Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1

2024-03-24 Thread Sebastian Andrzej Siewior
On 2024-03-24 20:06:12 [+], Adam D. Barratt wrote: > On Mon, 2024-03-04 at 07:38 +0100, Sebastian Andrzej Siewior wrote: > > This is an update to the current stable OpenSSL release in the 3.0.x > > series. It addresses the following CVE reports which were postponed > >

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-03-08 Thread Sebastian Andrzej Siewior
On 2024-03-08 07:38:10 [+], Adam D. Barratt wrote: > On Fri, 2024-02-09 at 23:12 +0100, Sebastian Andrzej Siewior wrote: > > This is an update to the latest clamav release in the 1.0.x series. > > One small thing you may want to fix for any follow-up updates: > >

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-03-03 Thread Sebastian Andrzej Siewior
On 2024-02-09 23:12:18 [+0100], To sub...@bugs.debian.org wrote: > Package: release.debian.org > Control: affects -1 + src:clamav > X-Debbugs-Cc: cla...@packages.debian.org > User: release.debian@packages.debian.org > Usertags: pu > Tags: bookworm > Severity: normal > > This is an update to

Bug#1065413: bookworm-pu: package openssl/3.0.13-1~deb12u1

2024-03-03 Thread Sebastian Andrzej Siewior
Package: release.debian.org Control: affects -1 + src:openssl X-Debbugs-Cc: open...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bookworm X-Debbugs-Cc: sebast...@breakpoint.cc Severity: normal This is an update to the current stable OpenSSL release in the

Bug#1063621: bookworm-pu: package clamav/clamav_1.0.5+dfsg-1~deb12u1

2024-02-09 Thread Sebastian Andrzej Siewior
; +j += strlen(FILENAME_DISABLED_MESSAGE); i++; } else { buffer_cmd[j++] = opt->strarg[i]; diff --git a/common/optparser.c b/common/optparser.c index a7bdbee..1be7afe 100644 --- a/common/optparser.c +++ b/common/optparser.c @@ -333,7 +333,7 @@ co

Bug#1058700: nmu: dar_2.7.13-2

2023-12-14 Thread Sebastian Andrzej Siewior
Package: release.debian.org Control: affects -1 + src:dar User: release.debian@packages.debian.org Usertags: binnmu Severity: normal Hi, if I see this correctly then dar 2.7.13-2 won't migrate to testing because it was built using openssl 3.0.12-1. This version isn't in testing and if

Re: OpenSSL transition to testing

2023-11-23 Thread Sebastian Andrzej Siewior
On 2023-11-22 22:15:43 [+0100], Jérémy Lal wrote: > Plase wait a moment before doing more uploads. > I am gonna deal with it before the end the week. Sorry for that. Sorry for any trouble I may have caused. I haven't had any response and I wasn't granted any free rider card so I started

OpenSSL transition to testing

2023-11-17 Thread Sebastian Andrzej Siewior
Hi, OpenSSL didn't migrate to testing for two reasons: #1 Didn't build on mips64el because slow buildd is slow. #2 Autopkgtest fails in the latest version due to changes in OpenSSL. For #1 Kurt increased the priority so it might build eventually. #2. This is known by nodejs upstream and has

Bug#1051884: bullseye-pu: package openssl/1.1.1w-0~deb11u1

2023-10-02 Thread Sebastian Andrzej Siewior
On 2023-10-02 13:41:17 [+0200], Cyril Brulebois wrote: > Adam D. Barratt (2023-10-02): > > Unfortunately, the version format change from -0+deb11uX to -0~deb11uX > > has broken the installer. > > > > The udebs end up with dependencies of the form ">= 1.1.1w", which > > 1.1.1w-0~deb11u1 doesn't

Bug#1053001: bookworm-pu: package openssl/3.0.11-1~deb12u1

2023-09-26 Thread Sebastian Andrzej Siewior
Package: release.debian.org Control: affects -1 + src:openssl X-Debbugs-Cc: open...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bookworm X-Debbugs-Cc: sebast...@breakpoint.cc Severity: normal This is an update of the openssl package to the 3.0.11 version, a

Bug#1052070: bookworm-pu: package mutt/2.2.12-0.1~deb12u1

2023-09-24 Thread Sebastian Andrzej Siewior
On 2023-09-23 20:39:32 [+0100], Adam D. Barratt wrote: > Please go ahead. Thanks, done. > Regards, > > Adam Sebastian

Bug#1052070: bookworm-pu: package mutt/2.2.12-0.1~deb12u1

2023-09-16 Thread Sebastian Andrzej Siewior
Package: release.debian.org Control: affects -1 + src:mutt X-Debbugs-Cc: m...@packages.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: bookworm X-Debbugs-Cc: sebast...@breakpoint.cc Severity: normal This is an update mutt package as provided by upstream to version

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

2023-09-15 Thread Sebastian Andrzej Siewior
On 2023-09-14 21:52:25 [+0100], Adam D. Barratt wrote: > > That's now out, as SUA-240-1. Thank you Adam. > Regards, > > Adam Sebastian

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

2023-09-14 Thread Sebastian Andrzej Siewior
On 2023-09-14 06:31:26 [+0100], Adam D. Barratt wrote: > On Wed, 2023-09-13 at 22:01 +0200, Sebastian Andrzej Siewior wrote: > > On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote: > > > How does this sound for an SUA? > [...] > > This sounds entirely fine to me. I do

Bug#1051884: bullseye-pu: package openssl/1.1.1w-0~deb11u1

2023-09-13 Thread Sebastian Andrzej Siewior
ain a copy @@ -82,13 +82,16 @@ if (!rsa_param_encode(pkey, , )) return 0; penclen = i2d_RSAPublicKey(pkey->pkey.rsa, ); -if (penclen <= 0) + if (penclen <= 0) { +ASN1_STRING_free(str); return 0; +} if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

2023-09-13 Thread Sebastian Andrzej Siewior
On 2023-09-13 17:26:46 [+0100], Adam D. Barratt wrote: > How does this sound for an SUA? > > === > Package : clamav > Version : 1.0.3+dfsg-1~deb12u1 [bookworm] >0.103.10+dfsg-0+deb11u1 [bullseye] > Importance : medium > > ClamAV

Bug#1050639: bookworm-pu: package clamav/1.0.2+dfsg-1~deb12u1

2023-09-09 Thread Sebastian Andrzej Siewior
-1.0.3+dfsg/debian/changelog 2023-09-09 16:36:13.0 +0200 @@ -1,3 +1,10 @@ +clamav (1.0.3+dfsg-1~deb12u1) bookworm; urgency=medium + + * Import 1.0.3 + * Remove unnecessary warning messages in freshclam during update. + + -- Sebastian Andrzej Siewior Sat, 09 Sep 2023 16:36:13 +0200

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-09 Thread Sebastian Andrzej Siewior
https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/]) dnl put configure auxiliary into config AC_CONFIG_AUX_DIR([config]) diff -Nru clamav-0.103.9+dfsg/debian/changelog clamav-0.103.10+dfsg/debian/changelog --- clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-08 Thread Sebastian Andrzej Siewior
On 2023-09-04 21:18:35 [+0200], To Adam D. Barratt wrote: > > The next point release for both bullseye and bookworm is in a month. > > Were you looking to have the clamav updates published via -updates > > before that point? > > I almost started preparing 0.103.10 I think it will be easier to go

Bug#1050573: bullseye-pu: package openssl/1.1.1v-0~deb11u1

2023-09-07 Thread Sebastian Andrzej Siewior
On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote: > This is an update of the openssl package to the 1.1.1v version, a patch > release Upstream announced to release 1.1.1w on 11th September. They said it is a "security-fix" with the highest severity defined as "low". This is also

Bug#1051084: bookworm-pu: package kernelshark/2.2.1-1~deb12u1

2023-09-05 Thread Sebastian Andrzej Siewior
On 2023-09-05 17:36:41 [+0100], Jonathan Wiltshire wrote: > > Please go ahead. Thanks, done. > Thanks, Sebastian

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-09-04 Thread Sebastian Andrzej Siewior
On 2023-09-04 19:52:23 [+0100], Adam D. Barratt wrote: > On Sun, 2023-08-27 at 13:20 +0200, Sebastian Andrzej Siewior wrote: > > This is a stable update from clamav upstream in the 0.103.x series. > > It fixes the following CVE > > - CVE-2023-20197 (Possible Do

Bug#1051084: bookworm-pu: package kernelshark/2.2.1-1~deb12u1

2023-09-02 Thread Sebastian Andrzej Siewior
for version update. + * Fix package description. (Closes: #1028585) + + -- Sebastian Andrzej Siewior Sat, 02 Sep 2023 15:29:41 +0200 + kernelshark (2.2.0-2) unstable; urgency=medium * Fix symlink names. (Closes: #1035449) diff -Nru kernelshark-2.2.0/debian/control kernelshark-2.2.1/debian

Bug#1050638: bullseye-pu: package clamav/0.103.9+dfsg-0+deb11u1

2023-08-27 Thread Sebastian Andrzej Siewior
R([config]) diff -Nru clamav-0.103.8+dfsg/debian/changelog clamav-0.103.9+dfsg/debian/changelog --- clamav-0.103.8+dfsg/debian/changelog 2023-02-17 21:43:57.0 +0100 +++ clamav-0.103.9+dfsg/debian/changelog 2023-08-27 11:57:11.0 +0200 @@ -1,3 +1,10 @@ +clamav (0.103.9+dfsg-0+deb11

Bug#1050573: bullseye-pu: package openssl/1.1.1v-0~deb11u1

2023-08-26 Thread Sebastian Andrzej Siewior
On 2023-08-26 14:50:09 [+0200], To sub...@bugs.debian.org wrote: > Package: release.debian.org > Control: affects -1 + src:openssl > User: release.debian@packages.debian.org > Usertags: pu > Tags: bullseye > Severity: normal > > This is an update of the openssl package to the 1.1.1v version,

Bug#1035310: bullseye-pu: package xz-utils/5.2.11-0~deb11u1

2023-06-27 Thread Sebastian Andrzej Siewior
On 2023-06-26 18:10:57 [+0100], Jonathan Wiltshire wrote: > Control: tag -1 moreinfo > > You're both going to have to help me a) understand what is the user-facing > problem you're solving which is necessary to fix in stable and b) whether > you're both agreed on how to fix it. a) The bpo of

Bug#1036957: unblock: openssl/3.0.8-1

2023-05-30 Thread Sebastian Andrzej Siewior
control: retitle -1 unblock: openssl/3.0.9-1 On 2023-05-30 22:16:53 [+0200], To sub...@bugs.debian.org wrote: > > Please unblock package openssl. > > The 3.0.9 release contains security and non-security related fixes for > the package. There are five new CVEs in total that has been addressed. >

Re: Upcoming OpenSSL release

2023-05-29 Thread Sebastian Andrzej Siewior
On 2023-05-28 07:44:13 [+0200], Paul Gevers wrote: > Hi, Hi, > Given the impact of openssl, lets have that exception. Quiet period starts > on 2023-06-04, we need to ensure it migrated *before* then. Okay. I'm going to upload to unstable and open an unblock bug. Thank you for the confirmation.

Upcoming OpenSSL release

2023-05-27 Thread Sebastian Andrzej Siewior
Hi, there is an upcoming OpenSSL scheduled for next TUE (2023-05-30) including one security fix of moderate severity [0]. For Bullseye I am going backport ~6 fixes (4 security fixes of minor severity which were not yet addressed, the upcoming fix and an alternative fix for CVE-2022-4304). _Later_

Bug#1035310: bullseye-pu: package xz-utils/5.2.11-0~deb11u1

2023-04-30 Thread Sebastian Andrzej Siewior
On 2023-04-30 18:43:18 [+0200], Helge Kreutzmann wrote: > Hello Sebastian, Hi Helge, > > - the backport package of manpages-de and manpages-fr provides a > > man page for xz. These files conflict with the one provided by > > xz-utils package. The bpo package and xz-utils in Bookworm have

Bug#1031536: bullseye-pu: package clamav/0.103.8+dfsg-0+deb11u1

2023-02-17 Thread Sebastian Andrzej Siewior
ig AC_CONFIG_AUX_DIR([config]) diff -Nru clamav-0.103.7+dfsg/debian/changelog clamav-0.103.8+dfsg/debian/changelog --- clamav-0.103.7+dfsg/debian/changelog 2022-08-21 21:28:52.0 +0200 +++ clamav-0.103.8+dfsg/debian/changelog 2023-02-17 21:43:57.0 +0100 @@ -1,3 +1,11 @@ +clamav (0

Bug#1018904: bullseye-pu: package clamav/0.103.7+dfsg-0+deb11u1

2022-09-02 Thread Sebastian Andrzej Siewior
On 2022-09-02 17:02:38 [+0100], Adam D. Barratt wrote: > Please go ahead, bearing in mind that the window for getting updates > into 11.5 (and thus bullseye-updates prior to 11.5 being released) > closes over this weekend. just uploaded. > Given that 11.5 is scheduled for a week tomorrow, would

Bug#1018905: buster-pu: package clamav/0.103.7+dfsg-0+deb10u1

2022-09-01 Thread Sebastian Andrzej Siewior
909aed8 -7135300 +276875cec2e8a64a834e0c5e9f988aebe0d3ab25 +276875cec2e8a64a834e0c5e9f988aebe0d3ab25 +d1ea680af611ee417616ec3d8615a0e67a495795 +d1ea680af611ee417616ec3d8615a0e67a495795 +clamav_0.103.7+dfsg.orig.tar.xz +f0708e3df3a432def23c384d28fb3a4628efcfd5 +7136624 diff --git a/debian/changelog b

Bug#1018904: bullseye-pu: package clamav/0.103.7+dfsg-0+deb11u1

2022-09-01 Thread Sebastian Andrzej Siewior
af6e140ea150e0f219c86594f3bc04cb +d1ea680af611ee417616ec3d8615a0e67a495795 +d1ea680af611ee417616ec3d8615a0e67a495795 +clamav_0.103.7+dfsg.orig.tar.xz +f0708e3df3a432def23c384d28fb3a4628efcfd5 +7136624 diff --git a/debian/changelog b/debian/changelog index c540f6f..5210a94 100644 --- a/debian/changelog

Bug#995636: transition: openssl

2022-06-09 Thread Sebastian Andrzej Siewior
On 2022-06-08 22:13:09 [+0200], Sebastian Ramacher wrote: > That would be much appreciated, thanks! Did so, sorry for the delay. I aimed for Monday but… > Cheers Sebastian

Bug#995636: transition: openssl

2022-06-05 Thread Sebastian Andrzej Siewior
On 5 June 2022 19:03:17 UTC, Kurt Roeckx wrote: >The suggestion was to make an openssl.cnf that's compatible with 1.1.1, >and so remove or comment out everything related to providers. > Ah okay. In that case let me so that tomorrow and close that rc bug with this change. > >Kurt > --

Bug#995636: transition: openssl

2022-06-05 Thread Sebastian Andrzej Siewior
On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote: > Hi Sebastian Hi Sebastian, > > Otherwise I'd fear that the only other options are openssl breaking > > libssl1.1 or renaming /etc/ssl/openssl.cnf to have a version specific > > name. Given the high number reverse dependencies involved in

Bug#995636: transition: openssl

2022-05-26 Thread Sebastian Andrzej Siewior
On 2022-05-26 18:26:57 [+0200], Sebastian Ramacher wrote: > Hi Sebastian Hi, > We're now at the following blockers for openssl's migration: … > Bugs for the autopkgtest regressions have been filed and some are > already fixed in unstable. So I'll add hints to ignore those > regressions. good. >

Bug#1011746: bullseye-pu: package clamav/0.103.6+dfsg-0+deb11u1

2022-05-26 Thread Sebastian Andrzej Siewior
ude searchindex.js clamav-0.103.5+dfsg/debian/changelog clamav-0.103.6+dfsg/debian/changelog --- clamav-0.103.5+dfsg/debian/changelog 2022-01-13 21:49:00.0 +0100 +++ clamav-0.103.6+dfsg/debian/changelog2022-05-26 10:17:16.0 +0200 @@ -1,3 +1,20 @@ +clamav (0.103.

Bug#1011745: buster-pu: package clamav/0.103.6+dfsg-0+deb10u1

2022-05-26 Thread Sebastian Andrzej Siewior
searchindex.js clamav-0.103.5+dfsg/debian/changelog clamav-0.103.6+dfsg/debian/changelog --- clamav-0.103.5+dfsg/debian/changelog 2022-01-13 21:51:03.0 +0100 +++ clamav-0.103.6+dfsg/debian/changelog2022-05-26 10:19:13.0 +0200 @@ -1,3 +1,20 @@ +clamav (0.103.6+dfsg-

Bug#995636: transition: openssl

2022-05-13 Thread Sebastian Andrzej Siewior
On 2022-05-09 00:11:22 [+0200], Sebastian Ramacher wrote: > Control: tags -1 = confirmed > > Please go ahead Thank you, done. > Cheers Sebastian

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-24 Thread Sebastian Andrzej Siewior
On 2022-03-24 12:39:55 [+], Adam D. Barratt wrote: > I've added that text to the announcement for the buster point release. Thanks. > If anyone has any changes, please yell ASAP. The gnutls and perl changes are not yet built. I guess this is intended ;) > Regards, > > Adam Sebastian

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-23 Thread Sebastian Andrzej Siewior
On 2022-03-23 17:40:59 [+], Adam D. Barratt wrote: > Right, let's have another go at this then: > > " > OpenSSL signature algorithm check tightening > = > > The OpenSSL update provided in this point release includes a > change to ensure that the

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-22 Thread Sebastian Andrzej Siewior
On 2022-03-22 21:47:52 [+0100], Kurt Roeckx wrote: > On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote: > > OpenSSL signature algorithm check tightening > > = > > > > The OpenSSL update included in this point release includes a change to >

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-21 Thread Sebastian Andrzej Siewior
On 2022-03-21 22:11:17 [+0100], Julien Cristau wrote: > Hi, Hi, > Specifically, we were hoping to better understand the risk of openssl > changes breaking existing setups. It's possible the issues with gnutls > and libnet-ssleay-perl tests were narrowly scoped enough that that risk > is low, but

Bug#1008062: buster-pu: package gnutls28/3.6.7-4+deb10u7.1

2022-03-21 Thread Sebastian Andrzej Siewior
On 2022-03-21 22:04:08 [+0100], Salvatore Bonaccorso wrote: > Hi Sebastian, Hi Salvatore, > > +gnutls28 (3.6.7-4+deb10u7.1) buster; urgency=medium > > As not yet uploaded, can you change this to 3.6.7-4+deb10u8 instead. Just did so. > Regards, > Salvatore Sebastian

Bug#1008062: buster-pu: package gnutls28/3.6.7-4+deb10u7.1

2022-03-21 Thread Sebastian Andrzej Siewior
-improve-testing-against-secured-O.patch to +pass testsuite with openssl 1.1.1e. + + -- Sebastian Andrzej Siewior Mon, 21 Mar 2022 14:52:01 +0100 + gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium * 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from diff -Nru

Bug#1008056: [Pkg-openssl-devel] Bug#1008056: buster-pu: package libnet-ssleay-perl/1.85-2.1

2022-03-21 Thread Sebastian Andrzej Siewior
On 2022-03-21 17:55:00 [+0200], Adrian Bunk wrote: > > * Backport upstream fix for test failures with OpenSSL 1.1.1n. > > (Closes: #1008055) Thank you Adrian. Sebastian

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-21 Thread Sebastian Andrzej Siewior
VEL=2 and +requiring minimum TLSv1.2. However, smaller hashes/keys/versions are +allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos, +and thus enabling testing more compatability combinations. + +Signed-off-by: Dimitri John Ledkov +Signed-off-by: Sebastian Andrzej Siewior +--- +

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

2022-03-20 Thread Sebastian Andrzej Siewior
On 2022-03-20 23:15:57 [+0100], Kurt Roeckx wrote: > > https://ci.debian.net/data/autopkgtest/oldstable/amd64/g/gnutls28/20199677/log.gz > > > > Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)... > > %COMPAT: Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)... > > *** Fatal error: A TLS fatal alert

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-03-18 Thread Sebastian Andrzej Siewior
On 2022-03-18 14:51:32 [+], Adam D. Barratt wrote: > Boo. Hope you're doing better. Thanks, yes. > > I would also do the upload for Buster, would that work? I remember > > that > > the packages, that broken, were already uploaded a few cycles ago. > > Also as 1.1.1n? Yes. > I assume there

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-03-18 Thread Sebastian Andrzej Siewior
On 2022-03-18 09:21:50 [+], Adam D. Barratt wrote: > Apologies if the status here got confused - based on the above, I was > assuming that in the absence of a negative response you would proceed > with the 1.1.1n-0+deb11u1 plan. For complete clarity, please feel free > to do so, bearing in

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-03-08 Thread Sebastian Andrzej Siewior
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote: > Feel free to upload; we'll wait for the d-i ack before accepting the > package into p-u. There will be the release of 1.1.1n on Tuesday 15th March 2022 including a security fix. Therefore I will: - prepare a security release against

Bug#995636: transition: openssl

2022-03-01 Thread Sebastian Andrzej Siewior
Control: tags -1 - moreinfo Removing moreinfo tag since I provide more information in my previous reply. On 2022-02-28 00:23:22 [+0100], To 995...@bugs.debian.org wrote: > On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote: > > On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote: >

Bug#995636: transition: openssl

2022-02-27 Thread Sebastian Andrzej Siewior
On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote: > On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote: > > > Could you please update this transition request? It's open for four > > > months and no visible response. > > > > Kurt mention some 100 packages failing to build. I only

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-24 Thread Sebastian Andrzej Siewior
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote: > > Feel free to upload; we'll wait for the d-i ack before accepting the > package into p-u. Okay. The Bullseye package has been uploaded. > Regards, > > Adam Sebastian

Bug#1003484: bullseye-pu: package openssl/1.1.1m-0+deb11u1

2022-02-19 Thread Sebastian Andrzej Siewior
On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote: > Control: tags -1 + confirmed d-i … > Thanks. Assuming the above is still accurate, then this looks good to > me. > > As the package builds a udeb, it will need a d-i ack; tagging and CCing > accordingly. I'm confused. May I upload or do I

Bug#995636: transition: openssl

2022-02-14 Thread Sebastian Andrzej Siewior
On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote: > > Could you please update this transition request? It's open for four > > months and no visible response. > > Kurt mention some 100 packages failing to build. I only see a handfull > of bugs filed. So what's the status on those build

Bug#1002298: bullseye-pu: package clamav/0.103.4+dfsg-0+deb11u1

2022-01-25 Thread Sebastian Andrzej Siewior
On 2022-01-25 18:46:16 [+], Adam D. Barratt wrote: > For the record, .5 was released via {buster,bullseye}-updates last > night; see SUA211-1 / > https://lists.debian.org/debian-stable-announce/2022/01/msg1.html Thank you. > Regards, > > Adam Sebastian

Bug#1002298: bullseye-pu: package clamav/0.103.4+dfsg-0+deb11u1

2022-01-14 Thread Sebastian Andrzej Siewior
1 Cisco Systems, Inc. and/or its affiliates. All rights reserved. +dnl Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved. dnl Copyright (C) 2007-2013 Sourcefire, Inc. dnl Copyright (C) 2002-2007 Tomasz Kojm dnl socklen_t check (c) Alexander V. Lukyanov

Bug#1002298: bullseye-pu: package clamav/0.103.4+dfsg-0+deb11u1

2022-01-12 Thread Sebastian Andrzej Siewior
On 2022-01-11 21:17:54 [+], Adam D. Barratt wrote: > Now that the equivalent update made it to stretch, this seems as good a > time as any - I'm assuming that no major issues have ben reported in > unstable in the meantime? correct. > I wasn't really sure which of the changes made sense to

Bug#1002298: bullseye-pu: package clamav/0.103.4+dfsg-0+deb11u1

2021-12-23 Thread Sebastian Andrzej Siewior
On 2021-12-23 15:38:16 [+], Adam D. Barratt wrote: > Hi, Hi Adam, > fwiw, even with the reduced diffs, neither request made it to debian- > release. Oh shoot. You're the best Adam. I meant to ping the list in case it didn't make through but forgot to check… > Were you anticipating that

Bug#995636: OpenSSL 3.0 - Apache 2.0 vs GPL 2 (Re: Bug#995636: transition: openssl)

2021-10-05 Thread Sebastian Andrzej Siewior
On 2021-10-05 20:03:49 [+0200], Michael Biebl wrote: > Hi Kurt, hi Luca, hi everyone, Hi Michael, > That said, I'm not a lawyer and reading license texts hurts my brain. > So my goal is is mainly to raise awareness of this issue and seek input from > the community. GPL code which linked against

Bug#993822: bullseye-pu: package clamav/0.103.3+dfsg-0+deb11u1

2021-09-10 Thread Sebastian Andrzej Siewior
On 2021-09-10 11:49:39 [+0100], Adam D. Barratt wrote: > It appears that the bullseye upload is stuck on the upload queue, > because: Thank you. > Regards, > > Adam Sebastian

Bug#993823: buster-pu: package clamav/0.103.3+dfsg-0+deb10u1

2021-09-06 Thread Sebastian Andrzej Siewior
toconf 2.69. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -31963,7 +31963,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version=&

Bug#993822: bullseye-pu: package clamav/0.103.3+dfsg-0+deb11u1

2021-09-06 Thread Sebastian Andrzej Siewior
LES= $CONFIG_FILES @@ -31963,7 +31963,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version="\\ -ClamAV config.status 0.103.2 +ClamAV config.stat

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-23 Thread Sebastian Andrzej Siewior
On 2021-04-23 08:21:44 [+0100], Adam D. Barratt wrote: > Ah, apologies for not spotting that from your earlier mail. An updated > draft: This is perfect Adam, thank you. > > Regards, > > Adam > Sebastian

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-23 Thread Sebastian Andrzej Siewior
On 2021-04-22 16:58:46 [+0100], Adam D. Barratt wrote: > On Wed, 2021-04-21 at 21:35 +0200, Sebastian Andrzej Siewior wrote: > > On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote: > > > Please feel free to upload. I assume that, given there are security > > > f

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-21 Thread Sebastian Andrzej Siewior
On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote: > > I'm certainly happy to defer to your judgement here, given our previous > experience with clamav updates in stable. I was simply trying to > ascertain the scale of the update involved, but fear I may have just > confused the discussion;

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-20 Thread Sebastian Andrzej Siewior
On 2021-04-19 21:15:06 [+0100], Adam D. Barratt wrote: > > > I guess the diff against the current buster package is quite large > > > by > > > this point? > > > > What do you mean by this point? We did full clamav uploads in the > > past. > > Please excuse if I miss something obvious. > > Sorry,

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-19 Thread Sebastian Andrzej Siewior
On 2021-04-19 19:41:58 [+0100], Adam D. Barratt wrote: > On Fri, 2021-04-16 at 09:27 +0200, Sebastian Andrzej Siewior wrote: > > This is an update from ClamAV from 0.102.4 to 0.103.2. The 103 > > release was in unstable since the beginning. I skipped it for Buster > > back

Bug#987038: buster-pu: package clamav/0.103.2+dfsg-0+deb10u1

2021-04-16 Thread Sebastian Andrzej Siewior
Package: release.debian.org User: release.debian@packages.debian.org Usertags: pu Tags: buster Severity: normal This is an update from ClamAV from 0.102.4 to 0.103.2. The 103 release was in unstable since the beginning. I skipped it for Buster back then because the 102 based release recevied

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-03-28 Thread Sebastian Andrzej Siewior
T)) { ctx->error = X509_V_ERR_INVALID_EXTENSION; diff --git a/debian/changelog b/debian/changelog index 45bfdb99fe8d9..9d1b9d6590ab9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,16 @@ -openssl (1.1.1j-0+deb10u1) buster; urgency=medium +openssl (1.1.1k-0+deb10u1) bust

Bug#961654: buster-pu: package bzip2/1.0.6-9.2~deb10u1

2021-03-22 Thread Sebastian Andrzej Siewior
On 2020-07-21 16:53:23 [+0200], Santiago Ruano Rincón wrote: > diff -Nru bzip2-1.0.6/debian/rules bzip2-1.0.6/debian/rules > --- bzip2-1.0.6/debian/rules 2019-06-24 22:16:40.0 +0200 > +++ bzip2-1.0.6/debian/rules 2020-07-21 10:31:21.0 +0200 > @@ -14,6 +14,9 @@ >

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-03-22 Thread Sebastian Andrzej Siewior
Resending because I managed to accidently clear TO: On 2021-03-22 19:48:31 [+0100], Cc 959...@bugs.debian.org wrote: > On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote: > > On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote: > > > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-03-22 Thread Sebastian Andrzej Siewior
On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote: > On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote: > > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security > > fix classified as MODERATE [1]. So this happened. OpenSSL upstream announced [0] 1.1.1k for next Thursday

Bug#985570: unblock: clamtk/6.03-3

2021-03-20 Thread Sebastian Andrzej Siewior
an/changelog 2021-03-20 09:37:26.0 +0100 @@ -1,3 +1,15 @@ +clamtk (6.03-3) unstable; urgency=medium + + * Upload to unstable. + + -- Sebastian Andrzej Siewior Sat, 20 Mar 2021 09:37:26 +0100 + +clamtk (6.03-2) experimental; urgency=medium + + * Remove no-separator from window decorat

Bug#983485: buster-pu: package m2crypto/0.31.0-4+deb10u2

2021-03-13 Thread Sebastian Andrzej Siewior
On 2021-03-13 17:31:50 [+], Adam D. Barratt wrote: > Please go ahead. Thanks, uploaded. > Regards, > > Adam Sebastian

Bug#983071: unblock: xz-utils/5.2.5-1.1

2021-03-08 Thread Sebastian Andrzej Siewior
On 2021-03-08 18:54:22 [+0100], Paul Gevers wrote: > Hi, Hi, > Please upload to unstable. As said, we'll let it age a bit there. Thanks, uploaded. > Paul Sebastian

Bug#983071: unblock: xz-utils/5.2.5-1.1

2021-03-04 Thread Sebastian Andrzej Siewior
ix to xzgrep (similar to xzcmp in #844770). + + -- Sebastian Andrzej Siewior Tue, 02 Mar 2021 21:50:25 +0100 + xz-utils (5.2.5-1.0) unstable; urgency=medium * Non-maintainer upload. diff -Nru xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch xz-utils-5.2.5/debian/pat

Bug#983071: unblock: xz-utils/5.2.5-1.1

2021-03-02 Thread Sebastian Andrzej Siewior
On 2021-03-02 19:44:58 [+0100], Paul Gevers wrote: > Hi Sebastian, Hi Paul, > Unfortunately we haven't made up our mind yet, but to get some (albeit > limited) exposure and autopkgtest coverage (via the pseudo-excuses) [2], > I think your chances for a go are higher if the proposed package is >

Bug#983485: buster-pu: package m2crypto/0.31.0-4+deb10u2

2021-02-24 Thread Sebastian Andrzej Siewior
Andrzej Siewior Tue, 23 Feb 2021 23:41:19 +0100 + m2crypto (0.31.0-4+deb10u1) buster; urgency=medium * Non-maintainer upload. diff -Nru m2crypto-0.31.0/debian/patches/MR262.patch m2crypto-0.31.0/debian/patches/MR262.patch --- m2crypto-0.31.0/debian/patches/MR262.patch 1970-01-01 01:00

Bug#983071: unblock: xz-utils/5.2.5-1.1

2021-02-18 Thread Sebastian Andrzej Siewior
0 +0100 +++ xz-utils-5.2.5/debian/changelog 2021-02-18 23:12:30.0 +0100 @@ -1,3 +1,10 @@ +xz-utils (5.2.5-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Update the patches for #844770 and #975981 to what upstream applied. + + -- Sebastian Andrzej Siewior Thu, 18 Feb 20

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-02-10 Thread Sebastian Andrzej Siewior
On 2021-02-01 23:50:03 [+0100], To Kurt Roeckx wrote: > in case someone wants to test. > I think the ship for this pu is sailing without me but I'm ready for the > next cruise :) OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security fix classified as MODERATE [1]. [0]

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-02-01 Thread Sebastian Andrzej Siewior
(1.1.1i-0+deb10u1) buster; urgency=medium (Closes: #947949). * Update symbol list. * Apply two patches from upstream to address x509 related regressions. + * Cherry-pick a patch from upstream to address #13931. - -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 11:22:16 +0100 + -- Seba

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-29 Thread Sebastian Andrzej Siewior
On 2021-01-28 00:28:03 [+0100], Kurt Roeckx wrote: > On Thu, Jan 14, 2021 at 07:03:37PM +0100, Kurt Roeckx wrote: > > There are a whole bunch of other issues and pull requests related to > > this. I hope this is the end of the regressions in the X509 code. > > So there is something else now: >

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-25 Thread Sebastian Andrzej Siewior
On 2021-01-25 19:57:18 [+0100], Cyril Brulebois wrote: > Not really *much* easier, to be honest. I can definitely build a package > locally given a source debdiff, or slightly better, given a source > package I can run dget against (since we're talking about new upstream > releases, by the looks

Bug#980919: buster-pu: package m2crypto/0.31.0-4+deb10u1

2021-01-25 Thread Sebastian Andrzej Siewior
On 2021-01-25 17:51:28 [+], Adam D. Barratt wrote: > Please go ahead; thanks. Uploaded. Thank you. > Regards, > > Adam Sebastian

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-24 Thread Sebastian Andrzej Siewior
On 2021-01-22 16:38:28 [+], Adam D. Barratt wrote: > Assuming that a patched m2crypto will also build fine against openssl > 1.1.1d, then there's no reason that the two shouldn't proceed in > parallel (i.e. feel free to file the m2crypto request already). Yes, it does. Bug filled. Thank you.

Bug#980919: buster-pu: package m2crypto/0.31.0-4+deb10u1

2021-01-24 Thread Sebastian Andrzej Siewior
/changelog 2021-01-24 12:01:15.0 +0100 @@ -1,3 +1,11 @@ +m2crypto (0.31.0-4+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * debian/patches/MR261.patch +- fix compatibility with openssl/1.1.1i+; Closes: #954402 + + -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 12:01:15

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-24 Thread Sebastian Andrzej Siewior
4,9 @@ openssl (1.1.1i-0+deb10u1) buster; urgency=medium - CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure), (Closes: #947949). * Update symbol list. + * Apply two patches from upstream to address x509 related regressions. - -- Sebastian Andrzej Siewior Wed, 06 Jan 2

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-21 Thread Sebastian Andrzej Siewior
On 2021-01-16 19:14:53 [+0100], Kurt Roeckx wrote: > So I went over the open issues and pull requests, and currently > don't see a reason not to upload it to unstable with those 2 > patches. I don't know about any other regressions in 1.1.1. The openssl package migrated to testing. I would

Bug#959469: buster-pu: package openssl/1.1.1g-1

2021-01-14 Thread Sebastian Andrzej Siewior
On 2021-01-14 19:03:37 [+0100], Kurt Roeckx wrote: > > Do you have pointers to upstream issues? > > There are a whole bunch of other issues and pull requests related to > this. I hope this is the end of the regressions in the X509 code. Okay. Please ping once this gets sorted out and I will

Bug#959469: buster-pu: package openssl/1.1.1g-1

2020-11-24 Thread Sebastian Andrzej Siewior
On 2020-11-24 20:18:15 [+], Adam D. Barratt wrote: > That would be preferable at this point, yes, sorry. We should try and > make sure it's sorted soon afterwards though, to avoid things getting > stuck again. I will set up an alarm on my side :) > At some point, could we please have a

Bug#959469: buster-pu: package openssl/1.1.1g-1

2020-11-20 Thread Sebastian Andrzej Siewior
On 2020-11-20 17:24:30 [+], Adam D. Barratt wrote: > Predictably we're again quite close to a point release. :-( (One week > from freeze, specifically.) oh. > Looking at the upstream issues regarding certificate validation changes > between 1.1.1e and f/g, #11456 appears to have been

Bug#959469: buster-pu: package openssl/1.1.1g-1

2020-11-15 Thread Sebastian Andrzej Siewior
On 2020-11-15 20:59:18 [+0100], Paul Gevers wrote: > Hi Sebastian, Hi Paul, > I don't fully understand what you say here. We *do* run autopkgtests in > stable to check for issues. Yes, but the package does not use it in stable. Sebastian

Bug#959469: buster-pu: package openssl/1.1.1g-1

2020-11-15 Thread Sebastian Andrzej Siewior
control: retitle -1 buster-pu: package openssl/1.1.1h-1 On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote: > > > Do we have any feeling for how widespread such certificates might > > > be? > > > The fact that there have been two different upstream reports isn't > > > particularly comforting.

Bug#965257: buster-pu: package clamav/0.102.4+dfsg-0+deb10u1

2020-07-18 Thread Sebastian Andrzej Siewior
av.net/], [clamav], [https://www.clamav.net/]) +AC_INIT([ClamAV], [0.102.4], [https://bugzilla.clamav.net/], [clamav], [https://www.clamav.net/]) dnl put configure auxiliary into config AC_CONFIG_AUX_DIR([config]) diff -Nru clamav-0.102.3+dfsg/debian/changelog clamav-0.102.4+dfsg/debian/cha

Bug#961441: buster-pu: package libclamunrar/0.102.3-0+deb10u1

2020-06-06 Thread Sebastian Andrzej Siewior
On 2020-05-28 21:56:25 [+0100], Adam D. Barratt wrote: > Please feel free to go ahead. The NEW queue has been passed. > Regards, > > Adam Sebastian

Bug#961439: buster-pu: package clamav/0.102.3+dfsg-0+deb10u1

2020-06-04 Thread Sebastian Andrzej Siewior
On 2020-06-01 18:52:49 [+0100], Adam D. Barratt wrote: > > Were you assuming that libclamunrar would also be in that set, or just > clamav itself? Please go ahead with Clamav. I will ping the libclamunrar bug once it got through NEW. > Regards, > > Adam Sebastian

  1   2   3   >