Hi Bastien, On Sun, May 12, 2024 at 05:47:31PM +0000, Bastien Roucariès wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: fos...@packages.debian.org > Control: affects -1 + src:fossil > User: release.debian....@packages.debian.org > Usertags: pu > > this bug was opened by previous arrangement with maintainer. > > [ Reason ] > fossil is affected by a regression due to a security update of apache > CVE-2024-24795. Backport was choosen > because upstream does not document all commit needed for fixing the > regression.
Disclaimer, not SRM so this is not an authoritative answer. But that means that as well packaing changes beween 1:2.21-1 and the proposed one are included. Are all of those allowed to be done or should you individually revert some changes? E.g. there is * Bump policy * Build depend on pkgconfig instead of obsolete pkg-config and * Oops, typo: pkgconf which might indeed be fine. But should defintitively be checked. Regards, Salvatore
