Bug#985308: Debian rpm package: import NMUs, fix three CVEs
On 6/27/21 7:04 PM, Michal Čihař wrote: > Hi > > Peter Pentchev píše v Ne 27. 06. 2021 v 13:45 +0300: >> So, Michal, do these changes look reasonable to you? If they do, >> I can push them to the pkg-rpm/rpm repo itself, upload a new version >> to >> unstable, and send an unblock request to the release team. > > I won't have time to review the changes in near future, so I'd say you > can go ahead. Michal, Peter, please also see the new source debugedit package in experimental/NEW, splitted out from rpm. Unfortunately not yet accepted, but if you do an upload to experimental, please let rpm depend on it. Matthias
Bug#985308: Debian rpm package: import NMUs, fix three CVEs
On Mon, Jun 28, 2021 at 10:36:24AM +0200, Matthias Klose wrote: > On 6/27/21 7:04 PM, Michal Čihař wrote: > > Hi > > > > Peter Pentchev píše v Ne 27. 06. 2021 v 13:45 +0300: > >> So, Michal, do these changes look reasonable to you? If they do, > >> I can push them to the pkg-rpm/rpm repo itself, upload a new version > >> to > >> unstable, and send an unblock request to the release team. > > > > I won't have time to review the changes in near future, so I'd say you > > can go ahead. > > Michal, Peter, please also see the new source debugedit package in > experimental/NEW, splitted out from rpm. Unfortunately not yet accepted, but > if > you do an upload to experimental, please let rpm depend on it. Noted, thanks for your work on this! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 signature.asc Description: PGP signature
Bug#985308: Debian rpm package: import NMUs, fix three CVEs
Hi Peter Pentchev píše v Ne 27. 06. 2021 v 13:45 +0300: > So, Michal, do these changes look reasonable to you? If they do, > I can push them to the pkg-rpm/rpm repo itself, upload a new version > to > unstable, and send an unblock request to the release team. I won't have time to review the changes in near future, so I'd say you can go ahead. -- Michal Čihař | https://cihar.com/ | https://weblate.org/
Bug#985308: Debian rpm package: import NMUs, fix three CVEs
Hi, First of all, thanks to everyone involved for their work on Debian! So as a relatively new member of the pkg-rpm team (mainly to work on createrepo-c and the packages that it depends), I wondered if it were time to try my hand at helping out with some other packages. Michal, I have cloned the rpm repository to my own Salsa namespace - https://salsa.debian.org/roam/rpm - and I have imported the NMUs from Boyuan Yang and Matthias Klose. BTW, Bouyan, Matthias, do you have Git repos of your work as separate commits, or is it okay to import the *.dsc files in bulk as I've done there? I have then applied (with a slight modification for post-4.16 changes) the two upstream patches that address the three CVEs reported by Moritz Muehlenhoff in #985308. So, Michal, do these changes look reasonable to you? If they do, I can push them to the pkg-rpm/rpm repo itself, upload a new version to unstable, and send an unblock request to the release team. Thanks again to you all, and keep up the great work! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 signature.asc Description: PGP signature
Bug#985308: Debian rpm package: import NMUs, fix three CVEs
On Sun, Jun 27, 2021 at 01:45:58PM +0300, Peter Pentchev wrote: > Hi, > > First of all, thanks to everyone involved for their work on Debian! > > So as a relatively new member of the pkg-rpm team (mainly to work on > createrepo-c and the packages that it depends), I wondered if it were > time to try my hand at helping out with some other packages. > > Michal, I have cloned the rpm repository to my own Salsa namespace - > https://salsa.debian.org/roam/rpm - and I have imported the NMUs from ...and of course I should have pointed to the roam-cves branch there: https://salsa.debian.org/roam/rpm/-/tree/roam-cves > Boyuan Yang and Matthias Klose. BTW, Bouyan, Matthias, do you have > Git repos of your work as separate commits, or is it okay to import > the *.dsc files in bulk as I've done there? > > I have then applied (with a slight modification for post-4.16 changes) > the two upstream patches that address the three CVEs reported by > Moritz Muehlenhoff in #985308. > > So, Michal, do these changes look reasonable to you? If they do, > I can push them to the pkg-rpm/rpm repo itself, upload a new version to > unstable, and send an unblock request to the release team. > > Thanks again to you all, and keep up the great work! G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@debian.org p...@storpool.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 signature.asc Description: PGP signature
