From apo at debian.org Tue Jun 10 15:57:21 2025 From: apo at debian.org (Markus Koschany) Date: Tue, 10 Jun 2025 16:57:21 +0200 Subject: [Pkg-mozext-maintainers] Bug#1102005: Workaround works In-Reply-To: References: Message-ID: On Thu, 1 May 2025 20:48:53 -0700 Craig wrote: > > I confirm this workaround works... > > This package should be removed from trixie since it doesn't work without > workarounds.? As mentioned, these workarounds are only temporary anyway and > will likely be irrelevant by release time. I think it makes more sense to keep webext-ublock-origin-chromium because a sensible workaround exists for now. Also there might be an effort to port ublock-origin to newer Chromium versions in a few months and then we could just upgrade it in stable via a point release. It would be more of a hassle if we had to re-introduce the binary package then again. > > I'm not sure there is a way to replace ublock-origin, given that manifest > v2 is going away... > > The alternative for chromium is ublock-origin-lite however it's too late to > get new packages into trixie as far as I know. That's correct. I have to look into ublock-origin-lite and if we want to bundle the sources with the normal ublock-origin or switch to it entirely or create a separate source package for it. That's something for the next release cycle. > > > Perhaps we need to have brave browser in Debian as an alternative? > > Debian already offers an alternative browser, it's called Firefox, and > there is already webext-ublock-origin-firefox working fine. Right. webext-ublock-origin-firefox works fine and Firefox isn't a bad alternative either. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: This is a digitally signed message part URL: From ftpmaster at ftp-master.debian.org Tue Jun 10 16:47:01 2025 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 10 Jun 2025 15:47:01 +0000 Subject: [Pkg-mozext-maintainers] Processing of ublock-origin_1.62.0+dfsg-0+deb12u1_source.changes Message-ID: ublock-origin_1.62.0+dfsg-0+deb12u1_source.changes uploaded successfully to localhost along with the files: ublock-origin_1.62.0+dfsg-0+deb12u1.dsc ublock-origin_1.62.0+dfsg.orig.tar.xz ublock-origin_1.62.0+dfsg-0+deb12u1.debian.tar.xz ublock-origin_1.62.0+dfsg-0+deb12u1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From apo at debian.org Tue Jun 10 16:47:25 2025 From: apo at debian.org (Markus Koschany) Date: Tue, 10 Jun 2025 17:47:25 +0200 Subject: [Pkg-mozext-maintainers] Bug#1107607: bookworm-pu: package ublock-origin/1.62.0+dfsg-0+deb12u1 Message-ID: <174957044517.30287.4733708656144939311.reportbug@faye> Package: release.debian.org Severity: normal Tags: bookworm User: release.debian.org at packages.debian.org Usertags: pu X-Debbugs-Cc: ublock-origin at packages.debian.org, apo at debian.org Control: affects -1 + src:ublock-origin [ Reason ] Backport a new upstream version of ublock-origin (browser addon) to improve user experience and ad filter capabilities. Fix CVE-2025-4215: A remote attacker could abuse an inefficient regular expression in ublock-origin's filters to cause a denial-of-service and freeze a web browser. [ Impact ] Reduced ad filter capabilities and still vulnerable to CVE-2025-4215. [ Tests ] Using it on a daily basis without any problems. [ Risks ] The web browser addon does not affect other packages and runs in a sandbox. Previous stable updates have been unproblematic. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Other info ] The debdiff is rather huge and not attached because of the introduction of a new upstream version. From ftpmaster at ftp-master.debian.org Tue Jun 10 16:50:45 2025 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 10 Jun 2025 15:50:45 +0000 Subject: [Pkg-mozext-maintainers] ublock-origin_1.62.0+dfsg-0+deb12u1_source.changes ACCEPTED into proposed-updates->stable-new Message-ID: Thank you for your contribution to Debian. Mapping bookworm to stable. Mapping stable to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Jun 2025 17:15:46 +0200 Source: ublock-origin Architecture: source Version: 1.62.0+dfsg-0+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Mozilla Extension Maintainers Changed-By: Markus Koschany Closes: 1104635 Changes: ublock-origin (1.62.0+dfsg-0+deb12u1) bookworm; urgency=medium . * Backport 1.62.0+dfsg to bookworm to improve user experience and ad filter capabilities. * Fix CVE-2025-4215: A remote attacker could abuse an inefficient regular expression in ublock-origin's filters to cause a denial-of-service and freeze a web browser. (Closes: #1104635) Checksums-Sha1: f626ce1e2ec3d3f67569c0e63befeef4f66fc528 2496 ublock-origin_1.62.0+dfsg-0+deb12u1.dsc 4ab2e168f182945e79c8899aab6a81416167d831 4984748 ublock-origin_1.62.0+dfsg.orig.tar.xz baae0d531231f4a51af6570eee342f638a7d2fd1 43496 ublock-origin_1.62.0+dfsg-0+deb12u1.debian.tar.xz 23987528a77043fa771b1a54873f94693f1060e1 9045 ublock-origin_1.62.0+dfsg-0+deb12u1_amd64.buildinfo Checksums-Sha256: 1529123cd827726b9e4e611d045507c120a4ce31fcb50f360ed2b829e58fc0b7 2496 ublock-origin_1.62.0+dfsg-0+deb12u1.dsc bece32da1eae8117ebdb3080f09fe8f383ab125f9e003977773edcce7e175c21 4984748 ublock-origin_1.62.0+dfsg.orig.tar.xz b88c5c20f151f7488086eecde985eeb59c9790c69c2c64a666921c9815ff7604 43496 ublock-origin_1.62.0+dfsg-0+deb12u1.debian.tar.xz 4ce15c963fba75d7340e9ab0f454038890a6ddff43252afb42ee3f603802b126 9045 ublock-origin_1.62.0+dfsg-0+deb12u1_amd64.buildinfo Files: 9b81afc26c6b519fd900ebfaca11b330 2496 web optional ublock-origin_1.62.0+dfsg-0+deb12u1.dsc a793f6bc3418b8d0c2bcdbad8ce6a67e 4984748 web optional ublock-origin_1.62.0+dfsg.orig.tar.xz 955131049306ea4341cbdcaf1ce3293a 43496 web optional ublock-origin_1.62.0+dfsg-0+deb12u1.debian.tar.xz 280afac6a45722ca06673e39df9cc852 9045 web optional ublock-origin_1.62.0+dfsg-0+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmhIUU5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk1RMP/3n169SBpG3S2xFxZG60067P1GiYEeVloxRa vS1mJ0D6vic1zxlhbpxKrY4doPYuPF3YrYlazV8FbrN8+qXX2RncNJdIdJnPmfp5 KZGlcwik8f63h1WVZd6k92WQkAwyFG+jXGKnJmMQJm5m1OEjnxHA0lN7niP7io1f yDjwxk6ls4aDXHlpqlE1CofU3+bge8rK+UHM0oVKtknGukA6ZElk0p1ki3/3DOc/ l2q0mQHvHIAPXGyXCi95jZ7wMfQrf1GwyfurlokH9AqVxGr8l8+BxDmDXCR01gp+ P9bCDiICkjApmPO0gSHd401QJcHV4PCUV50BuQlowuEzPSyIwGJxRTy7VeRhGsou wP2AO76iGyD9yqDUq4SvyLJV2LMWDtpWC9R1v80E/WdKMwFwW1sbTmgAfVBPXjSo vb3gYxHfQXzSD+sKajilwEKeUcHbh8NRZz+k5JHcFCl+Tepq18XUDfkc2mtcFBR2 05CI8ZHxrxZzEeBpjisliAxhdj0ue0eG8BJSH8yqWfZ92ckuKuw6Ypx4pbJsiyBG Cj/PP85vBZnMJbtb20jefaZbzeVgKbfnrMURS+we8f8BPCtymx1l3nB1kzaFBUDI Z034JWGXIM1mpMFum7cRrzVtxqcIkclEp0FE1PZvjQ5nvxqybH8QbdZ5D0ubKzvj WidsCQSL =FRdb -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From ftpmaster at ftp-master.debian.org Tue Jun 10 17:07:13 2025 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 10 Jun 2025 16:07:13 +0000 Subject: [Pkg-mozext-maintainers] Processing of ublock-origin_1.62.0+dfsg-2_source.changes Message-ID: ublock-origin_1.62.0+dfsg-2_source.changes uploaded successfully to localhost along with the files: ublock-origin_1.62.0+dfsg-2.dsc ublock-origin_1.62.0+dfsg-2.debian.tar.xz ublock-origin_1.62.0+dfsg-2_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Tue Jun 10 17:19:20 2025 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 10 Jun 2025 16:19:20 +0000 Subject: [Pkg-mozext-maintainers] ublock-origin_1.62.0+dfsg-2_source.changes ACCEPTED into unstable Message-ID: Thank you for your contribution to Debian. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Jun 2025 17:49:10 +0200 Source: ublock-origin Architecture: source Version: 1.62.0+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Mozilla Extension Maintainers Changed-By: Markus Koschany Closes: 1104635 Changes: ublock-origin (1.62.0+dfsg-2) unstable; urgency=medium . * Fix CVE-2025-4215: A remote attacker could abuse an inefficient regular expression in ublock-origin's filters to cause a denial-of-service and freeze a web browser. (Closes: #1104635) Checksums-Sha1: 63550a0ac539a9ca3fe35577ff008df497aeb2db 2464 ublock-origin_1.62.0+dfsg-2.dsc aca7e3e0e80ff89e36a7231affb66415817b1c08 43440 ublock-origin_1.62.0+dfsg-2.debian.tar.xz cece7d0ca4ca58d3e55fcc13cf424250bed21aaf 8356 ublock-origin_1.62.0+dfsg-2_amd64.buildinfo Checksums-Sha256: 56f3560fff5485d7032217b00ad2ed7fe1c29fb385df2f07b2dd09dc16a6ebcb 2464 ublock-origin_1.62.0+dfsg-2.dsc bc427ca117bd54af4d62fc6040627c2a91fa551b2b81965a09d4fd0c5fbbe041 43440 ublock-origin_1.62.0+dfsg-2.debian.tar.xz b8a0974cfb19e453257239f7f592c64b1daaa552e8834825941ec71715f1e28e 8356 ublock-origin_1.62.0+dfsg-2_amd64.buildinfo Files: 50dea53da2f31cabc83dc21ab580743f 2464 web optional ublock-origin_1.62.0+dfsg-2.dsc 56d92fd68c413190ed6fcdf3e1347b87 43440 web optional ublock-origin_1.62.0+dfsg-2.debian.tar.xz eea8012bdc86bdb215868a3175526300 8356 web optional ublock-origin_1.62.0+dfsg-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmhIVclfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkwiMQAJDhwS8xNihrShuVhPDcNTCVn3dWm/YLXaV2 ezdV3S4NhHVvym+iRSPrpeOjiQ06zpI1r1ZRju4MWL7MAG0OpDrkMTJyOOFiUp2u eA2x1pDx4sifMPoU/2T8D4G4WArrmcBvjz5kETKFWwJ+4zMeOy4pD7xy92OIr+O6 zsr3vWCIWmHrKmh5O6V+4j02wfszmbkgHQGqqIy7husjuhXTGb4TNzAt/y7vMD0f KSPiTfxlHQGi4R4IQ4lesUEeAxVchI6m8km8iGsCQ8mG9wzeJd46V8GykenO0JpX 1qJLnNlgewKRQreYQ8hl9YtPFdOAfmnqzA3flqoGex0zst/dYSnLVchjCx/1ut6g Xm1AEubbUj2gyjVejVjJhQf1p0xNfqTmHqTLE7BIMmXFidsd7LIftEq3Qc5lenfQ LVlUlDj9BEDoWcGMGCmNjPZOGwITRd+5E5Aa1VYJaktjI5bg3TCGp2kAcDcJUXMh wMQjVPnjZOYEQYuEm/GYJZGO60Rl/GFkIU//SzlsmRWfzpPleAmHvD8ju7ICiq+T Qj/rUzAbrPA2yRRsX1RUjAdI53bf1KR07RL5tIasQnc72y4w5F9pZ5rVrEfnkzOR z6RNz4jNzpCXY6S447rBZQKp8X53rj5kZPHvZ53tBzQH9qW57t2vJ+U6uJMJVbQ7 jkyH8kuY =W+Xx -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From owner at bugs.debian.org Tue Jun 10 17:21:02 2025 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Tue, 10 Jun 2025 16:21:02 +0000 Subject: [Pkg-mozext-maintainers] Bug#1104635: marked as done (ublock-origin: CVE-2025-4215) References: <174627810115.348177.144451163149652233.reportbug@eldamar.lan> Message-ID: Your message dated Tue, 10 Jun 2025 16:19:21 +0000 with message-id and subject line Bug#1104635: fixed in ublock-origin 1.62.0+dfsg-2 has caused the Debian Bug report #1104635, regarding ublock-origin: CVE-2025-4215 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1104635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104635 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Salvatore Bonaccorso Subject: ublock-origin: CVE-2025-4215 Date: Sat, 03 May 2025 15:15:01 +0200 Size: 4218 URL: -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters Subject: Bug#1104635: fixed in ublock-origin 1.62.0+dfsg-2 Date: Tue, 10 Jun 2025 16:19:21 +0000 Size: 7263 URL: