Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1025011: Keep out of bookworm unless actively maintained
248 views
Skip to first unread message
Moritz Muehlenhoff
Nov 28, 2022, 2:50:03 PM11/28/22
to
Source: netatalk
Version: 3.1.13~ds-2
Severity: serious
netatalk should not enter bookworm unless it gets adopted and
actively maintained.
Cheers,
Moritz
Version: 3.1.13~ds-2
Severity: serious
netatalk should not enter bookworm unless it gets adopted and
actively maintained.
Cheers,
Moritz
Moritz Mühlenhoff
May 24, 2023, 10:20:05 AM5/24/23
to
reopen 1025011
thanks
Am Tue, May 02, 2023 at 07:03:55PM +0000 schrieb Debian FTP Masters:
> [ Jonas Smedegaard ]
> * adopt package, thanks to renewed interest in the Netatalk team;
> add Daniel Markstedt as uploader;
> closes: bug#1013308;
> closes: bug#1025011, thanks to Moritz Mühlenhoff
It's nice that there's renewed interest, but this involves also taking
care of netatalk in stable, there's a range of issues (full list at
https://security-tracker.debian.org/tracker/source-package/netatalk)
which need to be backported to bullseye-security.
I'm reopening the bug, it can be closed with the respective upload
to bullseye-security.
Cheers,
Moritz
thanks
Am Tue, May 02, 2023 at 07:03:55PM +0000 schrieb Debian FTP Masters:
> [ Jonas Smedegaard ]
> * adopt package, thanks to renewed interest in the Netatalk team;
> add Daniel Markstedt as uploader;
> closes: bug#1013308;
> closes: bug#1025011, thanks to Moritz Mühlenhoff
It's nice that there's renewed interest, but this involves also taking
care of netatalk in stable, there's a range of issues (full list at
https://security-tracker.debian.org/tracker/source-package/netatalk)
which need to be backported to bullseye-security.
I'm reopening the bug, it can be closed with the respective upload
to bullseye-security.
Cheers,
Moritz
Daniel Markstedt
Jun 4, 2023, 10:30:04 PM6/4/23
to
On Wed, May 24, 2023 at 7:18 AM Moritz Mühlenhoff <j...@inutil.org> wrote:
> [...]
(3.1.12) the work required here should be straight-forward: Simply
bring over the CVE patchset that were applied to buster-security.
A snippet from `apt source netatalk` on buster:
[...]
dpkg-source: info: applying CVE-2022-45188.patch
dpkg-source: info: applying CVE-2022-43634.patch
dpkg-source: info: applying CVE-2022-23125.patch
dpkg-source: info: applying CVE-2022-23121.patch
dpkg-source: info: applying CVE-2021-31439.patch
dpkg-source: info: applying CVE-2022-23123_part1.patch
dpkg-source: info: applying CVE-2022-23123_part2.patch
dpkg-source: info: applying CVE-2022-23123_part3.patch
dpkg-source: info: applying CVE-2022-23123_part4.patch
dpkg-source: info: applying CVE-2022-23123_part5.patch
dpkg-source: info: applying CVE-2022-23121_regression.patch
The only real difference between buster and bullseye netatalk 3.1.12
is that the latter have a few extra backported crashfixes etc. I had a
quick look and concluded that they shouldn't interfere with the CVE
patches.
I'd be happy to try to achieve the "upload to bullseye-security" if
you all can give me some pointers. This is all new to me.
Best regards,
Daniel
> [...]
> It's nice that there's renewed interest, but this involves also taking
> care of netatalk in stable, there's a range of issues (full list at
> https://security-tracker.debian.org/tracker/source-package/netatalk)
> which need to be backported to bullseye-security.
>
> I'm reopening the bug, it can be closed with the respective upload
> to bullseye-security.
>
> Cheers,
> Moritz
>
Since both buster and bullseye use the same base version of netatalk
> care of netatalk in stable, there's a range of issues (full list at
> https://security-tracker.debian.org/tracker/source-package/netatalk)
> which need to be backported to bullseye-security.
>
> I'm reopening the bug, it can be closed with the respective upload
> to bullseye-security.
>
> Cheers,
> Moritz
>
(3.1.12) the work required here should be straight-forward: Simply
bring over the CVE patchset that were applied to buster-security.
A snippet from `apt source netatalk` on buster:
[...]
dpkg-source: info: applying CVE-2022-45188.patch
dpkg-source: info: applying CVE-2022-43634.patch
dpkg-source: info: applying CVE-2022-23125.patch
dpkg-source: info: applying CVE-2022-23121.patch
dpkg-source: info: applying CVE-2021-31439.patch
dpkg-source: info: applying CVE-2022-23123_part1.patch
dpkg-source: info: applying CVE-2022-23123_part2.patch
dpkg-source: info: applying CVE-2022-23123_part3.patch
dpkg-source: info: applying CVE-2022-23123_part4.patch
dpkg-source: info: applying CVE-2022-23123_part5.patch
dpkg-source: info: applying CVE-2022-23121_regression.patch
The only real difference between buster and bullseye netatalk 3.1.12
is that the latter have a few extra backported crashfixes etc. I had a
quick look and concluded that they shouldn't interfere with the CVE
patches.
I'd be happy to try to achieve the "upload to bullseye-security" if
you all can give me some pointers. This is all new to me.
Best regards,
Daniel
Daniel Markstedt
Aug 14, 2023, 12:10:04 AM8/14/23
to
For the record, I have filed a request with the Release Team now to
get the green light to upload Bullseye packages. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325
get the green light to upload Bullseye packages. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325
0 new messages