Control: tags -1 + moreinfo On Tue, 2019-01-08 at 23:59 +0100, Hilko Bengen wrote: > I'd like to update opensc in stretch to 0.1.9-1~deb9u1 in order to > fix a regression that introduced with the last update, 0.1.6- > 3+deb9u1, in an attempt to fix security issues (see #910786 for > details). > > I am aware that this is by no means a minimal change. I have tried to > fix the backported patch that broke Yubikey NEO support for me, but I > have not been able to restore functionality without reverting the > patch that fixed a CVE-worthy buffer overflow. > > Because I own no other smartcard hardware, I cannot tell if the other > patches that were introduced with 0.16.0-3+deb9u1 broke any other > hardware support.
Apologies for not getting back to you sooner. Reading through the changelog between the two Debian versions, there are several changes that we normally would not consider, including a switch to Debhelper 11 and a change of supported OpenSSL version. In order to try and assess the practical impact, would it be possible to have a binary debdiff between the current packages and your proposed upload. Regards, Adam
