Bug#1101215:

[Antonio Russo]

On 2025-04-16 13:19, Patrick Franz wrote:

Hi Antonio,

are you affected by this ? Is it causing issues ?


I get this every time I alt-tab in kwin (wayland) using
the compact switcher visualization (and allowing the
on-screen list of windows to show up).

I am unaware of any other symptom besides the log
message.

Antonio

Bug#1102992: Removed package(s) from unstable

[Debian FTP Masters]

We believe that the bug you reported is now fixed; the following
package(s) have been removed from unstable:

qt5-gtk2-platformtheme | 5.0.0+git23.g335dbec-6+b4 | amd64, arm64, armel, 
armhf, i386, mips64el, ppc64el, riscv64, s390x
qt5-style-plugin-cleanlooks | 5.0.0+git23.g335dbec-6+b4 | amd64, arm64, armel, 
armhf, i386, mips64el, ppc64el, riscv64, s390x
qt5-style-plugin-motif | 5.0.0+git23.g335dbec-6+b4 | amd64, arm64, armel, 
armhf, i386, mips64el, ppc64el, riscv64, s390x
qt5-style-plugin-plastique | 5.0.0+git23.g335dbec-6+b4 | amd64, arm64, armel, 
armhf, i386, mips64el, ppc64el, riscv64, s390x
qt5-style-plugins | 5.0.0+git23.g335dbec-6+b4 | amd64, arm64, armel, armhf, 
i386, mips64el, ppc64el, riscv64, s390x
qtstyleplugins-src | 5.0.0+git23.g335dbec-6 | source

--- Reason ---
ROM; dead upstream
--

Note that the package(s) have simply been removed from the tag
database and may (or may not) still be in the pool; this is not a bug.
The package(s) will be physically removed automatically when no suite
references them (and in the case of source, when no binary references
it).  Please also remember that the changes have been done on the
master archive and will not propagate to any mirrors until the next
dinstall run at the earliest.

Packages are usually not removed from testing by hand. Testing tracks
unstable and will automatically remove packages which were removed
from unstable when removing them from testing causes no dependency
problems. The release team can force a removal from testing if it is
really needed, please contact them if this should be the case.

We try to close bugs which have been reported against this package
automatically. But please check all old bugs, if they were closed
correctly or should have been re-assigned to another package.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1102...@bugs.debian.org.

The full log for this bug can be viewed at https://bugs.debian.org/1102992

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)

Bug#1102992: Removed package(s) from unstable

[Debian FTP Masters]

Version: 5.0.0+git23.g335dbec-6+rm

Dear submitter,

as the package qtstyleplugins-src has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1102992

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)

Bug#1059164: angelfish: Stop depending on QQuickWebEngineDownloadItem private header

[Diederik de Haas]

Hi,

On Wed Dec 20, 2023 at 8:16 PM CET, Soren Stoutner wrote:
> Control: forwarded -1 https://bugs.kde.org/show_bug.cgi?id=478783[1]

You're in a much better position to judge, but it seems it is fixed?

With https://invent.kde.org/network/angelfish/-/merge_requests/234 came
https://invent.kde.org/network/angelfish/-/commit/0422c1e654e68c69f997d6fcdfdd9138926b2665
0422c1e654e6 ("Remove private API usage for QQuickWebEngineDownloadItem")

which was first part of tag v24.07.80 and/thus also tag v24.12.0 which
I guess translates to Debian version 24.12.1-1 ?

On Mon Aug 26, 2024 at 10:12 PM CEST, Soren Stoutner wrote:
> The needed changes in Qt WebEngine have been merged for the 6.8.0 release.

I guess that means it also needs a versioned Build-Depends?

Cheers,
  Diederik


signature.asc
Description: PGP signature

Processed: Bug#1103258 marked as pending in dolphin

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1103258 [dolphin] dolphin: Dolphin does not restore open tabs
Added tag(s) pending.

-- 
1103258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

dolphin_25.03.90-3_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Apr 2025 18:04:38 +0200
Source: dolphin
Architecture: source
Version: 4:25.03.90-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Patrick Franz 
Closes: 1103258
Changes:
 dolphin (4:25.03.90-3) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Team upload.
   * Backport patch to fix the session restore (Closes: #1103258).
Checksums-Sha1:
 39ea593af1a06300bb38208be565c984aa7c4ad3 3673 dolphin_25.03.90-3.dsc
 2209bea757edfce8be06bfa0abb4f06652191125 77892 dolphin_25.03.90-3.debian.tar.xz
 51ab38227b939ca20d1740d9d20546410c554ff5 13006 
dolphin_25.03.90-3_source.buildinfo
Checksums-Sha256:
 5345423e0b5096075e3d98d20355839989211846d3a268617679adef91ea24a9 3673 
dolphin_25.03.90-3.dsc
 c37149bc069c9b4883e8e60822fe5547c5a8350b85a79800babaf1006b817cea 77892 
dolphin_25.03.90-3.debian.tar.xz
 c3046722a820d2658f4b6d98946400f4e8d8c5c477ce892eb17f72632dc1c131 13006 
dolphin_25.03.90-3_source.buildinfo
Files:
 80693490554bc9d884f18d5a21984e05 3673 kde optional dolphin_25.03.90-3.dsc
 b1eb94456d457d48a3639adf33e6e8c0 77892 kde optional 
dolphin_25.03.90-3.debian.tar.xz
 54262235c3091cec608c9f389bfbe707 13006 kde optional 
dolphin_25.03.90-3_source.buildinfo

-BEGIN PGP SIGNATURE-

wsG7BAEBCgBvBYJn/9YVCRCen3pgMHf+VkcUAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcdKCRyTiu8DdS8VXl4d+/qmU+pkrqKsP/hcsdV/8lv
bBYhBGKHQVw0evHMWR7typ6femAwd/5WAAB7lxAAjFfHewtHLF5jLZkTedwQETpn
lcg7lgnuS8dj9Eg1Ax5Egw9GHu4F97kH2dr1YEOzeLJokIeSjtmgTGSSgbS8X/le
xa1mGlf1tCGcYBKXcKiy2dNWBzUNVTuTyUkHMhlzZscmkelf3PKtB/YeH1yqOQhr
gpZ1Jl6T1Lf32nwaYJNADmMUKCECnxmQ5ToVaO+GQ3Lddc2ntSlKJKdlsENaJ81T
0/ORW3P/zB3QFQHF3FPyuruBgCafOTHpkUBkSLPyoU6m6lFSE7H7yMaxj1D8tV6c
evtR2OkX5CWr7QHbYvN63inNva/TP+I8ExGS2zFXeebUdi3StK7JySvRygJvPDHD
tQFTuQF4ctr2E7PTmWQghAa8oDlQ8dYwdIrHb/urSZ3dbSgU6CwFiFGwMgfkTEaE
6ZHA+BEdN2V7lS/KHeFcGUqn4CwDqYn01wm+94ONl+idKsPAefFkWW/cds5W/pD+
bRK/eTdNDSD7cYqvlYtdA225IKoQCo10LY2kN2obxhY0V/V4DVoCb8Etl/0htSj8
LTW7o75wZ8rDAEFkSSjXHd6SwO5KC45ke0cUvOF0iECJFFL8q4GsVBOQOSbULQP3
GOUCwBQK+SvnvuicBOpeF9IG2ayCO64yyKFXNYcroFyAODt+V2r1uiJxJdrrVUiZ
2lq+A1qC744nYH0rOl4=
=4ixM
-END PGP SIGNATURE-



pgpmFB0TsCrXH.pgp
Description: PGP signature

Bug#1103258: marked as done (dolphin: Dolphin does not restore open tabs)

[Debian Bug Tracking System]

Your message dated Wed, 16 Apr 2025 16:19:27 +
with message-id 
and subject line Bug#1103258: fixed in dolphin 4:25.03.90-3
has caused the Debian Bug report #1103258,
regarding dolphin: Dolphin does not restore open tabs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1103258: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103258
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dolphin
Version: 4:25.03.90-2
Severity: important
Tags: upstream
X-Debbugs-Cc: delta...@debian.org

Dear Maintainer,

Dolphin does not restore open tabs/locations from the last session.

The bug was introduced with the update of the KDE Frameworks 6.13 by
virtue of the following commit:
https://invent.kde.org/frameworks/kxmlgui/-/commit/8c9fb02a1d37672b26a03a9dd9e8675743deb269

The bug is tracked upstream at https://bugs.kde.org/show_bug.cgi?id=502770.


-- 
Med vänliga hälsningar

Patrick Franz
--- End Message ---
--- Begin Message ---
Source: dolphin
Source-Version: 4:25.03.90-3
Done: Patrick Franz 

We believe that the bug you reported is fixed in the latest version of
dolphin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Franz  (supplier of updated dolphin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Apr 2025 18:04:38 +0200
Source: dolphin
Architecture: source
Version: 4:25.03.90-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Patrick Franz 
Closes: 1103258
Changes:
 dolphin (4:25.03.90-3) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Team upload.
   * Backport patch to fix the session restore (Closes: #1103258).
Checksums-Sha1:
 39ea593af1a06300bb38208be565c984aa7c4ad3 3673 dolphin_25.03.90-3.dsc
 2209bea757edfce8be06bfa0abb4f06652191125 77892 dolphin_25.03.90-3.debian.tar.xz
 51ab38227b939ca20d1740d9d20546410c554ff5 13006 
dolphin_25.03.90-3_source.buildinfo
Checksums-Sha256:
 5345423e0b5096075e3d98d20355839989211846d3a268617679adef91ea24a9 3673 
dolphin_25.03.90-3.dsc
 c37149bc069c9b4883e8e60822fe5547c5a8350b85a79800babaf1006b817cea 77892 
dolphin_25.03.90-3.debian.tar.xz
 c3046722a820d2658f4b6d98946400f4e8d8c5c477ce892eb17f72632dc1c131 13006 
dolphin_25.03.90-3_source.buildinfo
Files:
 80693490554bc9d884f18d5a21984e05 3673 kde optional dolphin_25.03.90-3.dsc
 b1eb94456d457d48a3639adf33e6e8c0 77892 kde optional 
dolphin_25.03.90-3.debian.tar.xz
 54262235c3091cec608c9f389bfbe707 13006 kde optional 
dolphin_25.03.90-3_source.buildinfo

-BEGIN PGP SIGNATURE-

wsG7BAEBCgBvBYJn/9YVCRCen3pgMHf+VkcUAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcdKCRyTiu8DdS8VXl4d+/qmU+pkrqKsP/hcsdV/8lv
bBYhBGKHQVw0evHMWR7typ6femAwd/5WAAB7lxAAjFfHewtHLF5jLZkTedwQETpn
lcg7lgnuS8dj9Eg1Ax5Egw9GHu4F97kH2dr1YEOzeLJokIeSjtmgTGSSgbS8X/le
xa1mGlf1tCGcYBKXcKiy2dNWBzUNVTuTyUkHMhlzZscmkelf3PKtB/YeH1yqOQhr
gpZ1Jl6T1Lf32nwaYJNADmMUKCECnxmQ5ToVaO+GQ3Lddc2ntSlKJKdlsENaJ81T
0/ORW3P/zB3QFQHF3FPyuruBgCafOTHpkUBkSLPyoU6m6lFSE7H7yMaxj1D8tV6c
evtR2OkX5CWr7QHbYvN63inNva/TP+I8ExGS2zFXeebUdi3StK7JySvRygJvPDHD
tQFTuQF4ctr2E7PTmWQghAa8oDlQ8dYwdIrHb/urSZ3dbSgU6CwFiFGwMgfkTEaE
6ZHA+BEdN2V7lS/KHeFcGUqn4CwDqYn01wm+94ONl+idKsPAefFkWW/cds5W/pD+
bRK/eTdNDSD7cYqvlYtdA225IKoQCo10LY2kN2obxhY0V/V4DVoCb8Etl/0htSj8
LTW7o75wZ8rDAEFkSSjXHd6SwO5KC45ke0cUvOF0iECJFFL8q4GsVBOQOSbULQP3
GOUCwBQK+SvnvuicBOpeF9IG2ayCO64yyKFXNYcroFyAODt+V2r1uiJxJdrrVUiZ
2lq+A1qC744nYH0rOl4=
=4ixM
-END PGP SIGNATURE-



pgptgTrNsnpoy.pgp
Description: PGP signature
--- End Message ---

Processing of dolphin_25.03.90-3_source.changes

[Debian FTP Masters]

dolphin_25.03.90-3_source.changes uploaded successfully to localhost
along with the files:
  dolphin_25.03.90-3.dsc
  dolphin_25.03.90-3.debian.tar.xz
  dolphin_25.03.90-3_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

qt6-base_6.8.2+dfsg-6_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Apr 2025 21:33:04 +0200
Source: qt6-base
Architecture: source
Version: 6.8.2+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Patrick Franz 
Closes: 1095836 1103022
Changes:
 qt6-base (6.8.2+dfsg-6) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Backport patch to fix issue when configuring Plasma to have multiple
 Notification widgets, fixes QTBUG-134210.
   * Backport patch to fix CVE-2025-3512 (Closes: #1103022).
   * Let qt6-gtk-platformtheme depend on gnome-themes-extra-data to fix
 issue with dark themes (Closes: #1095836).
 .
   [ Pino Toscano ]
   * Bump Standards-Version to 4.7.2, no changes required.
Checksums-Sha1:
 00462bab9b198f3a8a7242f3ea3c95011fb615fd 5470 qt6-base_6.8.2+dfsg-6.dsc
 25e6f2e6c423245fe3b3e8c4a22d7826f3fd6664 193660 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 0c064a228ab929bb1ad6acc46015b2927cbe10d5 10562 
qt6-base_6.8.2+dfsg-6_source.buildinfo
Checksums-Sha256:
 3b2778d030ce9567bf8ec9c940d0258f398f24629a51da3c73c4ba080e8bd080 5470 
qt6-base_6.8.2+dfsg-6.dsc
 3444a1f018938896c1ac7f576ad4e83c6e8fe6259b029d698b228767a1d32fd1 193660 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 55d02e6a5a35b2d62c81791bf9eb8189e15e67b61896c626bfbddcc8787eac4c 10562 
qt6-base_6.8.2+dfsg-6_source.buildinfo
Files:
 640188e7115b888cf51771bcd284bdbd 5470 libs optional qt6-base_6.8.2+dfsg-6.dsc
 414c6aefe34b9badc073efdc55836a18 193660 libs optional 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 12e1a4f93678ee766cc2d0beb1366e6e 10562 libs optional 
qt6-base_6.8.2+dfsg-6_source.buildinfo

-BEGIN PGP SIGNATURE-

wsG7BAEBCgBvBYJoAAYCCRCen3pgMHf+VkcUAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeafkMLBCbQc59PWPuhGply23+DOkWGLxbwnFX+GKFj
lxYhBGKHQVw0evHMWR7typ6femAwd/5WAADjLxAAiMYcZx5S/jvoAnBlarlHtJ72
AmWL+yTSdbkY1Go3P/S9IHZvjMcWi/LZVzhkv0BRt54x5xBLUBg2TQbSrHSs66zi
XF7VdtkeZ91iNhG/W2aIJxFb7F0t0pcc8lmUVokizHtgmGgRKAY0c6kys+OGpHtV
JnAQWeD7onR3f6X733alsKQrVYcdVqBIc7n3oXqMITlJb+iAvPzgHu/CV1jz1pQ7
MAoNToMZptLgFbkLRLi32aT+o3YdJ6H8INKDdgwQ3Zm8NKzyb+3ZRvgxpPX7ZHJr
7SrLWHOfPtKrtjOc2ab3OfiVb7dSTnn77h2uwsa+ljfwWPCol/f1f1+7NuWIYJ60
8c1Y8Lh+ch0+HhmRQLvdUWG5gBx29CF82pcJp5sOvY8rzTY9vT05hFCCrp65aY7U
Iuqjsrjv2nGNGrd9KAWthZao4H7xnOmUtJKq9MB3zZYyVLdgLMmlmBQSQ+YMJoIz
kNn2BaiGFXW3Dyx4bubXlmNcmKMC8Ozykh7eQ+yBkrOPu2PWuIjgM6piujYyghol
pz8+LV4vFFCIcWuEZyFL7Xm7wjh8HnU7jF0qxwUiPQEwpQVEokTcIx03vU7FwgT8
BTjLUM3aJhVkM3Zyg67DglSd0ThhXGFQJTpUmL06GmHwW52WmerV7jZJFe+hx2XQ
L/5y8Bxcre9zqzdwDTA=
=leVd
-END PGP SIGNATURE-



pgpsTMeqrteN_.pgp
Description: PGP signature

Bug#1103022: marked as done (qt6-base: CVE-2025-3512)

[Debian Bug Tracking System]

Your message dated Wed, 16 Apr 2025 19:52:02 +
with message-id 
and subject line Bug#1103022: fixed in qt6-base 6.8.2+dfsg-6
has caused the Debian Bug report #1103022,
regarding qt6-base: CVE-2025-3512
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1103022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103022
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-base
Version: 6.8.2+dfsg-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 

Hi,

The following vulnerability was published for qt6-base.

CVE-2025-3512[0]:
| There is a Heap-based Buffer Overflow vulnerability in
| QTextMarkdownImporter. This requires an incorrectly formatted
| markdown file to be passed to QTextMarkdownImporter to trigger the
| overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to
| 6.6.0 are known to be unaffected, and the fix is in 6.8.4 and later.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-3512
https://www.cve.org/CVERecord?id=CVE-2025-3512
[1] https://codereview.qt-project.org/c/qt/qtbase/+/635546

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: qt6-base
Source-Version: 6.8.2+dfsg-6
Done: Patrick Franz 

We believe that the bug you reported is fixed in the latest version of
qt6-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Franz  (supplier of updated qt6-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 16 Apr 2025 21:33:04 +0200
Source: qt6-base
Architecture: source
Version: 6.8.2+dfsg-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers 
Changed-By: Patrick Franz 
Closes: 1095836 1103022
Changes:
 qt6-base (6.8.2+dfsg-6) unstable; urgency=medium
 .
   [ Patrick Franz ]
   * Backport patch to fix issue when configuring Plasma to have multiple
 Notification widgets, fixes QTBUG-134210.
   * Backport patch to fix CVE-2025-3512 (Closes: #1103022).
   * Let qt6-gtk-platformtheme depend on gnome-themes-extra-data to fix
 issue with dark themes (Closes: #1095836).
 .
   [ Pino Toscano ]
   * Bump Standards-Version to 4.7.2, no changes required.
Checksums-Sha1:
 00462bab9b198f3a8a7242f3ea3c95011fb615fd 5470 qt6-base_6.8.2+dfsg-6.dsc
 25e6f2e6c423245fe3b3e8c4a22d7826f3fd6664 193660 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 0c064a228ab929bb1ad6acc46015b2927cbe10d5 10562 
qt6-base_6.8.2+dfsg-6_source.buildinfo
Checksums-Sha256:
 3b2778d030ce9567bf8ec9c940d0258f398f24629a51da3c73c4ba080e8bd080 5470 
qt6-base_6.8.2+dfsg-6.dsc
 3444a1f018938896c1ac7f576ad4e83c6e8fe6259b029d698b228767a1d32fd1 193660 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 55d02e6a5a35b2d62c81791bf9eb8189e15e67b61896c626bfbddcc8787eac4c 10562 
qt6-base_6.8.2+dfsg-6_source.buildinfo
Files:
 640188e7115b888cf51771bcd284bdbd 5470 libs optional qt6-base_6.8.2+dfsg-6.dsc
 414c6aefe34b9badc073efdc55836a18 193660 libs optional 
qt6-base_6.8.2+dfsg-6.debian.tar.xz
 12e1a4f93678ee766cc2d0beb1366e6e 10562 libs optional 
qt6-base_6.8.2+dfsg-6_source.buildinfo

-BEGIN PGP SIGNATURE-

wsG7BAEBCgBvBYJoAAYCCRCen3pgMHf+VkcUAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmeafkMLBCbQc59PWPuhGply23+DOkWGLxbwnFX+GKFj
lxYhBGKHQVw0evHMWR7typ6femAwd/5WAADjLxAAiMYcZx5S/jvoAnBlarlHtJ72
AmWL+yTSdbkY1Go3P/S9IHZvjMcWi/LZVzhkv0BRt54x5xBLUBg2TQbSrHSs66zi
XF7VdtkeZ91iNhG/W2aIJxFb7F0t0pcc8lmUVokizHtgmGgRKAY0c6kys+OGpHtV
JnAQWeD7onR3f6X733alsKQrVYcdVqBIc7n3oXqMITlJb+iAvPzgHu/CV1jz1pQ7
MAoNToMZptLgFbkLRLi32aT+o3YdJ6H8INKDdgwQ3Zm8NKzyb+3ZRvgxpPX7ZHJr
7SrLWHOfPtKrtjOc2ab3OfiVb7dSTnn77h2uwsa+ljfwWPCol/f1f1+7NuWIYJ60
8c1Y8Lh+ch0+HhmRQLvdUWG5gBx29CF82pcJp5sOvY8rzTY9vT05hFCCrp65aY7U
Iuqjsrjv2nGNGrd9KAWthZao4H7xnOmUtJKq9MB3zZYyVLdgLMmlmBQSQ+YMJoIz
kNn2BaiGFXW3Dyx4bubXlmNcmKMC8Ozykh7eQ+yBkrOPu2PWuIjgM6piujYyghol
pz8+LV4vFFCIcWuEZyFL7Xm7wjh8HnU7jF0qxwUiPQEwpQVEokTcIx03vU7FwgT8
BTjLUM3aJhVkM3Zyg67DglSd0Thh

Processed: Re: Bug#1059164: angelfish: Stop depending on QQuickWebEngineDownloadItem private header

[Debian Bug Tracking System]

Processing control commands:

> fixed -1 24.12.1-1
Bug #1059164 [angelfish] angelfish: Stop depending on 
QQuickWebEngineDownloadItem private header
There is no source info for the package 'angelfish' at version '24.12.1-1' with 
architecture ''
Unable to make a source version for version '24.12.1-1'
Marked as fixed in versions 24.12.1-1.

-- 
1059164: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059164
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1101171: Bookworm backport

[Patrick ZAJDA]

Hi,

Is there any probability to have this patch backported to the QT6 
version provided in Bookworm?


As a reminder, I tested it without issue and this bug causes a crash 
when using accessibility tool I.E. assistive technology like Orca.


Fortunately this is now fixed in QT5, thanks! but it still occurs in QT6 
and patch is now provided, from an official source.


Best regards,

--
Patrick ZAJDA


OpenPGP_0x9D4AD35BEA273DCA.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Bug#967720: marked as done (qtstyleplugins-src: depends on deprecated GTK 2)

[Debian Bug Tracking System]

Your message dated Wed, 16 Apr 2025 11:23:50 +
with message-id 
and subject line Bug#1102992: Removed package(s) from unstable
has caused the Debian Bug report #967720,
regarding qtstyleplugins-src: depends on deprecated GTK 2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
967720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967720
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qtstyleplugins-src
Severity: normal
User: pkg-gnome-maintain...@lists.alioth.debian.org
Usertags: gtk2 oldlibs
Control: block 947713 by -1

This package has Build-Depends on GTK 2 (libgtk2.0-dev), or produces
binary packages with a Depends on GTK 2.

GTK 2 was superseded by GTK 3 in 2011 (see
). It no longer receives any significant
upstream maintenance, and in particular does not get feature development
for new features like UI scaling on high-pixel-density displays (HiDPI)
and native Wayland support. GTK 3 is in maintenance mode and GTK 4 is
approaching release, so it seems like a good time to be thinking about
minimizing the amount of GTK 2 in the archive.

GTK 2 is used by some important productivity applications like GIMP, and
has also historically been a popular UI toolkit for proprietary software
that we can't change, so perhaps removing GTK 2 from Debian will never be
feasible. However, it has reached the point where a dependency on it is
a bug - not a release-critical bug, and not a bug that can necessarily
be fixed quickly, but a piece of technical debt that maintainers should
be aware of.

A porting guide is provided in the GTK 3 documentation:
https://developer.gnome.org/gtk3/stable/migrating.html

Some libraries (for example libgtkspell0) expose GTK as part of their
API/ABI, in which case removing the deprecated dependency requires
breaking API/ABI. For these libraries, in many cases there will already
be a corresponding GTK 3 version (for example libgtkspell3-3-0), in which
case the GTK 2-based library should probably be deprecated or removed
itself. If there is no GTK 3 equivalent, of a GTK 2-based library,
maintainers should talk to the dependent library's upstream developers
about whether the dependent library should break API/ABI and switch
to GTK 3, or whether the dependent library should itself be deprecated
or removed.

A few packages extend GTK 2 by providing plugins (theme engines, input
methods, etc.) or themes, for example ibus and mate-themes. If these
packages deliberately support GTK 2 even though it is deprecated, and
they also support GTK 3, then it is appropriate to mark this mass-filed
bug as wontfix for now. I have tried to exclude these packages from
the mass-bug-filing, but I probably missed some of them.

Regards,
smcv
--- End Message ---
--- Begin Message ---
Version: 5.0.0+git23.g335dbec-6+rm

Dear submitter,

as the package qtstyleplugins-src has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1102992

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)--- End Message ---

Bug#1059164: angelfish: Stop depending on QQuickWebEngineDownloadItem private header

[Soren Stoutner]

Control: fixed -1 24.12.1-1

On Wednesday, April 16, 2025 7:38:29 AM Mountain Standard Time 
Diederik de Haas wrote:
> Hi,
> 
> On Wed Dec 20, 2023 at 8:16 PM CET, Soren Stoutner wrote:
> > Control: forwarded -1
> > https://bugs.kde.org/show_bug.cgi?id=478783[1]
> You're in a much better position to judge, but it seems it is fixed?
> 
> With https://invent.kde.org/network/angelfish/-/merge_requests/234
> came
> https://invent.kde.org/network/angelfish/-/commit/0422c1e654e68c69f
> 997d6fcdfdd9138926b2665 0422c1e654e6 ("Remove private API usage for
> QQuickWebEngineDownloadItem")
> 
> which was first part of tag v24.07.80 and/thus also tag v24.12.0
> which I guess translates to Debian version 24.12.1-1 ?

I can confirm this is now fixed.  This is done by running the 
following command, which now returns 0 results:

nm -D /usr/bin/angelfish-webapp | grep PRIVATE_API

> On Mon Aug 26, 2024 at 10:12 PM CEST, Soren Stoutner wrote:
> > The needed changes in Qt WebEngine have been merged for the 6.8.0
> > release.
> I guess that means it also needs a versioned Build-Depends?

Yes, it would.  Although in practice, 6.8.2 is already in trixie and 
it is unlikely that anyone would ever try to backport 24.12.1-1 to 
bookworm, so it probably doesn’t matter if you explicitly state a 
versioned Build-Depends.

-- 
Soren Stoutner
so...@debian.org

signature.asc
Description: This is a digitally signed message part.

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> fixed 1076292 6.8.2+dfsg-1
Bug #1076292 [src:qt6-base] qt6-base: CVE-2024-39936
Marked as fixed in versions qt6-base/6.8.2+dfsg-1.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1076292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processing of qt6-base_6.8.2+dfsg-6_source.changes

[Debian FTP Masters]

qt6-base_6.8.2+dfsg-6_source.changes uploaded successfully to localhost
along with the files:
  qt6-base_6.8.2+dfsg-6.dsc
  qt6-base_6.8.2+dfsg-6.debian.tar.xz
  qt6-base_6.8.2+dfsg-6_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#1101215: (no subject)

[Patrick Franz]

Hi Antonio,

are you affected by this ? Is it causing issues ?


-- 
Med vänliga hälsningar

Patrick Franz

Bug#1076292: marked as done (qt6-base: CVE-2024-39936)

[Debian Bug Tracking System]

Your message dated Thu, 17 Apr 2025 00:16:20 +0200
with message-id <4977519.GXAFRqVoOG@treadstone-71>
and subject line 
has caused the Debian Bug report #1076292,
regarding qt6-base: CVE-2024-39936
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1076292: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076292
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: qt6-base
Version: 6.6.2+dfsg-9
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team 
Control: forwarded -1 https://codereview.qt-project.org/c/qt/qtbase/+/571601
Control: clone -1 -2
Control: reassign -2 src:qtbase-opensource-src 5.15.13+dfsg-2
Control: retitle -2 qtbase-opensource-src: CVE-2024-39936

Hi,

The following vulnerability was published for QT.

CVE-2024-39936[0]:
| An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before
| 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x
| before 6.7.3. Code to make security-relevant decisions about an
| established connection may execute too early, because the
| encrypted() signal has not yet been emitted and processed..


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-39936
https://www.cve.org/CVERecord?id=CVE-2024-39936
[1] https://codereview.qt-project.org/c/qt/qtbase/+/571601

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Fixed with the upload of 6.8.2+dfsg-1 which contains the fix.--- End Message ---