1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109009: unblock: rust-sequoia-octopus-librnp/1.11.1-1

    From Holger Levsen@21:1/5 to All on Wed Jul 9 16:20:01 2025
    XPost: linux.debian.devel.release

    --OEa6lMcTf0rp0PJf
    Content-Type: text/plain; charset=utf-8
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable

    Package: release.debian.org
    Severity: normal
    User: [email protected]
    Usertags: unblock

    Please unblock package rust-sequoia-octopus-librnp.

    [ Reason ]
    It fixes a remote denial of service attack, see #1109001.

    [ Impact ]
    a thunderbird user can be DOSed with an email.

    [ Tests ]
    upstream CI tests, the package only has smoke autopkgtests atm.

    [ Risks ]
    not really, surely this could introduce some bug, but that would be
    limited to it's users.

    [ Checklist ]
    [x] all changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in testing

    [ Other info ]
    There's quite some noise from debcargo in the diff, apologies for that. debian/patches
    is unchanged (just refreshed), the changes are only in src/

    $ debdiff rust-sequoia-octopus-librnp_1.11.0-1.dsc rust-sequoia-octopus-librnp_1.11.1-1.dsc|diffstat
    .cargo_vcs_info.json | 2 +-
    Cargo.lock | 35 ++++++++++++++++++++++++-----------
    Cargo.toml | 16 +++++++++++++---
    Cargo.toml.orig | 13 +++++++++++--
    debian/changelog | 8 ++++++++
    debian/control | 2 +-
    debian/control.debcargo.hint | 14 +++++++-------
    debian/patches/drop-windows.patch | 10 +++++++++-
    debian/tests/control.debcargo.hint | 28 ++++++++++++++--------------
    src/dump_packets.rs | 10 +++++++++-
    src/dump_packets/dump.rs | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++--
    src/lib.rs | 38 +++++++++++++++++++++++++++++++-------
    12 files changed, 179 insertions(+), 50 deletions(-)

    & thanks for your work on trixie!

    unblock rust-sequoia-octopus-librnp/1.11.1-1


    --
    cheers,
    Holger

    ⢀⣴⠾⠻⢶⣦⠀
    ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
    ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
    ⠈⠳⣄

    Never waste a crisis.

    --OEa6lMcTf0rp0PJf
    Content-Type: text/x-diff; charset=us-ascii
    Content-Disposition: attachment;
    filename="rust-sequoia-octopus-librnp_1.11.1-1.diff" Content-Transfer-Encoding: quoted-printable

    diff -Nru rust-sequoia-octopus-librnp-1.11.0/Cargo.lock rust-sequoia-octopus-librnp-1.11.1/Cargo.lock
    --- rust-sequoia-octopus-librnp-1.11.0/Cargo.lock 1970-01-01 01:00:01.000000000 +0100
    +++ rust-sequoia-octopus-librnp-1.11.1/Cargo.lock 1970-01-01 01:00:01.000000000 +0100
    @@ -1,6 +1,6 @@
    # This file is automatically @generated by Cargo.
    # It is not intended for manual editing.
    -version = 3
    +version = 4

    [[package]]
    name = "addr2line"
    @@ -482,9 +482,9 @@

    [[package]]
    name = "crossbeam-channel"
    -version = "0.5.14"
    +version = "0.5.15"
    source = "registry