Bug#991463: fixed in knot-resolver 5.4.1-1
El 01/09/21 a las 10:49, Santiago Ruano Rincón escribió: > El 31/08/21 a las 19:01, Jakub Ružička escribió: > > > I've opened transition bug #993027 Forgot to say a couple of things: it's really good that you know how to handle transitions now. For the case of knot, being kresd its only reverse dependency, I think you can move to unstable when you are sure they build OK (release team has always the final word, you can ask them). > > > > Got ack from RT, I've uploaded knot-3.1.1-4 into unstable to start the > > transition. > > > > Do I need to wait until the new knot built on all archs before uploading > > depending knot-resolver-5.4.1-2 or is there a smart mechanism ensuring > > build against correct/latest version? > > Well, I am not sure of that. I'd wait to have it built on all archs (and > ping debian-buildd if needed), as it is the case right now. But I think > also that such smart mechanism exists if you don't want to wait. > > > > Yes, that I should fix the issue with the next (first) bullseye-point > > > release after it's been fixed in unstable. > > ACK. > > > > > I've prepared knot-resolver-5.3.1-2+deb11u1 with the backport of > > upstream fix in new debian/bullseye salsa branch: > > > > https://salsa.debian.org/dns-team/knot-resolver/-/commits/debian/bullseye > > > > Please review my changes before I attempt the bullseye upload as I'm new > > to this process. > > > > diff --git a/debian/changelog b/debian/changelog > index a38aa258..0cf5bc71 100644 > --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,10 @@ > +knot-resolver (5.3.1-2+deb11u1) bullseye; urgency=medium > > Version in stable is 5.3.1-1, so it would be 5.3.1-1+deb11u1. You shouldn't > bump the debian revision number. It will be longer the case for kresd, but > suppose you upload a more recent revision to testing or unstable. If you > 5.3.1-2 would be < 5.3.1-2+deb11u1, and user would have a problem to upgrade > it. > Also, you may correct the RELEASE in debian/salsa-ci.yml https://salsa.debian.org/salsa-ci-team/pipeline/#changing-the-debian-release > > , > > Jakub > > , > > -- S , -- S signature.asc Description: PGP signature
Bug#991463: fixed in knot-resolver 5.4.1-1
El 31/08/21 a las 19:01, Jakub Ružička escribió: > > I've opened transition bug #993027 > > Got ack from RT, I've uploaded knot-3.1.1-4 into unstable to start the > transition. > > Do I need to wait until the new knot built on all archs before uploading > depending knot-resolver-5.4.1-2 or is there a smart mechanism ensuring > build against correct/latest version? Well, I am not sure of that. I'd wait to have it built on all archs (and ping debian-buildd if needed), as it is the case right now. But I think also that such smart mechanism exists if you don't want to wait. > > Yes, that I should fix the issue with the next (first) bullseye-point > > release after it's been fixed in unstable. ACK. > > I've prepared knot-resolver-5.3.1-2+deb11u1 with the backport of > upstream fix in new debian/bullseye salsa branch: > > https://salsa.debian.org/dns-team/knot-resolver/-/commits/debian/bullseye > > Please review my changes before I attempt the bullseye upload as I'm new > to this process. > diff --git a/debian/changelog b/debian/changelog index a38aa258..0cf5bc71 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +knot-resolver (5.3.1-2+deb11u1) bullseye; urgency=medium Version in stable is 5.3.1-1, so it would be 5.3.1-1+deb11u1. You shouldn't bump the debian revision number. It will be longer the case for kresd, but suppose you upload a more recent revision to testing or unstable. If you 5.3.1-2 would be < 5.3.1-2+deb11u1, and user would have a problem to upgrade it. > > , > Jakub , -- S signature.asc Description: PGP signature
Bug#991463: fixed in knot-resolver 5.4.1-1
> I've opened transition bug #993027 Got ack from RT, I've uploaded knot-3.1.1-4 into unstable to start the transition. Do I need to wait until the new knot built on all archs before uploading depending knot-resolver-5.4.1-2 or is there a smart mechanism ensuring build against correct/latest version? > Yes, that I should fix the issue with the next (first) bullseye-point > release after it's been fixed in unstable. I've prepared knot-resolver-5.3.1-2+deb11u1 with the backport of upstream fix in new debian/bullseye salsa branch: https://salsa.debian.org/dns-team/knot-resolver/-/commits/debian/bullseye Please review my changes before I attempt the bullseye upload as I'm new to this process. , Jakub OpenPGP_0xA4254072E373042C.asc Description: OpenPGP public key
Bug#991463: fixed in knot-resolver 5.4.1-1
On 8/26/21 10:42 PM, Santiago Ruano Rincón wrote: > El 26/08/21 a las 14:45, Jakub Ružička escribió: >>> - Includes fix for CVE-2021-40083 (Closes: #991463) >> I've used this magic syntax found throughout the changelog and it closed >> the bug upon experimental upload, which isn't what I expected. Please >> reopen as needed, I'm not yet familiar with handling bugs wrt different >> Debian branches. >> > Why would you like to reopen the bug? The BTS knows it is still to be > fixed in unstable. Take a look at the image at the top right of the bug > report page: > https://bugs.debian.org/cgi-bin/version.cgi?absolute=0;found=knot-resolver%2F5.3.1-1;info=1;fixed=knot-resolver%2F5.4.1-1;collapse=1;package=knot-resolver Aha! I didn't notice that all-important image at all, thanks. So BTS is as smart as I hoped 拾 Please disregard my prior confusion. > >> Regardless, experimental knot-resolver-5.4.1-1 built against >> experimental knot-3.1.1-3 so I'll try to proceed with the transition >> which should fix the bug for sid. > Awesome, thanks! My pleasure! I've opened transition bug #993027 > >> After that I plan to cherry-pick the fix for next bullseye-point release. > Did you have any feedback from the security team? Yes, that I should fix the issue with the next (first) bullseye-point release after it's been fixed in unstable. As the sid fix is in progress, I'll prepare the bullseye release (at debian/bullseye Salsa branch I think) and follow instructions at https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable , Jakub OpenPGP_signature Description: OpenPGP digital signature
Bug#991463: fixed in knot-resolver 5.4.1-1
El 26/08/21 a las 14:45, Jakub Ružička escribió: > > - Includes fix for CVE-2021-40083 (Closes: #991463) > > I've used this magic syntax found throughout the changelog and it closed > the bug upon experimental upload, which isn't what I expected. Please > reopen as needed, I'm not yet familiar with handling bugs wrt different > Debian branches. > Why would you like to reopen the bug? The BTS knows it is still to be fixed in unstable. Take a look at the image at the top right of the bug report page: https://bugs.debian.org/cgi-bin/version.cgi?absolute=0;found=knot-resolver%2F5.3.1-1;info=1;fixed=knot-resolver%2F5.4.1-1;collapse=1;package=knot-resolver > Regardless, experimental knot-resolver-5.4.1-1 built against > experimental knot-3.1.1-3 so I'll try to proceed with the transition > which should fix the bug for sid. Awesome, thanks! > After that I plan to cherry-pick the fix for next bullseye-point release. Did you have any feedback from the security team? , -- S signature.asc Description: PGP signature
Bug#991463: fixed in knot-resolver 5.4.1-1
> - Includes fix for CVE-2021-40083 (Closes: #991463) I've used this magic syntax found throughout the changelog and it closed the bug upon experimental upload, which isn't what I expected. Please reopen as needed, I'm not yet familiar with handling bugs wrt different Debian branches. Regardless, experimental knot-resolver-5.4.1-1 built against experimental knot-3.1.1-3 so I'll try to proceed with the transition which should fix the bug for sid. After that I plan to cherry-pick the fix for next bullseye-point release. Cheers, Jakub OpenPGP_signature Description: OpenPGP digital signature