debcrafters-packages team mailing list archive

Thread
Date
[Bug 2112062] Re: Merge raptor2 from Debian Unstable for questing

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Simon Poirier <2112062@xxxxxxxxxxxxxxxxxx>
Date: Wed, 11 Jun 2025 00:40:27 -0000
Reply-to: Bug 2112062 <2112062@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Description changed:

  Scheduled-For: ubuntu-25.06
  Ubuntu: 2.0.16-4ubuntu2
  Debian Unstable: 2.0.16-6
  
- A new release of raptor2 is available for merging from Debian Unstable.
+ A new release of raptor2 is available for sync from Debian Unstable.
  
- If it turns out this needs a sync rather than a merge, please change the
- tag 'dcr-merge' to 'dcr-sync', and (optionally) update the title as
- desired.
+ All current ubuntu patches have been adopted by debian with different
+ patch names and headers:
+ 
+ * rename debian/patches/{CVE-2024-57823.patch => Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch}
+ * rename debian/patches/{CVE-2024-57822.patch => Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch}
+ * rename debian/patches/{CVE-2024-5782x-tests.patch => Tests-for-Github-issue-70.patch}
  
  ### New Debian Changes ###
  
  raptor2 (2.0.16-6) unstable; urgency=medium
  
-   * QA upload.
-   * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
-     (Closes: #1067896)
-   * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
-     (Closes: #1067896)
-   * Tests for Github issue 70
+   * QA upload.
+   * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
+     (Closes: #1067896)
+   * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
+     (Closes: #1067896)
+   * Tests for Github issue 70
  
-  -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Sat, 29 Mar 2025 15:33:08
+  -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Sat, 29 Mar 2025 15:33:08
  +0100
  
  raptor2 (2.0.16-5) unstable; urgency=medium
  
-   * QA upload.
-   * Make OpenSSL the primary curl backend.
-   * Update Standards-Version to 4.7.1, no changes needed.
-   * Add upstream signing key and check the signature.
+   * QA upload.
+   * Make OpenSSL the primary curl backend.
+   * Update Standards-Version to 4.7.1, no changes needed.
+   * Add upstream signing key and check the signature.
  
-  -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Sat, 22 Feb 2025 17:04:28 -0600
- 
+  -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Sat, 22 Feb 2025 17:04:28 -0600
  
  ### Old Ubuntu Delta ###
  
  raptor2 (2.0.16-4ubuntu2) questing; urgency=medium
  
-   * No-change rebuild for libxml2 soname change.
+   * No-change rebuild for libxml2 soname change.
  
-  -- Matthias Klose <doko@xxxxxxxxxx>  Wed, 21 May 2025 08:16:01 +0200
+  -- Matthias Klose <doko@xxxxxxxxxx>  Wed, 21 May 2025 08:16:01 +0200
  
  raptor2 (2.0.16-4ubuntu1) plucky; urgency=medium
  
-   * SECURITY UPDATE: heap overread when parsing triples
-     - debian/patches/CVE-2024-57822.patch: only allow looking at the last
-       character of a bnode ID only if bnode length >0 in
-       src/raptor_ntriples.c.
-     - debian/patches/CVE-2024-5782x-tests.patch: added test in
-       configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
-       tests/bugs/issue70b.c.
-     - CVE-2024-57822
-   * SECURITY UPDATE: integer overflow when normalizing a URI
-     - debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
-       to 0 length in src/raptor_rfc2396.c.
-     - debian/patches/CVE-2024-5782x-tests.patch: added test in
-       configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
-       tests/bugs/issue70a.c.
-     - CVE-2024-57823
+   * SECURITY UPDATE: heap overread when parsing triples
+     - debian/patches/CVE-2024-57822.patch: only allow looking at the last
+       character of a bnode ID only if bnode length >0 in
+       src/raptor_ntriples.c.
+     - debian/patches/CVE-2024-5782x-tests.patch: added test in
+       configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
+       tests/bugs/issue70b.c.
+     - CVE-2024-57822
+   * SECURITY UPDATE: integer overflow when normalizing a URI
+     - debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
+       to 0 length in src/raptor_rfc2396.c.
+     - debian/patches/CVE-2024-5782x-tests.patch: added test in
+       configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
+       tests/bugs/issue70a.c.
+     - CVE-2024-57823
  
-  -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 25 Feb 2025
+  -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 25 Feb 2025
  07:53:56 -0500

** Summary changed:

- Merge raptor2 from Debian Unstable for questing
+ Sync raptor2 from Debian Unstable for questing

** Tags removed: dcr-merge
** Tags added: dcr-sync

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to raptor2 in Ubuntu.
https://bugs.launchpad.net/bugs/2112062

Title:
  Sync raptor2 from Debian Unstable for questing

Status in raptor2 package in Ubuntu:
  In Progress

Bug description:
  Scheduled-For: ubuntu-25.06
  Ubuntu: 2.0.16-4ubuntu2
  Debian Unstable: 2.0.16-6

  A new release of raptor2 is available for sync from Debian Unstable.

  All current ubuntu patches have been adopted by debian with different
  patch names and headers:

  * rename debian/patches/{CVE-2024-57823.patch => Fix-Github-issue-70-A-Integer-Underflow-in-raptor_ur.patch}
  * rename debian/patches/{CVE-2024-57822.patch => Fix-Github-issue-70-B-Heap-read-buffer-overflow-in-n.patch}
  * rename debian/patches/{CVE-2024-5782x-tests.patch => Tests-for-Github-issue-70.patch}

  ### New Debian Changes ###

  raptor2 (2.0.16-6) unstable; urgency=medium

    * QA upload.
    * Integer Underflow in raptor_uri_normalize_path() (CVE-2024-57823)
      (Closes: #1067896)
    * Heap read buffer overflow in ntriples bnode (CVE-2024-57822)
      (Closes: #1067896)
    * Tests for Github issue 70

   -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Sat, 29 Mar 2025
  15:33:08 +0100

  raptor2 (2.0.16-5) unstable; urgency=medium

    * QA upload.
    * Make OpenSSL the primary curl backend.
    * Update Standards-Version to 4.7.1, no changes needed.
    * Add upstream signing key and check the signature.

   -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Sat, 22 Feb 2025 17:04:28
  -0600

  ### Old Ubuntu Delta ###

  raptor2 (2.0.16-4ubuntu2) questing; urgency=medium

    * No-change rebuild for libxml2 soname change.

   -- Matthias Klose <doko@xxxxxxxxxx>  Wed, 21 May 2025 08:16:01 +0200

  raptor2 (2.0.16-4ubuntu1) plucky; urgency=medium

    * SECURITY UPDATE: heap overread when parsing triples
      - debian/patches/CVE-2024-57822.patch: only allow looking at the last
        character of a bnode ID only if bnode length >0 in
        src/raptor_ntriples.c.
      - debian/patches/CVE-2024-5782x-tests.patch: added test in
        configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
        tests/bugs/issue70b.c.
      - CVE-2024-57822
    * SECURITY UPDATE: integer overflow when normalizing a URI
      - debian/patches/CVE-2024-57823.patch: return empty buffer if path gets
        to 0 length in src/raptor_rfc2396.c.
      - debian/patches/CVE-2024-5782x-tests.patch: added test in
        configure.ac, tests/Makefile.am, tests/bugs/Makefile.am,
        tests/bugs/issue70a.c.
      - CVE-2024-57823

   -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Tue, 25 Feb 2025
  07:53:56 -0500

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/raptor2/+bug/2112062/+subscriptions
References

[Bug 2112062] [NEW] Merge raptor2 from Debian Unstable for questing
From: Bryce Harrington, 2025-05-29