Re: Updating dpkg in squeeze-lts
On Fri, 2015-05-15 at 21:46:50 +0100, Ben Hutchings wrote: On Sun, 2015-05-03 at 16:52 +0200, Guillem Jover wrote: I was still unable to pull from that. But cloning worked, so I then pulled from the local checkout. And released the tarball at: https://dpkg.alioth.debian.org/releases/ And pushed the changes to the next/1.15.x branch at: http://git.hadrons.org/cgit/debian/dpkg/dpkg.git Once erything looks fine and the release is in the archive, I'll push it to git.debian.org. Otherwise I can reroll a new one. I've now uploaded this (as you may have seen). Thanks, I pushed the changes to the main repo the other day. Regards, Guillem -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150519170139.ga28...@gaara.hadrons.org
Re: Updating dpkg in squeeze-lts
On Sun, 2015-05-03 at 16:52 +0200, Guillem Jover wrote: On Fri, 2015-05-01 at 13:24:56 +0100, Ben Hutchings wrote: On Fri, 2015-05-01 at 05:51 +0200, Guillem Jover wrote: Although I cannot fetch from the repo: ,--- $ git pull http://git.decadent.org.uk/git/dpkg.git 1.15.x error: Unable to find ee84e232070351e980b48e82788a353ba3857be3 under http://git.decadent.org.uk/git/dpkg.git Cannot obtain needed tree ee84e232070351e980b48e82788a353ba3857be3 while processing commit 006ba044fbd398472e5045edef37bd21e6ba6724. error: fetch failed. `--- I guess, perhaps a «git update-server-info» was missing? Odd, I do have the post-update hook enabled to run that. Anyway, fixed now. I was still unable to pull from that. But cloning worked, so I then pulled from the local checkout. And released the tarball at: https://dpkg.alioth.debian.org/releases/ And pushed the changes to the next/1.15.x branch at: http://git.hadrons.org/cgit/debian/dpkg/dpkg.git Once erything looks fine and the release is in the archive, I'll push it to git.debian.org. Otherwise I can reroll a new one. I've now uploaded this (as you may have seen). Ben. -- Ben Hutchings It is impossible to make anything foolproof because fools are so ingenious. signature.asc Description: This is a digitally signed message part
Re: Updating dpkg in squeeze-lts
On Fri, 2015-05-01 at 13:24:56 +0100, Ben Hutchings wrote: On Fri, 2015-05-01 at 05:51 +0200, Guillem Jover wrote: Although I cannot fetch from the repo: ,--- $ git pull http://git.decadent.org.uk/git/dpkg.git 1.15.x error: Unable to find ee84e232070351e980b48e82788a353ba3857be3 under http://git.decadent.org.uk/git/dpkg.git Cannot obtain needed tree ee84e232070351e980b48e82788a353ba3857be3 while processing commit 006ba044fbd398472e5045edef37bd21e6ba6724. error: fetch failed. `--- I guess, perhaps a «git update-server-info» was missing? Odd, I do have the post-update hook enabled to run that. Anyway, fixed now. I was still unable to pull from that. But cloning worked, so I then pulled from the local checkout. And released the tarball at: https://dpkg.alioth.debian.org/releases/ And pushed the changes to the next/1.15.x branch at: http://git.hadrons.org/cgit/debian/dpkg/dpkg.git Once erything looks fine and the release is in the archive, I'll push it to git.debian.org. Otherwise I can reroll a new one. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150503145208.ga9...@gaara.hadrons.org
Re: Updating dpkg in squeeze-lts
On Fri, 2015-05-01 at 05:51 +0200, Guillem Jover wrote: On Mon, 2015-04-27 at 01:11:33 +0100, Ben Hutchings wrote: On Thu, 2015-04-23 at 07:10 +0200, Guillem Jover wrote: I'd prefer if you merged and released the tarball, then I can do the rest. Sure, less work for me. - Are you happy to pull from my git branch, or should I send one or multiple patches? Given that you've done the hunting and backporting I'd like your SOB lines on all patches, alongside [mail@domain:\n - Brief change description. ] markers for the patches that required changes so proper credit is given in the commit message. OK, I've rebased and added that. All of the cherry-picks conflicted in debian/changelog, but I didn't bother to mention that. Aside from that they were mostly clean. I also dropped the 'release' commit so you'll need to finalise the changelog as you see fit. Perfect, thanks. Although I cannot fetch from the repo: ,--- $ git pull http://git.decadent.org.uk/git/dpkg.git 1.15.x error: Unable to find ee84e232070351e980b48e82788a353ba3857be3 under http://git.decadent.org.uk/git/dpkg.git Cannot obtain needed tree ee84e232070351e980b48e82788a353ba3857be3 while processing commit 006ba044fbd398472e5045edef37bd21e6ba6724. error: fetch failed. `--- I guess, perhaps a «git update-server-info» was missing? Odd, I do have the post-update hook enabled to run that. Anyway, fixed now. Ben. -- Ben Hutchings It is easier to write an incorrect program than to understand a correct one. signature.asc Description: This is a digitally signed message part
Re: Updating dpkg in squeeze-lts
On Mon, 2015-04-27 at 01:11:33 +0100, Ben Hutchings wrote: On Thu, 2015-04-23 at 07:10 +0200, Guillem Jover wrote: I'd prefer if you merged and released the tarball, then I can do the rest. Sure, less work for me. - Are you happy to pull from my git branch, or should I send one or multiple patches? Given that you've done the hunting and backporting I'd like your SOB lines on all patches, alongside [mail@domain:\n - Brief change description. ] markers for the patches that required changes so proper credit is given in the commit message. OK, I've rebased and added that. All of the cherry-picks conflicted in debian/changelog, but I didn't bother to mention that. Aside from that they were mostly clean. I also dropped the 'release' commit so you'll need to finalise the changelog as you see fit. Perfect, thanks. Although I cannot fetch from the repo: ,--- $ git pull http://git.decadent.org.uk/git/dpkg.git 1.15.x error: Unable to find ee84e232070351e980b48e82788a353ba3857be3 under http://git.decadent.org.uk/git/dpkg.git Cannot obtain needed tree ee84e232070351e980b48e82788a353ba3857be3 while processing commit 006ba044fbd398472e5045edef37bd21e6ba6724. error: fetch failed. `--- I guess, perhaps a «git update-server-info» was missing? Thanks, Guillem -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150501035127.gb6...@gaara.hadrons.org
Re: Updating dpkg in squeeze-lts
On Thu, 2015-04-23 at 07:10 +0200, Guillem Jover wrote: Hi! On Wed, 2015-04-22 at 01:53:16 +0100, Ben Hutchings wrote: I've prepared an update to dpkg in squeeze-lts to fix CVE-2015-0840. As it's a native package, I'd like to check some points with you: - Would you rather I numbered it as 1.15.12 or 1.15.11+nmu1? I'm a bit uncomfortable both with doing volunteer work for the LTS release, and getting an NMU for dpkg. But given that you've done the heavy lifting of hunting the patches and backporting them, I'd be fine with just merging them and releasing a tarball or a source package (although I can as well build both i386 and amd64 binaries if needed). I'd prefer if you merged and released the tarball, then I can do the rest. If you still want to prepare it yourself, then as Holger said, please use +deb6u1. - Should I do anything with the tarball produced by 'make dist'? If going with the second option above, then https://wiki.debian.org/Teams/Dpkg/GitUsage has some instructions that apply to master, they do need some small tweaking for 1.15.x. Also AFAIR, due to a release accident the 1.15.x series where autoreconfed from a wheezy system, so doing so from squeeze should produce much noise (and it would be on the unsafe side). I noticed that and tried autoreconf'ing from wheezy. It still resulted in some changes in generated files, though none in the configure script aside from the package version. - Are you happy to pull from my git branch, or should I send one or multiple patches? Given that you've done the hunting and backporting I'd like your SOB lines on all patches, alongside [mail@domain:\n - Brief change description. ] markers for the patches that required changes so proper credit is given in the commit message. OK, I've rebased and added that. All of the cherry-picks conflicted in debian/changelog, but I didn't bother to mention that. Aside from that they were mostly clean. I also dropped the 'release' commit so you'll need to finalise the changelog as you see fit. Ben. git repository: http://git.decadent.org.uk/gitweb?p=dpkg.git;a=summary http://git.decadent.org.uk/git/dpkg.git I've only skimmed over these, but they look like the patches that should be picked up. I can review them out properly while merging. Thanks, Guillem -- Ben Hutchings I'm not a reverse psychological virus. Please don't copy me into your sig. signature.asc Description: This is a digitally signed message part
Re: Updating dpkg in squeeze-lts
Hi! On Wed, 2015-04-22 at 01:53:16 +0100, Ben Hutchings wrote: I've prepared an update to dpkg in squeeze-lts to fix CVE-2015-0840. As it's a native package, I'd like to check some points with you: - Would you rather I numbered it as 1.15.12 or 1.15.11+nmu1? I'm a bit uncomfortable both with doing volunteer work for the LTS release, and getting an NMU for dpkg. But given that you've done the heavy lifting of hunting the patches and backporting them, I'd be fine with just merging them and releasing a tarball or a source package (although I can as well build both i386 and amd64 binaries if needed). If you still want to prepare it yourself, then as Holger said, please use +deb6u1. - Should I do anything with the tarball produced by 'make dist'? If going with the second option above, then https://wiki.debian.org/Teams/Dpkg/GitUsage has some instructions that apply to master, they do need some small tweaking for 1.15.x. Also AFAIR, due to a release accident the 1.15.x series where autoreconfed from a wheezy system, so doing so from squeeze should produce much noise (and it would be on the unsafe side). - Are you happy to pull from my git branch, or should I send one or multiple patches? Given that you've done the hunting and backporting I'd like your SOB lines on all patches, alongside [mail@domain:\n - Brief change description. ] markers for the patches that required changes so proper credit is given in the commit message. git repository: http://git.decadent.org.uk/gitweb?p=dpkg.git;a=summary http://git.decadent.org.uk/git/dpkg.git I've only skimmed over these, but they look like the patches that should be picked up. I can review them out properly while merging. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150423051025.ga25...@gaara.hadrons.org
Re: Updating dpkg in squeeze-lts
Hi Ben, thanks for preparing the LTS dpkg update! On Mittwoch, 22. April 2015, Ben Hutchings wrote: - Would you rather I numbered it as 1.15.12 or 1.15.11+nmu1? I think you should use 1.15.11+deb6u1 as per https://wiki.debian.org/LTS/Development :-) The dpkg maintainers can comment better on the remaining questions than me. cheers, Holger signature.asc Description: This is a digitally signed message part.