Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Bug#1054915: bookworm-pu: package freerdp2/2.11.2+dfsg1-1~deb12u1

1 view

Skip to first unread message

Tobias Frost

unread,

Oct 28, 2023, 12:10:05 PM10/28/23

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.d...@packages.debian.org
Usertags: pu
X-Debbugs-Cc: free...@packages.debian.org, te...@security.debian.org
Control: affects -1 + src:freerdp2

I'm asking for pre-approval to update freerdp2 from 2.10.0 to
2.11.2.

The changes from 2.10.0 to 2.11.2 are mainly targeting security
fixes (12 CVE's, see security tracker [1] for details),

[1] https://security-tracker.debian.org/tracker/source-package/freerdp2

upstream changelog is at
https://github.com/FreeRDP/FreeRDP/blob/stable-2.0/ChangeLog
all commits are:
https://github.com/FreeRDP/FreeRDP/compare/2.10.0...2.11.2

When working on the LTS updates, I've been in contact in contact with the
maintainer and one of the upstream maintainer and checked with them
about feasbility and e.g confirmed that the new upstream version is ABI
compatible. I've tested reverse dependencies (remmina, vinagre,
gnome-connections) against a Windows 10 RDP host and confirmed packages
are still working.

Backporting the fixes is of course possible, but bears a significant
risk for regression, therefor I would prefer to use the new upstream
version, given also that upstream changes are only a few and fixing
also a few bugs that would be nice to be fixed.

As far as I understood it, the maintainers would also prefer the new
version over patching the one in stable. (They are in CC, so can
intervene if I got that wrong…)

If this is a viable route, please let me know and I will prepare a
debdiff for a the real approval.

--
Cheers,
tobi

Jonathan Wiltshire

unread,

Feb 21, 2024, 3:10:04 AM2/21/24

Control: tag -1 moreinfo

Hi,

On Sat, Oct 28, 2023 at 05:58:38PM +0200, Tobias Frost wrote:
> Backporting the fixes is of course possible, but bears a significant
> risk for regression, therefor I would prefer to use the new upstream
> version, given also that upstream changes are only a few and fixing
> also a few bugs that would be nice to be fixed.

It's a balancing act, as always. I'm OK with new upstream releases if they
are small enough to sensibly review (or an upstream with a good trusted
history, which I don't yet have for freerdp2). If you think a new upstream
is reasonable, let's see how it looks.

Either way we need a source debdiff please.

Thanks,

--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Debian Bug Tracking System

unread,

Feb 21, 2024, 3:10:04 AM2/21/24

Processing control commands:

> tag -1 moreinfo
Bug #1054915 [release.debian.org] bookworm-pu: package freerdp2/2.11.2+dfsg1-1~deb12u1
Added tag(s) moreinfo.

--
1054915: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054915
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

0 new messages