Merge procmail from Debian unstable for oracular
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| procmail (Ubuntu) |
Incomplete
|
Undecided
|
Bryce Harrington | ||
Bug Description
A merge of procmail appears to be available presently.
Upstream: UNKNOWN
Debian: 3.24+really3.22-2
Ubuntu: 3.24-1ubuntu2
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https:/
### New Debian Changes ###
procmail (3.24+really3.22-2) unstable; urgency=medium
* Cherry-pick [a39ebad] from github repo, 'Eliminate warnings'.
* Drop -Werror=
* Add lintian override.
-- Santiago Vila <email address hidden> Sun, 14 Apr 2024 13:05:00 +0200
procmail (3.24+really3.22-1) unstable; urgency=medium
* Revert to version 3.22. Fixes bug 'Variable set with stdin pipe action
fails leaving empty variable'. Thanks a lot to Bob Proulx for the report.
Closes: #1028356.
* Most packaging changes from 3.24-1 are kept. The debian patches are taken
from version 3.22-27 again, but renamed from NN to NN.patch.
* Strip -Werror=
-- Santiago Vila <email address hidden> Mon, 01 Apr 2024 19:35:00 +0200
procmail (3.24-1) unstable; urgency=medium
* New upstream release, now hosted on github. Closes: #1006633.
* Downgrade priority to optional to match the override file.
* Update Homepage. Closes: #805864.
* Switch to dh. Now there is a procmail-dbgsym package. Closes: #1006653.
* Drop debian/mailstat.1, it has been adopted upstream.
* Set upstream metadata fields Bug-Database, Bug-Submit and Repository-Browse.
* Rules-Requires-
* Use List-Id in QuickStart and README.Maildir.
* Update standards version to 4.6.2.
* No longer necessary patches:
- 00: Adopted upstream (this is version 3.24, which is past 3.23pre).
- 06: Adopted upstream.
- 10: Adopted upstream.
- 12: Adopted upstream.
- 13: Adopted upstream.
- 14: Fixed upstream in another way.
- 15: Adopted upstream.
- 16: Adopted upstream.
- 17: Adopted upstream.
- 18: Adopted upstream.
- 19: Adopted upstream.
- 21: Adopted upstream.
- 22: Adopted upstream.
- 23: Adopted upstream.
- 24: Fixed upstream using cgetline.
- 25: Adopted upstream.
- 26: Adopted upstream.
- 27: Fixed upstream in another way.
- 28: Adopted upstream.
- 29: Adopted upstream.
- 30: Fixed upstream in another way.
- 31: Adopted upstream.
* Renamed patches:
- 01: renamed to trim-list-
- 02: renamed to use-fcntl-
- 03: renamed to do-not-
- 04: renamed to define-
- 05: renamed to allow-writeable
- 07: renamed to make-buggy-
- 08: renamed to define-
- 09: renamed to define-
- 11: renamed to do-not-
- 20: renamed to hardcode-
-- Santiago Vila <email address hidden> Thu, 05 Jan 2023 22:35:00 +0100
procmail (3.22-27) unstable; urgency=medium
* Fix NULL pointer dereference. Closes: #769938.
Reported by Jakub Wilk using American Fuzzy Lop.
Patch from Stephen R. van den Berg.
-- Santiago Vila <email address hidden> Tue, 01 Mar 2022 15:00:00 +0100
procmail (3.22-26) unstable; urgency=medium
* Fix buffer overflow in loadbuf(). Closes: #876511.
Reported by Jakub Wilk using American Fuzzy Lop.
For reference, this is CVE-2017-16844.
-- Santiago Vila <email address hidden> Thu, 16 Nov 2017 23:42:36 +0100
procmail (3.22-25) unstable; urgency=low
* Use gzip -n to stop recording current time, and fix mtimes
before building binary package. Closes: #774367.
* Create md5sums in a reproducible way.
-- Santiago Vila <email address hidden> Fri, 15 May 2015 16:25:36 +0200
procmail (3.22-24) unstable; urgency=medium
* Fix two memory corruption problems in formail. Closes: #769937.
Reported by Jakub Wilk. Patch by Jan Darmochwal. Thanks a lot.
The problems are the following:
- Off-by-one heap overflow when parsing addresses that have left angle
bracket, then a comma, but no right angle bracket: <<email address hidden>,
- Off-by-one heap overflow when parsing addresses that end with
backslash: <<email address hidden>/
### Old Ubuntu Delta ###
procmail (3.24-1ubuntu2) noble; urgency=high
* No change rebuild for 64-bit time_t and frame pointers.
-- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 18:16:20 +0200
procmail (3.24-1ubuntu1) noble; urgency=medium
* d/t/basic: Add basic DEP8 packaging/
(LP: #1679365)
-- Bryce Harrington <email address hidden> Thu, 07 Dec 2023 09:18:34 -0800
| Changed in procmail (Ubuntu): | |
| milestone: | none → ubuntu-24.05 |
| Changed in procmail (Ubuntu): | |
| assignee: | nobody → Bryce Harrington (bryce) |
| Changed in procmail (Ubuntu): | |
| milestone: | ubuntu-24.05 → ubuntu-24.06 |
| Bryce Harrington (bryce) wrote | #1 |
| Changed in procmail (Ubuntu): | |
| status: | New → Incomplete |
Debian's 3.24+really3.22-2 represents a revert to 3.24 due to an unresolved issue with piped input in procmail rules, to allow them to avoid regressing their upcoming release.
Unfortunately for us, we've shipped 3.24 in mantic and noble. Reverting back to 3.22 in oracular wouldn't help our noble userbase, which is going to certainly be far larger than our oracular userbase since it's an LTS. Rather, I think we need a proper SRU-able fix for this issue.
So, I think we ought to hold off on merging this package from Debian, and instead seek a proper SRUable fix. It looks like Debian has forwarded the issue upstream, where there has been some initial discussion and continues to be pinging from users interested in a fix.