Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
* Adam D. Barratt: >> Reading through the changelog between the two Debian versions, there >> are several changes that we normally would not consider, including a >> switch to Debhelper 11 and a change of supported OpenSSL version. >> >> In order to try and assess the practical impact, would it be possible >> to have a binary debdiff between the current packages and your >> proposed >> upload. > > That was over a year ago now, and there doesn't appear to have been any > further response. > > We're now planning for the final point release for stretch before it > moves to LTS status, so it may be too late to handle this in practical > terms. Sorry for forgetting. I'm inclined to leave this unresolved. I'm assuming that that most if not all users who have run into the YubiKey/OpenSC problems have upgraded to buster (or beyond) or solved their problems otherwise. If you think this is still worthwhile fixing, here's an updated .debian.tar.xz with Debhelper and OpenSSL build-dependencies changed to match those of opensc/0.16.0-3+deb9u1. Unfortunately, I am unable to test this properly right now. Cheers, -Hilko opensc_0.19.0-1~deb9u1.debian.tar.xz Description: application/xz
Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
On Sat, 2019-02-09 at 14:13 +, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Tue, 2019-01-08 at 23:59 +0100, Hilko Bengen wrote: > > I'd like to update opensc in stretch to 0.1.9-1~deb9u1 in order to > > fix a regression that introduced with the last update, 0.1.6- > > 3+deb9u1, in an attempt to fix security issues (see #910786 for > > details). > > > > I am aware that this is by no means a minimal change. I have tried > > to > > fix the backported patch that broke Yubikey NEO support for me, but > > I > > have not been able to restore functionality without reverting the > > patch that fixed a CVE-worthy buffer overflow. > > > > Because I own no other smartcard hardware, I cannot tell if the > > other > > patches that were introduced with 0.16.0-3+deb9u1 broke any other > > hardware support. > > Apologies for not getting back to you sooner. > > Reading through the changelog between the two Debian versions, there > are several changes that we normally would not consider, including a > switch to Debhelper 11 and a change of supported OpenSSL version. > > In order to try and assess the practical impact, would it be possible > to have a binary debdiff between the current packages and your > proposed > upload. That was over a year ago now, and there doesn't appear to have been any further response. We're now planning for the final point release for stretch before it moves to LTS status, so it may be too late to handle this in practical terms. Regards, Adam
Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
Control: tags -1 + moreinfo On Tue, 2019-01-08 at 23:59 +0100, Hilko Bengen wrote: > I'd like to update opensc in stretch to 0.1.9-1~deb9u1 in order to > fix a regression that introduced with the last update, 0.1.6- > 3+deb9u1, in an attempt to fix security issues (see #910786 for > details). > > I am aware that this is by no means a minimal change. I have tried to > fix the backported patch that broke Yubikey NEO support for me, but I > have not been able to restore functionality without reverting the > patch that fixed a CVE-worthy buffer overflow. > > Because I own no other smartcard hardware, I cannot tell if the other > patches that were introduced with 0.16.0-3+deb9u1 broke any other > hardware support. Apologies for not getting back to you sooner. Reading through the changelog between the two Debian versions, there are several changes that we normally would not consider, including a switch to Debhelper 11 and a change of supported OpenSSL version. In order to try and assess the practical impact, would it be possible to have a binary debdiff between the current packages and your proposed upload. Regards, Adam
Bug#918744: stretch-pu: package opensc/0.1.9-1~deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear release team, I'd like to update opensc in stretch to 0.1.9-1~deb9u1 in order to fix a regression that introduced with the last update, 0.1.6-3+deb9u1, in an attempt to fix security issues (see #910786 for details). I am aware that this is by no means a minimal change. I have tried to fix the backported patch that broke Yubikey NEO support for me, but I have not been able to restore functionality without reverting the patch that fixed a CVE-worthy buffer overflow. Because I own no other smartcard hardware, I cannot tell if the other patches that were introduced with 0.16.0-3+deb9u1 broke any other hardware support. The .debian.tar.xz is attached. Given the size of the effective change, a debdiff does not seem to make a lot of sense. I have not done an upload yet. Cheers, -Hilko opensc_0.19.0-1~deb9u1.debian.tar.xz Description: application/xz
