[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1017393: buster-pu: package debian-security-support/1:10+2022.08.23

hi,

I've just uploaded this to buster for the coming point release:

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc debian-security-support_10+2022.08.23.dsc|diffstat
 Makefile.PL                  |    1 +
 debian/changelog             |   26 ++++++++++++++++++++++++++
 security-support-ended.deb10 |    8 +++++++-
 security-support-limited     |   12 ++----------
 4 files changed, 36 insertions(+), 11 deletions(-)

$ debdiff debian-security-support_2020.06.21~deb10u1.dsc debian-security-support_10+2022.08.23.dsc
diff -Nru debian-security-support-2020.06.21~deb10u1/debian/changelog debian-security-support-10+2022.08.23/debian/changelog
--- debian-security-support-2020.06.21~deb10u1/debian/changelog	2020-07-10 19:29:25.000000000 +0200
+++ debian-security-support-10+2022.08.23/debian/changelog	2022-08-23 18:57:12.000000000 +0200
@@ -1,3 +1,29 @@
+debian-security-support (1:10+2022.08.23) buster; urgency=medium
+
+  * Introduce release based versioning and add an epoch to achieve that.
+    See https://lists.debian.org/20200817100153.GA944@layer-acht.org and
+    follow-ups. Closes: #988321
+  * Makefile.PL: strip epoch from internal version just like ~deb10u1 etc are
+    also dropped.
+  * Update security-support-ended.deb10 from 1:12+2022.08.12 from unstable,
+    thus adding these packages to it:
+    - chromium
+    - ckeditor3
+    - gpac
+    - libspring-java
+    - slurm-llnl
+    - xen
+  * Update security-support-limited from 1:12+2022.08.12 from unstable,
+    thus adding:
+    - golang
+    - khtml
+  * Drop libv8-3.14, mosjz, mosjz24, swftools and webkitgtk from
+    security-support-limited as they were only present in stretch and earlier.
+  * Also drop glpi, ltp and wine-gecko-2.(21|24) from security-support-limited
+    as they were only present in jessie or earlier.
+
+ -- Holger Levsen <holger@debian.org>  Tue, 23 Aug 2022 18:57:12 +0200
+
 debian-security-support (2020.06.21~deb10u1) buster; urgency=medium
 
   * Rebuild for buster.
diff -Nru debian-security-support-2020.06.21~deb10u1/Makefile.PL debian-security-support-10+2022.08.23/Makefile.PL
--- debian-security-support-2020.06.21~deb10u1/Makefile.PL	2018-03-16 15:39:59.000000000 +0100
+++ debian-security-support-10+2022.08.23/Makefile.PL	2022-08-19 16:25:59.000000000 +0200
@@ -12,6 +12,7 @@
 my $VERSION=$changelog->{Version};
 
 $VERSION =~ s/~deb(.*)//;
+$VERSION =~ s/^[0-9]+://;
 
 WriteMakefile (
     'NAME' =>       'debian-security-support',
diff -Nru debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10 debian-security-support-10+2022.08.23/security-support-ended.deb10
--- debian-security-support-2020.06.21~deb10u1/security-support-ended.deb10	2020-07-10 19:29:25.000000000 +0200
+++ debian-security-support-10+2022.08.23/security-support-ended.deb10	2022-08-23 18:57:08.000000000 +0200
@@ -11,4 +11,10 @@
 #    In the program's output, this is prefixed with "Details:"
 
 # none yet (please remove this line once this is not true anymore)
-libperlspeak-perl        2.01-2                  2020-04-16  https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954298
+libperlspeak-perl        2.01-2                      2020-04-16  https://bugs.debian.org/954238 (CVE-2020-10674) and https://bugs.debian.org/954297 and 954298
+xen                      4.11.4+107-gef32c7afa2-1    2021-08-28  https://xenbits.xen.org/docs/4.11-testing/SUPPORT.html#release-support
+chromium                 90.0.4430.212-1~deb10u1     2022-01-14  https://lists.debian.org/debian-security-announce/2022/msg00012.html
+slurm-llnl               18.08.5.2-1+deb10u2         2022-08-01  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39
+gpac                     0.5.2-426-gc5ad4e4+dfsg5-5  2022-08-03  https://lists.debian.org/debian-lts/2022/05/msg00043.html
+libspring-java           4.3.5-1+deb9u1              2022-08-09  https://lists.debian.org/debian-lts/2022/08/msg00001.html
+ckeditor3                3.6.6.1+dfsg-1              2022-08-09  https://lists.debian.org/debian-lts/2022/08/msg00001.html
diff -Nru debian-security-support-2020.06.21~deb10u1/security-support-limited debian-security-support-10+2022.08.23/security-support-limited
--- debian-security-support-2020.06.21~deb10u1/security-support-limited	2020-07-10 19:29:25.000000000 +0200
+++ debian-security-support-10+2022.08.23/security-support-limited	2022-08-23 18:57:08.000000000 +0200
@@ -10,13 +10,9 @@
 binutils        Only suitable for trusted content; see https://lists.debian.org/msgid-search/87lfqsomtg.fsf@mid.deneb.enyo.de
 ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
 ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
-glpi            Only supported behind an authenticated HTTP zone for trusted users
-golang*		See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
+golang*         See https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#golang-static-linking
 kde4libs        khtml has no security support upstream, only for use on trusted content
-libv8-3.14      Not covered by security support, only suitable for trusted content
-ltp             Pure Testsuite, only supported on non-production non-multiuser systems
-mozjs           Not covered by security support, only suitable for trusted content
-mozjs24         Not covered by security support, only suitable for trusted content
+khtml           khtml has no security support upstream, only for use on trusted content, see #1004293
 mozjs52         Not covered by security support, only suitable for trusted content
 mozjs60         Not covered by security support, only suitable for trusted content
 ocsinventory-server Only supported behind an authenticated HTTP zone
@@ -24,8 +20,4 @@
 qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not feasible, only for use on trusted content
 sql-ledger      Only supported behind an authenticated HTTP zone
-swftools        Not covered by security support, only suitable for trusted content
-webkitgtk       No security support upstream and backports not feasible, only for use on trusted content
-wine-gecko-2.21 Not covered by security support, see https://bugs.debian.org/804058
-wine-gecko-2.24 Not covered by security support, see https://bugs.debian.org/804058
 zoneminder      See README.Debian.security, only supported behind an authenticated HTTP zone, #922724


Thanks for all your SRM work!

-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Just 100 companies are responsible for 71% of global emissions.
https://www.theguardian.com/sustainable-business/2017/jul/10/100-fossil-fuel-companies-investors-responsible-71-global-emissions-cdp-study-climate-change

Attachment: signature.asc
Description: PGP signature

Reply to: