Re: Status of the t64 transition
On 2024-04-18 Sebastian Ramacher wrote: [...] > Let's start with the first category. Those are packages that could be > binNMUed, but there are issues that make those rebuilds not have the > desired effect. This list include packages that > * are BD-Uninstallabe, > * FTBFS but with out ftbfs-tagged RC bug, > * have hard-coded dependencies on pre-t64 libraries, > * have $oldlib | $newlib dependencies (those are at least wrong on >armel/armhf and violate policy 2.2.1 once the pre-t64 libraries are >decrufted), > * have been rebuilt before all dependencies were built, > * have broken symbols/shlibs files producing incorrect dependencies, > * or might just be missing the binNMU (but those should be few). > hugin [...] Good morning, thanks for the update. Looking at hugin, I think it is fine on all release-architectures, none of the problems noted above apply here. Am I missing something? TIA, cu Andreas PS: fakeroot seems to be an important blocker not in the list.
Bug#1069262: bookworm-pu: package u-boot/2023.01+dfsg-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: u-b...@packages.debian.org, vagr...@debian.org Control: affects -1 + src:u-boot [ Reason ] Fixes the timer clock used by various "orion" based platforms, such as Sheevaplug. [ Impact ] This fixes booting on Sheevaplug and other similar platforms, which are currently entirely broken in bookworm. [ Tests ] The original reporter of the bug confirmed that it worked on their Sheevaplug. [ Risks ] Should be low risk; changes are small and isolated to the currently broken platforms. [ Checklist ] [?] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] A single patch is pulled from upstream that fixes booting on the sheevaplug and related platforms. Unfortunately, the debdiff revealed an un-used patch (u-boot-2023.01+dfsg/debian/0001-u-boot-qemu-Add-malta64el-and-maltael.patch) in the old source package that was never intended to be included, not in revision control and is not present in the new source package. I did not detect the un-used crufty patch until I had performed the upload, so neglected mentioning it in debian/changelog, but it never should have been included in bookworm in the first place... hopefully this "removal" is tolerable. It should have no real effect on the resulting package. [ Other info ] Thanks! live well, vagrant signature.asc Description: PGP signature
Processed: bookworm-pu: package u-boot/2023.01+dfsg-2+deb12u1
Processing control commands: > affects -1 + src:u-boot Bug #1069262 [release.debian.org] bookworm-pu: package u-boot/2023.01+dfsg-2+deb12u1 Added indication that 1069262 affects src:u-boot -- 1069262: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069262 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Re-planning for 12.6
Hiya! Not wanting to pester *too* much, but where are we up to? On Tue, Apr 02, 2024 at 10:53:49PM +0100, Steve McIntyre wrote: >On Mon, Apr 01, 2024 at 01:07:27PM +0100, Adam Barratt wrote: >>Hi, >> >>As we had to postpone 12.6, let's look at alternative dates. >> >>April 13th >>- Not great for me for personal reasons, mhy previously said no. I >>could probably do if need be > >Works for me. > >>April 20th >>- Doesn't work for me; I'm away from the Tuesday before until late on >>the Friday > >Works for me. > >>April 27th >>- Doesn't work for me; I have a pre-existing appointment which means >>I'll be AFK much of the day > >Works for me. > >>May 4th >>- Apparently doesn't work for me; long weekend in the UK >> > >Works for me. > >>May 11th >>- Should work for me > >Nope, already booked for that Saturday. > >-- >Steve McIntyre, Cambridge, UK.st...@einval.com >"...In the UNIX world, people tend to interpret `non-technical user' > as meaning someone who's only ever written one device driver." -- Daniel Pead -- Steve McIntyre, Cambridge, UK.st...@einval.com The two hard things in computing: * naming things * cache invalidation * off-by-one errors -- Stig Sandbeck Mathisen
Bug#1067944: marked as done (nmu: openjdk-17_17.0.11~7ea-1)
Your message dated Thu, 18 Apr 2024 21:57:42 +0200 with message-id and subject line Re: Bug#1067944: nmu: openjdk-17_17.0.11~7ea-1 has caused the Debian Bug report #1067944, regarding nmu: openjdk-17_17.0.11~7ea-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067944 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal X-Debbugs-Cc: openjdk...@packages.debian.org Control: affects -1 + src:openjdk-17 User: release.debian@packages.debian.org Usertags: binnmu nmu openjdk-17_17.0.11~7ea-1 . armel armhf . unstable . -m "Rebuild on buildds" --- End Message --- --- Begin Message --- On 2024-03-29 15:35:52 +0500, Andrey Rakhmatullin wrote: > Package: release.debian.org > Severity: normal > X-Debbugs-Cc: openjdk...@packages.debian.org > Control: affects -1 + src:openjdk-17 > User: release.debian@packages.debian.org > Usertags: binnmu > > nmu openjdk-17_17.0.11~7ea-1 . armel armhf . unstable . -m "Rebuild on > buildds" There was a new upload of openjdk-17. Cheers -- Sebastian Ramacher--- End Message ---
Bug#1068366: marked as done (nmu: gyoto_2.0.2-1.1)
Your message dated Thu, 18 Apr 2024 21:56:47 +0200 with message-id and subject line Re: Bug#1068366: nmu: gyoto_2.0.2-1.1 has caused the Debian Bug report #1068366, regarding nmu: gyoto_2.0.2-1.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu It seems that the new version of gyoto was built a bit too early and, on most architectures, picked up a dependency on libcfitsio10 rather than libcfitsio10t64. nmu gyoto_2.0.2-1.1 . ANY . unstable . -m "Rebuild against libcfitsio10t64 for time64 transition." -- System Information: Debian Release: 10.13 APT prefers oldoldstable-updates APT policy: (500, 'oldoldstable-updates'), (500, 'oldoldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, arm64 Kernel: Linux 4.19.0-18-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled --- End Message --- --- Begin Message --- On 2024-04-05 16:00:44 +0200, Sebastian Ramacher wrote: > Control: tags -1 moreinfo > > On 2024-04-04 09:27:06 +0100, plugwash wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: binnmu > > > > It seems that the new version of gyoto was built a bit too early and, on > > most > > architectures, picked up a dependency on libcfitsio10 rather than > > libcfitsio10t64. > > > > nmu gyoto_2.0.2-1.1 . ANY . unstable . -m "Rebuild against libcfitsio10t64 > > for time64 transition." > > gyoto currently FTBFS, see #1067562. If this bug was fixed, please fix > its metadata. Otherwise it will need an upload anyway. The bug is #1066788 (not sure how the other one slipped into this mail). Closing this bug as non-actionable. Cheers -- Sebastian Ramacher--- End Message ---
Processed: bullseye-pu: package libapache2-mod-auth-openidc/2.4.9.4-0+deb11u4
Processing control commands: > affects -1 + src:libapache2-mod-auth-openidc Bug #1069253 [release.debian.org] bullseye-pu: package libapache2-mod-auth-openidc/2.4.9.4-0+deb11u4 Added indication that 1069253 affects src:libapache2-mod-auth-openidc -- 1069253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069253 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069252: bookworm-pu: package libapache2-mod-auth-openidc/2.4.12.3-2+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: libapache2-mod-auth-open...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:libapache2-mod-auth-openidc User: release.debian@packages.debian.org Usertags: pu [ Reason ] Backported the patch to fix CVE-2024-24814. Does not require DSA as per #1064183#28. [ Impact ] DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA- hxr6-w4gc-7vvv [ Tests ] Manually on own infra. [ Risks ] Patch has minimal complexity but is from the upstream author who is generally very knowledgable about his code. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Added upstream commit as patch that fixes oidc_util_get_chunked_cookie function to properly handle chunked cookies and decline malicious ones. [ Other info ] diff -Nru libapache2-mod-auth-openidc-2.4.12.3/debian/changelog libapache2-mod-auth-openidc-2.4.12.3/debian/changelog --- libapache2-mod-auth-openidc-2.4.12.3/debian/changelog 2023-05-02 11:48:09.0 +0200 +++ libapache2-mod-auth-openidc-2.4.12.3/debian/changelog 2024-04-18 14:20:00.0 +0200 @@ -1,3 +1,16 @@ +libapache2-mod-auth-openidc (2.4.12.3-2+deb12u1) bookworm; urgency=medium + + * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks +cookie value made the server vulnerable to a Denial of Service (DoS) +attack. If an attacker manipulated the value of the OpenIDC cookie to a +very large integer like , the server struggled with the request for +a long time and finally returned a 500 error. Making a few requests of this +kind caused servers to become unresponsive, and so attackers could thereby +craft requests that would make the server work very hard and/or crash with +minimal effort. (Closes: #1064183) + + -- Moritz Schlarb Thu, 18 Apr 2024 14:20:00 +0200 + libapache2-mod-auth-openidc (2.4.12.3-2) unstable; urgency=high * Add patch to Fix CVE-2023-28625 (Closes: #1033916) diff -Nru libapache2-mod-auth-openidc-2.4.12.3/debian/gbp.conf libapache2-mod-auth-openidc-2.4.12.3/debian/gbp.conf --- libapache2-mod-auth-openidc-2.4.12.3/debian/gbp.conf2023-05-02 11:41:28.0 +0200 +++ libapache2-mod-auth-openidc-2.4.12.3/debian/gbp.conf2024-04-18 14:20:00.0 +0200 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = bookworm diff -Nru libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0001-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0001-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch --- libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0001-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch 2023-05-02 11:47:32.0 +0200 +++ libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0001-Fix-CVE-2023-28625-segfault-DoS-when-OIDCStripCookie.patch 2024-04-18 14:20:00.0 +0200 @@ -1,9 +1,9 @@ From: Moritz Schlarb Date: Tue, 2 May 2023 11:44:18 +0200 Subject: Fix CVE-2023-28625: segfault DoS when OIDCStripCookies is set + Origin: upstream, https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr Applied-Upstream: 2.4.13.2, https://github.com/OpenIDC/mod_auth_openidc/commit/c0e1edac3c4c19988ccdc7713d7aebfce6ff916a - --- src/mod_auth_openidc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -Nru libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0002-fix-DoS-CVE-2024-24814.patch libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0002-fix-DoS-CVE-2024-24814.patch --- libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0002-fix-DoS-CVE-2024-24814.patch 1970-01-01 01:00:00.0 +0100 +++ libapache2-mod-auth-openidc-2.4.12.3/debian/patches/0002-fix-DoS-CVE-2024-24814.patch 2024-04-18 14:20:00.0 +0200 @@ -0,0 +1,60 @@ +From: Hans Zandbelt +Date: Tue, 6 Feb 2024 23:45:40 +0100 +Subject: [PATCH] release 2.4.15.2: fix DoS CVE-2024-24814 + +fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and +a crafted Cookie header is supplied +https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv + +Signed-off-by: Hans Zandbelt +--- + src/util.c | 35 +-- + 1 file changed, 17 insertions(+), 18 deletions(-) + +diff --git a/src/util.c b/src/util.c +index e1f0a3a..7a86c24 100644 +--- a/src/util.c b/src/util.c +@@ -1325,25 +1325,24 @@ static char* oidc_util_get_chunk_cookie_name(request_rec *r, + */ + char* oidc_util_get_chunked_cookie(request_rec *r, const char *cookieName, + int chunkSize) { +- char *cookieValue = NULL; +- char
Bug#1069253: bullseye-pu: package libapache2-mod-auth-openidc/2.4.9.4-0+deb11u4
Package: release.debian.org Severity: normal Tags: bullseye X-Debbugs-Cc: libapache2-mod-auth-open...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:libapache2-mod-auth-openidc User: release.debian@packages.debian.org Usertags: pu [ Reason ] Backported the patch to fix CVE-2024-24814. Does not require DSA as per #1064183#28. [ Impact ] DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA- hxr6-w4gc-7vvv [ Tests ] Manually on own infra. [ Risks ] Patch has minimal complexity but is from the upstream author who is generally very knowledgable about his code. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Added upstream commit as patch that fixes oidc_util_get_chunked_cookie function to properly handle chunked cookies and decline malicious ones. [ Other info ] diff -Nru libapache2-mod-auth-openidc-2.4.9.4/debian/changelog libapache2-mod-auth-openidc-2.4.9.4/debian/changelog --- libapache2-mod-auth-openidc-2.4.9.4/debian/changelog2023-05-02 12:59:57.0 +0200 +++ libapache2-mod-auth-openidc-2.4.9.4/debian/changelog2024-04-18 14:27:26.0 +0200 @@ -1,3 +1,16 @@ +libapache2-mod-auth-openidc (2.4.9.4-0+deb11u4) bullseye; urgency=high + + * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks +cookie value made the server vulnerable to a Denial of Service (DoS) +attack. If an attacker manipulated the value of the OpenIDC cookie to a +very large integer like , the server struggled with the request for +a long time and finally returned a 500 error. Making a few requests of this +kind caused servers to become unresponsive, and so attackers could thereby +craft requests that would make the server work very hard and/or crash with +minimal effort. (Closes: #1064183) + + -- Moritz Schlarb Thu, 18 Apr 2024 14:27:26 +0200 + libapache2-mod-auth-openidc (2.4.9.4-0+deb11u3) bullseye-security; urgency=high * Add patch to Fix CVE-2023-28625 (Closes: #1033916) diff -Nru libapache2-mod-auth-openidc-2.4.9.4/debian/patches/0004-fix-DoS-CVE-2024-24814.patch libapache2-mod-auth-openidc-2.4.9.4/debian/patches/0004-fix-DoS-CVE-2024-24814.patch --- libapache2-mod-auth-openidc-2.4.9.4/debian/patches/0004-fix-DoS-CVE-2024-24814.patch 1970-01-01 01:00:00.0 +0100 +++ libapache2-mod-auth-openidc-2.4.9.4/debian/patches/0004-fix-DoS-CVE-2024-24814.patch 2024-04-18 14:25:44.0 +0200 @@ -0,0 +1,60 @@ +From: Hans Zandbelt +Date: Tue, 6 Feb 2024 23:45:40 +0100 +Subject: [PATCH] release 2.4.15.2: fix DoS CVE-2024-24814 + +fix CVE-2024-24814: DoS when 'OIDCSessionType client-cookie' is set and +a crafted Cookie header is supplied +https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv + +Signed-off-by: Hans Zandbelt +--- + src/util.c | 35 +-- + 1 file changed, 17 insertions(+), 18 deletions(-) + +diff --git a/src/util.c b/src/util.c +index c6453d0..6782293 100644 +--- a/src/util.c b/src/util.c +@@ -1288,25 +1288,24 @@ static char* oidc_util_get_chunk_cookie_name(request_rec *r, + */ + char* oidc_util_get_chunked_cookie(request_rec *r, const char *cookieName, + int chunkSize) { +- char *cookieValue = NULL; +- char *chunkValue = NULL; +- int i = 0; +- if (chunkSize == 0) { +- cookieValue = oidc_util_get_cookie(r, cookieName); +- } else { +- int chunkCount = oidc_util_get_chunked_count(r, cookieName); +- if (chunkCount > 0) { +- cookieValue = ""; +- for (i = 0; i < chunkCount; i++) { +- chunkValue = oidc_util_get_cookie(r, +- oidc_util_get_chunk_cookie_name(r, cookieName, i)); +- if (chunkValue != NULL) +- cookieValue = apr_psprintf(r->pool, "%s%s", cookieValue, +- chunkValue); +- } +- } else { +- cookieValue = oidc_util_get_cookie(r, cookieName); ++ char *cookieValue = NULL, *chunkValue = NULL; ++ int chunkCount = 0, i = 0; ++ if (chunkSize == 0) ++ return oidc_util_get_cookie(r, cookieName); ++ chunkCount = oidc_util_get_chunked_count(r, cookieName); ++ if (chunkCount == 0) ++ return oidc_util_get_cookie(r, cookieName); ++ if ((chunkCount < 0) || (chunkCount > 99)) { ++ oidc_warn(r, "chunk count out of bounds: %d", chunkCount); ++ return NULL; ++ } ++ for (i = 0; i <
Processed: bookworm-pu: package libapache2-mod-auth-openidc/2.4.12.3-2+deb12u1
Processing control commands: > affects -1 + src:libapache2-mod-auth-openidc Bug #1069252 [release.debian.org] bookworm-pu: package libapache2-mod-auth-openidc/2.4.12.3-2+deb12u1 Added indication that 1069252 affects src:libapache2-mod-auth-openidc -- 1069252: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069252 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Status of the t64 transition
Hi, as the progress on the t64 transition is slowing down, I want to give an overview of some of the remaining blockers that we need to tackle to get it unstuck. I tried to identify some clusters of issues, but there might be other classes of issues. Let's start with the first category. Those are packages that could be binNMUed, but there are issues that make those rebuilds not have the desired effect. This list include packages that * are BD-Uninstallabe, * FTBFS but with out ftbfs-tagged RC bug, * have hard-coded dependencies on pre-t64 libraries, * have $oldlib | $newlib dependencies (those are at least wrong on armel/armhf and violate policy 2.2.1 once the pre-t64 libraries are decrufted), * have been rebuilt before all dependencies were built, * have broken symbols/shlibs files producing incorrect dependencies, * or might just be missing the binNMU (but those should be few). 3depict arctica-greeter cegui-mk2 condor courier deepin-movie-reborn fastnetmon fcitx-kkc gentle gnome-subtitles gocryptfs gozer gtk-chtheme gvmd gxneur haskell-gi-dbusmenugtk3 haskell-gi-gtk haskell-gi-gtk-hs haskell-gi-vte haskell-gtk-strut hkl hugin hxtools ibus-kkc ippsample jellyfish jskeus lcmaps-plugins-basic lcmaps-plugins-jobrep lcmaps-plugins-verify-proxy lcmaps-plugins-voms libcanberra libosmo-netif lightdm lightdm-gtk-greeter light-locker limesuite llvm-toolchain-17 lmms lyskom-server massxpert2 nautilus-wipe ncl nfs-ganesha obs-advanced-scene-switcher openjdk-20 perdition ppp prads prelude-lml prelude-manager purple-xmpp-carbons purple-xmpp-http-upload python-escript qt5-ukui-platformtheme quorum renpy roger-router rtags sdpa seafile-client slick-greeter sonic-visualiser spectrwm spice-gtk swtpm tfortune thunderbird trantor ui-gxmlcpp ukui-greeter urfkill vdeplug-pcap vdeplug-slirp wine-development worker xbase64 xca Next, packages that need an upload since they build Architecture: all binaries depending on pre-t64 libraries: alsa-ucm-conf anki clearlooks-phenix-theme gtk-sharp3 jruby mandos python-pylibdmtx pyzbar rapid-photo-downloader ruby-ethon ruby-ffi-libarchive sbmltoolbox syncevolution Finally, packages that need rebuilds but currently have open FTBFS (RC + ftbfs tag) bugs: 3dchess ace-of-penguins acm adns adonthell alsa-oss amberol anfo arrayfire audtty barrier blasr boinc-app-eah-brp broker caml-crush cctools clanlib clazy clickhouse code-saturne coz-profiler cp2k cpdb-backend-cups cpm criu curlftpfs dapl darcs das-watchdog deepin-log-viewer dnstop dolphin-emu dradio dub dune-pdelab dvbstreamer dx ecere-sdk elektra epic4 epic5 eterm filament freebayes freebsd-buildutils gabedit gamazons ganeti gdis ggcov ghdl ghemical giblib gigedit glirc gnat-gps gnome-breakout gnome-photos gnunet-gtk google-compute-engine-oslogin grok gsocket gtk-sharp3 gtkterm gwc gyoto hardinfo hping3 hplip httest i2masschroq ibus-anthy info-beamer intel-hdcp irssi-plugin-robustirc isoquery kamailio kbtin kcov kdrill kexec-tools keynav klatexformula kluppe kpatch kraptor kwin-effect-xrdesktop ldapvi lftp libaws libengine-gost-openssl libgovirt libkkc libnginx-mod-http-modsecurity liboqs librm libvma libzorpll lief linssid lintian-brush linuxtv-dvb-apps literki lives llvm-toolchain-16 lmemory lnav loqui lsh-utils mahimahi maildrop matchbox-keyboard matchbox-panel mate-equake-applet mathgl mdbtools mdk4 mit-scheme mldemos mlpcap mod-gnutls moonshot-ui mozillavpn mpqc3 ncrack netdiag newsboat nitrokey-app nng ntopng obs-ashmanix-countdown obs-downstream-keyer obs-ptz obs-scene-notes-dock obs-websocket octave-mpi openems openexr-viewers openjdk-19 openmx opensta openturns openvas-scanner ortools performous-composer pesign pidgin-sipe pixmap pngphoon porg projecteur purify purple-lurch pxe-kexec pyferret pygame-sdl2 pytorch-vision qstopmotion raku-readline ramond rdup recutils regina-normal resvg rmlint ruby3.2 ruby-fcgi ruby-ruby-magic-static ruby-sigar s390-tools sagemath samhain scm scrollz sdaps searchmonkey siconos siridb-server sitecopy slapi-nis slrn sniffit snort spek spotlighter squeak-plugins-scratch stimfit subvertpy supertuxkart swift-im syrthes tcptrack telegram-purple termrec thin-provisioning-tools threadscope tightvnc tlog uhub urweb vart vecgeom veusz vg virtualjaguar whitedune wmweather+ xbill xcolmix xir xneur xpat2 xpra xqilla xrt xshogi xtide yap yrmcds zabbix zeek Note that not all of the packages listed above have bugs filed. Also, the list is produced based on the state in unstable. Packages that were already removed from testing are also on these lists. If you maintain any of the packages above, please check their status and help get them fixed. Any help in filing bugs, fixing packages, requesting removals, etc. is appreciated so that we can look into unblocking the whole stack and migrate it to testing. The dd-list of the packages above is attached. Cheers -- Sebastian Ramacher A Mennucc1 dvbstreamer Adam Borowski kbtin termrec Adrian Knoth qstopmotion (U) Agathe Porte
Re: R 4.4.0 coming April 24
Hi Paul, On 18 April 2024 at 11:50, Paul Gevers wrote: | Hi Dirk, | | On 18-04-2024 4:41 a.m., Dirk Eddelbuettel wrote: | > I uploaded a first | > beta release r-base_4.3.3.20240409-1 to 'experimental' a week ago, I just | > followed up with a rc release r-base_4.3.3.20240416-1. | | Thanks for preparing in experimental, as that triggers some QA. | | > Given these non-changes, I do not think we need a formal transition. If the | > release teams thinks otherwise, please let me know, ideally before April 24. | | https://qa.debian.org/excuses.php?experimental=1=r-base shows | there are 5 reverse (test) dependencies who's autopkgtest fail with the | latest r-base in experimental. You'll want to discuss with the | maintainers of those packages what that means for either r-base or their | packages (ideally by filing bug reports to track the discussion). Right now it now only shows 'all reports (re-)running'. But package r-base has had the usual issues in unstable for a few weeks now because 'some people' insist on adding autopkg tests including for architectures / build sizes no longer supported upstream -- R stopped 32 bit support over a year and release ago -- as well continually letting dependencies slip so that the autopkg tests involve old and outdated package releases combined with the fact that BioConductor has _very_ specific release cycles yet they throw r-bioc-* package in too) so there is little I can do on the end of package r-base. Briefly, I am being put into a bad corner by other maintainers here, and I no longer have the energy to discuss that with them. We have been at this for years. The r-base package itself is fine in unstable, as well as with eg the packages I maintain. It is also fine in Ubuntu (and Debian, both also via backports we coordinate at the R mirror network CRAN) and I run an add-on project [1] where *every* CRAN package (and 400+ BioConductor packages) is turned into .deb packages access from R via install.packages() (for the two most recent LTS releases). I know this stuff, I have been using and contributing to R for 25 years, I am in close contact with upstream, and I happen to sit on the R Foundation board. Cheers, Dirk [1] https://eddelbuettel.github.io/r2u | Paul | x[DELETED ATTACHMENT OpenPGP_signature.asc, application/pgp-signature] -- dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
Re: R 4.4.0 coming April 24
Hi Dirk, On 18-04-2024 4:41 a.m., Dirk Eddelbuettel wrote: I uploaded a first beta release r-base_4.3.3.20240409-1 to 'experimental' a week ago, I just followed up with a rc release r-base_4.3.3.20240416-1. Thanks for preparing in experimental, as that triggers some QA. Given these non-changes, I do not think we need a formal transition. If the release teams thinks otherwise, please let me know, ideally before April 24. https://qa.debian.org/excuses.php?experimental=1=r-base shows there are 5 reverse (test) dependencies who's autopkgtest fail with the latest r-base in experimental. You'll want to discuss with the maintainers of those packages what that means for either r-base or their packages (ideally by filing bug reports to track the discussion). Paul OpenPGP_signature.asc Description: OpenPGP digital signature