[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1108127: marked as done (bookworm-pu: package debian-security-support/12+2025.06.20)

Your message dated Sat, 06 Sep 2025 12:14:50 +0100
with message-id <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 12.12
has caused the Debian Bug report #1108127,
regarding bookworm-pu: package debian-security-support/12+2025.06.20
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1108127: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108127
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-security-support@packages.debian.org
Control: affects -1 + src:debian-security-support

Dear release team,

I'd like to propose a bookworm update for debian-security-support.

[ Reason ]
The are two changes: fixing #1106203, and a typo in a package name.
#1106203 makes that the purpose of check-security-support (the main
debian-security-support script) is null for packages that have been
NMU'ed or that have a different version between the source and binary
packages.  See some examples at
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/44#note_615156

[ Impact ]
The user will continue to no be warned that the concerned installed
packages don't benefit from a full security support from debian.

[ Tests ]
A test has been added to the package, that is run during build time.
I've tested the test on my own bookworm machine, and now I get results
like:

    * Source:golang-github-containers-buildah
      Details: See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
      Affected binary package:
      - buildah (installed version: 1.28.2+ds1-3+deb12u1+b1)

[ Risks ]
The code is trivial, and the tests have good coverage.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The main change is:

diff -Nru debian-security-support-12+2025.05.10/check-support-status.in debian-security-support-12+2025.06.20/check-support-status.in
--- debian-security-support-12+2025.05.10/check-support-status.in       2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/check-support-status.in       2025-06-20 17:54:47.000000000 -0300
@@ -169,7 +169,7 @@
 # Get list of installed packages
 INSTALLED_LIST="$TEMPDIR/installed"

-LC_ALL=C [% DPKG_QUERY %] --show --showformat '${Status}\t${binary:Package}\t${Version}\t${Source}\n' |
+LC_ALL=C [% DPKG_QUERY %] --show --showformat '${Status}\t${binary:Package}\t${Version}\t${source:Package}\n' |
 [% AWK %] '($1=="install"){print}' |
 [% AWK %] -F'\t' '{if($4==""){print $2"\t"$3"\t"$2}else{print $2"\t"$3"\t"$4}}' >"$INSTALLED_LIST"

When the version of a binary package differs from the source package,
the old dpkg-query returns something like:

install ok installed    buildah 1.28.2+ds1-3+deb12u1+b1 golang-github-containers-buildah (1.28.2+ds1-3+deb12u1)
                                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
and the new one:

install ok installed    buildah 1.28.2+ds1-3+deb12u1+b1 golang-github-containers-buildah
                                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The remaining code compares the name of the source package with the
underlined (^) string, with grep -x, so the name didn't match.

Changes in t/check-support-status.t include a test for the above.

And there is a typo fix in security-support-limited s/gobgpd/gobgp/
since check-security-support checks for the name of the source package,
not the binary. I've verified that this works.

[ Other info ]
N/A

Thanks!

 -- Santiago

diff -Nru debian-security-support-12+2025.05.10/check-support-status.in debian-security-support-12+2025.06.20/check-support-status.in
--- debian-security-support-12+2025.05.10/check-support-status.in	2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/check-support-status.in	2025-06-20 17:54:47.000000000 -0300
@@ -169,7 +169,7 @@
 # Get list of installed packages
 INSTALLED_LIST="$TEMPDIR/installed"
 
-LC_ALL=C [% DPKG_QUERY %] --show --showformat '${Status}\t${binary:Package}\t${Version}\t${Source}\n' |
+LC_ALL=C [% DPKG_QUERY %] --show --showformat '${Status}\t${binary:Package}\t${Version}\t${source:Package}\n' |
 [% AWK %] '($1=="install"){print}' |
 [% AWK %] -F'\t' '{if($4==""){print $2"\t"$3"\t"$2}else{print $2"\t"$3"\t"$4}}' >"$INSTALLED_LIST"
 
diff -Nru debian-security-support-12+2025.05.10/debian/changelog debian-security-support-12+2025.06.20/debian/changelog
--- debian-security-support-12+2025.05.10/debian/changelog	2025-05-10 10:05:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/debian/changelog	2025-06-20 17:58:38.000000000 -0300
@@ -1,3 +1,11 @@
+debian-security-support (1:12+2025.06.20) bookworm; urgency=medium
+
+  * Query source:Package instead of Source to get the list of packages
+    (Closes: #1106203)
+  * Fix typo related to gobgp
+
+ -- Santiago Ruano Rincón <santiagorr@riseup.net>  Fri, 20 Jun 2025 17:58:38 -0300
+
 debian-security-support (1:12+2025.05.10) bookworm; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru debian-security-support-12+2025.05.10/security-support-limited debian-security-support-12+2025.06.20/security-support-limited
--- debian-security-support-12+2025.05.10/security-support-limited	2025-05-10 09:54:22.000000000 -0300
+++ debian-security-support-12+2025.06.20/security-support-limited	2025-06-20 17:54:47.000000000 -0300
@@ -12,7 +12,7 @@
 ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
 ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 golang.*        See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
-gobgpd          See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
+gobgp           See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
 gnupg1          See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
 jython          Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
 kde4libs        khtml has no security support upstream, only for use on trusted content
diff -Nru debian-security-support-12+2025.05.10/t/check-support-status.t debian-security-support-12+2025.06.20/t/check-support-status.t
--- debian-security-support-12+2025.05.10/t/check-support-status.t	2025-05-10 09:43:50.000000000 -0300
+++ debian-security-support-12+2025.06.20/t/check-support-status.t	2025-06-20 17:54:47.000000000 -0300
@@ -213,6 +213,7 @@
 __EOS__
     write_file ($list_limited, <<__EOS__);
 php5    See README.Debian.security for the PHP security policy
+gobgp   binNMU'ed package from a statically linked ecosystem
 __EOS__
     mock_query_list (
         $query_list,
@@ -225,6 +226,7 @@
             [ 'ioi', 'supported-package', '1.0-1' ],
             [ 'ioi', 'supported-package-bin2', '1.0-1', 'supported-package' ],
             [ 'ioi', 'libjs-marked', '0.3.2+dfsg-1', 'node-marked' ],
+            [ 'ioi', 'gobgpd', '3.10.0-1+b4', 'gobgp' ],
         ],
     );
 
@@ -253,6 +255,11 @@
   - libjs-marked (installed version: 0.3.2+dfsg-1)
 
 
+* Source:gobgp
+  Details: binNMU'ed package from a statically linked ecosystem
+  Affected binary package:
+  - gobgpd (installed version: 3.10.0-1+b4)
+
 * Source:php5
   Details: See README.Debian.security for the PHP security policy
   Affected binary package:
@@ -277,6 +284,7 @@
 debconf/1.5.36.1
 debconf-i18n/1.5.36.1
 libjs-marked/0.3.2+dfsg-1
+gobgpd/3.10.0-1+b4
 php5/5.3.3-7+squeeze19
 openjdk-6-jre/6b35-1.13.7-1~deb7u1
 __EOS__

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 12.12

Hi,

Each of the updates referenced by these requests was included in
today's 12.12 point release for bookworm.

Regards,

Adam

--- End Message ---
Reply to: