Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Control: tags -1 + confirmed On Tue, 2024-01-30 at 00:07 +0100, Guilhem Moulin wrote: > Control: tags -1 - moreinfo > > On Mon, 29 Jan 2024 at 21:55:37 +, Adam D. Barratt wrote: > > > > On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote: > > > Fix CVE-2023-34194: Reachable assertion (and application exit) > > > via a > > > crafted XML document with a '\0' located after whitespace. > > > > + * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and > > application > > > > As far as I can tell from the Security Tracker, CVE-2023-40462 > > specifically refers to TinyXML's use in software that isn't in > > Debian. > > Does it make sense to mention it in the changelog? > > That CVE was assigned to TinyXML until > https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e507c932b999df48f808969c00f07a638e3357b > , > see also https://bugs.debian.org/1059315 . > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059315#54 seems like they should be considered separate. > But fair enough, new debiff attached :-) > Thanks. Please go ahead. Regards, Adam
Processed: Re: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061473 [release.debian.org] bookworm-pu: package tinyxml/2.6.2-6+deb12u1 Added tag(s) confirmed. -- 1061473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061473 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061465: bookworm-pu: package usbutils/014-1+deb12u1
On 2024-01-29 21:56, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2024-01-24 at 23:06 +0100, Aurelien Jarno wrote: > > The usbutils package contains a simple shell script called usb- > > devices > > to list all USB devices with their basic characteristics. A > > regression > > has been introduced in the version in bookworm, which causes some > > devices behind hubs to be missed. > > Please go ahead. Thanks, uploaded. -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
NEW changes in stable-new
Processing changes file: systemd_252.22-1~deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_mipsel-buildd.changes ACCEPT
Bug#1061487: bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1
On Mon, Jan 29, 2024 at 09:51:45PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2024-01-25 at 14:39 +0200, Peter Pentchev wrote: > > Version 4.18 of RPM changed the format of its internal database > > from the traditional BerkeleyDB one to a new SQLite implementation. > > For compatibility purposes, including the ability to automatically > > migrate an old database to a new one during an upgrade, RPM needs to > > be able to read the old-format database. Some more information may > > be found in #1061258. > > > > Due to my omission when packaging the RPM update to 4.18.0, > > the corresponding configure-script option was not included when > > building the Debian RPM package. > > Please go ahead. Right, I should have mentioned that was a pre-approval request... Thanks! I just uploaded it. G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 signature.asc Description: PGP signature
Bug#1050591: bullseye-pu: package awstats/7.8-2+deb11u2
Em terça-feira, 19 de dezembro de 2023, às 19:53:31 -03, Jonathan Wiltshire escreveu: > > Please go ahead. Hi all! The maintainer of awstats, in copy, did some tests and did not find the bug. Looks like it was fixed in the latest PU for bookworm [1]. I don't know how to deal with this open bug, I'm new here. Then, someone can close or archive it. Thank you Jonathan and Christian! Bye, Figueredo [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050384
NEW changes in stable-new
Processing changes file: dpdk_22.11.4-1~deb12u1_arm64-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_armhf-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: dpdk_22.11.4-1~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: dpdk_22.11.4-1~deb12u1_i386-buildd.changes ACCEPT Processing changes file: dpdk_22.11.4-1~deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_armel-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_i386-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_s390x-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_amd64-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_arm64-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_armel-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: dpdk_22.11.4-1~deb12u1_all-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_arm64-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_armhf-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_i386-buildd.changes ACCEPT
Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Control: tags -1 - moreinfo On Mon, 29 Jan 2024 at 21:55:37 +, Adam D. Barratt wrote: > > On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote: >> Fix CVE-2023-34194: Reachable assertion (and application exit) via a >> crafted XML document with a '\0' located after whitespace. > > + * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and > application > > As far as I can tell from the Security Tracker, CVE-2023-40462 > specifically refers to TinyXML's use in software that isn't in Debian. > Does it make sense to mention it in the changelog? That CVE was assigned to TinyXML until https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e507c932b999df48f808969c00f07a638e3357b , see also https://bugs.debian.org/1059315 . But fair enough, new debiff attached :-) -- Guilhem. diffstat for tinyxml-2.6.2 tinyxml-2.6.2 changelog|9 + patches/CVE-2023-34194.patch | 27 +++ patches/series |1 + 3 files changed, 37 insertions(+) diff -Nru tinyxml-2.6.2/debian/changelog tinyxml-2.6.2/debian/changelog --- tinyxml-2.6.2/debian/changelog 2021-12-12 23:53:05.0 +0100 +++ tinyxml-2.6.2/debian/changelog 2024-01-25 04:27:36.0 +0100 @@ -1,3 +1,12 @@ +tinyxml (2.6.2-6+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2023-34194: Reachable assertion (and application exit) via a +crafted XML document with a '\0' located after whitespace. +(Closes: #1059315) + + -- Guilhem Moulin Thu, 25 Jan 2024 04:27:36 +0100 + tinyxml (2.6.2-6) unstable; urgency=medium * Import fix for CVE-2021-42260. diff -Nru tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch --- tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 1970-01-01 01:00:00.0 +0100 +++ tinyxml-2.6.2/debian/patches/CVE-2023-34194.patch 2024-01-25 04:27:36.0 +0100 @@ -0,0 +1,27 @@ +From: Guilhem Moulin +Date: Sat, 30 Dec 2023 14:15:54 +0100 +Subject: Avoid reachable assertion via crafted XML document with a '\0' + located after whitespace + +Bug: https://www.forescout.com/resources/sierra21-vulnerabilities +Bug-Debian: https://bugs.debian.org/1059315 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194 +--- + tinyxmlparser.cpp | 4 + 1 file changed, 4 insertions(+) + +diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp +index 8aa0dfa..1601962 100644 +--- a/tinyxmlparser.cpp b/tinyxmlparser.cpp +@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm + } + + p = SkipWhiteSpace( p, _encoding ); ++ if ( !p || !*p ) ++ { ++ break; ++ } + if ( StringEqual( p, "version", true, _encoding ) ) + { + TiXmlAttribute attrib; diff -Nru tinyxml-2.6.2/debian/patches/series tinyxml-2.6.2/debian/patches/series --- tinyxml-2.6.2/debian/patches/series 2021-12-12 23:48:07.0 +0100 +++ tinyxml-2.6.2/debian/patches/series 2024-01-25 04:27:36.0 +0100 @@ -1,3 +1,4 @@ enforce-use-stl.patch entity-encoding.patch CVE-2021-42260.patch +CVE-2023-34194.patch signature.asc Description: PGP signature
Processed: Re: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Processing control commands: > tags -1 - moreinfo Bug #1061473 [release.debian.org] bookworm-pu: package tinyxml/2.6.2-6+deb12u1 Removed tag(s) moreinfo. -- 1061473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061473 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
NEW changes in oldstable-new
Processing changes file: debian-ports-archive-keyring_2024.01.05~deb11u1_all-buildd.changes ACCEPT Processing changes file: libspreadsheet-parsexlsx-perl_0.27-2.1+deb11u2_all-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_all-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_armel-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_i386-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_s390x-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_amd64-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_arm64-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_armel-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_armhf-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_i386-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_mips64el-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_mipsel-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_ppc64el-buildd.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_s390x-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-ports-archive-keyring_2024.01.05~deb12u1_all-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_all-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_armel-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_i386-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: libspreadsheet-parsexlsx-perl_0.27-3+deb12u2_all-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_all-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_amd64-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_arm64-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_armel-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_armhf-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_i386-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_mips64el-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_mipsel-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_ppc64el-buildd.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_s390x-buildd.changes ACCEPT Processing changes file: tzdata_2023d-0+deb12u1_all-buildd.changes ACCEPT
NEW changes in stable-new
Processing changes file: dpdk_22.11.4-1~deb12u1_source.changes ACCEPT Processing changes file: rss-glx_0.9.1-6.4~deb12u1_source.changes ACCEPT Processing changes file: systemd_252.22-1~deb12u1_source.changes ACCEPT
Processed: Re: Bug#1054488: bookworm-pu: package netplan.io/0.106-2
Processing control commands: > tags -1 + confirmed Bug #1054488 [release.debian.org] bookworm-pu: package netplan.io/0.106-2 Added tag(s) confirmed. -- 1054488: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054488 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1054488: bookworm-pu: package netplan.io/0.106-2
Control: tags -1 + confirmed On Tue, 2023-10-24 at 14:24 +0200, Lukas Märdian wrote: > Starting with systemd v252.15 in proposed-updates for bookworm > Netplan's autopkgtests started to tmpfail and kept DebCI looping. > elbrus created an RC bug about it: > - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053496 > > This is related to a change in systemd-stable's "wait-online" > behavior: > - > https://github.com/systemd/systemd-stable/commit/f4831559171033ab044758e7fd68627e3bfe84a5 > > We've seen the same issue with Netplan's autopkgtests in unstable > when systemd v253 hit experimental. Here's some more context of the > change and the old bugreport: > - > https://github.com/systemd/systemd-stable/commit/0531c47e96d13ea62e4b54bc16c96a573513caf9 > - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033265 > > The same fix as in Debian#1033265 can be applied to fix the timeout > issues. Please go ahead. Regards, Adam
Processed: systemd 252.22-1~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061587 = bookworm pending Bug #1061587 [release.debian.org] bookworm-pu: package systemd/252.22-1~deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061587: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061587 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061587: systemd 252.22-1~deb12u1 flagged for acceptance
package release.debian.org tags 1061587 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: systemd Version: 252.22-1~deb12u1 Explanation: new upstream stable release
Processed: dpdk 22.11.4-1~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061452 = bookworm pending Bug #1061452 [release.debian.org] bookworm: package dpdk/22.11.4-1~deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061652: rss-glx 0.9.1-6.4~deb12u1 flagged for acceptance
package release.debian.org tags 1061652 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: rss-glx Version: 0.9.1-6.4~deb12u1 Explanation: install screensavers into /usr/libexec/xscreensaver; call GLFinish() prior to glXSwapBuffers()
Bug#1061452: dpdk 22.11.4-1~deb12u1 flagged for acceptance
package release.debian.org tags 1061452 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: dpdk Version: 22.11.4-1~deb12u1 Explanation: new upstream stable release
Processed: Re: Bug#1061549: bookworm-pu: package dropbear/2022.83-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061549 [release.debian.org] bookworm-pu: package dropbear/2022.83-1+deb12u1 Added tag(s) confirmed. -- 1061549: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061549 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: rss-glx 0.9.1-6.4~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061652 = bookworm pending Bug #1061652 [release.debian.org] bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1 Added tag(s) pending; removed tag(s) confirmed. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061652 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1061487: bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061487 [release.debian.org] bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1 Added tag(s) confirmed. -- 1061487: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061487 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Processing control commands: > tags -1 + moreinfo Bug #1061473 [release.debian.org] bookworm-pu: package tinyxml/2.6.2-6+deb12u1 Added tag(s) moreinfo. -- 1061473: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061473 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061465: bookworm-pu: package usbutils/014-1+deb12u1
Control: tags -1 + confirmed On Wed, 2024-01-24 at 23:06 +0100, Aurelien Jarno wrote: > The usbutils package contains a simple shell script called usb- > devices > to list all USB devices with their basic characteristics. A > regression > has been introduced in the version in bookworm, which causes some > devices behind hubs to be missed. Please go ahead. Regards, Adam
Bug#1061549: bookworm-pu: package dropbear/2022.83-1+deb12u1
Control: tags -1 + confirmed On Fri, 2024-01-26 at 10:26 +0100, Guilhem Moulin wrote: > dropbear 2022.83-1 is vunerable to CVE-2023-48795 (terrapin attack). > https://terrapin-attack.com/ Please go ahead. Regards, Adam
Bug#1061189: bookworm-pu: package gnutls28/3.7.9-2+deb12u2
Control: tags -1 + confirmed On Sat, 2024-01-20 at 15:46 +0100, Andreas Metzler wrote: > I would like to fix both CVE-2024-0567 and CVE-2024-0553 via a > stable-updates since they do not require a DSA. Please go ahead. Regards, Adam
Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
Control: tags -1 + confirmed On Fri, 2024-01-12 at 21:03 +0900, YOKOTA Hiroshi wrote: > Fix CVE-2023-46303. > https://security-tracker.debian.org/tracker/CVE-2023-46303 + * HTML Input: Dont add resources that exist outside the folder hierarchy s/Dont/Don't/ Please go ahead. Regards, Adam
Bug#1061487: bookworm-pu: package rpm/4.18.0+dfsg-1+deb12u1
Control: tags -1 + confirmed On Thu, 2024-01-25 at 14:39 +0200, Peter Pentchev wrote: > Version 4.18 of RPM changed the format of its internal database > from the traditional BerkeleyDB one to a new SQLite implementation. > For compatibility purposes, including the ability to automatically > migrate an old database to a new one during an upgrade, RPM needs to > be able to read the old-format database. Some more information may > be found in #1061258. > > Due to my omission when packaging the RPM update to 4.18.0, > the corresponding configure-script option was not included when > building the Debian RPM package. Please go ahead. Regards, Adam
Processed: Re: Bug#1061465: bookworm-pu: package usbutils/014-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061465 [release.debian.org] bookworm-pu: package usbutils/014-1+deb12u1 Added tag(s) confirmed. -- 1061465: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061465 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Control: tags -1 + moreinfo On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote: > Fix CVE-2023-34194: Reachable assertion (and application exit) via a > crafted XML document with a '\0' located after whitespace. + * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and application As far as I can tell from the Security Tracker, CVE-2023-40462 specifically refers to TinyXML's use in software that isn't in Debian. Does it make sense to mention it in the changelog? Regards, Adam
Bug#1059291: bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4
Control: tags -1 + confirmed On Fri, 2024-01-12 at 13:58 +0100, David Prévot wrote: > Control: retitle -1 bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4 > > Le Sat, Dec 30, 2023 at 12:06:56PM +0100, Salvatore Bonaccorso a > écrit : > > On Fri, Dec 22, 2023 at 01:28:00PM +0100, David Prévot wrote: > […] > > > This issue is similar to #1059289 for oldstable. > > > > > > Another upstream release fixed a security (XSS) issue. The last > > > two > > > updates of this kind didn’t warrant a DSA, so I guess this one > > > will not > > > warrant one either (security team X-D-CCed in case I’m wrong). > > And here we are again, another XSS was fixed (in a plugin not > provided > by the version in oldstable), second debdiff attached, thanks in > advance > for considering. Please go ahead. Regards, Adam
Processed: Re: Bug#1061189: bookworm-pu: package gnutls28/3.7.9-2+deb12u2
Processing control commands: > tags -1 + confirmed Bug #1061189 [release.debian.org] bookworm-pu: package gnutls28/3.7.9-2+deb12u2 Added tag(s) confirmed. -- 1061189: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061189 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1060668: bookworm-pu: package calibre/6.13.0+repack-2+deb12u3
Processing control commands: > tags -1 + confirmed Bug #1060668 [release.debian.org] bookworm-pu: package calibre/6.13.0+repack-2+deb12u3 Added tag(s) confirmed. -- 1060668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1059291: bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4
Processing control commands: > tags -1 + confirmed Bug #1059291 [release.debian.org] bookworm-pu: package spip/4.1.9+dfsg-1+deb12u4 Added tag(s) confirmed. -- 1059291: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059291 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1058615: bookworm-pu: package node-yarnpkg/1.22.19+~cs24.27.18-2+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1058615 [release.debian.org] bookworm-pu: package node-yarnpkg/1.22.19+~cs24.27.18-2+deb12u1 Added tag(s) confirmed. -- 1058615: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1058615: bookworm-pu: package node-yarnpkg/1.22.19+~cs24.27.18-2+deb12u1
Control: tags -1 + confirmed On Wed, 2023-12-13 at 21:09 +0530, Praveen Arimbrathodiyil wrote: > This fixes rc bug #1058596 > > [ Reason ] > The version in bookworm included a patch for node-commander 8+ > support > but which was not working, this was fixed in unstable later but was > not > backported to stable. Please go ahead. Regards, Adam
Processed: Re: Bug#1058458: bookworm-pu: package nextcloud-desktop/3.7.3-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1058458 [release.debian.org] bookworm-pu: package nextcloud-desktop/3.7.3-1+deb12u1 Added tag(s) confirmed. -- 1058458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1058458: bookworm-pu: package nextcloud-desktop/3.7.3-1+deb12u1
Control: tags -1 + confirmed On Tue, 2023-12-12 at 13:23 +0100, Hefee wrote: > This pu will fix two issues maarked as important: > > #1051071: some files with special characters are not synced. > #1053922: Two-factor authentication notifications unusable. Please go ahead. Regards, Adam
Processed: Re: Bug#1061607: bookworm-pu: package compton/compton_1-1+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061607 [release.debian.org] bookworm-pu: package compton/compton_1-1+deb12u1 Added tag(s) confirmed. -- 1061607: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061607 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061607: bookworm-pu: package compton/compton_1-1+deb12u1
Control: tags -1 + confirmed On Sat, 2024-01-27 at 10:25 +, Phil Wyett wrote: > * Remove 'Recommends' for 'picom' which is a fork of compton, thus > another X11 compositor. > We should not be installing two packages of this type when only one > asked for by the user. "Neither recommend or suggest picom" seems odd, when you're only removing a Recommends; I'm not sure what the "neither ... or suggest" is doing there. (It's also grammatically incorrect, but that's somehow less irking. :-) ) In any case, please go ahead. Regards, Adam
Processed: Re: Bug#1060186: bookworm-pu: libde265/1.0.11-1+deb12u2
Processing control commands: > tags -1 + confirmed Bug #1060186 [release.debian.org] bookworm-pu: libde265/1.0.11-1+deb12u2 Added tag(s) confirmed. -- 1060186: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060186 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1060186: bookworm-pu: libde265/1.0.11-1+deb12u2
Control: tags -1 + confirmed On Sun, 2024-01-07 at 00:54 +, Thorsten Alteholz wrote: > The attached debdiff for libde265 fixes CVE-2023-49468, CVE-2023- > 49467 and > CVE-2023-49465 in Bookworm. All CVEs are marked as no-dsa by the > security > team. Please go ahead. Regards, Adam
NEW changes in oldstable-new
Processing changes file: debian-ports-archive-keyring_2024.01.05~deb11u1_source.changes ACCEPT Processing changes file: libspreadsheet-parsexlsx-perl_0.27-2.1+deb11u2_source.changes ACCEPT Processing changes file: postfix_3.5.24-0+deb11u1_source.changes ACCEPT Processing changes file: unadf_0.7.11a-4+deb11u1_amd64.changes ACCEPT
NEW changes in stable-new
Processing changes file: debian-ports-archive-keyring_2024.01.05~deb12u1_source.changes ACCEPT Processing changes file: engrampa_1.26.0-1+deb12u1_source.changes ACCEPT Processing changes file: libspreadsheet-parsexlsx-perl_0.27-3+deb12u2_source.changes ACCEPT Processing changes file: postfix_3.7.10-0+deb12u1_source.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_amd64.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_arm64-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_armel-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_armhf-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_i386-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_mips64el-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_mipsel-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_ppc64el-buildd.changes ACCEPT Processing changes file: slurm-wlm_22.05.8-4+deb12u2_s390x-buildd.changes ACCEPT Processing changes file: tzdata_2023d-0+deb12u1_source.changes ACCEPT
Bug#1061523: tzdata 2023d-0+deb12u1 flagged for acceptance
package release.debian.org tags 1061523 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: tzdata Version: 2023d-0+deb12u1 Explanation: new upstream stable release
Processed: tzdata 2023d-0+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061523 = bookworm pending Bug #1061523 [release.debian.org] bookworm-pu: package tzdata/2023d-0+deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061523 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: postfix 3.7.10-0+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061624 = bookworm pending Bug #1061624 [release.debian.org] bookworm-pu: package postfix/3.7.9-0+deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061624: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061624 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: engrampa 1.26.0-1+deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1059609 = bookworm pending Bug #1059609 [release.debian.org] bookworm-pu: package engrampa/1.26.0-1+deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1059609: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059609 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: debian-ports-archive-keyring 2024.01.05~deb12u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061407 = bookworm pending Bug #1061407 [release.debian.org] bookworm-pu: package debian-ports-archive-keyring/2024.01.05~deb12u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061407: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061407 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: libspreadsheet-parsexlsx-perl 0.27-3+deb12u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061579 = bookworm pending Bug #1061579 [release.debian.org] bookworm-pu: package libspreadsheet-parsexlsx-perl/0.27-3+deb12u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061579: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061579 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061625: postfix 3.5.24-0+deb11u1 flagged for acceptance
package release.debian.org tags 1061625 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: postfix Version: 3.5.24-0+deb11u1 Explanation: new upstream stable release
Processed: postfix 3.5.24-0+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061625 = bullseye pending Bug #1061625 [release.debian.org] bullseye-pu: package postfix/3.5.23-0+deb11u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: unadf 0.7.11a-4+deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061572 = bullseye pending Bug #1061572 [release.debian.org] bullseye-pu: package unadf/0.7.11a-4+deb11u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061572: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061572 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061624: postfix 3.7.10-0+deb12u1 flagged for acceptance
package release.debian.org tags 1061624 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: postfix Version: 3.7.10-0+deb12u1 Explanation: new upstream stable release
Processed: libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u2 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061578 = bullseye pending Bug #1061578 [release.debian.org] bullseye-pu: package libspreadsheet-parsexlsx-perl/0.27-2.1+deb11u2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061578: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061578 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061579: libspreadsheet-parsexlsx-perl 0.27-3+deb12u2 flagged for acceptance
package release.debian.org tags 1061579 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: libspreadsheet-parsexlsx-perl Version: 0.27-3+deb12u2 Explanation: fix XML External Entity issue [CVE-2024-23525]
Processed: debian-ports-archive-keyring 2024.01.05~deb11u1 flagged for acceptance
Processing commands for cont...@bugs.debian.org: > package release.debian.org Limiting to bugs with field 'package' containing at least one of 'release.debian.org' Limit currently set to 'package':'release.debian.org' > tags 1061408 = bullseye pending Bug #1061408 [release.debian.org] bullseye-pu: package debian-ports-archive-keyring/2024.01.05~deb11u1 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1061408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061578: libspreadsheet-parsexlsx-perl 0.27-2.1+deb11u2 flagged for acceptance
package release.debian.org tags 1061578 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: libspreadsheet-parsexlsx-perl Version: 0.27-2.1+deb11u2 Explanation: fix XML External Entity issue [CVE-2024-23525]
Bug#1061572: unadf 0.7.11a-4+deb11u1 flagged for acceptance
package release.debian.org tags 1061572 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: unadf Version: 0.7.11a-4+deb11u1 Explanation: fix stack buffer overflow issue [CVE-2016-1243]; fix arbitary code execution issue [CVE-2016-1244]
Bug#1061407: debian-ports-archive-keyring 2024.01.05~deb12u1 flagged for acceptance
package release.debian.org tags 1061407 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: debian-ports-archive-keyring Version: 2024.01.05~deb12u1 Explanation: add Debian Ports Archive Automatic Signing Key (2025)
Bug#1061408: debian-ports-archive-keyring 2024.01.05~deb11u1 flagged for acceptance
package release.debian.org tags 1061408 = bullseye pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye. Thanks for your contribution! Upload details == Package: debian-ports-archive-keyring Version: 2024.01.05~deb11u1 Explanation: add Debian Ports Archive Automatic Signing Key (2025)
Bug#1059609: engrampa 1.26.0-1+deb12u1 flagged for acceptance
package release.debian.org tags 1059609 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details == Package: engrampa Version: 1.26.0-1+deb12u1 Explanation: fix several memory leaks; fix archive "save as" functionality
Processed: Re: Bug#1061652: bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1
Processing control commands: > tags -1 + confirmed Bug #1061652 [release.debian.org] bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1 Added tag(s) confirmed. -- 1061652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061652 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061652: bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1
Control: tags -1 + confirmed On Mon, 2024-01-29 at 11:30 -0600, Timothy Pearson wrote: > > > - Original Message - > > From: "Adam D. Barratt" > > To: "Timothy Pearson" , "1061652" > > <1061...@bugs.debian.org> > > Sent: Monday, January 29, 2024 11:21:44 AM > > y for missing a detail here, but if you're going for that approach > > then the changelog should follow the style it would for an upload > > to > > backports - i.e. taking the unstable upload, including the > > changelog > > entry for -6.4, and prepending a new stanza for -6.4~deb12u1 with > > an > > entry similar to "Rebuild for bookworm". Does that make sense? > [...] > Yes, that makes sense to me. First time I'm proposing a new stable > update package that isn't a security update, so appreciate the > patience and assistance! No problem, thanks for the quick follow-ups. One final thing: + * Rebuild for Bookworm (Closes: #1061652) Please don't close the release.d.o bug in your changelog - we'll close it once the update is actually in stable, i.e. after a point release. With the Closes: removed, please feel free to upload. Regards, Adam
Processed: Re: Bug#1061774: nmu: pngcheck_3.0.3-1
Processing control commands: > reassign -1 fitspng 2.0-1 Bug #1061774 [release.debian.org] nmu: pngcheck_3.0.3-1 Bug reassigned from package 'release.debian.org' to 'fitspng'. Ignoring request to alter found versions of bug #1061774 to the same values previously set Ignoring request to alter fixed versions of bug #1061774 to the same values previously set Bug #1061774 [fitspng] nmu: pngcheck_3.0.3-1 Marked as found in versions fitspng/2.0-1. > retitle -1 fitspng: prints warnings on zlib updates Bug #1061774 [fitspng] nmu: pngcheck_3.0.3-1 Changed Bug title to 'fitspng: prints warnings on zlib updates' from 'nmu: pngcheck_3.0.3-1'. -- 1061774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061774 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061774: nmu: pngcheck_3.0.3-1
Control: reassign -1 fitspng 2.0-1 Control: retitle -1 fitspng: prints warnings on zlib updates On 2024-01-29 13:56:14 -0300, David da Silva Polverari wrote: > On Mon, Jan 29, 2024 at 04:45:59PM +0100, Filip Hroch wrote: > > Dear Release Team, > > > > may I ask you to rebuild pngcheck package against to > > the current version of zlib? > > > > I'm maintainer of fitspng package having bug #1059970, > > and I found that the bug is not related on fitspng itself. > > Actually, it is caused by pngcheck during CI tests > > verification. The current binary of pngcheck is compiled > > against an old zlib yet, and needs a recompilation. > > > In my opinion, there is no need for a rebuild. This is just a warning > that upstream deemed useful to include on the program. If tests are > failing because of that, I believe that fitspng tests are the ones that > should be updated to take that behaviour into account (using > allow-stderr and grepping for the 'OK', for example). If zlib's SONAME > hasn't changed, there's not need to link against a newer version. The warning is mostly pointless for Debian. Minimum requirements are expressed via dependencies and if zlib's ABI breaks it has to change its SONAME. Reassinging to fitspng. Cheers -- Sebastian Ramacher
Bug#1061652: bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1
- Original Message - > From: "Adam D. Barratt" > To: "Timothy Pearson" , "1061652" > <1061...@bugs.debian.org> > Sent: Monday, January 29, 2024 11:21:44 AM > Subject: Re: Bug#1061652: bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1 > On Sun, 2024-01-28 at 16:38 -0600, Timothy Pearson wrote: >> >> > The version in the topic also implies a higher version than the >> > unstable upload, whereas the stable upload needs a lower version - >> > either -6.3+deb12u1 or -6.4~deb12u1 depending on whether you take >> > the >> > approach of adding the new patches on top of the existing stable >> > version, or backporting the unstable upload as a whole. It looks >> > like >> > the effect would be identical in this case afaict, so it's purely a >> > matter of preference. >> >> I will useg -6.4~deb12u1 for simplicity, since we are tracking the >> unstable version in this update. I inadvertently made an error in >> the bug report subject line. > > Sorry for missing a detail here, but if you're going for that approach > then the changelog should follow the style it would for an upload to > backports - i.e. taking the unstable upload, including the changelog > entry for -6.4, and prepending a new stanza for -6.4~deb12u1 with an > entry similar to "Rebuild for bookworm". Does that make sense? > > Regards, > > Adam Yes, that makes sense to me. First time I'm proposing a new stable update package that isn't a security update, so appreciate the patience and assistance!diff -Nru rss-glx-0.9.1/debian/changelog rss-glx-0.9.1/debian/changelog --- rss-glx-0.9.1/debian/changelog 2021-10-16 08:11:19.0 -0500 +++ rss-glx-0.9.1/debian/changelog 2024-01-29 11:26:00.0 -0600 @@ -1,3 +1,18 @@ +rss-glx (0.9.1-6.4~deb12u1) bookworm; urgency=medium + + * Rebuild for Bookworm (Closes: #1061652) + + -- Timothy Pearson Mon, 29 Jan 2024 11:26:00 -0600 + +rss-glx (0.9.1-6.4) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches/glfinish.patch: Call GLFinish() prior to glXSwapBuffers() +(Closes: #1061507) + * Install screensavers into /usr/libexec/xscreensaver (Closes: #979490) + + -- Timothy Pearson Sat, 27 Jan 2024 08:41:00 -0600 + rss-glx (0.9.1-6.3) unstable; urgency=medium * Non-maintainer upload. diff -Nru rss-glx-0.9.1/debian/patches/glfinish.patch rss-glx-0.9.1/debian/patches/glfinish.patch --- rss-glx-0.9.1/debian/patches/glfinish.patch 1969-12-31 18:00:00.0 -0600 +++ rss-glx-0.9.1/debian/patches/glfinish.patch 2024-01-25 10:43:27.0 -0600 @@ -0,0 +1,12 @@ +Index: rss-glx-0.9.1/src/driver.c +=== +--- rss-glx-0.9.1.orig/src/driver.c rss-glx-0.9.1/src/driver.c +@@ -238,6 +238,7 @@ + + if (drawEnabled) { + hack_draw (XStuff, (double)now.tv_sec + now.tv_usec / 100.0f, frameTimeSoFar / 100.0f); ++ glFinish(); + + glXSwapBuffers (XStuff->display, XStuff->window); + } diff -Nru rss-glx-0.9.1/debian/patches/series rss-glx-0.9.1/debian/patches/series --- rss-glx-0.9.1/debian/patches/series 2021-10-16 08:05:56.0 -0500 +++ rss-glx-0.9.1/debian/patches/series 2024-01-27 08:46:13.0 -0600 @@ -2,3 +2,4 @@ pixelcity-cpp.patch readme.patch include-cstddef.patch +glfinish.patch diff -Nru rss-glx-0.9.1/debian/rules rss-glx-0.9.1/debian/rules --- rss-glx-0.9.1/debian/rules 2011-05-27 10:01:25.0 -0500 +++ rss-glx-0.9.1/debian/rules 2024-01-27 08:45:36.0 -0600 @@ -15,12 +15,12 @@ override_dh_auto_configure: dh_auto_configure -- --with-configdir=/usr/share/xscreensaver/config \ --with-kdessconfigdir=/usr/share/kde4/services/ScreenSavers \ - --bindir=/usr/lib/xscreensaver --enable-static=no \ + --bindir=/usr/libexec/xscreensaver --enable-static=no \ LDFLAGS=-Wl,--as-needed override_dh_auto_install: dh_auto_install - mv $(CURDIR)/debian/rss-glx/usr/lib/xscreensaver/rss-glx_install.pl \ + mv $(CURDIR)/debian/rss-glx/usr/libexec/xscreensaver/rss-glx_install.pl \ $(CURDIR)/debian/rss-glx/usr/bin/rss-glx_install cp $(CURDIR)/debian/desktop_files/*.desktop \ $(CURDIR)/debian/rss-glx/usr/share/applications/screensavers
Bug#1061652: bookworm-pu: package rss-glx/0.9.1-6.4+deb12u1
On Sun, 2024-01-28 at 16:38 -0600, Timothy Pearson wrote: > > > The version in the topic also implies a higher version than the > > unstable upload, whereas the stable upload needs a lower version - > > either -6.3+deb12u1 or -6.4~deb12u1 depending on whether you take > > the > > approach of adding the new patches on top of the existing stable > > version, or backporting the unstable upload as a whole. It looks > > like > > the effect would be identical in this case afaict, so it's purely a > > matter of preference. > > I will useg -6.4~deb12u1 for simplicity, since we are tracking the > unstable version in this update. I inadvertently made an error in > the bug report subject line. Sorry for missing a detail here, but if you're going for that approach then the changelog should follow the style it would for an upload to backports - i.e. taking the unstable upload, including the changelog entry for -6.4, and prepending a new stanza for -6.4~deb12u1 with an entry similar to "Rebuild for bookworm". Does that make sense? Regards, Adam
Bug#1061774: nmu: pngcheck_3.0.3-1
On Mon, Jan 29, 2024 at 04:45:59PM +0100, Filip Hroch wrote: > Dear Release Team, > > may I ask you to rebuild pngcheck package against to > the current version of zlib? > > I'm maintainer of fitspng package having bug #1059970, > and I found that the bug is not related on fitspng itself. > Actually, it is caused by pngcheck during CI tests > verification. The current binary of pngcheck is compiled > against an old zlib yet, and needs a recompilation. > In my opinion, there is no need for a rebuild. This is just a warning that upstream deemed useful to include on the program. If tests are failing because of that, I believe that fitspng tests are the ones that should be updated to take that behaviour into account (using allow-stderr and grepping for the 'OK', for example). If zlib's SONAME hasn't changed, there's not need to link against a newer version. Regards, David
Processed: nmu: pngcheck_3.0.3-1
Processing control commands: > affects -1 + src:pngcheck Bug #1061774 [release.debian.org] nmu: pngcheck_3.0.3-1 Added indication that 1061774 affects src:pngcheck -- 1061774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061774 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061774: nmu: pngcheck_3.0.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: pngch...@packages.debian.org Control: affects -1 + src:pngcheck Dear Release Team, may I ask you to rebuild pngcheck package against to the current version of zlib? I'm maintainer of fitspng package having bug #1059970, and I found that the bug is not related on fitspng itself. Actually, it is caused by pngcheck during CI tests verification. The current binary of pngcheck is compiled against an old zlib yet, and needs a recompilation. A test run under sid (as well as trixie) has revealed: x@trixiesid:/tmp/xxx$ pngcheck hippo.png zlib warning: different version (expected 1.2.13, using 1.3) OK: hippo.png (139x152, 24-bit RGB, non-interlaced, 38.7%). The string can be identified as the part of the source of pngcheck.c (https://salsa.debian.org/debian/pngcheck/-/blob/debian/master/pngcheck.c) which compares versions of the run-time zlib and the zlib compiled in: ... } else if (strcmp(zlib_version, ZLIB_VERSION) != 0) { fprintf(stderr, "zlib warning: different version (expected %s," " using %s)\n\n", ZLIB_VERSION, zlib_version); } .. In my opinion, the test on a zlib version is greatly valuable, although it may create doubts during those transitional phases. Thank you, FH nmu pngcheck_3.0.3-1 . ANY . -m "Rebuild against a new version of zlib."