On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote:
> On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote:
> > This is an update to the current stable OpenSSL release in the 3.0.x
> > series. It addresses the following CVE reports which were postponed
> >
On 2024-03-08 07:38:10 [+], Adam D. Barratt wrote:
> On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote:
> > This is an update to the latest clamav release in the 1.0.x series.
>
> One small thing you may want to fix for any follow-up updates:
>
>
On 2024-02-09 23:12:18 [+0100], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:clamav
> X-Debbugs-Cc: cla...@packages.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: bookworm
> Severity: normal
>
> This is an update to
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: open...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update to the current stable OpenSSL release in the
;
+j += strlen(FILENAME_DISABLED_MESSAGE);
i++;
} else {
buffer_cmd[j++] = opt->strarg[i];
diff --git a/common/optparser.c b/common/optparser.c
index a7bdbee..1be7afe 100644
--- a/common/optparser.c
+++ b/common/optparser.c
@@ -333,7 +333,7 @@ co
Package: release.debian.org
Control: affects -1 + src:dar
User: release.debian@packages.debian.org
Usertags: binnmu
Severity: normal
Hi,
if I see this correctly then dar 2.7.13-2 won't migrate to testing
because it was built using openssl 3.0.12-1. This version isn't in
testing and if
On 2023-11-22 22:15:43 [+0100], Jérémy Lal wrote:
> Plase wait a moment before doing more uploads.
> I am gonna deal with it before the end the week. Sorry for that.
Sorry for any trouble I may have caused. I haven't had any response and
I wasn't granted any free rider card so I started
Hi,
OpenSSL didn't migrate to testing for two reasons:
#1 Didn't build on mips64el because slow buildd is slow.
#2 Autopkgtest fails in the latest version due to changes in OpenSSL.
For #1 Kurt increased the priority so it might build eventually.
#2. This is known by nodejs upstream and has
On 2023-10-02 13:41:17 [+0200], Cyril Brulebois wrote:
> Adam D. Barratt (2023-10-02):
> > Unfortunately, the version format change from -0+deb11uX to -0~deb11uX
> > has broken the installer.
> >
> > The udebs end up with dependencies of the form ">= 1.1.1w", which
> > 1.1.1w-0~deb11u1 doesn't
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: open...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update of the openssl package to the 3.0.11 version, a
On 2023-09-23 20:39:32 [+0100], Adam D. Barratt wrote:
> Please go ahead.
Thanks, done.
> Regards,
>
> Adam
Sebastian
Package: release.debian.org
Control: affects -1 + src:mutt
X-Debbugs-Cc: m...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebast...@breakpoint.cc
Severity: normal
This is an update mutt package as provided by upstream to version
On 2023-09-14 21:52:25 [+0100], Adam D. Barratt wrote:
>
> That's now out, as SUA-240-1.
Thank you Adam.
> Regards,
>
> Adam
Sebastian
On 2023-09-14 06:31:26 [+0100], Adam D. Barratt wrote:
> On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior wrote:
> > On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> > > How does this sound for an SUA?
> [...]
> > This sounds entirely fine to me. I do
ain a copy
@@ -82,13 +82,16 @@
if (!rsa_param_encode(pkey, , ))
return 0;
penclen = i2d_RSAPublicKey(pkey->pkey.rsa, );
-if (penclen <= 0)
+ if (penclen <= 0) {
+ASN1_STRING_free(str);
return 0;
+}
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->
On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote:
> How does this sound for an SUA?
>
> ===
> Package : clamav
> Version : 1.0.3+dfsg-1~deb12u1 [bookworm]
>0.103.10+dfsg-0+deb11u1 [bullseye]
> Importance : medium
>
> ClamAV
-1.0.3+dfsg/debian/changelog 2023-09-09 16:36:13.0 +0200
@@ -1,3 +1,10 @@
+clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium
+
+ * Import 1.0.3
+ * Remove unnecessary warning messages in freshclam during update.
+
+ -- Sebastian Andrzej Siewior Sat, 09 Sep 2023 16:36:13 +0200
https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/])
dnl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.103.9+dfsg/debian/changelog clamav-0.103.10+dfsg/debian/changelog
--- clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.
On 2023-09-04 21:18:35 [+0200], To Adam D. Barratt wrote:
> > The next point release for both bullseye and bookworm is in a month.
> > Were you looking to have the clamav updates published via -updates
> > before that point?
>
> I almost started preparing 0.103.10 I think it will be easier to go
On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote:
> This is an update of the openssl package to the 1.1.1v version, a patch
> release
Upstream announced to release 1.1.1w on 11th September. They said it is
a "security-fix" with the highest severity defined as "low". This is
also
On 2023-09-05 17:36:41 [+0100], Jonathan Wiltshire wrote:
>
> Please go ahead.
Thanks, done.
> Thanks,
Sebastian
On 2023-09-04 19:52:23 [+0100], Adam D. Barratt wrote:
> On Sun, 2023-08-27 at 13:20 +0200, Sebastian Andrzej Siewior wrote:
> > This is a stable update from clamav upstream in the 0.103.x series.
> > It fixes the following CVE
> > - CVE-2023-20197 (Possible Do
for version update.
+ * Fix package description. (Closes: #1028585)
+
+ -- Sebastian Andrzej Siewior Sat, 02 Sep 2023 15:29:41 +0200
+
kernelshark (2.2.0-2) unstable; urgency=medium
* Fix symlink names. (Closes: #1035449)
diff -Nru kernelshark-2.2.0/debian/control kernelshark-2.2.1/debian
R([config])
diff -Nru clamav-0.103.8+dfsg/debian/changelog clamav-0.103.9+dfsg/debian/changelog
--- clamav-0.103.8+dfsg/debian/changelog 2023-02-17 21:43:57.0 +0100
+++ clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.0 +0200
@@ -1,3 +1,10 @@
+clamav (0.103.9+dfsg-0+deb11
On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> Control: affects -1 + src:openssl
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: bullseye
> Severity: normal
>
> This is an update of the openssl package to the 1.1.1v version,
On 2023-06-26 18:10:57 [+0100], Jonathan Wiltshire wrote:
> Control: tag -1 moreinfo
>
> You're both going to have to help me a) understand what is the user-facing
> problem you're solving which is necessary to fix in stable and b) whether
> you're both agreed on how to fix it.
a) The bpo of
control: retitle -1 unblock: openssl/3.0.9-1
On 2023-05-30 22:16:53 [+0200], To sub...@bugs.debian.org wrote:
>
> Please unblock package openssl.
>
> The 3.0.9 release contains security and non-security related fixes for
> the package. There are five new CVEs in total that has been addressed.
>
On 2023-05-28 07:44:13 [+0200], Paul Gevers wrote:
> Hi,
Hi,
> Given the impact of openssl, lets have that exception. Quiet period starts
> on 2023-06-04, we need to ensure it migrated *before* then.
Okay. I'm going to upload to unstable and open an unblock bug. Thank you
for the confirmation.
Hi,
there is an upcoming OpenSSL scheduled for next TUE (2023-05-30)
including one security fix of moderate severity [0].
For Bullseye I am going backport ~6 fixes (4 security fixes of minor
severity which were not yet addressed, the upcoming fix and an
alternative fix for CVE-2022-4304).
_Later_
On 2023-04-30 18:43:18 [+0200], Helge Kreutzmann wrote:
> Hello Sebastian,
Hi Helge,
> > - the backport package of manpages-de and manpages-fr provides a
> > man page for xz. These files conflict with the one provided by
> > xz-utils package. The bpo package and xz-utils in Bookworm have
ig
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.103.7+dfsg/debian/changelog clamav-0.103.8+dfsg/debian/changelog
--- clamav-0.103.7+dfsg/debian/changelog 2022-08-21 21:28:52.0 +0200
+++ clamav-0.103.8+dfsg/debian/changelog 2023-02-17 21:43:57.0 +0100
@@ -1,3 +1,11 @@
+clamav (0
On 2022-09-02 17:02:38 [+0100], Adam D. Barratt wrote:
> Please go ahead, bearing in mind that the window for getting updates
> into 11.5 (and thus bullseye-updates prior to 11.5 being released)
> closes over this weekend.
just uploaded.
> Given that 11.5 is scheduled for a week tomorrow, would
909aed8
-7135300
+276875cec2e8a64a834e0c5e9f988aebe0d3ab25
+276875cec2e8a64a834e0c5e9f988aebe0d3ab25
+d1ea680af611ee417616ec3d8615a0e67a495795
+d1ea680af611ee417616ec3d8615a0e67a495795
+clamav_0.103.7+dfsg.orig.tar.xz
+f0708e3df3a432def23c384d28fb3a4628efcfd5
+7136624
diff --git a/debian/changelog b
af6e140ea150e0f219c86594f3bc04cb
+d1ea680af611ee417616ec3d8615a0e67a495795
+d1ea680af611ee417616ec3d8615a0e67a495795
+clamav_0.103.7+dfsg.orig.tar.xz
+f0708e3df3a432def23c384d28fb3a4628efcfd5
+7136624
diff --git a/debian/changelog b/debian/changelog
index c540f6f..5210a94 100644
--- a/debian/changelog
On 2022-06-08 22:13:09 [+0200], Sebastian Ramacher wrote:
> That would be much appreciated, thanks!
Did so, sorry for the delay. I aimed for Monday but…
> Cheers
Sebastian
On 5 June 2022 19:03:17 UTC, Kurt Roeckx wrote:
>The suggestion was to make an openssl.cnf that's compatible with 1.1.1,
>and so remove or comment out everything related to providers.
>
Ah okay. In that case let me so that tomorrow and close that rc bug with this
change.
>
>Kurt
>
--
On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote:
> Hi Sebastian
Hi Sebastian,
> > Otherwise I'd fear that the only other options are openssl breaking
> > libssl1.1 or renaming /etc/ssl/openssl.cnf to have a version specific
> > name. Given the high number reverse dependencies involved in
On 2022-05-26 18:26:57 [+0200], Sebastian Ramacher wrote:
> Hi Sebastian
Hi,
> We're now at the following blockers for openssl's migration:
…
> Bugs for the autopkgtest regressions have been filed and some are
> already fixed in unstable. So I'll add hints to ignore those
> regressions.
good.
>
ude
searchindex.js clamav-0.103.5+dfsg/debian/changelog
clamav-0.103.6+dfsg/debian/changelog
--- clamav-0.103.5+dfsg/debian/changelog 2022-01-13 21:49:00.0
+0100
+++ clamav-0.103.6+dfsg/debian/changelog2022-05-26 10:17:16.0
+0200
@@ -1,3 +1,20 @@
+clamav (0.103.
searchindex.js clamav-0.103.5+dfsg/debian/changelog
clamav-0.103.6+dfsg/debian/changelog
--- clamav-0.103.5+dfsg/debian/changelog 2022-01-13 21:51:03.0
+0100
+++ clamav-0.103.6+dfsg/debian/changelog2022-05-26 10:19:13.0
+0200
@@ -1,3 +1,20 @@
+clamav (0.103.6+dfsg-
On 2022-05-09 00:11:22 [+0200], Sebastian Ramacher wrote:
> Control: tags -1 = confirmed
>
> Please go ahead
Thank you, done.
> Cheers
Sebastian
On 2022-03-24 12:39:55 [+], Adam D. Barratt wrote:
> I've added that text to the announcement for the buster point release.
Thanks.
> If anyone has any changes, please yell ASAP.
The gnutls and perl changes are not yet built. I guess this is intended
;)
> Regards,
>
> Adam
Sebastian
On 2022-03-23 17:40:59 [+], Adam D. Barratt wrote:
> Right, let's have another go at this then:
>
> "
> OpenSSL signature algorithm check tightening
> =
>
> The OpenSSL update provided in this point release includes a
> change to ensure that the
On 2022-03-22 21:47:52 [+0100], Kurt Roeckx wrote:
> On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> > OpenSSL signature algorithm check tightening
> > =
> >
> > The OpenSSL update included in this point release includes a change to
>
On 2022-03-21 22:11:17 [+0100], Julien Cristau wrote:
> Hi,
Hi,
> Specifically, we were hoping to better understand the risk of openssl
> changes breaking existing setups. It's possible the issues with gnutls
> and libnet-ssleay-perl tests were narrowly scoped enough that that risk
> is low, but
On 2022-03-21 22:04:08 [+0100], Salvatore Bonaccorso wrote:
> Hi Sebastian,
Hi Salvatore,
> > +gnutls28 (3.6.7-4+deb10u7.1) buster; urgency=medium
>
> As not yet uploaded, can you change this to 3.6.7-4+deb10u8 instead.
Just did so.
> Regards,
> Salvatore
Sebastian
-improve-testing-against-secured-O.patch to
+pass testsuite with openssl 1.1.1e.
+
+ -- Sebastian Andrzej Siewior Mon, 21 Mar 2022 14:52:01 +0100
+
gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
* 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
diff -Nru
On 2022-03-21 17:55:00 [+0200], Adrian Bunk wrote:
> > * Backport upstream fix for test failures with OpenSSL 1.1.1n.
> > (Closes: #1008055)
Thank you Adrian.
Sebastian
VEL=2 and
+requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
+allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
+and thus enabling testing more compatability combinations.
+
+Signed-off-by: Dimitri John Ledkov
+Signed-off-by: Sebastian Andrzej Siewior
+---
+
On 2022-03-20 23:15:57 [+0100], Kurt Roeckx wrote:
> > https://ci.debian.net/data/autopkgtest/oldstable/amd64/g/gnutls28/20199677/log.gz
> >
> > Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > %COMPAT: Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > *** Fatal error: A TLS fatal alert
On 2022-03-18 14:51:32 [+], Adam D. Barratt wrote:
> Boo. Hope you're doing better.
Thanks, yes.
> > I would also do the upload for Buster, would that work? I remember
> > that
> > the packages, that broken, were already uploaded a few cycles ago.
>
> Also as 1.1.1n?
Yes.
> I assume there
On 2022-03-18 09:21:50 [+], Adam D. Barratt wrote:
> Apologies if the status here got confused - based on the above, I was
> assuming that in the absence of a negative response you would proceed
> with the 1.1.1n-0+deb11u1 plan. For complete clarity, please feel free
> to do so, bearing in
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote:
> Feel free to upload; we'll wait for the d-i ack before accepting the
> package into p-u.
There will be the release of 1.1.1n on Tuesday 15th March 2022 including
a security fix. Therefore I will:
- prepare a security release against
Control: tags -1 - moreinfo
Removing moreinfo tag since I provide more information in my previous
reply.
On 2022-02-28 00:23:22 [+0100], To 995...@bugs.debian.org wrote:
> On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote:
> > On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
>
On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote:
> On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
> > > Could you please update this transition request? It's open for four
> > > months and no visible response.
> >
> > Kurt mention some 100 packages failing to build. I only
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote:
>
> Feel free to upload; we'll wait for the d-i ack before accepting the
> package into p-u.
Okay. The Bullseye package has been uploaded.
> Regards,
>
> Adam
Sebastian
On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
…
> Thanks. Assuming the above is still accurate, then this looks good to
> me.
>
> As the package builds a udeb, it will need a d-i ack; tagging and CCing
> accordingly.
I'm confused. May I upload or do I
On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
> > Could you please update this transition request? It's open for four
> > months and no visible response.
>
> Kurt mention some 100 packages failing to build. I only see a handfull
> of bugs filed. So what's the status on those build
On 2022-01-25 18:46:16 [+], Adam D. Barratt wrote:
> For the record, .5 was released via {buster,bullseye}-updates last
> night; see SUA211-1 /
> https://lists.debian.org/debian-stable-announce/2022/01/msg1.html
Thank you.
> Regards,
>
> Adam
Sebastian
1 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+dnl Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
dnl Copyright (C) 2007-2013 Sourcefire, Inc.
dnl Copyright (C) 2002-2007 Tomasz Kojm
dnl socklen_t check (c) Alexander V. Lukyanov
On 2022-01-11 21:17:54 [+], Adam D. Barratt wrote:
> Now that the equivalent update made it to stretch, this seems as good a
> time as any - I'm assuming that no major issues have ben reported in
> unstable in the meantime?
correct.
> I wasn't really sure which of the changes made sense to
On 2021-12-23 15:38:16 [+], Adam D. Barratt wrote:
> Hi,
Hi Adam,
> fwiw, even with the reduced diffs, neither request made it to debian-
> release.
Oh shoot. You're the best Adam. I meant to ping the list in case it
didn't make through but forgot to check…
> Were you anticipating that
On 2021-10-05 20:03:49 [+0200], Michael Biebl wrote:
> Hi Kurt, hi Luca, hi everyone,
Hi Michael,
> That said, I'm not a lawyer and reading license texts hurts my brain.
> So my goal is is mainly to raise awareness of this issue and seek input from
> the community.
GPL code which linked against
On 2021-09-10 11:49:39 [+0100], Adam D. Barratt wrote:
> It appears that the bullseye upload is stuck on the upload queue,
> because:
Thank you.
> Regards,
>
> Adam
Sebastian
toconf 2.69. Invocation command line was
CONFIG_FILES= $CONFIG_FILES
@@ -31963,7 +31963,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/&/g'`"
ac_cs_version=&
LES= $CONFIG_FILES
@@ -31963,7 +31963,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/&/g'`"
ac_cs_version="\\
-ClamAV config.status 0.103.2
+ClamAV config.stat
On 2021-04-23 08:21:44 [+0100], Adam D. Barratt wrote:
> Ah, apologies for not spotting that from your earlier mail. An updated
> draft:
This is perfect Adam, thank you.
>
> Regards,
>
> Adam
>
Sebastian
On 2021-04-22 16:58:46 [+0100], Adam D. Barratt wrote:
> On Wed, 2021-04-21 at 21:35 +0200, Sebastian Andrzej Siewior wrote:
> > On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote:
> > > Please feel free to upload. I assume that, given there are security
> > > f
On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote:
>
> I'm certainly happy to defer to your judgement here, given our previous
> experience with clamav updates in stable. I was simply trying to
> ascertain the scale of the update involved, but fear I may have just
> confused the discussion;
On 2021-04-19 21:15:06 [+0100], Adam D. Barratt wrote:
> > > I guess the diff against the current buster package is quite large
> > > by
> > > this point?
> >
> > What do you mean by this point? We did full clamav uploads in the
> > past.
> > Please excuse if I miss something obvious.
>
> Sorry,
On 2021-04-19 19:41:58 [+0100], Adam D. Barratt wrote:
> On Fri, 2021-04-16 at 09:27 +0200, Sebastian Andrzej Siewior wrote:
> > This is an update from ClamAV from 0.102.4 to 0.103.2. The 103
> > release was in unstable since the beginning. I skipped it for Buster
> > back
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
This is an update from ClamAV from 0.102.4 to 0.103.2. The 103 release
was in unstable since the beginning. I skipped it for Buster back then
because the 102 based release recevied
T)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
diff --git a/debian/changelog b/debian/changelog
index 45bfdb99fe8d9..9d1b9d6590ab9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,16 @@
-openssl (1.1.1j-0+deb10u1) buster; urgency=medium
+openssl (1.1.1k-0+deb10u1) bust
On 2020-07-21 16:53:23 [+0200], Santiago Ruano Rincón wrote:
> diff -Nru bzip2-1.0.6/debian/rules bzip2-1.0.6/debian/rules
> --- bzip2-1.0.6/debian/rules 2019-06-24 22:16:40.0 +0200
> +++ bzip2-1.0.6/debian/rules 2020-07-21 10:31:21.0 +0200
> @@ -14,6 +14,9 @@
>
Resending because I managed to accidently clear TO:
On 2021-03-22 19:48:31 [+0100], Cc 959...@bugs.debian.org wrote:
> On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> > On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with
On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
> > fix classified as MODERATE [1].
So this happened. OpenSSL upstream announced [0] 1.1.1k for next
Thursday
an/changelog 2021-03-20 09:37:26.0 +0100
@@ -1,3 +1,15 @@
+clamtk (6.03-3) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Sebastian Andrzej Siewior Sat, 20 Mar 2021 09:37:26 +0100
+
+clamtk (6.03-2) experimental; urgency=medium
+
+ * Remove no-separator from window decorat
On 2021-03-13 17:31:50 [+], Adam D. Barratt wrote:
> Please go ahead.
Thanks, uploaded.
> Regards,
>
> Adam
Sebastian
On 2021-03-08 18:54:22 [+0100], Paul Gevers wrote:
> Hi,
Hi,
> Please upload to unstable. As said, we'll let it age a bit there.
Thanks, uploaded.
> Paul
Sebastian
ix to xzgrep (similar to xzcmp in #844770).
+
+ -- Sebastian Andrzej Siewior Tue, 02 Mar 2021 21:50:25 +0100
+
xz-utils (5.2.5-1.0) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch xz-utils-5.2.5/debian/pat
On 2021-03-02 19:44:58 [+0100], Paul Gevers wrote:
> Hi Sebastian,
Hi Paul,
> Unfortunately we haven't made up our mind yet, but to get some (albeit
> limited) exposure and autopkgtest coverage (via the pseudo-excuses) [2],
> I think your chances for a go are higher if the proposed package is
>
Andrzej Siewior Tue, 23 Feb 2021
23:41:19 +0100
+
m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
* Non-maintainer upload.
diff -Nru m2crypto-0.31.0/debian/patches/MR262.patch
m2crypto-0.31.0/debian/patches/MR262.patch
--- m2crypto-0.31.0/debian/patches/MR262.patch 1970-01-01 01:00
0 +0100
+++ xz-utils-5.2.5/debian/changelog 2021-02-18 23:12:30.0 +0100
@@ -1,3 +1,10 @@
+xz-utils (5.2.5-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Update the patches for #844770 and #975981 to what upstream applied.
+
+ -- Sebastian Andrzej Siewior Thu, 18 Feb 20
On 2021-02-01 23:50:03 [+0100], To Kurt Roeckx wrote:
> in case someone wants to test.
> I think the ship for this pu is sailing without me but I'm ready for the
> next cruise :)
OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
fix classified as MODERATE [1].
[0]
(1.1.1i-0+deb10u1) buster; urgency=medium
(Closes: #947949).
* Update symbol list.
* Apply two patches from upstream to address x509 related regressions.
+ * Cherry-pick a patch from upstream to address #13931.
- -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 11:22:16 +0100
+ -- Seba
On 2021-01-28 00:28:03 [+0100], Kurt Roeckx wrote:
> On Thu, Jan 14, 2021 at 07:03:37PM +0100, Kurt Roeckx wrote:
> > There are a whole bunch of other issues and pull requests related to
> > this. I hope this is the end of the regressions in the X509 code.
>
> So there is something else now:
>
On 2021-01-25 19:57:18 [+0100], Cyril Brulebois wrote:
> Not really *much* easier, to be honest. I can definitely build a package
> locally given a source debdiff, or slightly better, given a source
> package I can run dget against (since we're talking about new upstream
> releases, by the looks
On 2021-01-25 17:51:28 [+], Adam D. Barratt wrote:
> Please go ahead; thanks.
Uploaded. Thank you.
> Regards,
>
> Adam
Sebastian
On 2021-01-22 16:38:28 [+], Adam D. Barratt wrote:
> Assuming that a patched m2crypto will also build fine against openssl
> 1.1.1d, then there's no reason that the two shouldn't proceed in
> parallel (i.e. feel free to file the m2crypto request already).
Yes, it does. Bug filled. Thank you.
/changelog 2021-01-24 12:01:15.0 +0100
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/MR261.patch
+- fix compatibility with openssl/1.1.1i+; Closes: #954402
+
+ -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 12:01:15
4,9 @@ openssl (1.1.1i-0+deb10u1) buster; urgency=medium
- CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure),
(Closes: #947949).
* Update symbol list.
+ * Apply two patches from upstream to address x509 related regressions.
- -- Sebastian Andrzej Siewior Wed, 06 Jan 2
On 2021-01-16 19:14:53 [+0100], Kurt Roeckx wrote:
> So I went over the open issues and pull requests, and currently
> don't see a reason not to upload it to unstable with those 2
> patches. I don't know about any other regressions in 1.1.1.
The openssl package migrated to testing.
I would
On 2021-01-14 19:03:37 [+0100], Kurt Roeckx wrote:
> > Do you have pointers to upstream issues?
>
> There are a whole bunch of other issues and pull requests related to
> this. I hope this is the end of the regressions in the X509 code.
Okay. Please ping once this gets sorted out and I will
On 2020-11-24 20:18:15 [+], Adam D. Barratt wrote:
> That would be preferable at this point, yes, sorry. We should try and
> make sure it's sorted soon afterwards though, to avoid things getting
> stuck again.
I will set up an alarm on my side :)
> At some point, could we please have a
On 2020-11-20 17:24:30 [+], Adam D. Barratt wrote:
> Predictably we're again quite close to a point release. :-( (One week
> from freeze, specifically.)
oh.
> Looking at the upstream issues regarding certificate validation changes
> between 1.1.1e and f/g, #11456 appears to have been
On 2020-11-15 20:59:18 [+0100], Paul Gevers wrote:
> Hi Sebastian,
Hi Paul,
> I don't fully understand what you say here. We *do* run autopkgtests in
> stable to check for issues.
Yes, but the package does not use it in stable.
Sebastian
control: retitle -1 buster-pu: package openssl/1.1.1h-1
On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote:
> > > Do we have any feeling for how widespread such certificates might
> > > be?
> > > The fact that there have been two different upstream reports isn't
> > > particularly comforting.
av.net/], [clamav],
[https://www.clamav.net/])
+AC_INIT([ClamAV], [0.102.4], [https://bugzilla.clamav.net/], [clamav],
[https://www.clamav.net/])
dnl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.102.3+dfsg/debian/changelog
clamav-0.102.4+dfsg/debian/cha
On 2020-05-28 21:56:25 [+0100], Adam D. Barratt wrote:
> Please feel free to go ahead.
The NEW queue has been passed.
> Regards,
>
> Adam
Sebastian
On 2020-06-01 18:52:49 [+0100], Adam D. Barratt wrote:
>
> Were you assuming that libclamunrar would also be in that set, or just
> clamav itself?
Please go ahead with Clamav. I will ping the libclamunrar bug once it
got through NEW.
> Regards,
>
> Adam
Sebastian
1 - 100 of 258 matches
Mail list logo