Re: Status of the t64 transition

On 2024-04-18 Sebastian Ramacher wrote: [...] > Let's start with the first category. Those are packages that could be > binNMUed, but there are issues that make those rebuilds not have the > desired effect. This list include packages that > * are BD-Uninstallabe, > * FTBFS but with out

Bug#1067729: nmu: exim4_4.97-5

On 2024-03-26 Andreas Metzler wrote: [...] > nmu exim4_4.97-5 . armel armhf hppa m68k . unstable . -m "Rebuild against > libspf2-dev >= 1.2.10-8.1 (64-bit time_t transition)" > The first t64-changed libspf2 was uninstallable on the 32bit archs, > which is wh

Bug#1067729: nmu: exim4_4.97-5

Package: release.debian.org Severity: normal Control: affects -1 + src:exim4 User: release.debian@packages.debian.org Usertags: binnmu Hello, nmu exim4_4.97-5 . armel armhf hppa m68k . unstable . -m "Rebuild against libspf2-dev >= 1.2.10-8.1 (64-bit time_t transition)" The first

Bug#1061190: bullseye-pu: package gnutls28/3.7.1-5+deb11u5

On 2024-03-01 Salvatore Bonaccorso wrote: > On Thu, Feb 01, 2024 at 06:35:38AM +, Adam D. Barratt wrote: >> Control: tags -1 + confirmed >> On Sat, 2024-01-20 at 15:53 +0100, Andreas Metzler wrote: >>> I would like to fix both CVE-2024-0567 and CVE-2024-0553 via

Bug#1061190: bullseye-pu: package gnutls28/3.7.1-5+deb11u5

: #1061045 +Fix more timing side-channel inside RSA-PSK key exchange. CVE-2024-0553 +GNUTLS-SA-2024-01-14 Closes: #1061046 + + -- Andreas Metzler Sat, 20 Jan 2024 07:56:15 +0100 + gnutls28 (3.7.1-5+deb11u4) bullseye; urgency=medium * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23

Bug#1061189: bookworm-pu: package gnutls28/3.7.9-2+deb12u2

Closes: #1061046 + + -- Andreas Metzler Fri, 19 Jan 2024 18:28:37 +0100 + gnutls28 (3.7.9-2+deb12u1) bookworm; urgency=medium * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel diff -Nru gnutls28-3.7.9/debian/patches/61-x509-detect-loop-in-certificate-chain.patch

Bug#1057137: bullseye-pu: package gnutls28/3.7.1-5+deb11u4

-11-30 11:37:44.0 +0100 @@ -1,3 +1,10 @@ +gnutls28 (3.7.1-5+deb11u4) bullseye; urgency=medium + + * Backport fix for CVE-2023-5981 / GNUTLS-SA-2023-10-23 (timing sidechannel +in RSA-PSK key exchange) from 3.8.2. Closes: #1056188 + + -- Andreas Metzler Thu, 30 Nov 2023 11:37:44 +0100

Bug#1057128: bookworm-pu: package gnutls28/3.7.9-2+deb12u1

) from 3.8.2. Closes: #1056188 + + -- Andreas Metzler Thu, 30 Nov 2023 07:50:48 +0100 + gnutls28 (3.7.9-2) unstable; urgency=medium * CI: Do not try to run tests/ktls.sh, it uses a helper binary. (Plus gnutls diff -Nru gnutls28-3.7.9/debian/patches/60-auth-rsa_psk-side-step-potential-side

Bug#1055155: bookworm-pu: package exim4/4.96-15+deb12u3 (2nd try for new bug)

On 2023-11-04 Andreas Metzler wrote: [...] > Thank you, updated. Another iteration, adding + 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054) dnsdb lookups were swallowing the last charac

Bug#1055155: bookworm-pu: package exim4/4.96-15+deb12u3 (2nd try for new bug)

On 2023-11-04 Salvatore Bonaccorso wrote: > On Wed, Nov 01, 2023 at 12:03:37PM +0100, Andreas Metzler wrote: [...] > > * Update code to 4.96.2, fixing issues with the proxy protocol > > (CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42219). It > > als

Bug#1055155: bookworm-pu: package exim4/4.96-15+deb12u3 (2nd try for new bug)

he `dnsdb` lookup subsystem (CVE-2023-42219). It +also includes additional hardening for spf lookups, however CVE-2023-42218 +was diagnosed as a vulnerability in the libspf2 library and needs to be +addressed there. Closes: #1053310 + + -- Andreas Metzler Wed, 01 Nov 2023 07:07:57 +0100

Bug#1049899: bookworm-pu: package exim4/4.96-15+deb12u3

erability in the libspf2 library and needs to be +addressed there. Closes: #1053310 + + -- Andreas Metzler Wed, 01 Nov 2023 07:07:57 +0100 + exim4 (4.96-15+deb12u2) bookworm-security; urgency=high * Non-maintainer upload by the Security Team. diff -Nru exim4-4.96/debian/patches/75_74-Cancel-e

Bug#1049899: bookworm-pu: package exim4/4.96-15+deb12u2

On 2023-10-07 Jonathan Wiltshire wrote: [...] > The version number in this request matches one we've had via a DSA (5512); > are they the same or does the proposed upload supercede it? [...] Hello, I will need to rebase the proposed changes version on top of the DSA. I got early notice that a

Bug#1049899: bookworm-pu: package exim4/4.96-15+deb12u2

On 2023-08-16 Andreas Metzler wrote: [...] > I would like to push another round of cherry-picked upstream fixes to > bookworm. They have been part of the uploads to sid up to and including > 4.96-19. [...] Hello, I had to update the update since 75_78-Fix-free-of-value-after-run.pa

Bug#1049899: bookworm-pu: package exim4/4.96-15+deb12u2

.-Bug-3014.patch: Fix on-demand + TLS cert expiry date. Closes: #1043233 + (Upstream bug 3014) + + -- Andreas Metzler Wed, 16 Aug 2023 15:12:39 +0200 + exim4 (4.96-15+deb12u1) bookworm; urgency=medium * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by diff

Bug#1040139: bookworm-pu: package exim4/4.96-15

occurred. Closes: #1025420 + * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT +master: Fix ${srs_encode ..}. Previously it would give a bad result for +one day every 1024 days. + + -- Andreas Metzler Sun, 02 Jul 2023 14:56:17 +0200 + exim4 (4.96-15) unstable

Bug#1036395: RM: python-ooolib/0.0.22-5

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm X-Debbugs-Cc: python-ooo...@packages.debian.org, ametz...@bebt.de Control: affects -1 + src:python-ooolib Please remove the package from testing, the maintainer was (silently) waiting for it to

Bug#1036025: unblock: exim4/4.96-15

upstream GIT master: ++ 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch + Fix a crash in the smtp transport. + https://bugs.exim.org/show_bug.cgi?id=2996 + + -- Andreas Metzler Wed, 10 May 2023 18:30:35 +0200 + exim4 (4.96-14) unstable; urgency=medium * Pull from

Bug#1036005: unblock: pcp/6.0.3-1.1

Closes: #1034966 ++ pcp-zeroconf Closes: #1034895 ++ pcp-export-pcp2xlsx (unfiled) + + -- Andreas Metzler Sun, 07 May 2023 11:36:37 +0200 + pcp (6.0.3-1) unstable; urgency=low * New release (full details in CHANGELOG). diff -Nru pcp-6.0.3/debian/control pcp-6.0.3/debian/control --- pcp

Re: SONAME bumps (transitions) always via experimental

On 2023-01-10 Sam Hartman wrote: > > "Graham" == Graham Inggs writes: > Graham> Hi All > Graham> On Fri, 6 Jan 2023 at 00:33, Bastian Blank > wrote: > Graham> Would it be a bad thing to require all uploads that need to > Graham> go through NEW (source and binary) to target

Re: Understanding what is blocking spamassassin 4.0.0 testing migration

On 2022-12-29 "Adam D. Barratt" wrote: > On Thu, 2022-12-29 at 07:21 +0100, Andreas Metzler wrote: [...] > > removing spamassassin/4.0.0~rc4-1/amd64 from testing makes claws- [...] > That's due to the arch:all build failing, which means there is no > "spamassass

Understanding what is blocking spamassassin 4.0.0 testing migration

Hello, I do not understand why spamassassin 4.0.0 does not prpagate to testing. Tracker/excuses https://qa.debian.org/excuses.php?package=spamassassin says: Issues preventing migration: [...] removing spamassassin/4.0.0~rc4-1/amd64 from testing makes claws-mail-spamassassin/4.1.1-2/amd64

Bug#1023261: bullseye-pu: package libtasn1-6/4.16.0-2+deb11u1

-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch + + -- Andreas Metzler Tue, 01 Nov 2022 11:57:42 +0100 + libtasn1-6 (4.16.0-2) unstable; urgency=low * Upload to unstable. diff -Nru libtasn1-6-4.16.0/debian/patches/10_Fix-ETYPE_OK-off-by-one-array-size-check.-Closes-32.patch libtasn1-6

Bug#1019876: nmu: atlas-ecmwf_0.30.0-3

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu X-Debbugs-Cc: ametz...@bebt.de, dh-fortran-...@packages.debian.org Hello, according to

Bug#1014474: nmu: sa-exim_4.2.1-20

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu sa-exim_4.2.1-20 . ANY . unstable . -m "rebuild against exim4 4.96" Please rebuild sa-exim allowing exim4 4.96-1 to propagate to testing. TIA, cu Andreas -- `What a good friend you

Bug#1012033: bullseye-pu: package gnutls28/3.7.1-5+deb11u1

On 2022-05-29 Andreas Metzler wrote: [...] > as requested in #1011246 I would like fix miscalculation of SHA384 in > the SSA accelarated implementation. > It is a one-line change and was part of the 3.7.3 release. [...] Actually this seems like a good opportunity to fix a minor C

Bug#1012033: bullseye-pu: package gnutls28/3.7.1-5+deb11u1

fix from 3.7.3. Closes: #1011246 + + -- Andreas Metzler Sun, 22 May 2022 13:04:01 +0200 + gnutls28 (3.7.1-5) unstable; urgency=medium * Another fix from 3.7.2: diff -Nru gnutls28-3.7.1/debian/patches/56_40-fix-SSSE3-SHA384-to-work-more-than-once.patch gnutls28-3.7.1/debian/patches/56_40-fix

Bug#959469: openssl 1.1.1n-0+deb10u1 flagged for acceptance

X-Debbugs-Cc: gnutl...@packages.debian.org, Kurt Roeckx , Paul Gevers , Sebastian Andrzej Siewior On 2022-03-21 Sebastian Andrzej Siewior wrote: > On 2022-03-21 00:12:11 [+0100], To Kurt Roeckx wrote: > > doesn't help here but > > -cipher "ALL:@SECLEVEL=1" > > does. > Only debci is

Bug#991397: unblock: exim4/4.94.2-7

+branch: Fix re-expansion of custom message with control=fakereject. + + -- Andreas Metzler Tue, 13 Jul 2021 18:04:57 +0200 + exim4 (4.94.2-6) unstable; urgency=medium * Cherrypick diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian

Bug#990919: unblock: exim4/4.94.2-6

on to disable daemon notifier socket. Enforce lockstep ugrade of -base > and *daemon* by temporarily adding a versioned Breaks to exim4-base on > older *daemon*. Closes: #988844 > (change by Andreas Metzler) > This fixes a regression from buster. > Maintainer and bu

Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1

On 2021-06-12 "Adam D. Barratt" wrote: [...] > As we're getting close to the window for 10.10 closing, please feel > free to upload the package and we'll handle the d-i coordination from > there. Thanks for the heads-up. Done. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His

Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1

@@ +libgcrypt20 (1.8.4-5+deb10u1) buster; urgency=medium + + * 31_cipher-Fix-ElGamal-encryption-for-other-implementati.patch from +upstream LIBGCRYPT-1.8-BRANCH: Fix weak ElGamal encryption with keys *not* +generated by GnuPG/libgcrypt. CVE-2021-33560 + + -- Andreas Metzler Sat, 29 May 2021

Bug#989421: unblock: libgcrypt20/1.8.7-6

+++ libgcrypt20-1.8.7/debian/changelog 2021-05-27 18:07:38.0 +0200 @@ -1,3 +1,26 @@ +libgcrypt20 (1.8.7-6) unstable; urgency=medium + + * Update from LIBGCRYPT-1.8-BRANCH: ++ 30_10-cipher-Fix-ElGamal-encryption-for-other-implementati.patch + + -- Andreas Metzler Thu, 27 May 2021 18:07

Bug#988508: buster-pu: package gnutls28/3.6.7-4+deb10u7

1-20232), both together GNUTLS-SA-2021-03-10. ++ 47_rel3.6.16_05-_gnutls_buffer_resize-account-for-unused-area-if-AGG.patch ++ 47_rel3.6.16_06-str-suppress-Wunused-function-if-AGGRESSIVE_REALLOC-.patch + + -- Andreas Metzler Fri, 14 May 2021 13:33:38 +0200 + gnutls28 (3.6.7-4+deb10u6) buster; urgency=medium

Bug#987924: unblock: exim4/4.94-19

+ + * Further updates from heiko/exim-4.94+fixes+taintwarn: ++ 75_24-Silence-the-compiler.patch ++ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch + * Upload to unstable. + + -- Andreas Metzler Mon, 26 Apr 2021 18:35:43 +0200 + +exim4 (4.94-18) experimental; urgency

Bug#987924: unblock: exim4/4.94-19

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ex...@packages.debian.org Hello, Please consider exim4/4.94-19 for bullseye. Due to the newly introduced tainting mechanism exim upgrades from buster to bullseye currently

Bug#985984: unblock: exim4/4.94-17

log 2021-03-18 13:54:47.0 +0100 @@ -1,3 +1,30 @@ +exim4 (4.94-17) unstable; urgency=medium + + * Let exim4-config Recommend ca-certificates, needed for certificate +verification. + + -- Andreas Metzler Thu, 18 Mar 2021 13:54:47 +0100 + +exim4 (4.94-16) unstable; urgency=medium + + * REA

Bug#985466: buster-pu: package libpano13/2.9.19+dfsg-3+deb10u1

+ + * 850_f02459498cb4_Prevent_string_vulnerability_by_refusing.diff +cherry-picked from 2.9.20 rc3: Fixes format string bug, pasing along +format strings in user specified output filename to printf. +Closes: #985249 + + -- Andreas Metzler Thu, 18 Mar 2021 14:12:08 +0100 + libpano13 (2.9.19+dfsg-3) unstable; urgency=medium

Bug#985450: buster-pu: package exim4/4.92-8+deb10u5

are possible, but for a stable update documenting +this is the best compromise.) + + -- Andreas Metzler Thu, 18 Mar 2021 09:10:15 +0100 + exim4 (4.92-8+deb10u4) buster-security; urgency=high * Fix authentication bypass in SPA authenticator due to out-of-bound buffer diff -Nru exim4-4.92

Bug#981581: nmu: sa-exim_4.2.1-19

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu sa-exim_4.2.1-19 . ANY . unstable . -m "Rebuild against current exim localscan ABI. (See #981398)" That is necessary to let sa-exim work again in sid and bulleye. The wrong Provides of

Bug#979074: buster-pu: package gnutls28/3.6.7-4+deb10u6

+Fix test suite error caused by expired certificate. +Closes: #977552 + + -- Andreas Metzler Sat, 02 Jan 2021 14:15:36 +0100 + gnutls28 (3.6.7-4+deb10u5) buster; urgency=medium * 42_rel3.6.11_10-session-tickets-parse-extension-during-session-resum.patch diff -Nru gnutls28-3.6.7/debian

Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

On 2020-07-02 "Adam D. Barratt" wrote: > Control: tags -1 + confirmed > On Thu, 2020-06-25 at 17:37 +0200, Andreas Metzler wrote: >> I would like to make a last bugfix upload to stretch: >> * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. [...] > Please go ahead. Thanks, done.

Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

On 2020-06-25 Salvatore Bonaccorso wrote: > On Thu, Jun 25, 2020 at 05:41:42PM +0200, Andreas Metzler wrote: > > On 2020-06-25 Andreas Metzler wrote: > > [...] > > > * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. [...] > Only noticed too late, but the

Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

On 2020-06-25 Andreas Metzler wrote: [...] > * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. > + 40_casts_related_to_fix_CVE-2019-3829.patch > + 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch > + 40_rel3.6.7_01-fuzz-added-fuzzer-for

Bug#963703: stretch-pu: package gnutls28/3.5.8-5+deb9u5

Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hello, I would like to make a last bugfix upload to stretch: * Pull fixes for CVE-2019-3836 / [GNUTLS-SA-2019-03-27, #694]. + 40_casts_related_to_fix_CVE-2019-3829.patch +

Bug#960836: buster-pu: package gnutls28/3.6.7-4+deb10u4

Control: tags -1 - moreinfo Control: retitle -1 buster-pu: package gnutls28/3.6.7-4+deb10u5 On 2020-05-26 Andreas Metzler wrote: > Control: tags 960836 + moreinfo > Please hold on approving this. I will probably need to add a fix for > https://gitlab.com/gnutls/gnutls/-/issues/997 Hel

Bug#960836: buster-pu: package gnutls28/3.6.7-4+deb10u4

Control: tags 960836 + moreinfo Please hold on approving this. I will probably need to add a fix for https://gitlab.com/gnutls/gnutls/-/issues/997 cu Andreas

Bug#960836: buster-pu: package gnutls28/3.6.7-4+deb10u4

Control: tags 960836 - moreinfo On 2020-05-17 "Adam D. Barratt" wrote: > Control: tags -1 + moreinfo > On Sun, 2020-05-17 at 14:23 +0200, Andreas Metzler wrote: >> I would like to update gnutls to fix #95664 aka >> https://gitlab.com/gnutls/gnutls/-/issues/841

Bug#960836: buster-pu: package gnutls28/3.6.7-4+deb10u4

GNUTLS 3.6.11: Fix TL1.2 resumption errors. Closes: #956649 + * 47_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch from GNUTLS +3.6.14: One line fix for memory leak. Closes: #958704 + + -- Andreas Metzler Sun, 17 May 2020 13:45:29 +0200 + gnutls28 (3.6.7-4+deb10u3) buster-security

Bug#949310: buster-pu: package gnutls28/3.6.7-4+deb10u1

-patch diff instead. cu Andreas From de3d573242195eddab914709584242610b2e2762 Mon Sep 17 00:00:00 2001 From: Andreas Metzler Date: Sun, 19 Jan 2020 18:00:12 +0100 Subject: [PATCH] Fix parsing of certificates using RegisteredID Closes: #949293 --- debian/binary/cert10.der

Bug#947365: transition: libvigraimpex

On 2020-01-03 Paul Gevers wrote: > On 31-12-2019 18:26, Andreas Metzler wrote: [...] > > Afaict the involved packages should propagate to testing in 3 days, when > > enblend-enfuse is old enough. I have commited the fix. [1] > Unfortunately libvigraimpex is (hopefully only te

Bug#947365: transition: libvigraimpex

On 2019-12-31 Sebastiaan Couwenberg wrote: > On 12/31/19 4:20 PM, Andreas Metzler wrote: >> as Bas correctly diagnoses I am not currently building for all supported >> versions but only for the default one because it is not trivial but >> requires some work. Looking at

Bug#947365: transition: libvigraimpex

On 2019-12-31 Sebastiaan Couwenberg wrote: > On 12/30/19 9:48 PM, Paul Gevers wrote: [...] >> libvigraimpex is also part of the pseudo python3.8 transition [1], but >> it is still red. This probably means that you are not correctly building >> Python3 modules for all supported Python3 versions.

Bug#947365: transition: libvigraimpex

On 2019-12-26 Paul Gevers wrote: > On 25-12-2019 19:29, Andreas Metzler wrote: >> libvigraimpex is marked for autoremoval because of the python2 removal. >> This is fixed in experimental, the new version features a soname bump. [...] > Normally we don't want python 2 remov

Bug#947365: transition: libvigraimpex

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hello, libvigraimpex is marked for autoremoval because of the python2 removal. This is fixed in experimental, the new version features a soname bump. this should be a small scale

Bug#946644: nmu: sa-exim_4.2.1-18

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu sa-exim_4.2.1-18 . ANY . unstable . -m "Rebuild against exim4-localscanapi-3.1 (exim 4.93)" Hello, please binNMU sa-exim to make it installable again. exim 4.93 broke the local_scan

Bug#945925: buster-pu: package gnutls28/3.6.7-4+deb10u1

bid-random-padding.patch +from 3.6.10: Fix interop problems with gnutls 2.x. Closes: #933538 +(Thanks, Hanno Stock!) + + -- Andreas Metzler Sat, 30 Nov 2019 13:41:59 +0100 + gnutls28 (3.6.7-4) unstable; urgency=medium * Cherry-pick important bug-fixes from 3.6.8: diff -Nru gnutl

Bug#939595: release.debian.org: Please bump urgency of exim4 4.92.1-3 to criticial

Package: release.debian.org Severity: normal Hello, In hindsight I have chosen the wrong urgency for exim4 4.92.1-3, a remote root command execution should migrate as fast as possible. Could please bump the urgency/shorten the migration period? urgent exim4/4.92.1-3 TIA, cu Andreas -- System

Bug#930490: unblock: exim4/4.92-8

t on smtp response to apply to the whole response instead + of resetting for every byte received. ++ 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch + https://bugs.exim.org/show_bug.cgi?id=2405 + ${eval } was broken on 32bit archs. + + -- Andreas Metzler Sat, 08 Jun 2

Bug#930491: unblock: gnutls28/3.6.7-4

gitlab.com/gnutls/gnutls/issues/754 + + -- Andreas Metzler Wed, 12 Jun 2019 19:21:23 +0200 + gnutls28 (3.6.7-3) unstable; urgency=medium * Revert debhelper upgrade, use DH 10. diff -Nru gnutls28-3.6.7/debian/patches/40_rel3.6.8_01-gnutls_srp_entry_free-follow-consistent-behavior-in.patch gnutl

Bug#930490: unblock: exim4/4.92-8

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package exim4. This upload pulls 5 patches from upstream GIT: + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch Fix expansion of $tls_out_ocsp under

Bug#926412: unblock: gnutls28/3.6.7-2

On 2019-05-20 Paul Gevers wrote: > On 19-05-2019 10:33, Andreas Metzler wrote: >> I probably could try to pick the CVE related changes and other important >> bug-fixes, however I do not think it is the right choice. The changes >> will be smaller but the risk of breakage

Bug#926412: unblock: gnutls28/3.6.7-2

On 2019-05-18 Paul Gevers wrote: [gnutls] > Is it reasonably possible to split of the CVE changes and patch the > version currently in testing? That would be much more comfortable for > us. Either by reverting the new upstream version with e.g. an +really > version number, or, but less preferred

Bug#926412: unblock: gnutls28/3.6.7-2

On 2019-04-04 Andreas Metzler wrote: [...] > This is a upstream bugfix release featuring two security fixes > + Fixes a memory corruption (double free) vulnerability in the > certificate verification API. > https://gitlab.com/gnutls/gnutls/issues/694 CVE-2019-3829 &g

Bug#926878: unblock: exim4/4.92-5

On 2019-04-11 Paul Gevers wrote: > Control: tags -1 moreinfo > Hi Andreas, > On 11-04-2019 19:51, Andreas Metzler wrote: >> The second notable change is related to sa-exim. Exim in Debian was >> patched to allow dlopening a localscan() module. The single consumer of &g

Bug#926878: unblock: exim4/4.92-5

the (working) version of the patch. Drop exim4-dev package. Add a NEWS +entry for this change. + + -- Andreas Metzler Sun, 07 Apr 2019 13:39:31 +0200 + +exim4 (4.92-4) unstable; urgency=medium + + * Another patch from exim-4.92+fixes branch: +75_10-Harden-plaintext-authenticator.patch + + -- A

Bug#926412: unblock: gnutls28/3.6.7-2

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package gnutls28. This is a upstream bugfix release featuring two security fixes + Fixes a memory corruption (double free) vulnerability in the certificate

Bug#910445: stretch-pu: package gnutls28/3.5.8-5+deb9u4

HA.patch ++ 39_02-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch ++ 39_03-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch ++ 39_04-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch ++ 39_05-tests-pkcs12_encode-fix-test-for-SHA512.patch + + -- Andreas Metzler

Bug#901551: unblock: libgcrypt20/1.8.3-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libgcrypt20, this is a upstream bugfix/security release of the stable branch, fixing CVE-2018-0495.

Bug#892802: transition: efl

On 2018-04-08 Andreas Metzler <ametz...@bebt.de> wrote: > On 2018-04-08 Emilio Pozuelo Monfort <po...@debian.org> wrote: >> On 08/04/18 07:45, Andreas Metzler wrote: >[...] >>> it looks like the transition needs some brute force/hint. Both efl and >

Bug#892802: transition: efl

On 2018-04-08 Emilio Pozuelo Monfort <po...@debian.org> wrote: > On 08/04/18 07:45, Andreas Metzler wrote: [...] >> it looks like the transition needs some brute force/hint. Both efl and >> e17 are valid candidates, but do not propagate. Good somebody please >>

Bug#892802: transition: efl

On 2018-03-13 Ross Vandegrift wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > Hello, > I'd like to request a transition for efl from experimental -> unstable. This > release takes over a few other

Bug#892802: transition: efl

On 2018-03-13 Emilio Pozuelo Monfort wrote: > Control: tags -1 confirmed > On 13/03/18 08:15, Ross Vandegrift wrote: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: transition >> Hello, >> I'd like to request a

Re: mariadb-10.1 fails to propagate to testing

On 2017-11-26 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Sun, 2017-11-26 at 16:22 +0100, Andreas Metzler wrote: >> mariadb-10.1 1:10.1.29-6 seems to be stuck in sid. It does not >> propagate to testing although >> https://qa.debian.org/e

mariadb-10.1 fails to propagate to testing

Hello, mariadb-10.1 1:10.1.29-6 seems to be stuck in sid. It does not propagate to testing although https://qa.debian.org/excuses.php?package=mariadb-10.1 lists it as valid candidate. Could you please check the cause? Thanks, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His

Bug#873855: unblock: libgcrypt20/1.7.9-1

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package libgcrypt20, it includes the the fix for CVE-2017-0379 https://www.debian.org/security/2017/dsa-3959 TIA, cu Andreas unblock libgcrypt20/1.7.9-1 -- `What a good

Bug#869434: stretch-pu: package gnutls28/3.5.8-5+deb9u3

On 2017-08-08 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Sun, 2017-07-23 at 15:28 +0200, Andreas Metzler wrote: >> gnutls upstream has pointed out that it would make sense to pull >> two patches from 3.5.14. These improve interoperability by avoiding

Bug#869434: stretch-pu: package gnutls28/3.5.8-5+deb9u3

with ecdsa +signatures. +https://gitlab.com/gnutls/gnutls/issues/223 +Thanks to Nikos Mavrogiannopoulos for the suggestion. + + -- Andreas Metzler <ametz...@debian.org> Sun, 23 Jul 2017 14:28:37 +0200 + gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium * 37_aarch64-fix-AES-GCM-in

Bug#867659: stretch-pu: package gnutls28/3.5.8-5+deb9u2

On 2017-07-15 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > Control: tags -1 + confirmed > On Sat, 2017-07-08 at 10:52 +0200, Andreas Metzler wrote: >> I would like to fix #867581 in stable by pulling the patch from 3.5.13. >> The issue is about

Bug#867665: transition: wmaker

On 2017-07-09 Jonathan Wiltshire <j...@debian.org> wrote: > Control: tag -1 confirmed > On Sat, Jul 08, 2017 at 01:22:26PM +0200, Andreas Metzler wrote: >> wmaker 0.95.8 features a soname bump of libwraster. There are only 3 >> other packages involved (wdm, wmforecast

Bug#867665: transition: wmaker

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition wmaker 0.95.8 features a soname bump of libwraster. There are only 3 other packages involved (wdm, wmforecast and wmweather+) and all of them build fine against the libwmaker-dev in

Bug#867659: stretch-pu: package gnutls28/3.5.8-5+deb9u2

. Closes: #867581 + + -- Andreas Metzler <ametz...@debian.org> Sat, 08 Jul 2017 10:29:05 +0200 + gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving diff -Nru gnutls28-3.5.8/debian/patches/37_aarch64-fix-A

Bug#865763: jessie-pu: package gnutls28/3.3.8-6+deb8u7

On 2017-06-27 Cyril Brulebois <k...@debian.org> wrote: > Andreas Metzler <ametz...@bebt.de> (2017-06-24): >> would like to fix the following issue in gnutls28/jessie (It was fixed >> in 3.5.3 and therefore does not apply to stretch/buster

Bug#865763: jessie-pu: package gnutls28/3.3.8-6+deb8u7

-to-determine-device-u.patch from +upstream gnutls_3_3_x branch: Improve check for /dev/urandom uniqueness. +Ensure that when gnutls_global_init() is called for a second time that +/dev/urandom is re-opened when the inode or device ID has changed. +Closes: #865297 + + -- Andreas Metzler

Bug#864968: transition: libunistring

On 2017-06-18 Jörg Frings-Fürst wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: transition > Hello, > I'd want to upload libunistring 0.9.7 to unstable. The ABI is bumped. [...] Hello, Point of

unblocking for stretch point release?

Hello, I first understood the latest mail to -announce ("Planned release of stretch") to mean that propagation from sid to stretch is not possible anymore (except for critical fixes). However now that I am in a position of wanting to get something into the 1st point release I am wondering

Bug#864083: unblock: libgcrypt20/1.7.6-2

. + + -- Andreas Metzler <ametz...@debian.org> Sat, 03 Jun 2017 10:58:36 +0200 + libgcrypt20 (1.7.6-1) unstable; urgency=medium * New upstream version, includes diff -Nru libgcrypt20-1.7.6/debian/patches/30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch libgcrypt20-1.7.6/

Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

On 2017-04-27 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Mon, 2017-03-06 at 19:24 +0100, Andreas Metzler wrote: [...] >> upstream has now released 3.5.10/3.3.27 including these fixes and >> another one on top: >> + 55_16_Enforce-the-max-packe

Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

On 2017-04-23 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Sun, 2017-03-05 at 19:08 +0100, Andreas Metzler wrote: > > I would like fix a number of minor issues in GnuTLS. > Apologies for the delay in getting back to you. > Are all of the issue

Bug#857460: unblock: exim4/4.89-1

On 2017-03-11 Andreas Metzler <ametz...@bebt.de> wrote: [...] > unblock exim4/4.89-1 > unblock eximdoc4/4.89-1 Ping?

Bug#857292: unblock: hugin/2016.2.0+dfsg-1

error with custom temporary directory +50_67c64f0ca1c4_Fixes_a_type_of_format_string.diff + error. +51_401823447b21_Fixes_running_assistant_with_user_defined_temp_directory.diff +Closes: #822062, #855505 + + -- Andreas Metzler <ametz...@debian.org> Sun, 26 Feb 2017 08:23:23

Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

On 2017-03-05 Andreas Metzler <ametz...@bebt.de> wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > Hello, > I would like fix a number of minor issues in GnuTLS. > Most of th

Bug#856872: jessie-pu: package gnutls28/3.3.8-6+deb8u5

. No longer allow OpenPGP certificates (public keys) to contain + private key sub-packets. Issue found using oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + [GNUTLS-SA-2017-3B] + + -- Andreas

Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes +branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!) +Closes: #845569 + + -- Andreas Metzler <ametz...@debian.org> Mon, 02 Jan 2017 19:18:05 +0100 + exim4 (4.84.2-2+deb8u2) jessie-security; urgenc

Bug#849436: unblock: exim4/4.88~RC6-2

* Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM +information leakage issue CVE-2016-9963. + + -- Andreas Metzler <ametz...@debian.org> Thu, 22 Dec 2016 16:50:21 +0100 + exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. @@ -109,7 +121,7 @@

Bug#849329: unblock: gnutls28/3.5.7-3

turned +by PKCS#8 decryption functions when an invalid key is provided. This +addresses regression on decrypting certain PKCS#8 keys. +Closes: #848905 + + -- Andreas Metzler <ametz...@debian.org> Tue, 20 Dec 2016 18:47:13 +0100 + gnutls28 (3.5.7-2) unstable; urgency=medium * Up

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

On 2016-10-31 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > On Sun, 2016-10-30 at 07:46 +0100, Andreas Metzler wrote: [...] >> I think it makes sense to add the GnuTLS patch for compatibitlity with >> CVE-2016-6489-patched nettle. (832983). > jessie's

Bug#840191: jessie-pu: package gnutls28/3.3.8-6+deb8u4

On 2016-10-09 Salvatore Bonaccorso <car...@debian.org> wrote: [...] > Hi Stable Release Managers, > X-Debbugs-CC'ed Andreas Metzler. > gnutls28 in jessie is affected by CVE-2016-7444, GNUTLS-SA-2016-3, > having a flaw in the OCSP certificate check. This was fixed upstr

Bug#827111: jessie-pu: package exim4/4.84.2-2

On 2016-07-26 Salvatore Bonaccorso wrote: > On Mon, Jul 25, 2016 at 08:50:47PM +0200, Salvatore Bonaccorso wrote: >> On Mon, Jul 25, 2016 at 07:28:33PM +0100, Adam D. Barratt wrote: >>> On Mon, 2016-07-25 at 20:14 +0200, Salvatore Bonaccorso wrote: [...] Since we claimed

Bug#827111: jessie-pu: package exim4/4.84.2-2

On 2016-06-17 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > Control: tags -1 + pending > On Thu, 2016-06-16 at 18:38 +0200, Andreas Metzler wrote: > > On 2016-06-12 "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > > > Control: ta

  1   2   3   4   5   >