Control: tag -1 -moreinfo Hallo Everyone,
so here comes the additional info: the CVE-2020-5202 fix was applied to Sid/Bullseye and reached Testing without any bugreports. I had to reupload once in the meantime due to a glitch in the Debian package (yeas, I f*ed it up, right in the great git-based process and I am sorry, but it should all be fine now). Now I am planning to make an upstream release, which consolidates: - backport of CVE-2020-5202 fix from Bullseye (mostly identical, adapted for different function signatures, omits refactoring which comes handy here but hey, let's change as less possible for Stable) - minor extension (.zst as additional compression format alongside of .gz,.bz2,.lzma,.xz). NO extra processing code, just passing through that data instead of rejecting them. - the fix of #942634 which affects the operation with current mirrors and which was the original motivation for this ticket I would like to have some kind of confirmation from the release team that this mail does not go straight to /dev/null and that a new upstream (minor) version is an acceptable candidate for a Stable update. I can, of course, convert all that into debian/patches/XXX but honestly, that would really feel like greenwashing. The changes reported here can be reviewed at https://salsa.debian.org/blade/apt-cacher-ng/commits/temp/debian-merge , starting with the commit from 2019-12-20. I am testing this version in my daily operations now. That test base is small, of course, if anyone has a better idea, please let me know. In case you encounter something not understandable in those changes, feel free to ping me via comments in Salsa git review, and I will explain what this is about. Best regards, Eduard.
signature.asc
Description: PGP signature