Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2

To: Bastien Roucariès <rouca@debian.org>, 1068888@bugs.debian.org
Subject: Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2
From: Jonathan Wiltshire <jmw@debian.org>
Date: Sat, 15 Jun 2024 23:49:24 +0100
Message-id: <[🔎] Zm4adOik3ZGYZjLp@powdarrmonkey.net>
Reply-to: Jonathan Wiltshire <jmw@debian.org>, 1068888@bugs.debian.org
In-reply-to: <2201300.DTlR5uhxpJ@portable-bastien>
References: <2201300.DTlR5uhxpJ@portable-bastien> <2201300.DTlR5uhxpJ@portable-bastien>

Control: tag -1 moreinfo

Hi,

On Fri, Apr 12, 2024 at 10:18:02PM +0000, Bastien Roucariès wrote:
> diff -Nru zookeeper-3.8.0/debian/changelog zookeeper-3.8.0/debian/changelog
> --- zookeeper-3.8.0/debian/changelog	2023-10-29 07:57:11.000000000 +0000
> +++ zookeeper-3.8.0/debian/changelog	2024-03-25 08:30:56.000000000 +0000
> @@ -1,3 +1,22 @@
> +zookeeper (3.8.0-11+deb12u2) bookworm-security; urgency=medium

Target should be bookworm.


> diff -Nru zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch
> --- zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch	1970-01-01 00:00:00.000000000 +0000
> +++ zookeeper-3.8.0/debian/patches/0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch	2024-03-25 08:30:56.000000000 +0000
> @@ -0,0 +1,1223 @@


This patch confuses me. It seems to contain a whole series of nested
patches? How do they get applied to the source package?


> diff -Nru zookeeper-3.8.0/debian/patches/series zookeeper-3.8.0/debian/patches/series
> --- zookeeper-3.8.0/debian/patches/series	2023-10-29 07:57:11.000000000 +0000
> +++ zookeeper-3.8.0/debian/patches/series	2024-03-25 08:30:56.000000000 +0000
> @@ -1,19 +1,10 @@
> -#01-add-jtoaster-to-zooinspector.patch
> -#02-patch-build-system.patch
>  03-disable-cygwin-detection.patch
>  05-ZOOKEEPER-770.patch
>  06-ftbfs-gcc-4.7.patch
>  07-remove-non-reproducible-manifest-entries.patch
> -#08-reproducible-javadoc.patch
>  10-cppunit-pkg-config.patch
>  11-disable-minikdc-tests.patch
>  12-add-yetus-annotations.patch
> -#13-disable-netty-connection-factory.patch
> -#14-ftbfs-with-gcc-8.patch
> -#15-javadoc-doclet.patch
> -#16-ZOOKEEPER-1392.patch
> -#17-gcc9-ftbfs-925869.patch
> -#18-java17-compatibility.patch
>  19-add_missing-plugins-versions.patch
>  20-no-Timeout-in-tests.patch
>  21-use-ValueSource-with-ints.patch
> @@ -33,3 +24,4 @@
>  35-flaky-test.patch
>  36-JUnitPlatform-deprecation.patch
>  CVE-2023-44981.patch
> +0027-CVE-2024-23944-ZOOKEEPER-4799-Refactor-ACL-check-in-.patch

Presumably these dropped patches get integrated into the nested set in
0027? Or are they actually dropped?




-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply to:

Follow-Ups:
- Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2
  - From: Bastien Roucariès <rouca@debian.org>

Prev by Date: Processed: Re: Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2
Next by Date: Bug#1068912: bookworm-pu: package node-undici/5.15.0+dfsg1+~cs20.10.9.3-1+deb12u4
Previous by thread: Bug#1068762: bookworm-pu: package oar/2.5.9-1+deb12u1
Next by thread: Processed: Re: Bug#1068888: bookworm-pu: package zookeeper/3.8.0-11+deb12u2
Index(es):
- Date
- Thread