Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id
<ee4c0876608d99eb3f8b333b556fbd92e7a652eb.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1108127,
regarding bookworm-pu: package debian-security-support/12+2025.06.20
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1108127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108127
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:debian-security-support
Dear release team,
I'd like to propose a bookworm update for debian-security-support.
[ Reason ]
The are two changes: fixing #1106203, and a typo in a package name.
#1106203 makes that the purpose of check-security-support (the main
debian-security-support script) is null for packages that have been
NMU'ed or that have a different version between the source and binary
packages. See some examples at
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/44#note_615156
[ Impact ]
The user will continue to no be warned that the concerned installed
packages don't benefit from a full security support from debian.
[ Tests ]
A test has been added to the package, that is run during build time.
I've tested the test on my own bookworm machine, and now I get results
like:
* Source:golang-github-containers-buildah
Details: See
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
Affected binary package:
- buildah (installed version: 1.28.2+ds1-3+deb12u1+b1)
[ Risks ]
The code is trivial, and the tests have good coverage.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The main change is:
diff -Nru debian-security-support-12+2025.05.10/check-support-status.in
debian-security-support-12+2025.06.20/check-support-status.in
--- debian-security-support-12+2025.05.10/check-support-status.in
2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/check-support-status.in
2025-06-20 17:54:47.000000000 -0300
@@ -169,7 +169,7 @@
# Get list of installed packages
INSTALLED_LIST="$TEMPDIR/installed"
-LC_ALL=C [% DPKG_QUERY %] --show --showformat
'${Status}\t${binary:Package}\t${Version}\t${Source}\n' |
+LC_ALL=C [% DPKG_QUERY %] --show --showformat
'${Status}\t${binary:Package}\t${Version}\t${source:Package}\n' |
[% AWK %] '($1=="install"){print}' |
[% AWK %] -F'\t' '{if($4==""){print $2"\t"$3"\t"$2}else{print
$2"\t"$3"\t"$4}}' >"$INSTALLED_LIST"
When the version of a binary package differs from the source package,
the old dpkg-query returns something like:
install ok installed buildah 1.28.2+ds1-3+deb12u1+b1
golang-github-containers-buildah (1.28.2+ds1-3+deb12u1)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and the new one:
install ok installed buildah 1.28.2+ds1-3+deb12u1+b1
golang-github-containers-buildah
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The remaining code compares the name of the source package with the
underlined (^) string, with grep -x, so the name didn't match.
Changes in t/check-support-status.t include a test for the above.
And there is a typo fix in security-support-limited s/gobgpd/gobgp/
since check-security-support checks for the name of the source package,
not the binary. I've verified that this works.
[ Other info ]
N/A
Thanks!
-- Santiago
diff -Nru debian-security-support-12+2025.05.10/check-support-status.in
debian-security-support-12+2025.06.20/check-support-status.in
--- debian-security-support-12+2025.05.10/check-support-status.in
2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/check-support-status.in
2025-06-20 17:54:47.000000000 -0300
@@ -169,7 +169,7 @@
# Get list of installed packages
INSTALLED_LIST="$TEMPDIR/installed"
-LC_ALL=C [% DPKG_QUERY %] --show --showformat
'${Status}\t${binary:Package}\t${Version}\t${Source}\n' |
+LC_ALL=C [% DPKG_QUERY %] --show --showformat
'${Status}\t${binary:Package}\t${Version}\t${source:Package}\n' |
[% AWK %] '($1=="install"){print}' |
[% AWK %] -F'\t' '{if($4==""){print $2"\t"$3"\t"$2}else{print
$2"\t"$3"\t"$4}}' >"$INSTALLED_LIST"
diff -Nru debian-security-support-12+2025.05.10/debian/changelog
debian-security-support-12+2025.06.20/debian/changelog
--- debian-security-support-12+2025.05.10/debian/changelog 2025-05-10
10:05:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/debian/changelog 2025-06-20
17:58:38.000000000 -0300
@@ -1,3 +1,11 @@
+debian-security-support (1:12+2025.06.20) bookworm; urgency=medium
+
+ * Query source:Package instead of Source to get the list of packages
+ (Closes: #1106203)
+ * Fix typo related to gobgp
+
+ -- Santiago Ruano Rincón <[email protected]> Fri, 20 Jun 2025 17:58:38
-0300
+
debian-security-support (1:12+2025.05.10) bookworm; urgency=medium
[ Salvatore Bonaccorso ]
diff -Nru debian-security-support-12+2025.05.10/security-support-limited
debian-security-support-12+2025.06.20/security-support-limited
--- debian-security-support-12+2025.05.10/security-support-limited
2025-05-10 09:54:22.000000000 -0300
+++ debian-security-support-12+2025.06.20/security-support-limited
2025-06-20 17:54:47.000000000 -0300
@@ -12,7 +12,7 @@
ganglia See README.Debian.security, only supported behind an
authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an
authenticated HTTP zone, #702776
golang.* See
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
-gobgpd See
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
+gobgp See
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
gnupg1 See #982258 and
https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
jython Includes python2.7 stdlib, support limited until Py3 port, see
#975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
kde4libs khtml has no security support upstream, only for use on
trusted content
diff -Nru debian-security-support-12+2025.05.10/t/check-support-status.t
debian-security-support-12+2025.06.20/t/check-support-status.t
--- debian-security-support-12+2025.05.10/t/check-support-status.t
2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/t/check-support-status.t
2025-06-20 17:54:47.000000000 -0300
@@ -213,6 +213,7 @@
__EOS__
write_file ($list_limited, <<__EOS__);
php5 See README.Debian.security for the PHP security policy
+gobgp binNMU'ed package from a statically linked ecosystem
__EOS__
mock_query_list (
$query_list,
@@ -225,6 +226,7 @@
[ 'ioi', 'supported-package', '1.0-1' ],
[ 'ioi', 'supported-package-bin2', '1.0-1', 'supported-package' ],
[ 'ioi', 'libjs-marked', '0.3.2+dfsg-1', 'node-marked' ],
+ [ 'ioi', 'gobgpd', '3.10.0-1+b4', 'gobgp' ],
],
);
@@ -253,6 +255,11 @@
- libjs-marked (installed version: 0.3.2+dfsg-1)
+* Source:gobgp
+ Details: binNMU'ed package from a statically linked ecosystem
+ Affected binary package:
+ - gobgpd (installed version: 3.10.0-1+b4)
+
* Source:php5
Details: See README.Debian.security for the PHP security policy
Affected binary package:
@@ -277,6 +284,7 @@
debconf/1.5.36.1
debconf-i18n/1.5.36.1
libjs-marked/0.3.2+dfsg-1
+gobgpd/3.10.0-1+b4
php5/5.3.3-7+squeeze19
openjdk-6-jre/6b35-1.13.7-1~deb7u1
__EOS__
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.12
Hi,
Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.
Regards,
Adam
--- End Message ---
