Bug#985721: unblock: fossil/1:2.15~rc1-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package fossil
[ Reason ]
Marked for autoremoval due to #985124.
The issue was fixed upstream. Given the nature of the package, I think
tracking their release candidate is better than cherry-picking the
change that appears directly related to this issue. They made a number
of other safety-related fixes to ensure robustness and security in the
face of old or compiled-with-wrong-options versions of SQLITE3. And
nothing that looks scary.
[ Impact ]
Will allow fossil to be in the release.
[ Tests ]
There is a comprehensive test suite, which can be run automatically.
It is disabled in debian/rules because the makefile says it needs to
be run in a fossil repo that will be discarded after the test because
the tests can corrupt it. Well, it used to say this: the comment is
gone, so maybe it's okay now. But in any case, the system passes all
tests right now.
[ Risks ]
This is a leaf package.
It ticks various boxes for security sensitivity, sort of the union of
the security sensitivity of git and a web server and a wiki. Upstream
is extremely responsive and careful. I think the best option is to
follow upstream's recommendation, which is to track their releases.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[ ] attach debdiff against the package in testing
I'm attaching the debdiff, but it's large. Due mainly to changes in
the enclosed sqlite3 (unused unless the debian version is too old or
otherwise unsuitable), and tweaks to static material in the integrated
wiki.
unblock fossil/1:2.15~rc2-1
<#part type="application/octet-stream" filename="~/tmp/ddiff2" disposition=attachment>
<#/part>
Reply to: