Bug#834854: jessie-pu: package charybdis/3.4.2-5~deb8u1
On 2016-08-19 17:56:29, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Fri, 2016-08-19 at 17:35 -0400, Antoine Beaupré wrote:
>> TL;DR: Charybdis 3.4 (Jessie) introduces a regression (CertFP broken)
>> from Charybdis 3.3 (Wheezy). 7-line patch (attached) fixes the issue.
>>
>> Charybdis 3.4 suffers from a regression which breaks authentication in
>> certain scenarios. The bug is now documented upstream here:
>>
>> https://github.com/charybdis-ircd/charybdis/pull/211
> [...]
>> I have produced a simple patch which fixes the issue for Charybdis 3.5
>> here:
>>
>> https://github.com/charybdis-ircd/charybdis/pull/211/commits/0ff0a0592de84dec2a2f46d9f8d6e22f6c1ee467
>
> That patch doesn't appear to have been applied to the package in
> unstable. That's a pre-requisite for considering it for an update in
> stable.
Understood. I am waiting for upstream to release 3.5.3 which will
include that patch, tonight, before doing a new upload.
>> I'd be happy to provide a debdiff if that is necessary, but that would
>> be actually harder to use than the provided patch, which is just put
>> in debian/patches with a proper changelog mention.
>
> We'll need to see a debdiff before agreeing an upload, yes, as has
> always been the policy for stable updates.
Of course.
> In what way is it "harder to use"? What does it consist of other than
> the patch, a series update and the changelog stanza?
I always find it harder to review a debdiff than the actual file in
debian/patches because of the "+ " prefixes that break syntax
highlighting.
But I'll be happy to provide a debdiff as soon as I ship the fix in
unstable, which should happen shortly.
Thanks!
A.
--
A ballot is like a bullet. You don't throw your ballots until you see
a target, and if that target is not within your reach, keep your
ballot in your pocket.
- Malcom X
Reply to: