Bug#970633: tt-rss: Packaging work for new upstream release 21.1
On 05/02/21 4:24 pm, Sebastian Reichel wrote: [...] > > I had some pending work from last year doing some of these changes > and some additional things. Back then I stopped when reaching the > gettext part wondering how to be solve it (IIUIC upstream's version > has some security fixes). Anyways your solution is better than doing > nothing, so I merged everything together and just uploaded a new > version. Just to summarize the situation with php-gettext: the library had a single security issue with use of eval() when parsing plural expressions (#976135). In Debian, it now has a proper fix through the implementation of a plural expression parser instead of using eval(). While there is no response from upstream for the merge request, tt-rss apparently picked up the fix in its vendored copy of gettext library. In Debian, tt-rss uses the Debian package for php-gettext. So, every thing is in good shape for this security issue. Other security issues found and fixed in upstream tt-rss (CVE-2020-25787 CVE-2020-25788 CVE-2020-25789) are unrelated to this. > > Your changes all looked sane and I'm mostly busy in the kernel world > these days and your help is appreciated. If I saw it correctly you are > not a DD, so I just gave you full permissions to the tt-rss repository. > Feel free to work directly in the repository without doing pull requests. Many thanks for permissions to the repository, the recent upload and in general for tt-rss. -- Sunil OpenPGP_signature Description: OpenPGP digital signature
Bug#970633: tt-rss: Packaging work for new upstream release 21.1
Hi Sunil, On Thu, Feb 04, 2021 at 08:56:28AM +0100, Johannes Schauer Marin Rodrigues wrote: > Quoting Johannes Schauer Marin Rodrigues (2021-02-04 08:50:51) > > oh wow! Thanks a ton for all your work! This is phantastic. :) > > while this still stands Ack. > > Do you want to do the upload yourself? Just add yourself to Uploaders as > > well > > while you are at it, you seem to know what you are doing and I'd love > > somebody > > to help out with packaging. Feel free to just put your commits directly into > > the packaging repo on salsa! That's already part of the changes :) > let me retract this -- somehow I didn't read "tt-rss" and confused packages XD > > It should of course not be me but Sebastian Reichel to make this call. :) I had some pending work from last year doing some of these changes and some additional things. Back then I stopped when reaching the gettext part wondering how to be solve it (IIUIC upstream's version has some security fixes). Anyways your solution is better than doing nothing, so I merged everything together and just uploaded a new version. Your changes all looked sane and I'm mostly busy in the kernel world these days and your help is appreciated. If I saw it correctly you are not a DD, so I just gave you full permissions to the tt-rss repository. Feel free to work directly in the repository without doing pull requests. Thanks, -- Sebastian signature.asc Description: PGP signature
Bug#970633: tt-rss: Packaging work for new upstream release 21.1
Quoting Johannes Schauer Marin Rodrigues (2021-02-04 08:50:51) > oh wow! Thanks a ton for all your work! This is phantastic. :) while this still stands > Do you want to do the upload yourself? Just add yourself to Uploaders as well > while you are at it, you seem to know what you are doing and I'd love somebody > to help out with packaging. Feel free to just put your commits directly into > the packaging repo on salsa! let me retract this -- somehow I didn't read "tt-rss" and confused packages XD It should of course not be me but Sebastian Reichel to make this call. :) signature.asc Description: signature
Bug#970633: tt-rss: Packaging work for new upstream release 21.1
Hi Sunil, Quoting Sunil Mohan Adapa (2021-02-04 03:17:55) > tag 970633 + patch > tag 932924 + patch > thanks > > Hello, > > Eagerly looking forward to tt-rss being in good shape for FreedomBox in > Bullseye, I have done the packaging work needed for uploading 21.1 > version of tt-rss. Please merge and upload the package into Debian > unstable before the Bullseye Soft Freeze date February 12th. Since this > is a collab-maint package, I assume it would be okay to for others to > upload as well. > > * New upstream release based on latest revision 6d8f2221 on 2021-01-29 > 11:52:21 UTC+0300. > - Contains security fixes for CVE-2020-25787 CVE-2020-25788 > CVE-2020-25789 (Closes: #970633). > * Use latest version of libjs-prototype. > * Refresh patches. > * Ability to update to latest schema version 140. > * Update Debian Standards Version to 4.5.1. > * Update debhelper compatibility to 13 the latest. > * Mark as not requiring root for rules file. > * Add self to list of uploaders. > * Fix various lintian warnings and info messages. > * Document upstream changes since 19.8. > * Add directory for caching feeds. > * Remove the default feed to tt-rss forum to improve privacy. (Closes: > #932924) > * Use material design icons from Debian package. > * Add documentation link in systemd service file. > * Redirect stderr to journal instead of syslog. > > Apart from the https://salsa.debian.org/sunilmohan/tt-rss/-/tree/master > branch please also pull in branches > https://salsa.debian.org/sunilmohan/tt-rss/-/tree/pristine-tar and > https://salsa.debian.org/sunilmohan/tt-rss/-/tree/upstream along with > the tags. > > I have tested new version as follows: > > - DONE: lintian does not show messages with --info --display-info --pedantic > - DONE: SELF_URL_PATH may need a proper value. > - DONE: Prototype JS is working fine (no change since last version) > - DONE: Dojo is loading fine the following pages: > - DONE: feeds.php > - DONE: public.php: popup in Feeds -> Bookmarklets -> Share with TTRSS > - DONE: public.php: forgot password page > - DONE: public.php: db update page > - DONE: public.php: subscribe to feed page (possible dead code) > - DONE: installer: unused in Debian > - DONE: login_form.php > - DONE: Debian configured DB works > - DONE: Theme looks good, dark theme works > - DONE: Upstream changes files contains changes for 21.1 > - DONE: No messages in Apache error log > - DONE: Update service works properly, feeds are updated offline > - DONE: Updates error log is successfully redirected to journal > - DONE: No error messages in journal for updates > - DONE: Material design icons are linked to properly in .deb > - DONE: Material design icons show up in web interface properly > - DONE: Installed DB schema version is 140 > - DONE: Install fresh on MySQL/MariaDB > - DONE: Install fresh on PostgreSQL > - DONE: Upgraded from 19.8 on MySQL/MariaDB > - DONE: Upgraded from 19.8 on PostgreSQL > - DONE: Install fresh on bare Debian works fine > - DONE: With MySQL/MariaDB > - DONE: With PostgreSQL > - DONE: Upgrade from 19.8 on bare Debian work fine > - DONE: With MySQL > - DONE: With PostgreSQL > - DONE: Default feed Tiny Tiny RSS Forum is not present by default > - DONE: On MySQL installation > - DONE: On PostgreSQL installation > - DONE: When a new user is created in prefs. oh wow! Thanks a ton for all your work! This is phantastic. :) Do you want to do the upload yourself? Just add yourself to Uploaders as well while you are at it, you seem to know what you are doing and I'd love somebody to help out with packaging. Feel free to just put your commits directly into the packaging repo on salsa! Thanks! cheers, josch signature.asc Description: signature
Bug#970633: tt-rss: Packaging work for new upstream release 21.1
tag 970633 + patch tag 932924 + patch thanks Hello, Eagerly looking forward to tt-rss being in good shape for FreedomBox in Bullseye, I have done the packaging work needed for uploading 21.1 version of tt-rss. Please merge and upload the package into Debian unstable before the Bullseye Soft Freeze date February 12th. Since this is a collab-maint package, I assume it would be okay to for others to upload as well. * New upstream release based on latest revision 6d8f2221 on 2021-01-29 11:52:21 UTC+0300. - Contains security fixes for CVE-2020-25787 CVE-2020-25788 CVE-2020-25789 (Closes: #970633). * Use latest version of libjs-prototype. * Refresh patches. * Ability to update to latest schema version 140. * Update Debian Standards Version to 4.5.1. * Update debhelper compatibility to 13 the latest. * Mark as not requiring root for rules file. * Add self to list of uploaders. * Fix various lintian warnings and info messages. * Document upstream changes since 19.8. * Add directory for caching feeds. * Remove the default feed to tt-rss forum to improve privacy. (Closes: #932924) * Use material design icons from Debian package. * Add documentation link in systemd service file. * Redirect stderr to journal instead of syslog. Apart from the https://salsa.debian.org/sunilmohan/tt-rss/-/tree/master branch please also pull in branches https://salsa.debian.org/sunilmohan/tt-rss/-/tree/pristine-tar and https://salsa.debian.org/sunilmohan/tt-rss/-/tree/upstream along with the tags. I have tested new version as follows: - DONE: lintian does not show messages with --info --display-info --pedantic - DONE: SELF_URL_PATH may need a proper value. - DONE: Prototype JS is working fine (no change since last version) - DONE: Dojo is loading fine the following pages: - DONE: feeds.php - DONE: public.php: popup in Feeds -> Bookmarklets -> Share with TTRSS - DONE: public.php: forgot password page - DONE: public.php: db update page - DONE: public.php: subscribe to feed page (possible dead code) - DONE: installer: unused in Debian - DONE: login_form.php - DONE: Debian configured DB works - DONE: Theme looks good, dark theme works - DONE: Upstream changes files contains changes for 21.1 - DONE: No messages in Apache error log - DONE: Update service works properly, feeds are updated offline - DONE: Updates error log is successfully redirected to journal - DONE: No error messages in journal for updates - DONE: Material design icons are linked to properly in .deb - DONE: Material design icons show up in web interface properly - DONE: Installed DB schema version is 140 - DONE: Install fresh on MySQL/MariaDB - DONE: Install fresh on PostgreSQL - DONE: Upgraded from 19.8 on MySQL/MariaDB - DONE: Upgraded from 19.8 on PostgreSQL - DONE: Install fresh on bare Debian works fine - DONE: With MySQL/MariaDB - DONE: With PostgreSQL - DONE: Upgrade from 19.8 on bare Debian work fine - DONE: With MySQL - DONE: With PostgreSQL - DONE: Default feed Tiny Tiny RSS Forum is not present by default - DONE: On MySQL installation - DONE: On PostgreSQL installation - DONE: When a new user is created in prefs. Thanks, -- Sunil
