Bug#1033591: bullseye-pu: package opendmarc/1.4.2-1+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1033591: bullseye-pu: package opendmarc/1.4.2-1+deb11u1
From: David Bürgin <dbuergin@gluet.ch>
Date: Mon, 27 Mar 2023 22:42:08 +0200
Message-id: <ZCH/oGr++wKJjBP5@gluet.ch>
Reply-to: David Bürgin <dbuergin@gluet.ch>, 1033591@bugs.debian.org

Package: release.debian.org
Severity: important
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

There have been reports on the Postfix users mailing list of frequent
crashing of opendmarc in stable. A year ago a request for providing
opendmarc 1.4.2 in bullseye was opened (#1007926). I first thought this
wasn’t necessary because the crashing bug had been fixed in the earlier
stable update, but this was wrong.

I feel that we should provide 1.4.2 for Debian stable users via proposed
updates (or a faster track?). This approach seems easier to me than
trying to find out which changes from 1.4.2 are needed in bullseye’s
1.4.0~beta1+dfsg, and create a patch for that.

This is the first time for me proposing a new upstream version on
stable-proposed-updates. Let me know if this is not the correct
procedure.

[ Reason ]
opendmarc/1.4.0~beta1+dfsg-6+deb11u1 may crash when processing ARC
information. It now often crashes for users subscribed to the Postfix
mailing list. See #1007926.

[ Impact ]
Users may experience crashes frequently depending on contents of
incoming mail.

[ Tests ]
The included test suite passes. In #1007926, a user reports that version
1.4.2-2 in testing is working without issues (this contains basically
the same as is proposed here). I am using Ubuntu’s 1.4.2-1 without
issues, which is ± the same as what is being proposed here.

[ Risks ]
The update is quite large (due mostly to deletion of large included
files). An alternative approach would be to compare current stable
version 1.4.0~beta1+dfsg-6+deb11u1 with 1.4.2 and try to extract a patch
that addresses the crash. However, the change set between
1.4.0~beta1+dfsg and 1.4.2 is large, so we can just as well provide
1.4.2 directly.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in bullseye
  [x] the issue is verified as fixed in unstable

[ Changes ]
The changes can also be seen in salsa at:
https://salsa.debian.org/kitterman/opendmarc/-/commits/glts/bullseye-updates
There are two commits:
- b13d912c: merge of upstream/1.4.2
- 36a469f6: changes from debian/master, up to debian/1.4.2-1
The proposed version 1.4.2-1+deb11u1 is the same as as 1.4.2-1, minus
the changes that only apply to unstable/testing development.

Thank you!


-- 
David

Attachment: debdiff.gz
Description: application/gzip

Reply to:

Prev by Date: Bug#1029206: marked as done (unblock: webkit2gtk 2.40.0-2 [pre-approval])
Next by Date: Processed: severity of 1033591 is normal
Previous by thread: Bug#1029206: marked as done (unblock: webkit2gtk 2.40.0-2 [pre-approval])
Next by thread: Processed: severity of 1033591 is normal
Index(es):
- Date
- Thread