ERSION="0.103.3"
major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"`
minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"`
@@ -31896,7 +31896,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options hand
; >>confdefs.h
-VERSION="0.103.2"
+VERSION="0.103.3"
major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"`
minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"`
@@ -31896,7 +31896,7 @@
# report actual input values of CONFIG_
/debian/changelog 2021-03-20 09:37:26.0 +0100
@@ -1,3 +1,15 @@
+clamtk (6.03-3) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Sebastian Andrzej Siewior Sat, 20 Mar 2021 09:37:26 +0100
+
+clamtk (6.03-2) experimental; urgency=medium
+
+ * Remove no-separator from window de
On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
> > fix classified as MODERATE [1].
So this happened. OpenSSL upstream announced [0] 1.1.1k for next
Thursday (25
Resending because I managed to accidently clear TO:
On 2021-03-22 19:48:31 [+0100], Cc 959...@bugs.debian.org wrote:
> On 2021-02-24 23:23:07 [+0100], To Kurt Roeckx wrote:
> > On 2021-02-10 21:52:46 [+0100], To Kurt Roeckx wrote:
> > > OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a
On 2020-07-21 16:53:23 [+0200], Santiago Ruano Rincón wrote:
> diff -Nru bzip2-1.0.6/debian/rules bzip2-1.0.6/debian/rules
> --- bzip2-1.0.6/debian/rules 2019-06-24 22:16:40.0 +0200
> +++ bzip2-1.0.6/debian/rules 2020-07-21 10:31:21.0 +0200
> @@ -14,6 +14,9 @@
> DEB_BUILD_MAINT_O
G_X509_STRICT)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
diff --git a/debian/changelog b/debian/changelog
index 45bfdb99fe8d9..9d1b9d6590ab9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,16 @@
-openssl (1.1.1j-0+deb10u1) buster; urgency=medium
+openssl (1.1.1k-0
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal
This is an update from ClamAV from 0.102.4 to 0.103.2. The 103 release
was in unstable since the beginning. I skipped it for Buster back then
because the 102 based release recevied a
On 2021-04-19 19:41:58 [+0100], Adam D. Barratt wrote:
> On Fri, 2021-04-16 at 09:27 +0200, Sebastian Andrzej Siewior wrote:
> > This is an update from ClamAV from 0.102.4 to 0.103.2. The 103
> > release was in unstable since the beginning. I skipped it for Buster
> > back
On 2021-04-19 21:15:06 [+0100], Adam D. Barratt wrote:
> > > I guess the diff against the current buster package is quite large
> > > by
> > > this point?
> >
> > What do you mean by this point? We did full clamav uploads in the
> > past.
> > Please excuse if I miss something obvious.
>
> Sorry,
On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote:
>
> I'm certainly happy to defer to your judgement here, given our previous
> experience with clamav updates in stable. I was simply trying to
> ascertain the scale of the update involved, but fear I may have just
> confused the discussion; pe
On 2021-04-22 16:58:46 [+0100], Adam D. Barratt wrote:
> On Wed, 2021-04-21 at 21:35 +0200, Sebastian Andrzej Siewior wrote:
> > On 2021-04-20 20:52:09 [+0100], Adam D. Barratt wrote:
> > > Please feel free to upload. I assume that, given there are security
> > > fixe
On 2021-04-23 08:21:44 [+0100], Adam D. Barratt wrote:
> Ah, apologies for not spotting that from your earlier mail. An updated
> draft:
This is perfect Adam, thank you.
>
> Regards,
>
> Adam
>
Sebastian
On 2021-09-10 11:49:39 [+0100], Adam D. Barratt wrote:
> It appears that the bullseye upload is stuck on the upload queue,
> because:
Thank you.
> Regards,
>
> Adam
Sebastian
On 2021-10-05 20:03:49 [+0200], Michael Biebl wrote:
> Hi Kurt, hi Luca, hi everyone,
Hi Michael,
> That said, I'm not a lawyer and reading license texts hurts my brain.
> So my goal is is mainly to raise awareness of this issue and seek input from
> the community.
GPL code which linked against O
On 2021-12-23 15:38:16 [+], Adam D. Barratt wrote:
> Hi,
Hi Adam,
> fwiw, even with the reduced diffs, neither request made it to debian-
> release.
Oh shoot. You're the best Adam. I meant to ping the list in case it
didn't make through but forgot to check…
> Were you anticipating that 0.103
On 2022-01-11 21:17:54 [+], Adam D. Barratt wrote:
> Now that the equivalent update made it to stretch, this seems as good a
> time as any - I'm assuming that no major issues have ben reported in
> unstable in the meantime?
correct.
> I wasn't really sure which of the changes made sense to me
g/configure.ac
--- clamav-0.103.4+dfsg/configure.ac 2021-11-13 21:57:13.0 +0100
+++ clamav-0.103.5+dfsg/configure.ac 2022-01-12 20:53:22.0 +0100
@@ -1,4 +1,4 @@
-dnl Copyright (C) 2013-2021 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
+dnl Copyright (C) 2013-20
On 2022-01-25 18:46:16 [+], Adam D. Barratt wrote:
> For the record, .5 was released via {buster,bullseye}-updates last
> night; see SUA211-1 /
> https://lists.debian.org/debian-stable-announce/2022/01/msg1.html
Thank you.
> Regards,
>
> Adam
Sebastian
On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
> > Could you please update this transition request? It's open for four
> > months and no visible response.
>
> Kurt mention some 100 packages failing to build. I only see a handfull
> of bugs filed. So what's the status on those build fai
On 2022-02-19 17:04:16 [+], Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
…
> Thanks. Assuming the above is still accurate, then this looks good to
> me.
>
> As the package builds a udeb, it will need a d-i ack; tagging and CCing
> accordingly.
I'm confused. May I upload or do I w
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote:
>
> Feel free to upload; we'll wait for the d-i ack before accepting the
> package into p-u.
Okay. The Bullseye package has been uploaded.
> Regards,
>
> Adam
Sebastian
On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote:
> On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
> > > Could you please update this transition request? It's open for four
> > > months and no visible response.
> >
> > Kurt mention some 100 packages failing to build. I only
Control: tags -1 - moreinfo
Removing moreinfo tag since I provide more information in my previous
reply.
On 2022-02-28 00:23:22 [+0100], To 995...@bugs.debian.org wrote:
> On 2022-02-14 15:01:34 [+0100], To Sebastian Ramacher wrote:
> > On 2022-02-01 21:11:11 [+0100], Sebastian Ramacher wrote:
>
On 2022-02-19 17:57:25 [+], Adam D. Barratt wrote:
> Feel free to upload; we'll wait for the d-i ack before accepting the
> package into p-u.
There will be the release of 1.1.1n on Tuesday 15th March 2022 including
a security fix. Therefore I will:
- prepare a security release against 1.1.1k-1
On 2022-03-18 09:21:50 [+], Adam D. Barratt wrote:
> Apologies if the status here got confused - based on the above, I was
> assuming that in the absence of a negative response you would proceed
> with the 1.1.1n-0+deb11u1 plan. For complete clarity, please feel free
> to do so, bearing in mind
On 2022-03-18 14:51:32 [+], Adam D. Barratt wrote:
> Boo. Hope you're doing better.
Thanks, yes.
> > I would also do the upload for Buster, would that work? I remember
> > that
> > the packages, that broken, were already uploaded a few cycles ago.
>
> Also as 1.1.1n?
Yes.
> I assume there
On 2022-03-20 23:15:57 [+0100], Kurt Roeckx wrote:
> > https://ci.debian.net/data/autopkgtest/oldstable/amd64/g/gnutls28/20199677/log.gz
> >
> > Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > %COMPAT: Checking TLS 1.0 with ECDHE-ECDSA (SECP384R1)...
> > *** Fatal error: A TLS fatal alert has
SECLEVEL=2 and
+requiring minimum TLSv1.2. However, smaller hashes/keys/versions are
+allowed if one enables SECLEVEL=1. Do so when testing pre v1.2 algos,
+and thus enabling testing more compatability combinations.
+
+Signed-off-by: Dimitri John Ledkov
+Signed-off-by: Sebastian Andrzej Siewior
+
On 2022-03-21 17:55:00 [+0200], Adrian Bunk wrote:
> > * Backport upstream fix for test failures with OpenSSL 1.1.1n.
> > (Closes: #1008055)
Thank you Adrian.
Sebastian
-improve-testing-against-secured-O.patch to
+pass testsuite with openssl 1.1.1e.
+
+ -- Sebastian Andrzej Siewior Mon, 21 Mar 2022 14:52:01 +0100
+
gnutls28 (3.6.7-4+deb10u7) buster; urgency=medium
* 46_handshake-reject-no_renegotiation-alert-if-handshake.patch pulled from
diff -Nru
On 2022-03-21 22:04:08 [+0100], Salvatore Bonaccorso wrote:
> Hi Sebastian,
Hi Salvatore,
> > +gnutls28 (3.6.7-4+deb10u7.1) buster; urgency=medium
>
> As not yet uploaded, can you change this to 3.6.7-4+deb10u8 instead.
Just did so.
> Regards,
> Salvatore
Sebastian
On 2022-03-21 22:11:17 [+0100], Julien Cristau wrote:
> Hi,
Hi,
> Specifically, we were hoping to better understand the risk of openssl
> changes breaking existing setups. It's possible the issues with gnutls
> and libnet-ssleay-perl tests were narrowly scoped enough that that risk
> is low, but
On 2022-03-22 21:47:52 [+0100], Kurt Roeckx wrote:
> On Tue, Mar 22, 2022 at 08:19:01PM +, Adam D. Barratt wrote:
> > OpenSSL signature algorithm check tightening
> > =
> >
> > The OpenSSL update included in this point release includes a change to
>
On 2022-03-23 17:40:59 [+], Adam D. Barratt wrote:
> Right, let's have another go at this then:
>
> "
> OpenSSL signature algorithm check tightening
> =
>
> The OpenSSL update provided in this point release includes a
> change to ensure that the req
On 2022-03-24 12:39:55 [+], Adam D. Barratt wrote:
> I've added that text to the announcement for the buster point release.
Thanks.
> If anyone has any changes, please yell ASAP.
The gnutls and perl changes are not yet built. I guess this is intended
;)
> Regards,
>
> Adam
Sebastian
V], [0.103.8], [https://github.com/Cisco-Talos/clamav/issues], [clamav], [https://www.clamav.net/])
dnl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.103.7+dfsg/debian/changelog clamav-0.103.8+dfsg/debian/changelog
--- clamav-0.103.7+dfsg/debian/changelog
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package openssl.
The updated package is the `c' version, which is the latest upstream
release for the 1.1.1 series.
This update causes a regresion in the m2crypto test suite w
On 2019-06-08 10:22:54 [+0200], Paul Gevers wrote:
> Control: tags -1 moreinfo
>
> Hi Sebastian,
Hi Paul,
> Can you please elaborate why this version meets the freeze policy, or
> why it should get an exception? In the text above there is no mention at
> all of serious bugs that get fixed. openss
which was fixed in OpenSSL 1.1.1c (Closes: #929903).
+
+ -- Sebastian Andrzej Siewior Sat, 08 Jun 2019 12:35:11 +0200
+
m2crypto (0.31.0-3) unstable; urgency=medium
* add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-dupl
On 2022-05-09 00:11:22 [+0200], Sebastian Ramacher wrote:
> Control: tags -1 = confirmed
>
> Please go ahead
Thank you, done.
> Cheers
Sebastian
[devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.103.5], [https://github.com/Cisco-Talos/clamav/issues],
[clamav], [https://www.clamav.net/])
+AC_INIT([ClamAV], [0.103.6], [https://github.com/Cisco-Talos/clamav/issues],
[clamav], [https://www.clamav.ne
change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.103.5], [https://github.com/Cisco-Talos/clamav/issues],
[clamav], [https://www.clamav.net/])
+AC_INIT([ClamAV], [0.103.6], [https://github.com/Cisco-Talos/clamav/issues],
[clamav], [https://www.clamav.net/
On 2022-05-26 18:26:57 [+0200], Sebastian Ramacher wrote:
> Hi Sebastian
Hi,
> We're now at the following blockers for openssl's migration:
…
> Bugs for the autopkgtest regressions have been filed and some are
> already fixed in unstable. So I'll add hints to ignore those
> regressions.
good.
>
On 2022-06-05 19:42:43 [+0200], Sebastian Ramacher wrote:
> Hi Sebastian
Hi Sebastian,
> > Otherwise I'd fear that the only other options are openssl breaking
> > libssl1.1 or renaming /etc/ssl/openssl.cnf to have a version specific
> > name. Given the high number reverse dependencies involved in
On 5 June 2022 19:03:17 UTC, Kurt Roeckx wrote:
>The suggestion was to make an openssl.cnf that's compatible with 1.1.1,
>and so remove or comment out everything related to providers.
>
Ah okay. In that case let me so that tomorrow and close that rc bug with this
change.
>
>Kurt
>
--
Sebasti
On 2022-06-08 22:13:09 [+0200], Sebastian Ramacher wrote:
> That would be much appreciated, thanks!
Did so, sorry for the delay. I aimed for Monday but…
> Cheers
Sebastian
5d00
-clamav_0.103.6+dfsg.orig.tar.xz
-6212705bf2cb168a55f76ae4cab31fa40909aed8
-7135300
+f2466c7aaf6e140ea150e0f219c86594f3bc04cb
+f2466c7aaf6e140ea150e0f219c86594f3bc04cb
+d1ea680af611ee417616ec3d8615a0e67a495795
+d1ea680af611ee417616ec3d8615a0e67a495795
+clamav_0.103.7+dfsg.orig.tar.xz
+f0708e3df3a
00d0ac0864e2a506bfc1d977d55d00
-75754d0f4c00d0ac0864e2a506bfc1d977d55d00
-clamav_0.103.6+dfsg.orig.tar.xz
-6212705bf2cb168a55f76ae4cab31fa40909aed8
-7135300
+276875cec2e8a64a834e0c5e9f988aebe0d3ab25
+276875cec2e8a64a834e0c5e9f988aebe0d3ab25
+d1ea680af611ee417616ec3d8615a0e67a495795
+d1ea680af611ee41
On 2022-09-02 17:02:38 [+0100], Adam D. Barratt wrote:
> Please go ahead, bearing in mind that the window for getting updates
> into 11.5 (and thus bullseye-updates prior to 11.5 being released)
> closes over this weekend.
just uploaded.
> Given that 11.5 is scheduled for a week tomorrow, would y
1.2+dfsg-1+deb10u1) buster; urgency=medium
+
+ * Cherry-pick a fix from 0.101.3 to address a vulnerability to
+non-recursive zip bombs.
+
+ -- Sebastian Andrzej Siewior Tue, 06 Aug 2019
22:07:01 +0200
+
clamav (0.101.2+dfsg-1) unstable; urgency=high
* Import 0.101.2
diff -Nru clamav-0.
On 2019-08-10 09:39:22 [+0200], Hugo Lefeuvre wrote:
> Source: clamav
> Version: 0.101.2+dfsg-3
> Severity: important
> Tags: security upstream
> Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=12356
>
> Hi,
>
> clamav is affected by a DoS vulnerability caused by crafted, extremely
> compr
On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote:
> Indeed, and then we dropped the ball again. :-(
>
> Let's get this going.
So I upload the here promissed Stretch package and then open p-u bugs
for the transition?
> Regards,
>
> Adam
Sebastian
On 2019-08-20 23:45:18 [+0100], Adam D. Barratt wrote:
> > and then open p-u bugs
> > for the transition?
>
> Is anything required beyond binNMUs of r-deps?
I tried to highight this in the first email of this bug:
|It affects the following packages as part of the transistion which
|require a sou
]
+ * Add d/p/python-clamav-add-support-for-clamav-0.101.0.patch to that
+python-clamav builds/works with clamav 101.1 and newer (Closes: #920959)
+ * Bump libclamav-dev build-depends to match
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
20:49:14 +0100
+
python-clamav (0.4.1-8) unstable
)
+m4_include([m4/reorganization/code_checks/fuzz.m4])
m4_include([m4/reorganization/code_checks/functions.m4])
m4_include([m4/reorganization/code_checks/mpool.m4])
m4_include([m4/reorganization/code_checks/unit_tests.m4])
diff -Nru libclamunrar-0.101.1/debian/changelog
libclamunrar-0.101.2/de
upload.
+ * Add support for clamav 0.101.1 (Closes: #919814).
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
22:00:14 +0100
+
c-icap-modules (1:0.4.4-1) unstable; urgency=medium
* New upstream release
diff -Nru c-icap-modules-0.4.4/debian/control
c-icap-modules-0.4.4/debian/control
match
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
17:30:34 +0100
+
havp (0.92a-4) unstable; urgency=medium
[ Andreas Cadhalpun ]
diff -Nru havp-0.92a/debian/control havp-0.92a/debian/control
--- havp-0.92a/debian/control 2015-07-31 22:54:50.0 +0200
+++ havp-0.92a/debian/control
dansguardian-2.10.1.1/debian/changelog
--- dansguardian-2.10.1.1/debian/changelog
+++ dansguardian-2.10.1.1/debian/changelog
@@ -1,3 +1,10 @@
+dansguardian (2.10.1.1-5.1+deb9u2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Add support for clamav 0.101 (Closes: #923981).
+
+ -- Sebastian Andrzej
],[$PCRE_HOME],[$have_pcre])
fi
CL_MSG_STATUS([libmspack ],[yes],[$mspack_msg])
-if test "x$XML_LIBS" = "x"; then
+if test "x$XML_LIBS" = "x"; then
CL_MSG_STATUS([libxml2 ],[no],[])
else
CL_MSG_STATUS([libxml2 ],[yes, from $XML_HOME
On 2019-08-25 15:00:21 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thanks, both packages are uploaded.
> Regards,
>
> Adam
>
Sebastian
(Closes: #940547).
+
+ -- Sebastian Andrzej Siewior Mon, 30 Sep 2019 20:58:11 +0200
+
python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium
* Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
diff -Nru python-cryptography-1.7.1/debian/patches/series p
-maintainer upload.
+ * Backport two patches to fix the testsute with newer openssl.
+ * Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
+break with newer openssl (Closes: #940547).
+
+ -- Sebastian Andrzej Siewior Mon, 30 Sep 2019 20:55:00 +0200
+
python
website to submit FPs/FNs.)], [no])
@@ -294,7 +294,7 @@
CL_MSG_STATUS([pcre],[$PCRE_HOME],[$have_pcre])
fi
CL_MSG_STATUS([libmspack ],[yes],[$mspack_msg])
-if test "x$XML_LIBS" = "x"; then
+if test "x$XML_LIBS" = "x"; then
CL_MSG_STATUS([l
On 2019-12-11 10:46:36 [+0100], Christoph Berg wrote:
> Re: Sebastian Andrzej Siewior 2019-12-10
> <20191210224647.dk4svg65hleftr7r@flow>
> > +clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
> > +
> > + - update symbols file (bump to 101.4 and drop unused cl
nctionality.
- -- Sebastian Andrzej Siewior Sun, 08 Dec 2019 12:40:16 +0100
+ -- Sebastian Andrzej Siewior Mon, 23 Dec 2019 21:04:45 +0100
clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
diff --git a/debian/clamav-daemon.config.in b/debian/clamav-daemon.config.in
index 60bef89..13133
cc provides this functionality.
- -- Sebastian Andrzej Siewior Sun, 08 Dec 2019 22:05:51 +0100
+ -- Sebastian Andrzej Siewior Mon, 23 Dec 2019 21:07:34 +0100
clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
diff --git a/debian/clamav-daemon.config.in b/debian/clamav-daemon.config.
On December 29, 2019 11:30:51 AM UTC, "Adam D. Barratt"
wrote:
>> I slightly updated the package to
>> - add the new `clamonacc' binary to the clamav-daemon package.
>> - remove the `ScanOnAccess' option from the postinst/debconf script.
>> The option is deprecated and the functionality moved in
+dfsg/configure.ac2020-05-16 11:23:53.0 +0200
+++ clamav-0.102.4+dfsg/configure.ac2020-07-17 20:19:54.0 +0200
@@ -22,7 +22,7 @@
dnl For a release change [devel] to the real version [0.xy]
dnl also change VERSION below
-AC_INIT([ClamAV], [0.102.3], [https://bugzilla.clamav.net/], [c
control: retitle -1 buster-pu: package openssl/1.1.1h-1
On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote:
> > > Do we have any feeling for how widespread such certificates might
> > > be?
> > > The fact that there have been two different upstream reports isn't
> > > particularly comforting.
>
On 2020-11-15 20:59:18 [+0100], Paul Gevers wrote:
> Hi Sebastian,
Hi Paul,
> I don't fully understand what you say here. We *do* run autopkgtests in
> stable to check for issues.
Yes, but the package does not use it in stable.
Sebastian
On 2020-11-20 17:24:30 [+], Adam D. Barratt wrote:
> Predictably we're again quite close to a point release. :-( (One week
> from freeze, specifically.)
oh.
> Looking at the upstream issues regarding certificate validation changes
> between 1.1.1e and f/g, #11456 appears to have been addresse
On 2020-11-24 20:18:15 [+], Adam D. Barratt wrote:
> That would be preferable at this point, yes, sorry. We should try and
> make sure it's sorted soon afterwards though, to avoid things getting
> stuck again.
I will set up an alarm on my side :)
> At some point, could we please have a combin
On 2021-01-14 19:03:37 [+0100], Kurt Roeckx wrote:
> > Do you have pointers to upstream issues?
>
> There are a whole bunch of other issues and pull requests related to
> this. I hope this is the end of the regressions in the X509 code.
Okay. Please ping once this gets sorted out and I will prepe
On 2021-01-16 19:14:53 [+0100], Kurt Roeckx wrote:
> So I went over the open issues and pull requests, and currently
> don't see a reason not to upload it to unstable with those 2
> patches. I don't know about any other regressions in 1.1.1.
The openssl package migrated to testing.
I would prepare
4,9 @@ openssl (1.1.1i-0+deb10u1) buster; urgency=medium
- CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure),
(Closes: #947949).
* Update symbol list.
+ * Apply two patches from upstream to address x509 related regressions.
- -- Sebastian Andrzej Siewior Wed, 06 Jan 2
/changelog 2021-01-24 12:01:15.0 +0100
@@ -1,3 +1,11 @@
+m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/patches/MR261.patch
+- fix compatibility with openssl/1.1.1i+; Closes: #954402
+
+ -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 12:01:15
On 2021-01-22 16:38:28 [+], Adam D. Barratt wrote:
> Assuming that a patched m2crypto will also build fine against openssl
> 1.1.1d, then there's no reason that the two shouldn't proceed in
> parallel (i.e. feel free to file the m2crypto request already).
Yes, it does. Bug filled. Thank you.
On 2021-01-25 17:51:28 [+], Adam D. Barratt wrote:
> Please go ahead; thanks.
Uploaded. Thank you.
> Regards,
>
> Adam
Sebastian
On 2021-01-25 19:57:18 [+0100], Cyril Brulebois wrote:
> Not really *much* easier, to be honest. I can definitely build a package
> locally given a source debdiff, or slightly better, given a source
> package I can run dget against (since we're talking about new upstream
> releases, by the looks of
On 2021-01-28 00:28:03 [+0100], Kurt Roeckx wrote:
> On Thu, Jan 14, 2021 at 07:03:37PM +0100, Kurt Roeckx wrote:
> > There are a whole bunch of other issues and pull requests related to
> > this. I hope this is the end of the regressions in the X509 code.
>
> So there is something else now:
> htt
enssl (1.1.1i-0+deb10u1) buster; urgency=medium
(Closes: #947949).
* Update symbol list.
* Apply two patches from upstream to address x509 related regressions.
+ * Cherry-pick a patch from upstream to address #13931.
- -- Sebastian Andrzej Siewior Sun, 24 Jan 2021 11:22:16 +0100
+ --
On 2021-02-01 23:50:03 [+0100], To Kurt Roeckx wrote:
> in case someone wants to test.
> I think the ship for this pu is sailing without me but I'm ready for the
> next cruise :)
OpenSSL upstream announced [0] 1.1.1j for next Tuesday with a security
fix classified as MODERATE [1].
[0] https://mta
0 +0100
+++ xz-utils-5.2.5/debian/changelog 2021-02-18 23:12:30.0 +0100
@@ -1,3 +1,10 @@
+xz-utils (5.2.5-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Update the patches for #844770 and #975981 to what upstream applied.
+
+ -- Sebastian Andrzej Siewior Thu, 18 Feb 20
Andrzej Siewior Tue, 23 Feb 2021
23:41:19 +0100
+
m2crypto (0.31.0-4+deb10u1) buster; urgency=medium
* Non-maintainer upload.
diff -Nru m2crypto-0.31.0/debian/patches/MR262.patch
m2crypto-0.31.0/debian/patches/MR262.patch
--- m2crypto-0.31.0/debian/patches/MR262.patch 1970-01-01 01:00
On 2021-03-02 19:44:58 [+0100], Paul Gevers wrote:
> Hi Sebastian,
Hi Paul,
> Unfortunately we haven't made up our mind yet, but to get some (albeit
> limited) exposure and autopkgtest coverage (via the pseudo-excuses) [2],
> I think your chances for a go are higher if the proposed package is
> av
fix to xzgrep (similar to xzcmp in #844770).
+
+ -- Sebastian Andrzej Siewior Tue, 02 Mar 2021 21:50:25 +0100
+
xz-utils (5.2.5-1.0) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru xz-utils-5.2.5/debian/patches/0001-Scripts-Fix-exit-status-of-xzdiff-xzcmp.patch xz-utils-5.2.5/debia
On 2021-03-08 18:54:22 [+0100], Paul Gevers wrote:
> Hi,
Hi,
> Please upload to unstable. As said, we'll let it age a bit there.
Thanks, uploaded.
> Paul
Sebastian
On 2021-03-13 17:31:50 [+], Adam D. Barratt wrote:
> Please go ahead.
Thanks, uploaded.
> Regards,
>
> Adam
Sebastian
On 2020-02-22 19:33:53 [+], Adam D. Barratt wrote:
> I guess the intent is to push this via stable-updates?
Yes, please. If you need something, please let us know.
> Regards,
>
> Adam
Sebastian
On 2020-02-22 22:31:21 [+], Adam D. Barratt wrote:
>
> How does this seem for an SUA snippet?
perfect. Thank you.
> Regards,
>
> Adam
Sebastian
On 2020-05-02 18:36:42 [+0200], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: buster
> Severity: normal
>
> I'm fairly late, I know.
> The last update was addressed via DSA providing only a patch for the CVE
> w
On 2020-05-02 20:32:01 [+0100], Adam D. Barratt wrote:
> On Sat, 2020-05-02 at 18:36 +0200, Sebastian Andrzej Siewior wrote:
> > I'm fairly late, I know.
>
> Just a little. :-( Particularly as OpenSSL builds udebs.
>
> CCing KiBi and -boot so they're aware of the d
net/], [clamav], [https://www.clamav.net/])
dnl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.102.2+dfsg/debian/changelog clamav-0.102.3+dfsg/debian/changelog
--- clamav-0.102.2+dfsg/debian/changelog 2020-02-22 14:39:45.0 +0100
+++ clamav-0.102.3+dfsg
nl put configure auxiliary into config
AC_CONFIG_AUX_DIR([config])
diff -Nru clamav-0.102.2+dfsg/debian/changelog clamav-0.102.3+dfsg/debian/changelog
--- clamav-0.102.2+dfsg/debian/changelog 2020-02-22 14:43:26.0 +0100
+++ clamav-0.102.3+dfsg/debian/changelog 2020-05-22 22:36:49.
Hi,
I opened two bugs regarding libcamunrar on deb9/10 which did not make it
to the list due to the size of the attached diff.
This is Bug#961441 for Buster and Bug#961442 for Stretch.
Sebastian
On 2020-05-27 22:28:44 [+0100], Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sun, 2020-05-24 at 17:47 +0200, Sebastian Andrzej Siewior wrote:
> > As part of this update I also introduce the `libclamunrar' package
> > which only purpose is to depend on
On 2020-05-27 22:16:11 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thx, uploaded.
> Was the intent that the updates be pushed via -updates?
Yes, please. If you need any additional information please let me know.
> Regards,
>
> Adam
>
Sebastian
On 2020-05-28 21:56:25 [+0100], Adam D. Barratt wrote:
> Please feel free to go ahead.
thx, uploaded.
> Regards,
>
> Adam
Sebastian
On 2020-05-27 22:17:28 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thx, uploaded.
> Regards,
>
> Adam
Sebastian
1 - 100 of 268 matches
Mail list logo
