Bug#1081035: bookworm-pu: package fcgiwrap/1.1.0-14+deb12u1

Sat, 07 Sep 2024 03:21:20 -0700 

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: fcgiw...@packages.debian.org, t...@security.debian.org, Jonathan 
Nieder <jrnie...@gmail.com>, Jordi Mallach <jo...@debian.org>, car...@debian.org
Control: affects -1 + src:fcgiwrap
User: release.debian....@packages.debian.org
Usertags: pu

Hi

We (security-team) plan to release an update of git fixing several
CVEs, prepared by Jonathan Nieder and rebasing git version to 2.39.5
upstream, which uncovered regressions in both fcgiwrap (#1072394) and
ikiwiki-hosting (cf. #1076751).

They were triggered as well in autopkgtests with the prepared
git/1:2.39.5-0+deb12u1 version.

We discussed this, if we should release the update for ikiwiki-hosting
(real impact) and fcgiwrap (only autopkgtests) via a corresponding
update or a proposed-update is enough. We prpoose the later, and let
it go through the upcoming point release.

Attached ist the proposed debdiff for fcgiwrap.

I have not yet uploaded the package, but CC'ing Jordi.

Regards,
Salvatore

diff -Nru fcgiwrap-1.1.0/debian/changelog fcgiwrap-1.1.0/debian/changelog
--- fcgiwrap-1.1.0/debian/changelog     2022-12-17 18:23:54.000000000 +0100
+++ fcgiwrap-1.1.0/debian/changelog     2024-09-07 11:31:30.000000000 +0200
@@ -1,3 +1,13 @@
+fcgiwrap (1.1.0-14+deb12u1) bookworm; urgency=medium
+
+  [ Mitchell Dzurick ]
+  * d/t/git-http-backend: make www-data own $AUTOPKGTEST_TMP/test1/.git
+    git introduced more aggressive security checking, so the dep8 test needs
+    to explicitly change ownership of the new git directory.
+    (LP: #2067942, Closes: #1072394)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 07 Sep 2024 11:31:30 +0200
+
 fcgiwrap (1.1.0-14) unstable; urgency=medium
 
   * Brown paper bag release.
diff -Nru fcgiwrap-1.1.0/debian/tests/git-http-backend 
fcgiwrap-1.1.0/debian/tests/git-http-backend
--- fcgiwrap-1.1.0/debian/tests/git-http-backend        2022-11-21 
18:05:05.000000000 +0100
+++ fcgiwrap-1.1.0/debian/tests/git-http-backend        2024-09-07 
11:30:46.000000000 +0200
@@ -12,6 +12,7 @@
 
 git init test1
 git -C test1 commit --allow-empty -m test
+chown -R www-data:www-data "$AUTOPKGTEST_TMP"/test1/.git
 
 tee /etc/nginx/sites-available/default <<EOF
 server {

Reply via email to