Bug#1019230: Bug#1021276: Pending snort 2.9.20 update
On Sat, Jan 21, 2023 at 10:53:24PM +0100, Markus Koschany wrote: > Hi Javier, > > Am Freitag, dem 20.01.2023 um 22:23 +0100 schrieb Javier Fernandez-Sanguino: > > Dear Markus, > > > > Thank you for preparing. Could you please share the patch you are working > > on? > > Snort is available in Salsa. Maybe you could upload / provide there your > > propose changes in a separate branch? > > I'm adding the security team to CC to give them a heads-up because the snort > update is also relevant for stable and oldstable. I'm not allowed to push to > your Git repository on salsa. I will just attach my debian directory to the RC > bug reports next. > > First of all I decided to package 2.9.20 because this version seems less > intrusive than the new 3.x series. Thanks for fixing up buster/bullseye for existing users (which I think is best catered by moving to 2.9.20, but I don't think snort should be in Bookworm: - No upload since almost 1.5 years, zero followup to #1019230 or #1021276 until your poke - What's worse: The security progress is completely intransparent, apart from dropping new releases with vague Cisco advisories Cheers, Moritz
Bug#1019230: Bug#1021276: Pending snort 2.9.20 update
Hi Javier, Am Freitag, dem 20.01.2023 um 22:23 +0100 schrieb Javier Fernandez-Sanguino: > Dear Markus, > > Thank you for preparing. Could you please share the patch you are working on? > Snort is available in Salsa. Maybe you could upload / provide there your > propose changes in a separate branch? I'm adding the security team to CC to give them a heads-up because the snort update is also relevant for stable and oldstable. I'm not allowed to push to your Git repository on salsa. I will just attach my debian directory to the RC bug reports next. First of all I decided to package 2.9.20 because this version seems less intrusive than the new 3.x series. For better long-term support it would be better to go for 3.x but I leave this decision to you. I have refreshed all patches and dropped the autoconf, fix_compile_errors and fix_ftbfs_in_manual.tex patches because the package builds fine without them. In debhelper-compat 13 auto-reconfiguration is the default now. There are still a couple of Lintian errors and warnings about snort which are also present in the current unstable version. I only removed the Windows binaries from the source tarball so far. https://udd.debian.org/lintian/?packages=snort I didn't touch anything else in your package. You just need to run uscan and remove the dll files again if you want to upload yourself. If you don't have time for that, let me know, and I'll take care of the rest. Best, Markus P.S.: Your VCS repository is not up-to-date, the last update is missing. signature.asc Description: This is a digitally signed message part
Bug#1019230: Bug#1021276: Pending snort 2.9.20 update
Dear Markus, Thank you for preparing. Could you please share the patch you are working on? Snort is available in Salsa. Maybe you could upload / provide there your propose changes in a separate branch? Saludos, Javier El vie, 20 ene 2023, 21:42, Markus Koschany escribió: > Control: tags -1 pending > Control: owner -1! > > Dear maintainer, > > I have prepared a new upstream release of snort, version 2.9.20, which will > address the current release critical bugs in your package. I am currently > testing it and intend to upload it to delayed 5 tomorrow. That should > ensure > snort will re-enter testing in time for Bookworm's soft freeze. > > Regards, > > Markus >