Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
On Thu, Oct 17, 2019 at 10:02 AM Moritz Muehlenhoff wrote: > IMHO for stretch-security/buster-security we should rather rebase the old > 4.9.2ish packages to 4.9.3, given that it creates new system users etc. > it seems not really suitable for a security update. Ok, that is what I did. Review welcome: https://people.debian.org/~rfrancoise/tcpdump/tcpdump_4.9.3-1~deb10u1_source.changes https://people.debian.org/~rfrancoise/tcpdump/tcpdump_4.9.3-1~deb9u1_source.changes Thanks.
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
On Wed, Oct 16, 2019 at 11:59:07PM +0200, Romain Francoise wrote: > On Wed, Oct 16, 2019 at 9:48 PM Salvatore Bonaccorso > wrote: > > Ideally given the issues are denial of service issues, this would have > > been okay via a point release. But we discussed this coincidentally in > > the team concluding we could as well release it via security. But we > > were thinking of postponing it a bit yet to see if some bug > > reports/regression reports did appear after the unstable version was > > exposed. > > Ah, okay. 4.9.3~git20190901-1 included significant packaging changes > to drop root privileges by default, is that appropriate for an upload > via security? (If so, it is my preferred avenue to reach stable users, > as point releases aren't very frequent.) IMHO for stretch-security/buster-security we should rather rebase the old 4.9.2ish packages to 4.9.3, given that it creates new system users etc. it seems not really suitable for a security update. > > Can you prepare updates for buster-security and stretch-security? > > I don't have much free time these days but I will try to get this done > over the week-end. Ack, thanks. Cheers, Moritz
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
On Wed, Oct 16, 2019 at 9:48 PM Salvatore Bonaccorso wrote: > Ideally given the issues are denial of service issues, this would have > been okay via a point release. But we discussed this coincidentally in > the team concluding we could as well release it via security. But we > were thinking of postponing it a bit yet to see if some bug > reports/regression reports did appear after the unstable version was > exposed. Ah, okay. 4.9.3~git20190901-1 included significant packaging changes to drop root privileges by default, is that appropriate for an upload via security? (If so, it is my preferred avenue to reach stable users, as point releases aren't very frequent.) > Can you prepare updates for buster-security and stretch-security? I don't have much free time these days but I will try to get this done over the week-end. Thanks.
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
Hi Romain, On Wed, Oct 16, 2019 at 08:30:44PM +0200, Romain Francoise wrote: > Hi Guillem, > > On Mon, Oct 14, 2019 at 3:45 PM Guillem Jover wrote: > > With the latest upload to oldoldstable-security, the versions in > > oldstable and stable are now lower. This means that upgrades will > > not take effect for this package, which will be left built against > > libraries and packaging from oldoldstable. > > Yes, the jessie-lts team kinda jumped the gun here. I think the best > way forward is to request approval for a buster-pu update of tcpdump > to 4.9.3 as well... > > Salvatore, any thoughts? Ideally given the issues are denial of service issues, this would have been okay via a point release. But we discussed this coincidentally in the team concluding we could as well release it via security. But we were thinking of postponing it a bit yet to see if some bug reports/regression reports did appear after the unstable version was exposed. Can you prepare updates for buster-security and stretch-security? If you have preference for the point release road though, we can followup there. Reards, Salvatore
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
Hello, Am 16.10.19 um 20:30 schrieb Romain Francoise: > Hi Guillem, > > On Mon, Oct 14, 2019 at 3:45 PM Guillem Jover wrote: >> With the latest upload to oldoldstable-security, the versions in >> oldstable and stable are now lower. This means that upgrades will >> not take effect for this package, which will be left built against >> libraries and packaging from oldoldstable. > > Yes, the jessie-lts team kinda jumped the gun here. I think the best > way forward is to request approval for a buster-pu update of tcpdump > to 4.9.3 as well... > > Salvatore, any thoughts? > > Thanks. I was assuming that Romain prepared the updates for stable again, so the corresponding backports will be 4.9.3-1~deb9u1 and 4.9.3-1~deb10u1 respectively exactly as it was done last time with the backport of 4.9.2. Regards, Markus signature.asc Description: OpenPGP digital signature
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
Hi Guillem, On Mon, Oct 14, 2019 at 3:45 PM Guillem Jover wrote: > With the latest upload to oldoldstable-security, the versions in > oldstable and stable are now lower. This means that upgrades will > not take effect for this package, which will be left built against > libraries and packaging from oldoldstable. Yes, the jessie-lts team kinda jumped the gun here. I think the best way forward is to request approval for a buster-pu update of tcpdump to 4.9.3 as well... Salvatore, any thoughts? Thanks.
Bug#942315: tcpdump: Version in oldoldstable is higher than oldstable and stable
Package: tcpdump Version: 4.9.2-1~deb9u1 Severity: serious Tags: stretch buster Hi! With the latest upload to oldoldstable-security, the versions in oldstable and stable are now lower. This means that upgrades will not take effect for this package, which will be left built against libraries and packaging from oldoldstable. Thanks, Guillem