Bug#1105054: bookworm-pu: package debian-security-support/1:12+2025.05.10

[Holger Levsen]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-security-supp...@packages.debian.org
Control: affects -1 + src:debian-security-support

[ Reasons ]

 * Mark libnet-easytcp-perl as unuspported for bookworm, see #1093386
 * Add php-horde ecosystem to security-support-ended.12
 * Add ckeditor3 to security-support-ended.12
 * Add gobgp to security-support-limited
 * Add musescore(2|3) to security-support-limited
 * Drop python2.7 and python-stdlib-extensions from security-support-limited,
   as they were not part of bookworm.

[ Impact ]
 * some users will not be notified about these changes.

[ Tests ]
 * Salsa pipeline for some things, manual review of the diff.

[ Risks ]
 * trivial data updates.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issues are verified as fixed in unstable

[ Changes ]

$ debdiff debian-security-support_12+2024.12.22.dsc 
debian-security-support_12+2025.05.10.dsc | diffstat
 debian/changelog             |   18 ++++++++++++++++++
 debian/salsa-ci.yml          |    5 +++++
 security-support-ended.deb12 |    3 +++
 security-support-limited     |    7 ++++---
 4 files changed, 30 insertions(+), 3 deletions(-)

The full debdiff is attached and I've uploaded to bookworm already.

Thanks for your work on stable point releases!


-- 
cheers,
        Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Hope isn't a plan, but it's a hell of a drug.

diff -Nru debian-security-support-12+2024.12.22/debian/changelog debian-security-support-12+2025.05.10/debian/changelog
--- debian-security-support-12+2024.12.22/debian/changelog	2024-12-22 20:33:58.000000000 +0100
+++ debian-security-support-12+2025.05.10/debian/changelog	2025-05-10 15:05:50.000000000 +0200
@@ -1,3 +1,21 @@
+debian-security-support (1:12+2025.05.10) bookworm; urgency=medium
+
+  [ Salvatore Bonaccorso ]
+  * Mark libnet-easytcp-perl as unuspported for bookworm, see #1093386.
+
+  [ Sylvain Beucler ]
+  * Add php-horde ecosystem to security-support-ended.12.
+  * Add ckeditor3 to security-support-ended.12.
+
+  [ Holger Levsen ]
+  * Add gobgp to security-support-limited, thanks to Bastien Roucariès.
+  * Add musescore(2|3) to security-support-limited, thanks to Sylvain Beucler.
+  * Drop python2.7 and python-stdlib-extensions from security-support-limited,
+    as they were not part of bookworm. Thanks to Chris Hofstaedtler.
+  * Add debian/salsa-ci.yml to configure+use that pipeline.
+
+ -- Holger Levsen <hol...@debian.org>  Sat, 10 May 2025 15:05:50 +0200
+
 debian-security-support (1:12+2024.12.22) bookworm; urgency=medium
 
   [ Salvatore Bonaccorso ]
diff -Nru debian-security-support-12+2024.12.22/debian/salsa-ci.yml debian-security-support-12+2025.05.10/debian/salsa-ci.yml
--- debian-security-support-12+2024.12.22/debian/salsa-ci.yml	1970-01-01 01:00:00.000000000 +0100
+++ debian-security-support-12+2025.05.10/debian/salsa-ci.yml	2025-05-10 14:46:48.000000000 +0200
@@ -0,0 +1,5 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
+variables:
+  SALSA_CI_DISABLE_AUTOPKGTEST: 1
diff -Nru debian-security-support-12+2024.12.22/security-support-ended.deb12 debian-security-support-12+2025.05.10/security-support-ended.deb12
--- debian-security-support-12+2024.12.22/security-support-ended.deb12	2024-12-22 20:32:15.000000000 +0100
+++ debian-security-support-12+2025.05.10/security-support-ended.deb12	2025-05-10 14:43:50.000000000 +0200
@@ -12,3 +12,6 @@
 
 wpewebkit	2.38.6-1		2023-05-09	https://bugs.debian.org/1035794
 intel-mediasdk	22.5.4-1		2024-11-21  	abandoned upstream, upstream does not publish enough information to fix issues.
+libnet-easytcp-perl	0.26-6		2025-01-18	https://bugs.debian.org/1093386; unmaintained upstream
+php-horde.*	0			2025-03-22	https://lists.debian.org/debian-lts/2025/03/msg00012.html; incompatible with PHP8
+ckeditor3	3.6.6.1+dfsg-7		2025-04-04	Only present as a build dependency for virtuoso-opensource, no updates will be issued
diff -Nru debian-security-support-12+2024.12.22/security-support-limited debian-security-support-12+2025.05.10/security-support-limited
--- debian-security-support-12+2024.12.22/security-support-limited	2024-12-22 20:29:51.000000000 +0100
+++ debian-security-support-12+2025.05.10/security-support-limited	2025-05-10 14:54:22.000000000 +0200
@@ -12,16 +12,17 @@
 ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
 ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
 golang.*        See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
+gobgpd          See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
 gnupg1          See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
-jython          Includes python2.7 stdlib, support limited until Py3 port, see python2.7 below and https://lists.debian.org/debian-lts/2024/08/msg00027.html
+jython          Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
 kde4libs        khtml has no security support upstream, only for use on trusted content
 khtml           khtml has no security support upstream, only for use on trusted content, see #1004293
 libspring-java  See README.Debian.security included in the package
 mozjs102        Not covered by security support, only suitable for trusted content, see package description
 mozjs78         Not covered by security support, only suitable for trusted content, see #959804
+musescore2      Only supported with trusted files, see README.Debian shipped in package and #1070860
+musescore3      Only supported with trusted files, see README.Debian shipped in package and #1070860
 ocsinventory-server Only supported behind an authenticated HTTP zone
-python2.7       Only included for building packages, not running them, #975058
-python-stdlib-extensions Only included for building packages, not running them, #975058
 qtwebengine-opensource-src No security support upstream and backports not feasible, only for use on trusted content
 qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content

signature.asc
Description: PGP signature