Your message dated Sun, 07 May 2017 12:31:00 +0000 with message-id <190a5ce3-bf97-2fd3-2270-f02201cfd6ec@thykier.net> and subject line Re: Bug#861535: unblock: file/1:5.30-1 has caused the Debian Bug report #861535, regarding unblock: file/1:5.30-1 (was: Seeking pre-approval to upload new file upstream version for stretch) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 861535: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861535 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: file/1:5.30-1 (was: Seeking pre-approval to upload new file upstream version for stretch)
- From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Date: Sun, 30 Apr 2017 14:13:41 +0200
- Message-id: <1493552205@msgid.manchmal.in-ulm.de>
- In-reply-to: <1486761330@msgid.manchmal.in-ulm.de>
- References: <1486761330@msgid.manchmal.in-ulm.de>
Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: normal Hello, please unblock file 1:5.30-1 I've uploaded to unstable. Short version: This upload * fixes several issues in 1:5.29-3, including an assertion failure triggerable from certain files, * includes more than twenty(!) commits from the upstream git since the 5.30 release that, by their description, seem prudent to include security-wise, and * otherwise tries hard to not change the detection of files. A bit longer: There are a few issues in the stretch version of file (1:5.29-3) that in my opinion make it unfit for release. The most important one is an easily triggerable crash (assertion failure) I found a while ago, upstream was alerted in private. This issue was introduced in version 1:5.29-1 and is not public yet, at least not from my side. The delta between 1:5.29-3 and upstream's 5.30 release is pretty small: These are bug fixes like for the one mentioned above, several changes that seem to address issues, some documentation and/or not affecting the execution. There are two changes that introduce new features, I've reverted them to reduce the impact (also, they looked somewhat fishy). Initially, forwarding to 5.30 promised a smaller and better arranged debian/patches/. Since upstream's 5.30 release however, there have been a lot of commits that address more issues, usually they contain a remark "oss-fuzz", so appearently somebody has spent quite some time searching for flawed code. One commit contains a remark "Although I can't reproduce it" which implies at least some of the other commits fix an exploitable issue. So I decided the cherry-pick *all* of them plus prerequisites in the hope this will avoid some security uploads during the stretch life cycle. They all can be found in debian/patches/, one patch per commit. As with every upload of file, I ran a test on a huge collection of files in order to detect unexpected changes. I have to admit there are some minor ones: For some files not all the gory details are shown any longer, basic detection still works. These were introduced by the changes that should fix issues in the code. Additional details, like discussion of every single change between 1:5.29-3 and 1:5.30-1 available upon request. Regards, ChristophAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>, 861535-done@bugs.debian.org
- Subject: Re: Bug#861535: unblock: file/1:5.30-1
- From: Niels Thykier <niels@thykier.net>
- Date: Sun, 07 May 2017 12:31:00 +0000
- Message-id: <190a5ce3-bf97-2fd3-2270-f02201cfd6ec@thykier.net>
- In-reply-to: <1493552205@msgid.manchmal.in-ulm.de>
- References: <1486761330@msgid.manchmal.in-ulm.de> <1493552205@msgid.manchmal.in-ulm.de>
Christoph Biedl: > Package: release.debian.org > User: release.debian.org@packages.debian.org > Usertags: unblock > Severity: normal > > Hello, > > please unblock file 1:5.30-1 I've uploaded to unstable. > > Short version: > > This upload > > * fixes several issues in 1:5.29-3, including an assertion failure > triggerable from certain files, > * includes more than twenty(!) commits from the upstream git since the > 5.30 release that, by their description, seem prudent to include > security-wise, and > * otherwise tries hard to not change the detection of files. > > > [...] > > Regards, > > Christoph > Unblocked, thanks. ~Niels
--- End Message ---