ Reason ]
node-webpack is vulnerable to cross-realm object access
(#1032904, CVE-2023-28154).

[ Impact ]
Medium security issue

[ Tests ]
Test updated, passed

[ Risks ]
Low risk, patch is trivial

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

Regards,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 0053d7ee..a07dd9d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-webpack (5.75.0+dfsg+~cs17.16.14-1+deb12u1) bookworm; urgency=medium
+
+  * Team upload
+  * Avoid cross-realm objects (Closes: #1032904, CVE-2023-28154)
+
+ -- Yadd   Mon, 29 May 2023 07:53:16 +0400
+
 node-webpack (5.75.0+dfsg+~cs17.16.14-1) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/CVE-2023-28154.patch 
b/debian/patches/CVE-2023-28154.patch
new file mode 100644
index ..2f651167
--- /dev/null
+++ b/debian/patches/CVE-2023-28154.patch
@@ -0,0 +1,80 @@
+Description: avoid cross-realm objects
+Author: Jack Works 
+Origin: upstream, https://github.com/webpack/webpack/commit/4b4ca3bb
+Bug: https://www.cve.org/CVERecord?id=CVE-2023-28154
+Bug-Debian: https://bugs.debian.org/1032904
+Forwarded: not-needed
+Applied-Upstream: 5.76.1, commit:4b4ca3bb
+Reviewed-By: Yadd 
+Last-Update: 2023-05-29
+
+--- a/lib/dependencies/ImportParserPlugin.js
 b/lib/dependencies/ImportParserPlugin.js
+@@ -137,7 +137,7 @@
+   if (importOptions.webpackInclude !== undefined) 
{
+   if (
+   !importOptions.webpackInclude ||
+-  
importOptions.webpackInclude.constructor.name !== "RegExp"
++  !(importOptions.webpackInclude 
instanceof RegExp)
+   ) {
+   parser.state.module.addWarning(
+   new 
UnsupportedFeatureWarning(
+@@ -146,13 +146,13 @@
+   )
+   );
+   } else {
+-  include = new 
RegExp(importOptions.webpackInclude);
++  include = 
importOptions.webpackInclude;
+   }
+   }
+   if (importOptions.webpackExclude !== undefined) 
{
+   if (
+   !importOptions.webpackExclude ||
+-  
importOptions.webpackExclude.constructor.name !== "RegExp"
++  !(importOptions.webpackExclude 
instanceof RegExp)
+   ) {
+   parser.state.module.addWarning(
+   new 
UnsupportedFeatureWarning(
+@@ -161,7 +161,7 @@
+   )
+   );
+   } else {
+-  exclude = new 
RegExp(importOptions.webpackExclude);
++  exclude = 
importOptions.webpackExclude;
+   }
+   }
+   if (importOptions.webpackExports !== undefined) 
{
+--- a/lib/javascript/JavascriptParser.js
 b/lib/javascript/JavascriptParser.js
+@@ -3635,17 +3635,27 @@
+   return EMPTY_COMMENT_OPTIONS;
+   }
+   let options =

Bug#1040623: marked as done (bookworm-pu: package bup/0.33.2-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040623,
regarding bookworm-pu: package bup/0.33.2-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040623: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: b...@packages.debian.org, r...@defaultvalue.org
Control: affects -1 + src:bup

Hi,

[ Reason ]
I'd like to update the version of bup in bookworm from 0.33-2 to
0.33.2-1+deb12u1, which incorporates two upstream bugfix releases for a
bug deemed important enough by upstream to issue point releases.

Quoting from the upstream release notes:

0.33.1:

* POSIX1e ACLs should be restored correctly now.  Previously there
  were two problems.

  First, bup incorrectly restored default (`ACL_TYPE_DEFAULT`) ACLs as
  access acls (`ACL_TYPE_ACCESS`).  When both existed, it restored the
  access ACL first and then the default ACL as an access ACL.  Now,
  bup should restore each with the proper type.  This issue only
  affects saves created on platforms where bup currently supports
  ACLs, so presumably mostly just saves created on Linux since the
  current ACL support depends on non-standard functions like
  `acl_extended(3)`.

  Second, bup stored ACLs in the `acl_to_any_text(3)` format with a
  newlne delimiter, when the standard (and `acl_from_text(3)` which
  restore depends on) requires commas.  Now bup uses commas, and
  translates previously created saves during restore when possible.
  If a previously created ACL entry contains a comma, then bup will
  give up, report an error, and skip it.  If nothing else, this could
  cause restores of relevant saves to fail on some platforms.

0.33.2:

* The fix for the POSIX1e ACL issue addressed by 0.33.1 should no
  longer crash due to a missing path argument.

[ Impact ]
See above; without the fix, backed up files with both default and access
ACLs would be restored incorrectly.

[ Tests ]
bup has an extensive test suite that is run by upstream's CI on multiple
platforms, and by the Debian buildd's when a new Debian release is
uploaded. New tests specifically cover this bug. I tested the updated
package on a machine running bookworm.

[ Risks ]
The bug fix is fairly short, but may not make much sense unless you
understand POSIX.1e ACLs. There is a risk with any update to the bup
package that saves or restores might begin erroring out, etc.; this
occurred in the initial upstream fix (0.33.1) which was corrected by the
followup fix (0.33.2). However, bup tries very hard not to lose data,
and the risk of losing data due to this package update is likely to be
much lower than the risk of breaking new saves or restores.

The upstream 0.33.1 and 0.33.2 releases were specifically targeted at
this issue and there aren't any unrelated changes like there would be in
a typical bup release which would contain many changes.

There are no real alternatives here other than not updating the package.
If a user is affected by an incorrect restore due to this bug, they
would need to identify that the ACLs had been incorrectly restored, then
find out about the issue in the old version of bup that they are
running, install a fixed version of bup, and then re-do their restore.
If they don't do so, they might run a system with files with incorrect
ACLs, which could open a security hole.

[ Checklist ]
  [✔] *all* changes are documented in the d/changelog
  [✔] I reviewed all changes and I approve them
  [✔] attach debdiff against the package in (old)stable
  [✔] the issue is verified as fixed in unstable

[ Changes ]
The upstream releases 0.33.1 and 0.33.2 were imported to the Debian
package, containing the bug fix (0.33.1), the updated bug fix (0.33.2),
some related fixes to the test infrastructure, and the test case.

The upstream shortlog:

Rob Browning (17):
  conftest.py: switch to Path to support pytest 7+
  conftest.py: restore support for pytest < 7
  configure: handle relative MAKE paths
  test_get: remove vestigial debug messages
  configure: allow and prefer python3.11-config; ignore 3.6
  buptest init: get quote from shlex not pipes
  test-comparative-split-join: accommodate varying HEAD names
  cirrus: move to freebsd 12.4 to fix rsync-related test failures
  compare-trees: add --features and disallow args with it and -h
  Restore

Bug#1040680: marked as done (bookworm-pu: package node-openpgp-seek-bzip/1.0.5-2+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040680,
regarding bookworm-pu: package node-openpgp-seek-bzip/1.0.5-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040680: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040680
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: node-openpgp-seek-b...@packages.debian.org
Control: affects -1 + src:node-openpgp-seek-bzip

[ Reason ]
src:node-openpgp-seek-bzip provides:
 * a Node.js module (node-openpgp-seek-bzip)
 * command-line scripts (seek-bzip)

This second package is unusable due to missing files and broken links.

[ Impact ]
/usr/bin/seek-bunzip and /usr/bin/seek-table are unusable

[ Tests ]
No changes

[ Risks ]
No risk, this just fix install

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Install missing /usr/share/nodejs/seek-bzip/bin files and fix links in
/usr/bin

Regards,
Yadd
diff --git a/debian/changelog b/debian/changelog
index daa35de..20dc0b2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-openpgp-seek-bzip (1.0.5-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload
+  * Fix seek-bzip install (Closes: #1040584)
+
+ -- Yadd   Sun, 09 Jul 2023 09:29:47 +0400
+
 node-openpgp-seek-bzip (1.0.5-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/nodejs/links b/debian/nodejs/links
index 0ff514c..6c89a6e 100644
--- a/debian/nodejs/links
+++ b/debian/nodejs/links
@@ -1,2 +1,2 @@
-@openpgp/seek-bzip/bin/seek-bunzip /usr/bin/seek-bunzip
-@openpgp/seek-bzip/bin/seek-bzip-table /usr/bin/seek-table
+seek-bzip/bin/seek-bunzip /usr/bin/seek-bunzip
+seek-bzip/bin/seek-bzip-table /usr/bin/seek-table
diff --git a/debian/seek-bzip.install b/debian/seek-bzip.install
index e772481..8bbbe8d 100644
--- a/debian/seek-bzip.install
+++ b/debian/seek-bzip.install
@@ -1 +1,2 @@
 usr/bin
+usr/share/nodejs/seek-bzip/bin
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040646: marked as done (bookworm-pu: package tang/11-2)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040646,
regarding bookworm-pu: package tang/11-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040646
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: t...@packages.debian.org
Control: affects -1 + src:tang

[ Reason ]
Fix https://security-tracker.debian.org/tracker/CVE-2023-1672 for
Debian 12 ("bookworm"), tagged "no-dsa (minor)" by the security team.

The problem of creating key material without restrictive file
permissions probably existed upstream since always. Up to and including
Debian 10 ("buster") however, this situation was caught by enforcing
restrictive permissions on the key directory.

With Debian 11 ("bullseye") a change in the creation of that directory
caused it to be created with a too permissive mode. That will be
addressed in a separature upload that requires more testing.

For Debian 12 ("bookworm"), this request here, stricter permissions were
already implemented and they are enforced during upgrade, however with a
small window during installation of the package.

[ Impact ]
The small time window as mentioned above will stay. Also this would
continue to put users at risk who configured a different key directory
but did not enforce restrictive access permissions.

[ Tests ]
None that I'm aware of.

[ Risks ]
The changes are small and rather straight-forward. I'd be surprised if
they introduce problems.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable (14.1)

[ Changes ]
* Assert restrictive permissions of the key directory in Debian's
  postinst.
  For regular users and new instaaltions.
* Upstream's change to create the key file with restrictive
  permissions.
  Mostly for users who configure a different key directory.

Regards,

Christoph

diff -Nru tang-11/debian/changelog tang-11/debian/changelog
--- tang-11/debian/changelog2022-10-15 15:00:56.0 +0200
+++ tang-11/debian/changelog2023-07-08 12:49:07.0 +0200
@@ -1,3 +1,11 @@
+tang (11-2+deb12u1) bookworm; urgency=medium
+
+  * Fix CVE-2023-1672. Closes: #1038119
+- Cherry-pick "Fix race condition when creating/rotating keys"
+- Assert restrictive permissions on tang's key directory
+
+ -- Christoph Biedl   Sat, 08 Jul 2023 
12:49:07 +0200
+
 tang (11-2) unstable; urgency=medium
 
   * Tighten access permissions of the key directory
diff -Nru 
tang-11/debian/patches/bookworm/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
 
tang-11/debian/patches/bookworm/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
--- 
tang-11/debian/patches/bookworm/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
  1970-01-01 01:00:00.0 +0100
+++ 
tang-11/debian/patches/bookworm/1686750800.v13-3-g8dbbed1.fix-race-condition-when-creating-rotating-keys-123.patch
  2023-07-08 12:49:07.0 +0200
@@ -0,0 +1,66 @@
+Subject: Fix race condition when creating/rotating keys (#123)
+Origin: v13-3-g8dbbed1 
+Upstream-Author: Sergio Correia 
+Date: Wed Jun 14 10:53:20 2023 -0300
+
+When we create/rotate keys using either the tangd-keygen and
+tangd-rotate-keys helpers, there is a small window between the
+keys being created and then the proper ownership permissions being
+set. This also happens when there are no keys and tang creates a
+pair of keys itself.
+
+In certain situations, such as the keys directory having wide open
+permissions, a user with local access could exploit this race
+condition and read the keys before they are set to more restrictive
+permissions.
+
+To prevent this issue, we now set the default umask to 0337 before
+creating the files, so that they are already created with restrictive
+permissions; afterwards, we set the proper ownership as usual.
+
+Issue reported by Brian McDermott of CENSUS labs.
+
+Fixes CVE-2023-1672
+
+
+Reviewed-by: Sergio Arroutbi 
+Signed-off-by: Sergio Correia 
+
+--- a/src/keys.c
 b/src/keys.c
+@@ -307,6 +307,9 @@
+ {
+ const char*

Bug#1040563: marked as done (bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040563,
regarding bookworm-pu: package node-tough-cookie/4.0.0-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040563: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040563
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: node-tough-coo...@packages.debian.org
Control: affects -1 + src:node-tough-cookie

[ Reason ]
node-tough-cookie is vulnerable to prototype pollution

[ Impact ]
Littel security issue

[ Tests ]
Test updated, passed

[ Risks ]
No risk, patch is trivial and tested

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Create new object instead of using default {}

Cheers,
Yadd
diff --git a/debian/changelog b/debian/changelog
index 3652359..a8e8b7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-tough-cookie (4.0.0-2+deb12u1) bookworm; urgency=medium
+
+  * Team upload
+  * Fix prototype pollution (Closes: CVE-2023-26136)
+
+ -- Yadd   Fri, 07 Jul 2023 20:57:36 +0400
+
 node-tough-cookie (4.0.0-2) unstable; urgency=medium
 
   * Team upload
diff --git a/debian/patches/CVE-2023-26136.patch 
b/debian/patches/CVE-2023-26136.patch
new file mode 100644
index 000..05e6372
--- /dev/null
+++ b/debian/patches/CVE-2023-26136.patch
@@ -0,0 +1,71 @@
+Description: Fix prototype pollution
+ CVE-2023-26136
+Author: Yadd 
+Forwarded: not-needed
+Last-Update: 2023-07-07
+
+--- a/lib/memstore.js
 b/lib/memstore.js
+@@ -39,7 +39,7 @@
+   constructor() {
+ super();
+ this.synchronous = true;
+-this.idx = {};
++this.idx = Object.create(null);
+ if (util.inspect.custom) {
+   this[util.inspect.custom] = this.inspect;
+ }
+@@ -109,10 +109,10 @@
+ 
+   putCookie(cookie, cb) {
+ if (!this.idx[cookie.domain]) {
+-  this.idx[cookie.domain] = {};
++  this.idx[cookie.domain] = Object.create(null);
+ }
+ if (!this.idx[cookie.domain][cookie.path]) {
+-  this.idx[cookie.domain][cookie.path] = {};
++  this.idx[cookie.domain][cookie.path] = Object.create(null);
+ }
+ this.idx[cookie.domain][cookie.path][cookie.key] = cookie;
+ cb(null);
+@@ -144,7 +144,7 @@
+ return cb(null);
+   }
+   removeAllCookies(cb) {
+-this.idx = {};
++this.idx = Object.create(null);
+ return cb(null);
+   }
+   getAllCookies(cb) {
+--- a/test/cookie_jar_test.js
 b/test/cookie_jar_test.js
+@@ -669,4 +669,29 @@
+   }
+ }
+   })
++  .addBatch({
++"Issue #282 - Prototype pollution": {
++  "when setting a cookie with the domain __proto__": {
++topic: function() {
++  const jar = new tough.CookieJar(undefined, {
++rejectPublicSuffixes: false
++  });
++  // try to pollute the prototype
++  jar.setCookieSync(
++"Slonser=polluted; Domain=__proto__; Path=/notauth",
++"https://__proto__/admin;
++  );
++  jar.setCookieSync(
++"Auth=Lol; Domain=google.com; Path=/notauth",
++"https://google.com/;
++  );
++  this.callback();
++},
++"results in a cookie that is not affected by the attempted prototype 
pollution": function() {
++  const pollutedObject = {};
++  assert(pollutedObject["/notauth"] === undefined);
++}
++  }
++}
++  })
+   .export(module);
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 000..67af372
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2023-26136.patch
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040502: marked as done (bookworm-pu: package rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040502,
regarding bookworm-pu: package 
rime-luna-pinyin/0.0~git20230204.79aeae2-3~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040502: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040502
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:rime-luna-pinyin
X-Debbugs-Cc: rime-luna-pin...@packages.debian.org eni...@petalmail.com
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: by...@debian.org
Severity: normal


[ Reason ]
Fix input method deployment error and bug in customizing input method
as reported in https://bugs.debian.org/1040403 . It is caused by
missing installation of pinyin.yaml from upstream source code to
binary package according to the upstream bug report at
https://github.com/rime/home/issues/1326 .

[ Impact ]
If the update is not approved, the user will not be able to customize
rime-luna-pinyin input method, and error message will occur every
time on startup.

[ Tests ]
Manual testing by myself and the original bug submitter.

[ Risks ]
Minimal risk. Difference between fixed package and problematic package
is only the missing pinyin.yaml file.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]

Full debdiff pasted here.

diff -Nru rime-luna-pinyin-0.0~git20230204.79aeae2/debian/changelog 
rime-luna-pinyin-0.0~git20230204.79aeae2/debian/changelog
--- rime-luna-pinyin-0.0~git20230204.79aeae2/debian/changelog   2023-02-20 
20:39:19.0 -0500
+++ rime-luna-pinyin-0.0~git20230204.79aeae2/debian/changelog   2023-07-06 
16:21:47.0 -0400
@@ -1,3 +1,16 @@
+rime-luna-pinyin (0.0~git20230204.79aeae2-3~deb12u1) bookworm; urgency=medium
+
+  * Upload to Debian Bookworm.
+
+ -- Boyuan Yang   Thu, 06 Jul 2023 16:21:47 -0400
+
+rime-luna-pinyin (0.0~git20230204.79aeae2-3) unstable; urgency=medium
+
+  * debian/rime-data-luna-pinyin.install: Also install missing
+pinyin schema data. (Closes: #1040403)
+
+ -- Boyuan Yang   Thu, 06 Jul 2023 11:46:15 -0400
+
 rime-luna-pinyin (0.0~git20230204.79aeae2-2) unstable; urgency=medium
 
   * debian/rime-data-luna-pinyin.install: Also install missing
diff -Nru 
rime-luna-pinyin-0.0~git20230204.79aeae2/debian/rime-data-luna-pinyin.install 
rime-luna-pinyin-0.0~git20230204.79aeae2/debian/rime-data-luna-pinyin.install
--- 
rime-luna-pinyin-0.0~git20230204.79aeae2/debian/rime-data-luna-pinyin.install   
2023-02-20 20:39:12.0 -0500
+++ 
rime-luna-pinyin-0.0~git20230204.79aeae2/debian/rime-data-luna-pinyin.install   
2023-07-06 11:51:03.0 -0400
@@ -1,2 +1,3 @@
 build/luna* usr/share/rime-data/build/
 *luna*.yaml usr/share/rime-data
+pinyin.yaml usr/share/rime-data

-- 
Best Regards,
Boyuan Yang



signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040505: marked as done (bookworm-pu: package rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040505,
regarding bookworm-pu: package rime-cantonese/0.0~git20230209.e0295fa-2~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040505: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040505
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:rime-cantonese
X-Debbugs-Cc: rime-canton...@packages.debian.org f...@debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: by...@debian.org
Severity: normal


[ Reason ]
This upload adds a missing file (word frequency file) to the
installation of binary package rime-data-jyut6ping3 to fix
https://bugs.debian.org/1037022 .

[ Impact ]
If the update is not approved, the rime-cantonese input method
will not show word candidates according to the frequency, which
makes it very difficult to use.

[ Tests ]
Manually tested by myself and the original bug submitter.

[ Risks ]
Minimal. Only a new file appears in the new binary package.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]

Full debdiff pasted below.

diff -Nru rime-cantonese-0.0~git20230209.e0295fa/debian/changelog 
rime-cantonese-0.0~git20230209.e0295fa/debian/changelog
--- rime-cantonese-0.0~git20230209.e0295fa/debian/changelog 2023-02-09 
12:49:08.0 -0500
+++ rime-cantonese-0.0~git20230209.e0295fa/debian/changelog 2023-07-06 
16:35:12.0 -0400
@@ -1,3 +1,18 @@
+rime-cantonese (0.0~git20230209.e0295fa-2~deb12u1) bookworm; urgency=medium
+
+  * Upload fix to Debian Bookworm.
+
+ -- Boyuan Yang   Thu, 06 Jul 2023 16:35:12 -0400
+
+rime-cantonese (0.0~git20230209.e0295fa-2) unstable; urgency=medium
+
+  * Team upload.
+  * Install new /usr/share/rime-data/essay-cantonese.txt vocabulary file
+so that the words and characters are sorted by their frequency
+for a smooth Cantonese typing experience like before. (Closes: #1037022)
+
+ -- Anthony Fok   Thu, 01 Jun 2023 14:32:16 -0600
+
 rime-cantonese (0.0~git20230209.e0295fa-1) unstable; urgency=medium
 
   * New upstream snapshot.
diff -Nru 
rime-cantonese-0.0~git20230209.e0295fa/debian/rime-data-jyut6ping3.install 
rime-cantonese-0.0~git20230209.e0295fa/debian/rime-data-jyut6ping3.install
--- rime-cantonese-0.0~git20230209.e0295fa/debian/rime-data-jyut6ping3.install  
2022-11-05 15:57:28.0 -0400
+++ rime-cantonese-0.0~git20230209.e0295fa/debian/rime-data-jyut6ping3.install  
2023-07-06 16:34:31.0 -0400
@@ -2,3 +2,4 @@
 jyut6ping3*.yaml usr/share/rime-data/
 opencc usr/share/rime-data/
 symbols_cantonese.yaml /usr/share/rime-data/
+essay-cantonese.txt /usr/share/rime-data/

-- 
Regards,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040435: marked as done (bookworm-pu: package postfix/3.7.4-2)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040435,
regarding bookworm-pu: package postfix/3.7.4-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040435
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

[ Reason ]
This is a regression relative to old stable on something that is
critical for a subset of postfix users.  Apparently, when I was updating
the package from postfix 3.6 to 3.7 I "temporarily" removed these
patches and then forgot to add them back in "later".  See #1040329.

I guess "now" is "later".

[ Impact ]
For most users, no impact, but for the subset of users that need to be
able to run postfix set-permissions, the package is unusable.

[ Tests ]
I did test this manually and also modified the autopkgtest to fail if
set-permissions fail to catch this in the future.

[ Risks ]
Risk is trivial.  This doesn't affect anyone who doesn't run
set-permissions and for those that do, the package is already broken.
For them, there's no real alternative.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
Updated and added back in the patches that update the files that
set-permissions looks for to match what Debian installs.

Updated the autopkgtest

[ Other info ]
There is already a stable-update pending, so the debdiff is relative to
that (and there's no overlap between it and this change).  Unstable is
not fixed yet.  Given the nearness of the point release and the impact
on stable users, I opted to git it sorted in stable first.  I will have
it uploaded to Unstable shortly.
diff -Nru postfix-3.7.6/debian/changelog postfix-3.7.6/debian/changelog
--- postfix-3.7.6/debian/changelog  2023-06-17 13:34:11.0 -0400
+++ postfix-3.7.6/debian/changelog  2023-07-05 17:18:24.0 -0400
@@ -1,3 +1,13 @@
+postfix (3.7.6-0+deb12u2) bookworm; urgency=medium
+
+  * Correct regression that caused postfix set-permissions to fail (Closes:
+#1040329)
+- Restore and update debian/patches/05_debian_manpage_differences.diff
+- Restore and update debian/patches/05_debian_readme_differences.diff
+  * Update autopkgtest to test postfix set-permissions
+
+ -- Scott Kitterman   Wed, 05 Jul 2023 17:18:24 -0400
+
 postfix (3.7.6-0+deb12u1) bookworm; urgency=medium
 
   [Scott Kitterman]
diff -Nru postfix-3.7.6/debian/patches/05_debian_manpage_differences.diff 
postfix-3.7.6/debian/patches/05_debian_manpage_differences.diff
--- postfix-3.7.6/debian/patches/05_debian_manpage_differences.diff 
1969-12-31 19:00:00.0 -0500
+++ postfix-3.7.6/debian/patches/05_debian_manpage_differences.diff 
2023-07-05 16:51:05.0 -0400
@@ -0,0 +1,159 @@
+Index: postfix-dev/conf/postfix-files
+===
+--- postfix-dev.orig/conf/postfix-files2019-03-01 11:07:21.045697994 
-0500
 postfix-dev/conf/postfix-files 2019-03-01 11:17:55.721711534 -0500
+@@ -166,79 +166,81 @@
+ #$config_directory/postfix-script-sgid:f:root:-:755:o
+ #$config_directory/postfix-script-nosgid:f:root:-:755:o
+ $config_directory/post-install:f:root:-:755:o
+-$manpage_directory/man1/mailq.1:f:root:-:644
+-$manpage_directory/man1/newaliases.1:f:root:-:644
+-$manpage_directory/man1/postalias.1:f:root:-:644
+-$manpage_directory/man1/postcat.1:f:root:-:644
+-$manpage_directory/man1/postconf.1:f:root:-:644
+-$manpage_directory/man1/postdrop.1:f:root:-:644
+-$manpage_directory/man1/postfix-tls.1:f:root:-:644
+-$manpage_directory/man1/postfix.1:f:root:-:644
+-$manpage_directory/man1/postkick.1:f:root:-:644
+-$manpage_directory/man1/postlock.1:f:root:-:644
+-$manpage_directory/man1/postlog.1:f:root:-:644
+-$manpage_directory/man1/postmap.1:f:root:-:644
+-$manpage_directory/man1/postmulti.1:f:root:-:644
+-$manpage_directory/man1/postqueue.1:f:root:-:644
+-$manpage_directory/man1/postsuper.1:f:root:-:644
+-$manpage_directory/man1/sendmail.1:f:root:-:644
+-$manpage_directory/man5/access.5:f:root:-:644
+-$manpage_directory/man5/aliases.5:f:root:-:644
+-$manpage_directory/man5/body_checks.5:f:root:-:644
+-$manpage_directory/man5/bounce.5:f:root:-:644
+-$manpage_directory/man5/canonical.5:f:root:-:644

Bug#1040449: marked as done (bookworm-pu: package smarty4/4.3.0-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040449,
regarding bookworm-pu: package smarty4/4.3.0-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040449
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: smar...@packages.debian.org
Control: affects -1 + src:smarty4

[ Reason ]
Resolve CVE-2023-28447 for smarty4 in bookworm.

[ Impact ]
Closure of vulnerability to execute arbitrary JavaScript code in the
context of the user's browser session.

[ Tests ]
Smoketest on system running GOsa² (smarty4 consumer).

[ Risks ]
Breakage of web packages in Debian that use smarty4.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
++ Add CVE-2023-28447.patch. Prohibit execution of arbitrary JavaScript code
+  in the context of the user's browser session. (Closes: #1033965,
+  CVE-2023-28447).

[ Other info ]
None.
diff -Nru smarty4-4.3.0/debian/changelog smarty4-4.3.0/debian/changelog
--- smarty4-4.3.0/debian/changelog  2023-01-14 23:22:18.0 +0100
+++ smarty4-4.3.0/debian/changelog  2023-07-06 06:04:52.0 +0200
@@ -1,3 +1,12 @@
+smarty4 (4.3.0-1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
++ Add CVE-2023-28447.patch. Prohibit execution of arbitrary JavaScript code
+  in the context of the user's browser session. (Closes: #1033965,
+  CVE-2023-28447).
+
+ -- Mike Gabriel   Thu, 06 Jul 2023 06:04:52 +0200
+
 smarty4 (4.3.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru smarty4-4.3.0/debian/patches/CVE-2023-28447.patch 
smarty4-4.3.0/debian/patches/CVE-2023-28447.patch
--- smarty4-4.3.0/debian/patches/CVE-2023-28447.patch   1970-01-01 
01:00:00.0 +0100
+++ smarty4-4.3.0/debian/patches/CVE-2023-28447.patch   2023-07-06 
06:01:34.0 +0200
@@ -0,0 +1,81 @@
+From e75165565e9e5956a73365c24d650ba40570ae72 Mon Sep 17 00:00:00 2001
+From: Simon Wisselink 
+Date: Fri, 24 Mar 2023 12:19:34 +0100
+Subject: [PATCH] Implement fix and tests
+
+---
+ libs/plugins/modifier.escape.php  |  4 +++-
+ libs/plugins/modifiercompiler.escape.php  |  4 +++-
+# .../PluginModifierEscapeTest.php  | 21 +++
+ .../Operators/templates_c/.gitignore  |  2 ++
+ 4 files changed, 29 insertions(+), 2 deletions(-)
+ create mode 100644 
tests/UnitTests/TemplateSource/ValueTests/Operators/templates_c/.gitignore
+
+diff --git a/libs/plugins/modifier.escape.php 
b/libs/plugins/modifier.escape.php
+index 11e44682e..e168679c3 100644
+--- a/libs/plugins/modifier.escape.php
 b/libs/plugins/modifier.escape.php
+@@ -115,7 +115,9 @@ function smarty_modifier_escape($string, $esc_type = 
'html', $char_set = null, $
+ // see 
https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
+

Bug#1040448: marked as done (bookworm-pu: package autofs/5.1.8-2+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040448,
regarding bookworm-pu: package autofs/5.1.8-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: aut...@packages.debian.org
Control: affects -1 + src:autofs

[ Reason ]
Fix hang on kerberos authenticated ldap. (See #1039967).

[ Impact ]
Autofs mounts hang autofs obtains its mounting rules from
kerberos-authenticated LDAP.

[ Tests ]
Tested by bug submitter, patch also applied in Ubuntu, no local instance
for fully testing this change, unfortunately. Patch sanctioned by upstream.

Ubuntu maintainer has also provided an autopkgtest rule to check this
issue in CI.
https://salsa.debian.org/debian/autofs/-/merge_requests/4

[ Risks ]
Users with autofs using kerberos-authenticated LDAP might observe regressions.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

+  * debian/patches:
++ Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+  in sasl_do_kinit_ext_cc(). (Closes: #1039967).

[ Other info ]
None.
diff -Nru autofs-5.1.8/debian/changelog autofs-5.1.8/debian/changelog
--- autofs-5.1.8/debian/changelog   2023-05-19 10:25:31.0 +0200
+++ autofs-5.1.8/debian/changelog   2023-07-05 11:56:29.0 +0200
@@ -1,3 +1,11 @@
+autofs (5.1.8-2+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
++ Add fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch. Fix missing unlock
+  in sasl_do_kinit_ext_cc(). (Closes: #1039967).
+
+ -- Mike Gabriel   Wed, 05 Jul 2023 11:56:29 +0200
+
 autofs (5.1.8-2) unstable; urgency=medium
 
   [ Mike Gabriel ]
diff -Nru 
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch 
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
--- 
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
1970-01-01 01:00:00.0 +0100
+++ 
autofs-5.1.8/debian/patches/fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
2023-07-05 11:56:18.0 +0200
@@ -0,0 +1,45 @@
+From b2571ed0df973a6dc6a8e661874655fa7cecdc37 Mon Sep 17 00:00:00 2001
+From: James Dingwall 
+Date: Wed, 20 Jul 2022 13:22:38 +0800
+Subject: autofs-5.1.8 - fix missing unlock in sasl_do_kinit_ext_cc()
+
+There is a missing mutex unlock in function sasl_do_kinit_ext_cc(),
+fix it.
+
+Signed-off-by: James Dingwall 
+Signed-off-by: Ian Kent 
+---
+# CHANGELOG| 1 +
+ modules/cyrus-sasl.c | 4 
+ 2 files changed, 5 insertions(+)
+
+#diff --git a/CHANGELOG b/CHANGELOG
+#index 1f7c93a..e0b285d 100644
+#--- a/CHANGELOG
+#+++ b/CHANGELOG
+#@@ -27,6 +27,7 @@
+# - add autofs_strerror_r() helper for musl.
+# - update configure.
+# - handle innetgr() not present in musl.
+#+- fix missing unlock in sasl_do_kinit_ext_cc().
+# 
+# 19/10/2021 autofs-5.1.8
+# - add xdr_exports().
+diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
+index ae046e0..738e363 100644
+--- a/modules/cyrus-sasl.c
 b/modules/cyrus-sasl.c
+@@ -721,6 +721,10 @@ sasl_do_kinit_ext_cc(unsigned logopt, struct 
lookup_context *ctxt)
+ 
+   debug(logopt, "Kerberos authentication was successful!");
+ 
++  status = pthread_mutex_unlock(_mutex);
++  if (status)
++  fatal(status);
++
+   return 0;
+ 
+ out_cleanup_def_princ:
+-- 
+cgit 
+
diff -Nru autofs-5.1.8/debian/patches/series autofs-5.1.8/debian/patches/series
--- autofs-5.1.8/debian/patches/series  2023-05-19 10:20:51.0 +0200
+++ autofs-5.1.8/debian/patches/series  2023-07-05 11:56:18.0 +0200
@@ -10,3 +10,4 @@
 fix-lookup-ldap-crash.patch
 fix-nfs4-mounts-in-auto-net.patch
 fix-nfs4-only-mounts-should-not-use-rpcbind.patch
+fix-missing-unlock-in-sasl-do-kinit-ext-cc.patch
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1040415: marked as done (bookworm-pu: package pacemaker/2.1.5-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040415,
regarding bookworm-pu: package pacemaker/2.1.5-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040415: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040415
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu

Dear Stable Release Team,

[ Reason ]
Shortly after the release of bookworm we got a report that Pacemaker
regressed in certain migration scenarios when compared to the bullseye
version.  Upstream identified the cause (a bug already fixed in 2.1.6),
and after backporting the fix the submitter acknowledged that they can't
reproduce the bug anymore with the proposed packages.
https://bugs.clusterlabs.org/show_bug.cgi?id=5521
Pacemaker package bug opened after discussion on the mailing list:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040165

[ Impact ]
Core HA functionality is impacted, there's no easy way to work around
the problem.  Pacemaker 2.1.5-1 is unsuitable for big portion of its
intended applications.

[ Tests ]
The submitter tested and confirmed the fix.

[ Risks ]
The patch is small but the backport wasn't trivial due to extensive
refactorings meanwhile.  I asked upstream to sanity-check it, but
haven't got a reply yet.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

$ debdiff pacemaker_2.1.5-1.dsc pacemaker_2.1.5-1+deb12u1.dsc
diff -Nru pacemaker-2.1.5/debian/changelog pacemaker-2.1.5/debian/changelog
--- pacemaker-2.1.5/debian/changelog2023-01-22 16:38:34.0 +0100
+++ pacemaker-2.1.5/debian/changelog2023-07-02 21:39:59.0 +0200
@@ -1,3 +1,11 @@
+pacemaker (2.1.5-1+deb12u1) bookworm; urgency=medium
+
+  * [20411a8] New patch: Fix: scheduler: handle cleaned migrate_from history
+correctly.
+Thanks to Ken Gaillot (Closes: #1040165)
+
+ -- Ferenc Wágner   Sun, 02 Jul 2023 21:39:59 +0200
+
 pacemaker (2.1.5-1) unstable; urgency=medium

   * [5792d59] Work around lazy loading of GitHub release pages in watch file
diff -Nru pacemaker-2.1.5/debian/gbp.conf pacemaker-2.1.5/debian/gbp.conf
--- pacemaker-2.1.5/debian/gbp.conf 2023-01-22 13:10:39.0 +0100
+++ pacemaker-2.1.5/debian/gbp.conf 2023-07-02 21:39:59.0 +0200
@@ -1,5 +1,5 @@
 [DEFAULT]
-debian-branch = debian/master
+debian-branch = debian/bookworm
 upstream-branch = upstream/latest

 [import-orig]
diff -Nru 
pacemaker-2.1.5/debian/patches/Fix-scheduler-handle-cleaned-migrate_from-history-correct.patch
 
pacemaker-2.1.5/debian/patches/Fix-scheduler-handle-cleaned-migrate_from-history-correct.patch
--- 
pacemaker-2.1.5/debian/patches/Fix-scheduler-handle-cleaned-migrate_from-history-correct.patch
  1970-01-01 01:00:00.0 +0100
+++ 
pacemaker-2.1.5/debian/patches/Fix-scheduler-handle-cleaned-migrate_from-history-correct.patch
  2023-07-02 21:39:59.0 +0200
@@ -0,0 +1,30 @@
+From: Ken Gaillot 
+Date: Wed, 1 Feb 2023 17:12:13 -0600
+Subject: Fix: scheduler: handle cleaned migrate_from history correctly
+
+Fixes T623
+---
+ lib/pengine/unpack.c | 10 ++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/pengine/unpack.c b/lib/pengine/unpack.c
+index 5fcba3b..abfd06f 100644
+--- a/lib/pengine/unpack.c
 b/lib/pengine/unpack.c
+@@ -2920,6 +2920,16 @@ unpack_migrate_to_success(pe_resource_t *rsc, pe_node_t 
*node, xmlNode *xml_op,
+ }
+
+ } else { // Pending, or complete but erased
++
++/* If there is no history at all for the resource on an online 
target, then
++ * it was likely cleaned. Just return, and we'll schedule a probe. 
Once we
++ * have the probe result, it will be reflected in target_newer_state.
++ */
++if ((target_node != NULL) && target_node->details->online
++&& unknown_on_node(rsc->id, target, data_set)) {
++return;
++}
++
+ /* If the resource has newer state on the target, this migrate_to no
+  * longer matters for the target.
+  */
diff -Nru pacemaker-2.1.5/debian/patches/series 
pacemaker-2.1.5/debian/patches/series
--- pacemaker-2.1.5/debian/patches/series   2023-01-22 13:31:42.0 
+0100
+++ pacemaker-2.1.5/debian/patches/series   2023-07-02

Bug#1040139: marked as done (bookworm-pu: package exim4/4.96-15)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040139,
regarding bookworm-pu: package exim4/4.96-15
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040139: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040139
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ex...@packages.debian.org
Control: affects -1 + src:exim4

Hello,

I would like to get most of the changes from 4.96-16 (unstable/testing)
into bookworm:
   * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
 Bryce Harrington for Ubuntu):  Fix argument parsing for ${run } expansion.
 Previously, when an argument included a close-brace character (eg. it
 itself used an expansion) an error occurred. Closes: #1025420
   * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
 master:  Fix ${srs_encode ..}. Previously it would give a bad result for
 one day every 1024 days.

The former is something has already popped up a couple of times on the
upstream user support mailing list.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff --git a/debian/changelog b/debian/changelog
index fbbb8c20..0231dc69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+exim4 (4.96-15+deb12u1) bookworm; urgency=medium
+
+  * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
+Bryce Harrington for Ubuntu):  Fix argument parsing for ${run } expansion.
+Previously, when an argument included a close-brace character (eg. it
+itself used an expansion) an error occurred. Closes: #1025420
+  * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
+master:  Fix ${srs_encode ..}. Previously it would give a bad result for
+one day every 1024 days.
+
+ -- Andreas Metzler   Sun, 02 Jul 2023 14:56:17 +0200
+
 exim4 (4.96-15) unstable; urgency=medium
 
   * Pull from upstream GIT master:
diff --git a/debian/patches/75_42-Fix-run-arg-parsing.patch b/debian/patches/75_42-Fix-run-arg-parsing.patch
new file mode 100644
index ..79e55d61
--- /dev/null
+++ b/debian/patches/75_42-Fix-run-arg-parsing.patch
@@ -0,0 +1,100 @@
+From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
+From: Jeremy Harris 
+Date: Sat, 3 Dec 2022 23:13:53 +
+Subject: [PATCH] Fix ${run } arg parsing
+ .
+  Backported by Bryce Harrington for Ubuntu
+
+Broken-by: cfe6acff2ddc
+---
+ doc/ChangeLog|  4 
+ src/expand.c | 13 ++---
+ src/transport.c  |  4 +++-
+ test/scripts/-Basic/0002 |  2 ++
+ test/stdout/0002 |  2 ++
+ 5 files changed, 21 insertions(+), 4 deletions(-)
+
+--- a/doc/ChangeLog
 b/doc/ChangeLog
+@@ -28,10 +28,14 @@ JH/13 Bug 2929: Fix using $recipients af
+ JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+   a capture group which obtained no text (eg. "(abc)*" matching zero
+   occurrences) could cause a segfault if the corresponding $ was
+   expanded.
+ 
++JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
++  included a close-brace character (eg. it itself used an expansion) an
++  error occurred.
++
+ 
+ 
+ Exim version 4.96
+ -
+ 
+--- a/src/expand.c
 b/src/expand.c
+@@ -5529,11 +5529,11 @@ while (*s)
+   {
+   FILE * f;
+   const uschar * arg, ** argv;
+   BOOL late_expand = TRUE;
+ 
+-  if ((expand_forbid & RDO_RUN) != 0)
++  if (expand_forbid & RDO_RUN)
+ {
+ expand_string_message = US"running a command is not permitted";
+ goto EXPAND_FAILED;
+ }
+ 
+@@ -5561,16 +5561,22 @@ while (*s)
+ 	}
+   s++;
+ 
+   if (late_expand)		/* this is the default case */
+ 	{
+-	int n = Ustrcspn(s, "}");
++	int n;
++	const uschar * t;
++	/* Locate the end of the args */
++	(void) expand_string_internal(s, TRUE, , TRUE, TRUE, NULL);
++	n = t - s;
+ 	arg = skipping ? NULL : string_copyn(s, n);
+ 	s += n;
+ 	}
+   else
+ 	{
++	DEBUG(D_expand)
++	  debug_printf_indent("args string for ${run} expand before split\n");
+ 	if (!(arg = expand_string_internal(s, TRUE, , skipping, TRUE, )))
+ 	  goto EXPAND_FAILED;
+ 	Uskip_whitespace();
+ 	}
+ 			/*{*/
+--- a/src/transport.c

Bug#1040180: marked as done (bookworm-pu: package kf5-messagelib/22.12.3-2~deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040180,
regarding bookworm-pu: package kf5-messagelib/22.12.3-2~deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040180: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040180
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: kf5-message...@packages.debian.org, he...@debian.org
Control: affects -1 + src:kf5-messagelib

[ Reason ]
KMail does can't verify signatures if they are signed with subkeys.

[ Impact ]
Users will see an invalid signature instead of a valid one.

[ Tests ]
Same package is on unstable for some days without any issue.
I also run KMail on a daily basis.

[ Risks ]
The patch is quite small and is a direct patch from upstream. It is very
unlikly that this has side effects.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in bookworm
  [*] the issue is verified as fixed in unstable
diff -Nru kf5-messagelib-22.12.3/debian/changelog 
kf5-messagelib-22.12.3/debian/changelog
--- kf5-messagelib-22.12.3/debian/changelog 2023-03-01 21:33:30.0 
+0100
+++ kf5-messagelib-22.12.3/debian/changelog 2023-07-02 23:21:13.0 
+0200
@@ -1,3 +1,15 @@
+kf5-messagelib (4:22.12.3-2~deb12u1) bookworm; urgency=medium
+
+  * Rebuilt for bookworm.
+
+ -- Sandro Knauß   Sun, 02 Jul 2023 23:21:13 +0200
+
+kf5-messagelib (4:22.12.3-2) unstable; urgency=medium
+
+  * Add upstream patch to search also for subkeys (Closes: #1037363).
+
+ -- Sandro Knauß   Tue, 27 Jun 2023 14:09:30 +0200
+
 kf5-messagelib (4:22.12.3-1) unstable; urgency=medium
 
   [ Patrick Franz ]
diff -Nru kf5-messagelib-22.12.3/debian/patches/series 
kf5-messagelib-22.12.3/debian/patches/series
--- kf5-messagelib-22.12.3/debian/patches/series2022-12-20 
01:37:29.0 +0100
+++ kf5-messagelib-22.12.3/debian/patches/series2023-06-27 
13:33:50.0 +0200
@@ -1 +1,2 @@
 enable_debianabimanager.diff
+upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
diff -Nru 
kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
 
kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
--- 
kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
   1970-01-01 01:00:00.0 +0100
+++ 
kf5-messagelib-22.12.3/debian/patches/upstream-Look-for-matching-subkey-if-no-key-was-found-for-fin.patch
   2023-06-27 13:34:36.0 +0200
@@ -0,0 +1,44 @@
+From 70f39256784280d2034aa7bf1c4765f606c22d56 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= 
+Date: Wed, 3 May 2023 14:51:18 +0200
+Subject: Look for matching subkey if no key was found for fingerprint
+
+If the message was signed with a signing subkey instead of with the
+primary key of an OpenPGP certificate, then we won't find a key with
+findByFingerprint(). To look for a matching subkey we need to use
+findSubkeysByKeyID().
+
+FIXED-IN: 5.23.1
+BUG: 469304
+(cherry picked from commit 606ea1478d2d5b5aacdc6ef3f050655fe0352d87)
+---
+ mimetreeparser/src/messagepart.cpp | 12 +++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/mimetreeparser/src/messagepart.cpp 
b/mimetreeparser/src/messagepart.cpp
+index f1489d5e0..3e99e71c8 100644
+--- a/mimetreeparser/src/messagepart.cpp
 b/mimetreeparser/src/messagepart.cpp
+@@ -848,8 +848,18 @@ void SignedMessagePart::sigStatusToMetaData()
+ // Search for the key by its fingerprint so that we can check for
+ // trust etc.
+ key = 
Kleo::KeyCache::instance()->findByFingerprint(signature.fingerprint());
++if (key.isNull() && signature.fingerprint()) {
++// try to find a subkey that was used for signing;
++// assumes that the key ID is the last 16 characters of the 
fingerprint
++const auto fpr = std::string_view{signature.fingerprint()};
++const auto keyID = std::string{fpr, fpr.size() - 16, 16};
++const auto subkeys = 
Kleo::KeyCache::instance()->findSubkeysByKeyID({keyID});
++if (subkeys.size() > 0) {
++key = subkeys[0].parent();
++}
++

Bug#1040142: marked as done (bookworm-pu: package aide/0.18.3-1+deb12u2)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040142,
regarding bookworm-pu: package aide/0.18.3-1+deb12u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040142: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040142
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@packages.debian.org
Control: affects -1 + src:aide

Dear stable release team,

this pre-upload request for the aide package is filed to ask for
guidance whether this package is suitable for bookworm-proposed-updates

[ Reason ]
This update augments 0.18.3-1+deb12u1 which has already been accepted
for bookworm-pu last week. It fixes #1039936, an important bug that is a
regression from bullseye and affects directory processing when using
equals rules.

[ Impact ]
Without this bug fixes, equals rules concerning directories are
incorrectly processed, which differs from the way that bullseye's aide
handled this case and also differs from the way operation is documented.
Debian's default configuration doesn't use equals rules and is therefore
not affected, but local configurations might be.

[ Tests ]
Sadly, none.

[ Risks ]
The fix is reasonably simple, and we have done manual tests.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
In aide-0.18.3/debian/aide-common.postinst a typo in a version number in
a comment is fixed, which reduces ambiguity and will reduce the size of
future diffs.
aide-0.18.3/debian/patches/debian-bug-1039936 adds the actual patch. It
has been cherry-picked from upstream's 0.18.5 release.

[ Other info ]
The attached debdiff is the debdiff between 0.18.3-1+deb12u1, which is
already in bookworm-proposed-updates and the newly suggested
0.18.3-1+deb12u2 which we are discussing right now. I hope this is the
right thing to do to save you from reviewing the 0.18.3-1+deb12u1
changes a second time.

Should you agree and tell me to go ahead with this upload, I'm planning
to do the upload after 0.18.5-1 has migrated to testing to make sure
that the version in testing and bookworm-pu have the issue both fixed.

Greetings
Marc
diff -Nru aide-0.18.3/debian/aide-common.postinst 
aide-0.18.3/debian/aide-common.postinst
--- aide-0.18.3/debian/aide-common.postinst 2023-06-14 17:04:20.0 
+0200
+++ aide-0.18.3/debian/aide-common.postinst 2023-07-01 14:37:51.0 
+0200
@@ -94,7 +94,7 @@
 chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new 
|| true
 fi
 if dpkg --compare-versions "$2" le 0.18.3-1; then
-# we're updating from 0.18-3 or earlier, chown aideinit logs
+# we're updating from 0.18.3-1 or earlier, chown aideinit logs
 chown --quiet _aide:adm /var/log/aide/aideinit.log 
/var/log/aide/aideinit.errors|| true
 fi
 
diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog
--- aide-0.18.3/debian/changelog2023-06-14 17:04:20.0 +0200
+++ aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200
@@ -1,3 +1,10 @@
+aide (0.18.3-1+deb12u2) bookworm; urgency=medium
+
+  * Upstream patch to fix child directory processing on equal match
+(Closes: #1039936)
+
+ -- Marc Haber   Sat, 01 Jul 2023 14:37:51 
+0200
+
 aide (0.18.3-1+deb12u1) bookworm; urgency=medium
 
   * call dh_installsysusers manually in debian/rules
diff -Nru aide-0.18.3/debian/patches/debian-bug-1039936 
aide-0.18.3/debian/patches/debian-bug-1039936
--- aide-0.18.3/debian/patches/debian-bug-1039936   1970-01-01 
01:00:00.0 +0100
+++ aide-0.18.3/debian/patches/debian-bug-1039936   2023-07-01 
14:37:51.0 +0200
@@ -0,0 +1,21 @@
+Subject: Fix child directory proccessing on equal match
+Forwarded: not-needed
+Source: 
https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6
+--- a/src/db_disk.c
 b/src/db_disk.c
+@@ -171,13 +171,12 @@ void scan_dir(char *root_path, bool dry_
+ #endif
+ switch (match) {
+ case RESULT_SELECTIVE_MATCH:
++case RESULT_EQUAL_MATCH:
+ if (S_ISDIR(fs.st_mode)) {
+-log_msg(log_level, "scan_dir: add child 
directory '%s' to scan stack

Bug#1040136: marked as done (bookworm-pu: package yajl/2.1.0-3+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1040136,
regarding bookworm-pu: package yajl/2.1.0-3+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1040136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040136
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: y...@packages.debian.org
Control: affects -1 + src:yajl

This upload fixes CVE-2023-33460, a memory leak issue that
can cause a crash/DoS.

[ Reason ]
This upload is part of fixing yajl for every release. So far sid, buster
(DLA-3478), stretch and jessie (ELA-888-1) has been targeted.

[ Tests ]
Package has a test suite which passes. Additionally it has been
manually verified using asan that the memory leak is indeed fixed.

[ Risks ]
Required changes are minimal, see debdiff.

[ Checklist ]
  [x *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

(I've already upload the package to s-p-u)

-- 
tobi
diff -Nru yajl-2.1.0/debian/changelog yajl-2.1.0/debian/changelog
--- yajl-2.1.0/debian/changelog 2018-10-03 00:51:58.0 +0200
+++ yajl-2.1.0/debian/changelog 2023-07-01 14:55:44.0 +0200
@@ -1,3 +1,11 @@
+yajl (2.1.0-3+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * Import upstream patch for CVE-2023-33460. (Closes: #1039984)
+  * Fix d/control Homepage field (Closes: #1040034)
+
+ -- Tobias Frost   Sat, 01 Jul 2023 14:55:44 +0200
+
 yajl (2.1.0-3) unstable; urgency=medium
 
   [ Jelmer Vernooĳ ]
diff -Nru yajl-2.1.0/debian/control yajl-2.1.0/debian/control
--- yajl-2.1.0/debian/control   2018-10-02 23:59:41.0 +0200
+++ yajl-2.1.0/debian/control   2023-07-01 14:45:57.0 +0200
@@ -5,7 +5,7 @@
 Build-Depends: debhelper (>= 11), cmake, doxygen
 Standards-Version: 4.2.1
 Rules-Requires-Root: no
-Homepage: http://lloyd.github.com/yajl/
+Homepage: https://lloyd.github.io/yajl/
 Vcs-Browser: https://github.com/jstamp/yajl
 Vcs-Git: https://github.com/jstamp/yajl.git
 
diff -Nru yajl-2.1.0/debian/patches/CVE-2023-33460.patch 
yajl-2.1.0/debian/patches/CVE-2023-33460.patch
--- yajl-2.1.0/debian/patches/CVE-2023-33460.patch  1970-01-01 
01:00:00.0 +0100
+++ yajl-2.1.0/debian/patches/CVE-2023-33460.patch  2023-07-01 
14:51:32.0 +0200
@@ -0,0 +1,21 @@
+Description: Fix for CVE-2023-33460a
+ Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
+Origin: 
https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
+Bug: https://github.com/lloyd/yajl/issues/250
+---
+ src/yajl_tree.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/src/yajl_tree.c
 b/src/yajl_tree.c
+@@ -445,6 +445,9 @@
+  YA_FREE(&(handle->alloc), internal_err_str);
+ }
+ yajl_free (handle);
++  //If the requested memory is not released in time, it will cause memory 
leakage
++  if(ctx.root)
++   yajl_tree_free(ctx.root);
+ return NULL;
+ }
+ 
diff -Nru yajl-2.1.0/debian/patches/series yajl-2.1.0/debian/patches/series
--- yajl-2.1.0/debian/patches/series2015-09-25 14:44:02.0 +0200
+++ yajl-2.1.0/debian/patches/series2023-07-01 14:37:45.0 +0200
@@ -1,2 +1,3 @@
 dynamically-link-tools.patch
 multiarch.patch
+CVE-2023-33460.patch
--- End Message ---
--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.--- End Message ---

Bug#1039933: marked as done (bookworm-pu: package bepasty/1.0.0-1+deb12u1)

2023-07-22 Thread Debian Bug Tracking System

Your message dated Sat, 22 Jul 2023 13:19:42 +
with message-id 
and subject line Released with 12.1
has caused the Debian Bug report #1039933,
regarding bookworm-pu: package bepasty/1.0.0-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1039933: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039933
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: bepa...@packages.debian.org
Control: affects -1 + src:bepasty

[ Reason ]
The upload is necessary to fix bug #1038452 (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038452 ) in bepasty,
a pastebin with support for multiple media types: because of an
incompatibility with Pygments-2.12.0 that I didn't spot during the
testing cycle (my fault) bepasty in bookworm is no longer able to
display the rendered version of text uploads.

[ Impact ]
If the update isn't approved the version of bepasty in Debian won't work
for one of the most common use cases (text uploads)

[ Tests ]
Automated tests of the package have been disabled because I wasn't able
to make them work in the package building infrastructure. I plan to work
on this during the trixie cycle.
I'm currently testing this manually by installing locally and trying to
use it.
The package I'm proposing for bookworm-updates has also been installed
on my main instance and being in use for a day (as I write this), and
giving it a bit of heavier than usual use.

[ Risks ]
I believe that the fix is a pretty small change in a part of code with
no special complexities.
However the alternative could be to remove bepasty from stable, and
users could install the updated version that I plan to maintain in
backports.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The backported upstream patch changes the class CustomHtmlFormatter from
bepasty to work with the changed HtmlFormatter from pygments.
The only other packaging change is to add a versioned dependency to
python3-pygments (>= 2.12.0) (bookworm has 2.14.0+dfsg-1), as that's the
release that introduced the breaking change.

[ Other info ]
The issue is fixed in unstable by uploading the new upstream release
from which this patch comes from.

I will work to improve my testing to avoid something like this from
happening again, sorry.
diff -Nru bepasty-1.0.0/debian/changelog bepasty-1.0.0/debian/changelog
--- bepasty-1.0.0/debian/changelog  2021-12-17 09:35:28.0 +0100
+++ bepasty-1.0.0/debian/changelog  2023-06-28 13:57:40.0 +0200
@@ -1,3 +1,9 @@
+bepasty (1.0.0-1+deb12u1) bookworm; urgency=medium
+
+  * Backport upstream fix for Pygments-2.12.0. (Closes: #1038452)
+
+ -- Elena Grandi   Wed, 28 Jun 2023 13:57:40 +0200
+
 bepasty (1.0.0-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru bepasty-1.0.0/debian/control bepasty-1.0.0/debian/control
--- bepasty-1.0.0/debian/control2021-12-17 09:35:28.0 +0100
+++ bepasty-1.0.0/debian/control2023-06-28 13:57:40.0 +0200
@@ -9,7 +9,7 @@
  python3-setuptools,
  python3-setuptools-scm,
  python3-flask,
- python3-pygments,
+ python3-pygments (>= 2.12.0),
  python3-pytest,
  python3-selenium,
  python3-sphinx,
@@ -33,7 +33,7 @@
  libjs-jquery-ui,
  libjs-jquery-file-upload,
  python3-flask,
- python3-pygments,
+ python3-pygments (>= 2.12.0),
 Recommends: ${python3:Recommends}
 Suggests: ${python3:Suggests}
 Description: binary pastebin / file upload service
diff -Nru 
bepasty-1.0.0/debian/patches/0004-adapt-to-Pygments-2.12.0-and-also-require-it-fixes-2.patch
 
bepasty-1.0.0/debian/patches/0004-adapt-to-Pygments-2.12.0-and-also-require-it-fixes-2.patch
--- 
bepasty-1.0.0/debian/patches/0004-adapt-to-Pygments-2.12.0-and-also-require-it-fixes-2.patch
1970-01-01 01:00:00.0 +0100
+++ 
bepasty-1.0.0/debian/patches/0004-adapt-to-Pygments-2.12.0-and-also-require-it-fixes-2.patch
2023-06-28 13:57:40.0 +0200
@@ -0,0 +1,67 @@
+From: Thomas Waldmann 
+Date: Sat, 21 Jan 2023 18:48:50 +0100
+Bug: #1038452
+Subject: [PATCH] adapt to Pygments>=2.12.0 (and also require it), fixes #281
+Origin: backport, 
https://github.com/bepasty/bepasty-server/commit/6ab4201e28133476aeac9d80be2e703ca4a4b203
+
+pygments made some incompatible change in 2.12 and bepasty
+was affected by that because we subclassed

1 2 >

1 - 100 of 147 matches

Mail list logo