[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Report for LTS and ELTS activity for march 2003


Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.

In march (my first month) I spend my time on LTS as
- creating the  right environment (pbuilder, tools) to do the backport correctly. 
- work on imagemagick fixing DLA-3357-1. This release fix CVE-2020-19667, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674, CVE-2020-25675, CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27751, CVE-2020-27754, CVE-2020-27756, CVE-2020-27757, CVE-2020-27758, CVE-2020-27759, CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776, CVE-2020-29599, CVE-2021-3574, CVE-2021-3596, CVE-2021-20224, CVE-2022-44267, CVE-2022-44268.
- This security update caused a regression in some perl packages due to overly restrictive hardening in a policy update (reading from /etc/ was forbidden). This hardening patch has been removed. ( DLA-3357-2)
- I work also on libreoffice DLA-3368-1 fixing CVE-2021-25636, CVE-2022-3140, CVE-2022-26305, CVE-2022-26306, CVE-2022-26307.
- I begin to work on apache2, particularly a new build time/autopkgtest test suite in order to avoid regression.

- port fix for imagemagick from LTS to ELTS ELA-819-1: CVE-2017-18028 CVE-2020-27767 CVE-2021-3574 CVE-2021-20224 CVE-2022-44267
- found a hard to debug bug (thanks pochu, and bunk for help) on imagemagick. Imagemagick on ELTS FTBFS when pid of builder in > 1,000,000. 
I first think it was a regression so try a git bissect that fail due to PID becoming >1,000,000. This was a slow work due to build delay of imagemagick.
- I patched dnsmasq in order to fix remaining security bug. I begin to write a test suite for this package in order to avoid regression.
Unfortunately upstream does not have a test suite, even a basic unit test suite.

I want to specially thanks pochu for porting the salsa CI to LTS and ELTS.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: