Bug#1070998: bookworm-pu: package fossil/2.24-5~deb11u1

Discussion:

Add Reply

Bastien Roucariès

2024-05-12 18:00:01 UTC

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ***@packages.debian.org
Control: affects -1 + src:fossil
User: ***@packages.debian.org
Usertags: pu

this bug was opened by previous arrangement with maintainer.

[ Reason ]
fossil is affected by a regression due to a security update of apache
CVE-2024-24795. Backport was choosen
because upstream does not document all commit needed for fixing the regression.

[ Impact ]
Fossil is broken at least server part

[ Tests ]
Full upstream test suite

[ Risks ]
Broken fossil

[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable

[ Changes ]
Backport from sid. They are no incompatibility and this is upstream maintenance
and fix only version.

[ Other info ]
I have not attached the debdiff due to the fix beeing a backport from sid. Attached debdiff to sid instead

Debian Bug Tracking System

2024-05-12 18:00:01 UTC

Permalink

Post by Bastien RoucariÃ¨s
affects -1 + src:fossil

Bug #1070998 [release.debian.org] bookworm-pu: package fossil/2.24-5~deb11u1
Added indication that 1070998 affects src:fossil

--
1070998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070998
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Barak A. Pearlmutter

2024-05-12 21:00:01 UTC

Permalink

Thanks!
I guess preparing these is pretty straightforward.
Would like to think my efforts to keep debian/rules etc clean and tidy
made this work so easily.

Given that the patch is nothing but a changelog entry, I'm assuming
it's not really worth making a branch on fossil.
" * Backport to bookworm (no changes required)"?

Cheers,

--Barak.

Salvatore Bonaccorso

2024-05-25 19:10:01 UTC

Permalink

Hi Bastien,

Post by Bastien RoucariÃ¨s
Package: release.debian.org
Severity: normal
Tags: bookworm
Control: affects -1 + src:fossil
Usertags: pu
this bug was opened by previous arrangement with maintainer.
[ Reason ]
fossil is affected by a regression due to a security update of apache
CVE-2024-24795. Backport was choosen
because upstream does not document all commit needed for fixing the regression.

Disclaimer, not SRM so this is not an authoritative answer.

But that means that as well packaing changes beween 1:2.21-1 and the
proposed one are included. Are all of those allowed to be done or
should you individually revert some changes?

E.g. there is

* Bump policy
* Build depend on pkgconfig instead of obsolete pkg-config
and
* Oops, typo: pkgconf

which might indeed be fine. But should defintitively be checked.

Regards,
Salvatore

Jonathan Wiltshire

2024-06-15 22:00:02 UTC

Permalink

Control: tag -1 moreinfo

Post by Bastien RoucariÃ¨s
I have not attached the debdiff due to the fix beeing a backport from sid. Attached debdiff to sid instead

This is not sufficient, you need to attach the source debdiff of your proposed
upload relative to bookworm please.

Thanks,

--
Jonathan Wiltshire ***@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Debian Bug Tracking System

2024-06-15 22:00:02 UTC

Permalink

Post by Jonathan Wiltshire
tag -1 moreinfo

Bug #1070998 [release.debian.org] bookworm-pu: package fossil/2.24-5~deb11u1
Added tag(s) moreinfo.

--
1070998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070998
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Debian Bug Tracking System

2024-06-16 10:40:01 UTC

Permalink

tag -1 - moreinfo

Bug #1070998 [release.debian.org] bookworm-pu: package fossil/2.24-5~deb11u1
Removed tag(s) moreinfo.

--
1070998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070998
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Debian Bug Tracking System

2025-02-03 20:30:01 UTC

Permalink

Post by Jonathan Wiltshire
tag -1 moreinfo

Bug #1070998 [release.debian.org] bookworm-pu: package fossil/2.24-5~deb11u1
Added tag(s) moreinfo.

--
1070998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070998
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Jonathan Wiltshire

2025-02-03 20:30:01 UTC

Permalink

Control: tag -1 moreinfo

Control: tag -1 - moreinfo

Post by Jonathan Wiltshire

Post by Bastien RoucariÃ¨s
I have not attached the debdiff due to the fix beeing a backport from sid. Attached debdiff to sid instead

This is not sufficient, you need to attach the source debdiff of your proposed
upload relative to bookworm please.

Hi
Found here
Note pkgconf exists for bookworm

427 files changed, 45007 insertions(+), 23074 deletions(-)

This is not really workable, particularly since it includes new upstream
releases, changes to the bundled zlib, etc etc. Is the fix to the Apache
regression really not possible to isolate?

Thanks,

Bastien Roucariès

2025-02-03 20:30:02 UTC

Permalink

Post by Jonathan Wiltshire
Control: tag -1 moreinfo

Control: tag -1 - moreinfo

Post by Jonathan Wiltshire

Post by Bastien RoucariÃ¨s
I have not attached the debdiff due to the fix beeing a backport from sid. Attached debdiff to sid instead

This is not sufficient, you need to attach the source debdiff of your proposed
upload relative to bookworm please.

Hi
Found here
Note pkgconf exists for bookworm

427 files changed, 45007 insertions(+), 23074 deletions(-)
This is not really workable, particularly since it includes new upstream
releases, changes to the bundled zlib, etc etc. Is the fix to the Apache
regression really not possible to isolate?

I can but maintainer think a full backport is maby be worthwhile
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070069

Post by Jonathan Wiltshire
Thanks,