Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
hi,
we'd like to update debian-security-support to 2019.12.12~deb10u1 to bring
these changes to buster:
* security-support-limited: point to https://www.debian.org/releases/ \
buster/amd64/release-notes/ch-information.en.html#golang-static-linking
for golang* packages.
* Remove nodejs from security-support-limited as it is supported since the
Buster release. Closes: #931376.
* check-support-status.in: set DEB_NEXT_VER_ID=11.
* d/rules: update to NEXT_VERSION_ID=11.
Additionally 2019.12.12 has other changes related to stretch and jessie and
we'd like to (upload this release there too and) keep the version ordering sane.
The full debdiff is attached, the diffstat is:
$ diffstat debian-security-support_2019.12.12_deb10u1.diff
check-support-status.in | 2 -
debian/changelog | 47 +++++++++++++++++++++++++++++++++++++++++++
debian/control | 2 -
debian/rules | 2 -
security-support-ended.deb11 | 13 +++++++++++
security-support-ended.deb8 | 3 ++
security-support-ended.deb9 | 3 ++
security-support-limited | 1
8 files changed, 70 insertions(+), 3 deletions(-)
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
diff --git a/check-support-status.in b/check-support-status.in
index 8dc3689..a5437c4 100755
--- a/check-support-status.in
+++ b/check-support-status.in
@@ -13,7 +13,7 @@ VERSION='[% VERSION %]'
# Oldest Debian version included in debian-security-support
DEB_LOWEST_VER_ID=7
# Version ID for next Debian stable
-DEB_NEXT_VER_ID=10
+DEB_NEXT_VER_ID=11
if [ -z "$DEBIAN_VERSION" ] ; then
DEBIAN_VERSION="$(cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)"
diff --git a/debian/changelog b/debian/changelog
index 9e8e8a2..fd92d28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,50 @@
+debian-security-support (2019.12.12~deb10u1) buster; urgency=medium
+
+ * Re-uploaded for buster.
+
+ -- Holger Levsen <holger@debian.org> Thu, 12 Dec 2019 23:57:34 +0100
+
+debian-security-support (2019.12.12) unstable; urgency=medium
+
+ * security-support-limited: point to https://www.debian.org/releases/ \
+ buster/amd64/release-notes/ch-information.en.html#golang-static-linking
+ for golang* packages.
+
+ -- Holger Levsen <holger@debian.org> Thu, 12 Dec 2019 16:52:42 +0100
+
+debian-security-support (2019.11.16) unstable; urgency=medium
+
+ * Add chromium to security-support-ended.deb9.
+ * d/rules: update to NEXT_VERSION_ID=11.
+
+ -- Holger Levsen <holger@debian.org> Sat, 16 Nov 2019 11:00:08 +0100
+
+debian-security-support (2019.11.15) unstable; urgency=medium
+
+ * Team upload.
+ * Add libqb to security-support-ended.deb8.
+
+ -- Roberto C. Sanchez <roberto@debian.org> Fri, 15 Nov 2019 09:17:07 -0500
+
+debian-security-support (2019.11.01) unstable; urgency=medium
+
+ * Remove nodejs from security-support-limited as it is supported since the
+ Buster release. Closes: #931376.
+ * Add empty security-support-ended.deb11 file.
+ * check-support-status.in: set DEB_NEXT_VER_ID=11.
+
+ -- Holger Levsen <holger@debian.org> Fri, 01 Nov 2019 19:49:47 +0100
+
+debian-security-support (2019.10.31) unstable; urgency=medium
+
+ * Mark nodejs only suitable for trusted content. Closes: #931376.
+ * Add nasm-mozilla and nodejs-mozilla to security-support-ended.deb8
+ and security-support-ended.deb9 as they are only provided as build
+ dependency for Firefox/Thunderbird >= 68. Closes: #943365.
+ * Bump standards version to 4.4.1, no changes needed.
+
+ -- Holger Levsen <holger@debian.org> Thu, 31 Oct 2019 21:30:17 +0100
+
debian-security-support (2019.06.13) unstable; urgency=medium
[ Emilio Pozuelo Monfort ]
diff --git a/debian/control b/debian/control
index d73c143..bb284a3 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Build-Depends: debhelper-compat (= 11),
original-awk,
po-debconf,
xmlto,
-Standards-Version: 4.3.0
+Standards-Version: 4.4.1
Rules-Requires-Root: no
Vcs-Git: https://salsa.debian.org/debian/debian-security-support.git
Vcs-Browser: https://salsa.debian.org/debian/debian-security-support
diff --git a/debian/rules b/debian/rules
index c5873b2..9454eeb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,6 @@
#!/usr/bin/make -f
-NEXT_VERSION_ID=9
+NEXT_VERSION_ID=11
DEBIAN_VERSION ?= $(shell cat /etc/debian_version | grep '[0-9.]' | cut -d. -f1)
ifeq (,$(DEBIAN_VERSION))
diff --git a/security-support-ended.deb11 b/security-support-ended.deb11
new file mode 100644
index 0000000..cf24acb
--- /dev/null
+++ b/security-support-ended.deb11
@@ -0,0 +1,13 @@
+
+# List of packages whose security support ends before the distribution EOL
+
+# File format: Columns, separated by one or more space characters
+# 1. source package name
+# 2. last version with support
+# Important: If there have been binNMUs, enter the highest version
+# number used
+# 3. Date when support ended or will end, in the form YYYY-mm-dd
+# 4. Descriptive text or URL with more details (optional)
+# In the program's output, this is prefixed with "Details:"
+
+# none yet (please remove this line once this is not true anymore)
diff --git a/security-support-ended.deb8 b/security-support-ended.deb8
index 21c212d..f1f292f 100644
--- a/security-support-ended.deb8
+++ b/security-support-ended.deb8
@@ -29,3 +29,6 @@ spice-xpi 2.8.90-4 2019-03-03 Broken with newer v
edk2 0~20131112.2590861a-3 2019-03-29 Non-free and not used by any sponsor
robocode 1.6.2+dfsg2-1 2019-03-31 Games are not supported
mysql-5.5 5.5.62-0+deb8u1 2019-06-30 MySQL 5.5 EOL upstream, unfeasible to keep supported due to no patch details
+nasm-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68
+nodejs-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68
+libqb 0.11.1-2 2019-11-15 Leaf package, no upstream support for this version
diff --git a/security-support-ended.deb9 b/security-support-ended.deb9
index e855ae5..132a8eb 100644
--- a/security-support-ended.deb9
+++ b/security-support-ended.deb9
@@ -12,3 +12,6 @@
tomcat6 6.0.45+dfsg-1 2016-12-31 https://lists.debian.org/debian-java/2016/01/msg00069.html
jasperreports 4.1.3+dfsg-3 2017-12-09 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880467#10
+nasm-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68
+nodejs-mozilla 0 2019-01-01 Only provided as build dependency for Firefox/Thunderbird >= 68
+chromium 73.0.3683.75-1~deb9u1 2019-11-10 https://lists.debian.org/debian-security-announce/2019/msg00214.html
diff --git a/security-support-limited b/security-support-limited
index f4f19f3..e0f70a8 100644
--- a/security-support-limited
+++ b/security-support-limited
@@ -11,6 +11,7 @@ binutils Not covered by security support
ganglia See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
glpi Only supported behind an authenticated HTTP zone for trusted users
+golang* See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
kde4libs khtml has no security support upstream, only for use on trusted content
libv8-3.14 Not covered by security support, only suitable for trusted content
ltp Pure Testsuite, only supported on non-production non-multiuser systems
Attachment:
signature.asc
Description: PGP signature