Re: Wheezy update of dietlibc?
Hi Chris, On Sat, Jul 23, 2016 at 11:27:13AM +0200, Chris Lamb wrote: > > Needs to be built with -sa ;) > > Whoops! I blame the change of pattern re. sponsoring. Just re-uploaded. :) > > > (but wait first that the dietlibc version has been built) and avialable. > > ACK. Will check in 24h, then do sourceful uploads of minit and mksh. > > >From an annoucement point of view, I will assume I will then issue a single > DLA, mentioning the n packages that were rebuilt. Yes that was in the rare cases were we needed to do that our approach. Since the fix is associated to the dietlibc source, just add to data/DLA/list the entry for dietlibc, but then mention in the DLA text which packages needed to be rebuild. Salvatore
Re: Wheezy update of dietlibc?
> Needs to be built with -sa ;) Whoops! I blame the change of pattern re. sponsoring. Just re-uploaded. :) > (but wait first that the dietlibc version has been built) and avialable. ACK. Will check in 24h, then do sourceful uploads of minit and mksh. >From an annoucement point of view, I will assume I will then issue a single DLA, mentioning the n packages that were rebuilt. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of dietlibc?
Hi Chris, On Sat, Jul 23, 2016 at 10:04:53AM +0200, Chris Lamb wrote: > > Well, then it would be great if someone could upload the fixed > > package for me. :) > > I've uploaded the wheezy version to security-master. > > However, whilst I reserved a DLA I have not announced it due to the > required binNMUs - it would be pointless, misleading and/or dangerous > as dietlibc is a static library. > > I need some help here - do I simply request these in the usual way? > I have not done this for security before. If the source for the respective binary packages you want to binNMU is not in the security-archive you need to to a sourceful upload without changes (but wait first that the dietlibc version has been built) and avialable. I guess that is for almost all the cases you need to do, since they are if I understood correctly just 'minit' and 'mksh', neither of those two are on security.d.o, so you need to do a sourcefull upload. HTH, Regards, Salvatore
Re: Wheezy update of dietlibc?
> Well, then it would be great if someone could upload the fixed > package for me. :) I've uploaded the wheezy version to security-master. However, whilst I reserved a DLA I have not announced it due to the required binNMUs - it would be pointless, misleading and/or dangerous as dietlibc is a static library. I need some help here - do I simply request these in the usual way? I have not done this for security before. > gbp buildpackage --git-pristine-tar --git-debian-branch=wheezy It's still "git-buildpackage" in wheezy's version! ;) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of dietlibc?
On 07/21/2016 11:07 AM, Salvatore Bonaccorso wrote: > On Thu, Jul 21, 2016 at 11:02:07AM +0200, Chris Lamb wrote: >> I.. don't actually know! No harm in trying to upload as an DM. If it >> fails, please me know and I can upload it for you. > > DM's cannot upload to security-master, cf. > https://bugs.debian.org/796095 Well, then it would be great if someone could upload the fixed package for me. :) I had attached a debdiff against current Wheezy to my original email, but you can also build it from git, whichever you prefer: git clone https://anonscm.debian.org/git/collab-maint/dietlibc.git -b wheezy cd dietlibc git checkout pristine-tar # to populate the local branch git checkout wheezy gbp buildpackage --git-pristine-tar --git-debian-branch=wheezy Thanks! Regards, Christian
Re: Wheezy update of dietlibc?
Hi, On 07/21/2016 10:51 AM, Chris Lamb wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of dietlibc: > https://security-tracker.debian.org/tracker/TEMP-000-0F9220 > > Would you like to take care of this yourself? I've already prepared an updated package, did you not see the original email I Cc'd to debian-lts? https://lists.debian.org/debian-lts/2016/07/msg00067.html (Please also read the part about required binNMUs.) > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development So I assume as a next step I should upload the package I've already prepared, right? Is that possible for DMs? Regards, Christian
Re: Wheezy update of dietlibc?
> I've already prepared an updated package, did you not see the > original email I Cc'd to debian-lts? > https://lists.debian.org/debian-lts/2016/07/msg00067.html My sincere apologies. There was a large backlog of LTS mails this morning so each package somewhat "merged" in my head. > So I assume as a next step I should upload the package > I've already prepared, right? Is that possible for DMs? I.. don't actually know! No harm in trying to upload as an DM. If it fails, please me know and I can upload it for you. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-