On 2020-07-06 11:19:21 [+0200], Thomas Andrejak wrote:
> How can I help you to go forward on this ?
>
> Enabling prelude support should be easy
Let me try look at this this week.
> Regards
>
> Thomas
Sebastian
On 2020-06-28 12:48:20 [+0100], Dominic Hargreaves wrote:
> Source: clamav
> Version: 0.102.3+dfsg-1
> Severity: serious
> Justification: FTBFS (when it built before)
>
> During archive-wide test rebuilding of an IPv6-only environment (which
Is this decision blessed by the release team? If so
On 2020-06-16 03:36:22 [+0200], Guillem Jover wrote:
> Hi!
Hi,
> > I've been thinking about parallel decompression for dpkg/xz. Is there
> > any interest in doing this? I hacked parallel-unxz [0] in the meantime
> > to see what is missing from the API point of view (query block offsets
> > is
On 2020-05-28 21:56:25 [+0100], Adam D. Barratt wrote:
> Please feel free to go ahead.
The NEW queue has been passed.
> Regards,
>
> Adam
Sebastian
On 2020-06-01 18:52:49 [+0100], Adam D. Barratt wrote:
>
> Were you assuming that libclamunrar would also be in that set, or just
> clamav itself?
Please go ahead with Clamav. I will ping the libclamunrar bug once it
got through NEW.
> Regards,
>
> Adam
Sebastian
On 2020-05-28 22:10:38 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thx, uploaded.
> Regards,
>
> Adam
>
Sebastian
On 2020-05-27 22:16:11 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thx, uploaded.
> Was the intent that the updates be pushed via -updates?
Yes, please. If you need any additional information please let me know.
> Regards,
>
> Adam
>
Sebastian
On 2020-05-27 22:17:28 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thx, uploaded.
> Regards,
>
> Adam
Sebastian
On 2020-05-28 21:56:25 [+0100], Adam D. Barratt wrote:
> Please feel free to go ahead.
thx, uploaded.
> Regards,
>
> Adam
Sebastian
On 2020-05-27 22:28:44 [+0100], Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sun, 2020-05-24 at 17:47 +0200, Sebastian Andrzej Siewior wrote:
> > As part of this update I also introduce the `libclamunrar' package
> > which only purpose is to depend on libcl
n/changelog
--- clamav-0.102.2+dfsg/debian/changelog 2020-02-22 14:43:26.0 +0100
+++ clamav-0.102.3+dfsg/debian/changelog 2020-05-22 22:36:49.0 +0200
@@ -1,3 +1,12 @@
+clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium
+
+ * Import 0.102.3
+ - CVE-2020-3327 (A vulnerability
+dfsg/debian/changelog clamav-0.102.3+dfsg/debian/changelog
--- clamav-0.102.2+dfsg/debian/changelog 2020-02-22 14:39:45.0 +0100
+++ clamav-0.102.3+dfsg/debian/changelog 2020-05-22 22:32:31.0 +0200
@@ -1,3 +1,12 @@
+clamav (0.102.3+dfsg-0+deb10u1) buster; urgency=medium
+
+ * Import
control: tags -1 -a11y
On 2020-05-03 15:47:03 [+0200], Bernd Scheinbeth wrote:
> Hallo Sebastian,
Hi,
> sorry it's my first reportbug.
So there is a reply-all button in your email client. Please use so the
bug number remains in CC.
You added a11y but based on what you just wrote I assume that
On 2020-05-02 11:05:08 [+0200], Bernd wrote:
> Package: clamav-daemon
> Version: 0.102.2+dfsg-0+deb10u1
> Severity: normal
> Tags: a11y
>
Is it possible to provide more information than just the $Subject?
Sebastian
On 2020-05-02 20:32:01 [+0100], Adam D. Barratt wrote:
> On Sat, 2020-05-02 at 18:36 +0200, Sebastian Andrzej Siewior wrote:
> > I'm fairly late, I know.
>
> Just a little. :-( Particularly as OpenSSL builds udebs.
>
> CCing KiBi and -boot so they're aware of the discussion,
On 2020-05-02 18:36:42 [+0200], To sub...@bugs.debian.org wrote:
> Package: release.debian.org
> User: release.debian@packages.debian.org
> Usertags: pu
> Tags: buster
> Severity: normal
>
> I'm fairly late, I know.
> The last update was addressed via DSA providing only a patch for the CVE
>
On 2020-04-21 21:39:43 [+0200], Kurt Roeckx wrote:
> On Tue, Apr 21, 2020 at 09:18:05PM +0200, Sebastian Andrzej Siewior wrote:
> > On 2020-04-15 13:38:23 [+0200], Kurt Roeckx wrote:
> > > On Wed, Apr 15, 2020 at 12:19:24PM +0100, Simon McVittie wrote:
> > > >
&g
On 2020-04-15 13:38:23 [+0200], Kurt Roeckx wrote:
> On Wed, Apr 15, 2020 at 12:19:24PM +0100, Simon McVittie wrote:
> >
> > I think setting defaults in the shared library itself would be more
> > robust, and if a configuration file to override that is necessary,
>
> This is also the route that
On 2020-04-14 21:54:27 [+], Thorsten Glaser wrote:
> Sebastian Andrzej Siewior dixit:
>
> I’d expect the content of the file to be mixed in at startup
> and updated from the OpenSSL-internal pool, like in earlier
> versions.
No, this is mostly gone as part of the rewri
On 2019-01-08 20:17:42 [+], Simon McVittie wrote:
> It should probably at least have a Breaks on libssl1.0.2, to protect
> partial upgrades from stretch. Some release notes for users of
> third-party software might also be useful. I realise it probably isn't
> feasible to keep openssl.cnf
On 2019-02-19 23:10:40 [+], Thorsten Glaser wrote:
> When I do “openssl rand 4 | hd”, the file ~/.rnd is ignored
> (judging from its tiestamp and md5sum, it’s not rewritten,
> and probably not read either) despite me adding the line
>
> RANDFILE= $ENV::HOME/.rnd
>
> to
On 2018-03-11 21:51:05 [+0100], Balint Reczey wrote:
> For the recompressed firefox .deb (Ubuntu's
> firefox_58.0.2+build1-0ubuntu0.17.10.1_amd64.deb) increased ~9% in
> size but decompressed in <20% of the original time:
So you are saying that the decompression speed that is the bottleneck
here?
Package: dpkg
Version: 1.19.7
Severity: wishlist
I've been thinking about parallel decompression for dpkg/xz. Is there
any interest in doing this? I hacked parallel-unxz [0] in the meantime
to see what is missing from the API point of view (query block offsets
is missing).
My idea of
On 2020-04-09 14:32:07 [+0100], Dimitri John Ledkov wrote:
> Here is the debdiff that makes everything work for me.
>
> It smells like a subtle breakage in detecting/parsing makefile
> targets, or like make regression.
>
> It is still odd, i.e. there is build target, then binary target, which
>
Can this be closed?
Sebastian
On 2019-12-03 20:18:20 [-0800], Jonathan Nieder wrote:
> Hi,
Hi,
> Let's track down the cause first, before pursuing workarounds.
Nothing happened here so far and I almost forgot about it. xz 5.2.5 has
been released in the meantime. Do you want me to help you out in anyway?
I could add the fix I
Source: httping
Version: 2.5-5
Severity: serious
Tags: sid bullseye
User: debian...@lists.debian.org
Usertags: flaky
The test for httping passed on amd64[0] and failed on arm64[1]. Looking
at the failed log
|autopkgtest [17:03:58]: test command3: httping -F -c 4 http://google.com
|autopkgtest
Control: severity -1 important
OpenSSL 1.1.1f is in unstable now which reverts the unexpected EOF
reporting via SSL_ERROR_SSL.
In the OpenSSL 3.0 release it will be reported again as SSL_ERROR_SSL
with reason code SSL_R_UNEXPECTED_EOF_WHILE_READING.
Therefore the severity is downgraded to
On 2020-03-31 21:49:51 [+0200], Salvatore Bonaccorso wrote:
> Hi Kurt,
Hi Salvatore,
> I see, but then I prefer to loop in Steffen Ullrich into the loop
> (upstream of IO::Socket::SSL). Steffen, see the above comment from
> Kurt in the Debian bug, so it looks we cannot close
>
On 2020-03-31 21:41:12 [+0200], Paul Gevers wrote:
>passfail
> opensslfrom testing1.1.1e-1
> libio-socket-ssl-perl from testing2.067-1
> all others from testingfrom testing
there is more than just this. OpenSSL upstream
On 2020-03-26 23:57:24 [-0400], Sandro Tosi wrote:
> > So the test expects no error. Since the commit mention there is an
> > error where earlier there was none. From the Changes file:
> >
> > | *) Properly detect EOF while reading in libssl. Previously if we hit an
> > EOF
> > |while reading
On 2020-03-21 23:33:34 [-0400], Sandro Tosi wrote:
> > > The package FTBFS since openssl has been updated to 1.1.1e because the
> > > testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
> > > while reading in libssl") [0] in openssl. There an issue ticket [1]
> > > which
Package: ruby2.7
Version: 2.7.0-4
Severity: serious
control: forwarded -1 https://bugs.ruby-lang.org/issues/16696
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in
Package: python3.7
Version: 3.7.7-1
Severity: serious
control: forwarded -1 https://bugs.python.org/issue40018
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl.
Package: python2.7
Version: 2.7.17-1
Severity: serious
control: forwarded -1 https://bugs.python.org/issue40018
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl.
Package: python3.8
Version: 3.8.2-1
Severity: serious
control: forwarded -1 https://bugs.python.org/issue40018
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl.
Package: libnet-ssleay-perl
Version: 1.88-2
Severity: serious
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl. There an issue ticket [1]
which introduced the
Package: m2crypto
Version: 0.31.0-9
Severity: serious
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl. There an issue ticket [1]
which introduced the changed
Package: libio-socket-ssl-perl
Version: 2.067-1
Severity: serious
The package FTBFS since openssl has been updated to 1.1.1e because the
testsuite fails. The failure is due to commit db943f43a60d ("Detect EOF
while reading in libssl") [0] in openssl. There an issue ticket [1]
which introduced the
On 2020-02-22 22:31:21 [+], Adam D. Barratt wrote:
>
> How does this seem for an SUA snippet?
perfect. Thank you.
> Regards,
>
> Adam
Sebastian
On 2020-02-22 19:33:53 [+], Adam D. Barratt wrote:
> I guess the intent is to push this via stable-updates?
Yes, please. If you need something, please let us know.
> Regards,
>
> Adam
Sebastian
Package: debhelper
Version: 12.9
Severity: normal
I updated compat level 11->12 and now I see in the build log:
| dh_missing: warning: usr/share/man/man8/clamd.8 exists in debian/tmp but is
not installed to anywhere
…
| clamav-daemon_0.102.2+dfsg-2_amd64.deb
…
| -rw-r--r-- root/root 2636
On 2020-02-17 21:15:57 [+], Scott Kitterman wrote:
> Thanks. It looks like clamav-freshclam will also need Depends
> ca-certificates added. I'd prefer Recommends if we can get away with
> it. What do you think?
I think it makes sense. As things are right now, you need the cert
package or
On 2020-02-10 13:50:00 [+], Adam D. Barratt wrote:
> With 0.102, Freshclam started using libcurl for database downloads, but
> appears to provide no way to configure which certificates should be trusted.
I just learned about the https part.
…
> but this isn't ideal. A configuration option to
On 2020-01-16 15:11:42 [+0100], Stéphane Glondu wrote:
> > The following packages have unmet dependencies:
> > coccinelle : Depends: libpcre-ocaml-2h5n2 but it is not installable
> > Depends: ocaml-base-nox-4.05.0 but it is not installable
> > E: Unable to correct problems, you have
On 2020-01-16 23:03:21 [+0100], Mattia Rizzolo wrote:
> your package is using `xml2-config` to detect and use libxml2. I'm
> removing that script, so please update your build system to use
> pkg-config instead.
Thanks for the report. I switched to pkg-config but dunno when I'm going
to upload.
control: reassing -1 kopete 4:17.08.3-2.1
control: retitle -1 kopete: segfaults when is using it (libjingle-call)
On 2020-01-16 13:55:17 [+0100], Jens Schmidt wrote:
> Dear Sebastion,
>
> yes, it seems that way.
> I dit not look at the kopete package for the bug, since libssl was the thing
>
On 2020-01-15 17:12:29 [+0100], Jens Schmidt wrote:
> Package: libssl1.1
> Version: 1.1.1d-0+deb10u2
> Severity: critical
> File: libssl
> Justification: breaks unrelated software
>
> Dear Maintainer,
>
> when using kopete, dmesg shows a shitload of:
> [timestamp] libjingle-call[11878]: segfault
On January 2, 2020 3:50:46 PM UTC, Salvatore Bonaccorso
wrote:
>If you fix the vulnerability please also make sure to include the
>CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
There is no upstream release which includes this fix (except for the 1.0.2
series). Should we
On 2019-12-28 21:55:46 [+0100], Hugo Lefeuvre wrote:
> Hi Sebastian,
Hi,
> I see that your work migrated to testing, and wondered... are you still
> intending to prepare updates for stretch and buster? Is there anything I
> can do to help you?
There are two pu bugs open. Based on the feedback
On December 29, 2019 11:30:51 AM UTC, "Adam D. Barratt"
wrote:
>> I slightly updated the package to
>> - add the new `clamonacc' binary to the clamav-daemon package.
>> - remove the `ScanOnAccess' option from the postinst/debconf script.
>> The option is deprecated and the functionality moved
ovides this functionality.
- -- Sebastian Andrzej Siewior Sun, 08 Dec 2019 22:05:51 +0100
+ -- Sebastian Andrzej Siewior Mon, 23 Dec 2019 21:07:34 +0100
clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
diff --git a/debian/clamav-daemon.config.in b/debian/clamav-daemon.config.in
index 6
Sebastian Andrzej Siewior Sun, 08 Dec 2019 12:40:16 +0100
+ -- Sebastian Andrzej Siewior Mon, 23 Dec 2019 21:04:45 +0100
clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
diff --git a/debian/clamav-daemon.config.in b/debian/clamav-daemon.config.in
index 60bef89..131336c 100644
--- a/debi
On 2019-12-19 10:04:48 [+0100], Christoph Berg wrote:
> Re: Sebastian Andrzej Siewior 2019-12-18
> <20191218225837.qttuxpwrbo5ukpr3@flow>
> > > $ sudo -u clamav freshclam --verbose
> >
> > what happens if you strip the sudo part? One of the first thing is to
&g
On 2019-12-18 11:59:50 [+0100], Christoph Berg wrote:
> Nothing special, and the test started failing on ci.debian.net as well
> as in my local sid chroot.
Yes and this is absolute mystery to me. My up-to-date sid chroot I use
in schroot for sbuild does not show this problem. If I install
On 2019-12-11 11:48:00 [+0100], Christoph Berg wrote:
> Re: Sebastian Andrzej Siewior 2019-12-07
> <20191207201131.v563o62fpmjnz7ol@flow>
> > clamav can't migrate because the debci-test for pg-snakeoil fails. I
> > *think* that the test itself is somehow borke
On 2019-12-11 10:46:36 [+0100], Christoph Berg wrote:
> Re: Sebastian Andrzej Siewior 2019-12-10
> <20191210224647.dk4svg65hleftr7r@flow>
> > +clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
> > +
> > + - update symbols file (bump to 101.4 and drop unu
test "x$XML_LIBS" = "x"; then
+if test "x$XML_LIBS" = "x"; then
CL_MSG_STATUS([libxml2 ],[no],[])
else
CL_MSG_STATUS([libxml2 ],[yes, from $XML_HOME],[])
diff -Nru clamav-0.101.2+dfsg/debian/changelog clamav-0.101.4+dfsg/debian/changelog
Package: pg-snakeoil
Version: 1.2-1
Severity: imporant
Hi,
clamav can't migrate because the debci-test for pg-snakeoil fails. I
*think* that the test itself is somehow borken since after installing
the bytecode.cvd itself appears on my system. Could you please take a
look?
However. The complete
On 2019-12-01 11:35:08 [-0800], Daniel Schepler wrote:
> ...
> debian/rules build
> dh build --parallel
>dh_update_autotools_config -O--parallel
>dh_auto_configure -O--parallel
>dh_auto_build -O--parallel
>dh_auto_test -O--parallel
> fakeroot debian/rules binary
> dh binary
On 2019-11-24 11:24:45 [+0100], Hugo Lefeuvre wrote:
> Dear clamav maintainers,
Hi,
> are you planning to address this in stretch/buster via -updates? I can
> provide some help if needed (and make sure this gets backported to
> jessie-security).
I just pushed 0.102.1 into git targeting
control: forwarded -1 https://gitlab.com/gnutls/gnutls/issues/862
On 2019-11-19 19:46:07 [+0100], Andreas Metzler wrote:
> On 2019-11-18 Sebastian Andrzej Siewior wrote:
> [request for changing cipher list]
>
> Could you please take this upstream? This is not a point where Debian
&
Package: gnutls28
Version: 3.6.7-4
Severity: important
Assuming the client program did not specify a cipher list we end up with
NORMAL and this can be display via
gnutls-cli --list --priority NORMAL
If we strip TLS1.3 and ECDHE away (because the remote side does not support
it) then we
On 2019-10-08 22:51:02 [+0200], Kurt Roeckx wrote:
> On Tue, Oct 08, 2019 at 10:15:33PM +0200, Ondřej Surý wrote:
> > The one package particularly hit by this is PHP.
> >
> > The openssl_get_cipher_methods() function does list the hmac variants with
> > 1.1.1c, but it doesn’t with 1.1.1d, so
On 2019-10-08 17:35:22 [+0200], Greg wrote:
> Package: libssl1.1
> Version: 1.1.1c-1+0~20190710.13+debian10~1.gbp359e02
> Severity: normal
>
> Dear Maintainer,
>
> * What led up to the situation?
> Upgraded package libssl1.1 from 1.1.1c to 1.1.1d
>
> * What exactly did you do (or not
On 2019-10-06 16:14:15 [+0200], Hugo Lefeuvre wrote:
> * Inconsistent results with zbsm.zip:
>
> clamdscan returns different results when run different times. The first
> time the file is considered sane, the second time as "infected".
>
> It looks like clamdscan doesn't always hit the
On 2019-10-05 21:34:22 [+0200], Salvatore Bonaccorso wrote:
> Hi, Sebastian,
Hi Colin,
> > On 2019-10-05 18:00:02 [+0200], Sylvain Rochet wrote:
> > > Indeed, you are right, this issue is now fixed upstream in openssh.
> > > https://github.com/openssh/openssh-portable/pull/149
> >
> > in that
-maintainer upload.
+ * Backport two patches to fix the testsute with newer openssl.
+ * Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
+break with newer openssl (Closes: #940547).
+
+ -- Sebastian Andrzej Siewior Mon, 30 Sep 2019 20:55:00 +0200
+
python
(Closes: #940547).
+
+ -- Sebastian Andrzej Siewior Mon, 30 Sep 2019 20:58:11 +0200
+
python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium
* Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
diff -Nru python-cryptography-1.7.1/debian/patches/series python
On 2019-04-17 07:46:44 [+], Mayer, Dirk wrote:
> Is there any chance with bug will be fixed ?
> Do you need more information ?
I just stumbled uppon this report. Is this still the case as with
1.7.1-3+deb9u1? I think it appeared shortly after you wrote this email.
> Thanks an best regards
>
+
+ * Non-maintainer upload.
+ * Backport two patches to fix the testsute with newer openssl.
+ * Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
+break with newer openssl (Closes: #940547).
+
+ -- Sebastian Andrzej Siewior Tue, 24 Sep 2019 21:10:32 +0200
+
python
On 2019-09-11 09:23:24 [+0200], Matus UHLAR - fantomas wrote:
> > On September 9, 2019 10:03:13 AM UTC, Matus UHLAR - fantomas
> > wrote:
> > > Please, add meta package pointing to current libclamunrar.
>
> On 10.09.19 16:02, Sebastian Andrzej Siewior wrote:
>
Package: python-cryptography
Version: 2.6.1-3
Severity: serious
The upload of latest openssl 1.1.1d triggert three testsuite failures in
python-cryptography [0]
- _ test_buffer_protocol_alternate_modes[mode5]
__
|mode =
|backend =
|
|
On September 9, 2019 10:03:13 AM UTC, Matus UHLAR - fantomas
wrote:
>Please, add meta package pointing to current libclamunrar.
Do you have an example how that should look like? I can't add package to main
which has a recommends or depends on a package in contrib or non-free, see:
On 2019-09-03 21:24:04 [-0400], Dylan H. wrote:
> As title says. Using AppImages with older OpenSSL binaries instantly aborts
> the
> application and I get no error codes. I have tested this with Ripcord and it
> will not open.
can you give some more details? Like what you have installed and
On 2019-08-25 15:00:21 [+0100], Adam D. Barratt wrote:
> Please go ahead.
thanks, both packages are uploaded.
> Regards,
>
> Adam
>
Sebastian
"x$XML_LIBS" = "x"; then
CL_MSG_STATUS([libxml2 ],[no],[])
else
CL_MSG_STATUS([libxml2 ],[yes, from $XML_HOME],[])
diff -Nru clamav-0.101.2+dfsg/debian/changelog clamav-0.101.4+dfsg/debian/changelog
--- clamav-0.101.2+dfsg/debian/changelog 2019-04-05 22:07:01.00
On 2019-08-22 15:36:31 [-0400], Hugo Lefeuvre wrote:
> Great! Is anybody working on 0.101.4 updates for stretch/buster? I plan to
> backport the update to jessie after that.
I'm tired now but I plan to take care of this over the weekend.
> regards,
> Hugo
Sebastian
dansguardian-2.10.1.1/debian/changelog
--- dansguardian-2.10.1.1/debian/changelog
+++ dansguardian-2.10.1.1/debian/changelog
@@ -1,3 +1,10 @@
+dansguardian (2.10.1.1-5.1+deb9u2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Add support for clamav 0.101 (Closes: #923981).
+
+ -- Sebastian Andrzej
m4_include([m4/reorganization/code_checks/unit_tests.m4])
diff -Nru libclamunrar-0.101.1/debian/changelog
libclamunrar-0.101.2/debian/changelog
--- libclamunrar-0.101.1/debian/changelog 2019-03-10 17:09:59.0
+0100
+++ libclamunrar-0.101.2/debian/changelog 2019-04-06 20:25:19.00
upload.
+ * Add support for clamav 0.101.1 (Closes: #919814).
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
22:00:14 +0100
+
c-icap-modules (1:0.4.4-1) unstable; urgency=medium
* New upstream release
diff -Nru c-icap-modules-0.4.4/debian/control
c-icap-modules-0.4.4/debian/control
to match
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
17:30:34 +0100
+
havp (0.92a-4) unstable; urgency=medium
[ Andreas Cadhalpun ]
diff -Nru havp-0.92a/debian/control havp-0.92a/debian/control
--- havp-0.92a/debian/control 2015-07-31 22:54:50.0 +0200
+++ havp-0.92a/debian/control
]
+ * Add d/p/python-clamav-add-support-for-clamav-0.101.0.patch to that
+python-clamav builds/works with clamav 101.1 and newer (Closes: #920959)
+ * Bump libclamav-dev build-depends to match
+
+ -- Sebastian Andrzej Siewior Sun, 10 Mar 2019
20:49:14 +0100
+
python-clamav (0.4.1-8) unstable
On 2019-08-20 23:45:18 [+0100], Adam D. Barratt wrote:
> > and then open p-u bugs
> > for the transition?
>
> Is anything required beyond binNMUs of r-deps?
I tried to highight this in the first email of this bug:
|It affects the following packages as part of the transistion which
|require a
On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote:
> Indeed, and then we dropped the ball again. :-(
>
> Let's get this going.
So I upload the here promissed Stretch package and then open p-u bugs
for the transition?
> Regards,
>
> Adam
Sebastian
control: tags -1 patch
control: fixed -1 2.12+dfsg-1
control: forwarded -1
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=ccec71ec318fdf739f55858d5bffaf4fd6520036
On 2013-05-22 14:32:48 [+0200], appzer0 wrote:
> Upstream patch (applied on git but never released, as cpio 2.11 is pretty
>
On 2019-08-12 23:59:10 [+0200], Kurt Roeckx wrote:
> > Kurt, could we get something into OpenSSL (aka openssl s_client
> > -connect) which describes the error more accurate / verbose?
> > I will try to collect some information and point the ssllabs people to
> > it hoping that it will pop up in
On 2019-08-12 18:22:38 [+0200], Kurt Roeckx wrote:
> On Mon, Aug 12, 2019 at 10:42:06AM +0200, Johannes Schauer wrote:
> > > > curl: (35) error:1414D172:SSL
> > > > routines:tls12_check_peer_sigalg:wrong signature type
> >
> > thanks to juliank on #debian-devel I found out that this issue
control: found -1 0.98.6+dfsg-1
On 2019-08-12 08:21:22 [+0200], Hugo Lefeuvre wrote:
> Hi Sebastian,
Hi,
> I'm sorry if this sounded insistent, it was not intended like that.
No problem, everything is okay. I was planning to open a similar bug
just to point out that the issue is not completly
On 2019-08-10 09:39:22 [+0200], Hugo Lefeuvre wrote:
> Source: clamav
> Version: 0.101.2+dfsg-3
> Severity: important
> Tags: security upstream
> Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=12356
>
> Hi,
>
> clamav is affected by a DoS vulnerability caused by crafted, extremely
>
1.2+dfsg-1+deb10u1) buster; urgency=medium
+
+ * Cherry-pick a fix from 0.101.3 to address a vulnerability to
+non-recursive zip bombs.
+
+ -- Sebastian Andrzej Siewior Tue, 06 Aug 2019
22:07:01 +0200
+
clamav (0.101.2+dfsg-1) unstable; urgency=high
* Import 0.101.2
diff -Nru clamav-0.
was fixed in OpenSSL 1.1.1c (Closes: #929903).
+
+ -- Sebastian Andrzej Siewior Sat, 08 Jun 2019 12:35:11 +0200
+
m2crypto (0.31.0-3) unstable; urgency=medium
* add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate
).
+
+ -- Sebastian Andrzej Siewior Sat, 08 Jun 2019 12:35:11 +0200
+
m2crypto (0.31.0-3) unstable; urgency=medium
* add 0002-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
diff -Nru m2crypto-0.31.0/debian/patches/0003-Remove-duplicate-call-of-the-error-code.patch m2crypto-0.31.0
On 2019-06-08 10:28:38 [+0200], Matěj Cepl wrote:
> Sebastian Andrzej Siewior píše v Út 04. 06. 2019 v 23:10 +0200:
> > It did not if I understand the python correctly:
> > >with self.assertRaises(RSA.RSAError):
> > >priv.private_decrypt(ctxt, RSA.s
On 2019-06-08 10:22:54 [+0200], Paul Gevers wrote:
> Control: tags -1 moreinfo
>
> Hi Sebastian,
Hi Paul,
> Can you please elaborate why this version meets the freeze policy, or
> why it should get an exception? In the text above there is no mention at
> all of serious bugs that get fixed.
Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package openssl.
The updated package is the `c' version, which is the latest upstream
release for the 1.1.1 series.
This update causes a regresion in the m2crypto test suite
On 2019-06-04 14:24:12 [+0200], Matěj Cepl wrote:
> Sebastian Andrzej Siewior píše v Út 04. 06. 2019 v 14:15 +0200:
> > Let me ping upstream: Matěj, could you please take a look at
> > https://bugs.debian.org/929903
> >
> > and check if it is okay the test no
On 2019-06-04 12:12:35 [+0200], Kurt Roeckx wrote:
> On Tue, Jun 04, 2019 at 12:46:07AM +0200, Sebastian Andrzej Siewior wrote:
> >
> > So if I decoded it right, it does
> >
> > | fbuf = sha1("The magic words are squeamish ossifrage."); /* 0xbf
On 2019-06-02 23:39:22 [+0200], Kurt Roeckx wrote:
> > So, I added a small test for RSA_SSLV23_PADDING, as an extra commit,
> > since it will likely not cherry-pick in stable branches.
>
> It's about this change:
> -good &= constant_time_lt(threes_in_row, 8);
> +good &=
Package: openssl
Version: 1.1.1c-1
Severity: serious
The m2crypto test suite fails with c, passes with b. The error log
https://ci.debian.net/data/autopkgtest/testing/amd64/m/m2crypto/2436983/log.gz
The testsuite complains about a missing error / the exception is not
raised. The bisect says,
401 - 500 of 1863 matches
Mail list logo