Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2

Sat, 15 Jun 2024 15:51:29 -0700 

Control: tag -1 moreinfo

Hi,

On Fri, Apr 12, 2024 at 10:18:02PM +0000, Bastien Roucariès wrote:
> diff -Nru zookeeper-3.8.0/debian/changelog zookeeper-3.8.0/debian/changelog
> --- zookeeper-3.8.0/debian/changelog  2023-10-29 07:57:11.000000000 +0000
> +++ zookeeper-3.8.0/debian/changelog  2024-03-25 08:30:56.000000000 +0000
> @@ -1,3 +1,22 @@
> +zookeeper (3.8.0-11+deb12u2) bookworm-security; urgency=medium

Target should be bookworm.


> diff -Nru 
> zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch
>  
> zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch
> --- 
> zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch
>     1970-01-01 00:00:00.000000000 +0000
> +++ 
> zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch
>     2024-03-25 08:30:56.000000000 +0000
> @@ -0,0 +1,1223 @@


This patch confuses me. It seems to contain a whole series of nested
patches? How do they get applied to the source package?


> diff -Nru zookeeper-3.8.0/debian/patches/series 
> zookeeper-3.8.0/debian/patches/series
> --- zookeeper-3.8.0/debian/patches/series     2023-10-29 07:57:11.000000000 
> +0000
> +++ zookeeper-3.8.0/debian/patches/series     2024-03-25 08:30:56.000000000 
> +0000
> @@ -1,19 +1,10 @@
> -#01-add-jtoaster-to-zooinspector.patch
> -#02-patch-build-system.patch
>  03-disable-cygwin-detection.patch
>  05-ZOOKEEPER-770.patch
>  06-ftbfs-gcc-4.7.patch
>  07-remove-non-reproducible-manifest-entries.patch
> -#08-reproducible-javadoc.patch
>  10-cppunit-pkg-config.patch
>  11-disable-minikdc-tests.patch
>  12-add-yetus-annotations.patch
> -#13-disable-netty-connection-factory.patch
> -#14-ftbfs-with-gcc-8.patch
> -#15-javadoc-doclet.patch
> -#16-ZOOKEEPER-1392.patch
> -#17-gcc9-ftbfs-925869.patch
> -#18-java17-compatibility.patch
>  19-add_missing-plugins-versions.patch
>  20-no-Timeout-in-tests.patch
>  21-use-ValueSource-with-ints.patch
> @@ -33,3 +24,4 @@
>  35-flaky-test.patch
>  36-JUnitPlatform-deprecation.patch
>  CVE-2023-44981.patch
> +0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch

Presumably these dropped patches get integrated into the nested set in
0027? Or are they actually dropped?




-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply via email to