1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108869: unblock: qbittorrent/5.1.0-2

    From Christian Marillat@21:1/5 to All on Sun Jul 6 17:10:01 2025
    XPost: linux.debian.devel.release

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: [email protected]
    Control: affects -1 + src:qbittorrent
    User: [email protected]
    Usertags: unblock

    Please unblock package qbittorrent

    Package not yet uploaded.

    To fix bug #1108843 with security issue (no DSA yet)

    I've two choices: backport 2 patches from 5.1.2 or release the 5.1.2
    version over 5.1.0

    debdiff at the bottom.

    What is your opinion?

    Christian

    $ cat qbittorrent_5.1.0-2.debdiff
    diff -Nru qbittorrent-5.1.0/debian/changelog qbittorrent-5.1.0/debian/changelog --- qbittorrent-5.1.0/debian/changelog 2025-04-28 09:24:06.000000000 +0200
    +++ qbittorrent-5.1.0/debian/changelog 2025-07-06 16:40:13.000000000 +0200
    @@ -1,3 +1,10 @@
    +qbittorrent (5.1.0-2) unstable; urgency=medium
    +
    + * Add two patches from 5.1.2 version to fix security issues: WebAPI, Rss
    + and Search modules (Closes: #1108843)
    +
    + -- Christian Marillat <[email protected]> Sun, 06 Jul 2025 16:40:13 +0200 +
    qbittorrent (5.1.0-1) unstable; urgency=medium

    * New upstream release.
    diff -Nru qbittorrent-5.1.0/debian/patches/4f94eac235cefa8b83489cb3135dad87fcbed1e3.patch qbittorrent-5.1.0/debian/patches/4f94eac235cefa8b83489cb3135dad87fcbed1e3.patch
    --- qbittorrent-5.1.0/debian/patches/4f94eac235cefa8b83489cb3135dad87fcbed1e3.patch 1970-01-01 01:00:00.000000000 +0100
    +++ qbittorrent-5.1.0/debian/patches/4f94eac235cefa8b83489cb3135dad87fcbed1e3.patch 2025-07-06 16:39:40.000000000 +0200
    @@ -0,0 +1,191 @@
    +From d379fa30350bd2aaf50656c7cd5fbaf6f6219773 Mon Sep 17 00:00:00 2001
    +From: "Vla
  • From Paul Gevers@21:1/5 to Christian Marillat on Mon Jul 7 14:10:01 2025
    XPost: linux.debian.devel.release
    To: [email protected]

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------2Nx4y6NLBsFg9WRq0m5DFhzb
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    Q29udHJvbDogdGFncyAtMSBtb3JlaW5mbw0KDQpIaSwNCg0KT24gNy82LzI1IDE3OjAwLCBD aHJpc3RpYW4gTWFyaWxsYXQgd3JvdGU6DQo+IEkndmUgdHdvIGNob2ljZXM6IGJhY2twb3J0 IDIgcGF0Y2hlcyBmcm9tIDUuMS4yIG9yIHJlbGVhc2UgdGhlIDUuMS4yDQo+IHZlcnNpb24g b3ZlciA1LjEuMA0KPiANCj4gZGViZGlmZiBhdCB0aGUgYm90dG9tLg0KPiANCj4gV2hhdCBp cyB5b3VyIG9waW5pb24/DQoNCg0KV2UgcHJlZmVyIHRhcmdldGVkIGZpeGVzLCBzbyB0aGUg ZGViZGlmZiBsb29rcyBtb3N0bHkgZ29vZC4gSG93ZXZlciwgdGhlIA0KZmlyc3QgcGF0Y2gg aGFzICJbUEFUQ0ggMS8yXSIuIEkgaG9wZSB5b3UgZGlkbid0IGZvcmdldCB0aGUgb3RoZXIg aGFsZiANCmJ5IGFjY2lkZW50LiBQbGVhc2UgcmVtb3ZlIHRoZSBtb3JlaW5mbyB0YWcgaWYv d2hlbiB5b3UgY29uZmlybSB0aGlzIGFuZCANCmNvbnNpZGVyIHRoZSB1bmJsb2NrIGNvbmZp cm1lZC4NCg0KUGF1bA0KDQo=

    --------------2Nx4y6NLBsFg9WRq0m5DFhzb--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJoa7c5CRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfDXphOLM5yjNDsW3vNng2RqkI1WkKsEdWLD9jUNbAg VBYhBFi2bUhza+k7BS3mcpxcmesFvXUKAADwdAf+MXA0h0JLJ8TflNxwUDEiWCRt Qm9frYNP3mDZphFJc62wcjfpXenKJEMYUX2Jql0IPvFitBFZ9/pTXEDdVMNzESDM cH3iSw2G67suBkfOEbaJ4ozdVa+rQGaHcfyG6aCLjq50dbXh+t5tAUU+Eq8+RdLV IS9/43xxB5O61RsZbskLwAlbvmKZed+fvJDXf2zm8DJkZu7EOVitKmQwF/wLK96k nNcvb0mYMq6CQBReM/4F3RT2PUaEZI5P0qH1yVz605CZRLJaJFPHvYkba3s8Id5l ujYUC8cHLnjEgnwSQYRwuhhhmuarKxcdVr1kQDzRTVZAsg2Y9ndX2/vgS+j+Ag==
    =kvj9
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Christian Marillat@21:1/5 to Paul Gevers on Mon Jul 7 15:20:01 2025
    XPost: linux.debian.devel.release

    tags 1108869 -moreinfo
    thanks
    On 07 juil. 2025 14:02, Paul Gevers <[email protected]> wrote:

    Control: tags -1 moreinfo

    Hi,

    Hi,

    On 7/6/25 17:00, Christian Marillat wrote:
    I've two choices: backport 2 patches from 5.1.2 or release the 5.1.2
    version over 5.1.0
    debdiff at the bottom.
    What is your opinion?


    We prefer targeted fixes, so the debdiff looks mostly good. However,
    the first patch has "[PATCH 1/2]". I hope you didn't forget the other
    half by accident. Please remove the moreinfo tag if/when you confirm
    this and consider the unblock confirmed.

    No it's OK, I checked patched files in 5.1.0-2 and ones in 5.1.2
    No difference.

    Christian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Gevers@21:1/5 to Christian Marillat on Mon Jul 7 15:30:01 2025
    XPost: linux.debian.devel.release
    Copy: [email protected]

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------02cex058MYy8uhraaa07nuo5
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGkNCg0KT24gNy83LzI1IDE1OjA5LCBDaHJpc3RpYW4gTWFyaWxsYXQgd3JvdGU6DQo+IE5v IGl0J3MgT0ssIEkgY2hlY2tlZCBwYXRjaGVkIGZpbGVzIGluIDUuMS4wLTIgYW5kIG9uZXMg aW4gNS4xLjINCj4gTm8gZGlmZmVyZW5jZS4NCg0KV2FpdCwgZG8geW91IG1lYW4gdGhlIGRl bHRhIGJldHdlZW4gNS4xLjAgYW4gNS4xLjIgaXMgb25seSB0aGUgcGF0Y2hlcyANCnlvdSBw cm92aWRlZD8gSW4gdGhhdCBjYXNlIHdlIGNhbiBoYXZlIDUuMS4yLg0KDQpQYXVsDQo=

    --------------02cex058MYy8uhraaa07nuo5--

    -----BEGIN PGP SIGNATURE-----

    wsC7BAABCABvBYJoa8l+CRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmcGJb/fsJlSgLDngsx7KB9+EeiiXcUgFnLzMVzPMpeq 6RYhBFi2bUhza+k7BS3mcpxcmesFvXUKAADm9AgA0tyCbJ80hCnemC9qSxR+TR3b JOL/oJ0VgLRIYfcUnUEuZnp+z6PNWcPWnK5rUNwAVwBiIqZNT//kBPUrHfrNqifT UI1+T3SSG6MBBWlYQR+K1lGUyNfOBryvpRKXBP5TQvlFPUdicBVZ9P9MkoHkPKAM anlchbuxXEYvpjs5Nx0W92KYw6UUfOL2T8mdDrjFrQVO8jlXoKKEIdJimgI0CF3U F6bEPQP38A7fwfVb3I9ybtFNdr6yiRUTsPyzVVBUIyFP2V2M2N+8hr5a67nuqAox v0s/jlcU2GIB8zlcU1UQyLvNQrMKEtjhO7/o4m/9ADsks+EFWDFddyTC8fFODg==
    =1iaB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Christian Marillat@21:1/5 to Paul Gevers on Mon Jul 7 15:40:01 2025
    XPost: linux.debian.devel.release

    On 07 juil. 2025 15:19, Paul Gevers <[email protected]> wrote:

    Hi

    On 7/7/25 15:09, Christian Marillat wrote:
    No it's OK, I checked patched files in 5.1.0-2 and ones in 5.1.2
    No difference.

    Wait, do you mean the delta between 5.1.0 an 5.1.2 is only the patches
    you provided? In that case we can have 5.1.2.

    No, 5.1.2 and 5.1.1 includes many more changes.

    https://github.com/qbittorrent/qBittorrent/blob/release-5.1.2/Changelog

    Christian

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)