Bug#1073843: bookworm-pu: package kio/5.103.0-1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: k...@packages.debian.org, couc...@debian.org, s...@vuorela.dk,
r...@debian.org, a...@debian.org
Control: affects -1 + src:kio
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
With network shares mounted using CIFS, under some circumstances
libreoffice documents may disappear from the file system. The
underlying reason are locking mechanisms by the file system.
A lock prevents moving a temporary file when saving the document.
The latter gets lost in the unfortunate case.
A patched kio seems to fix the problem.
The problem is described in more detail #1070322 and in #1069855 (the
latter, related to the same underlying reason, is not fixed by the
patches available so far).
[ Impact ]
For the person preparing a document in libreoffice, the impact is
rather high, of course depending on the work that has been put into
the document's preparation so far.
[ Tests ]
We've tested the patch on our systems (a school with perhaps right now
about several hundred active PC users per day) and did not notice any
suspicious events.
The case with libreoffice documents was not reproducible with the
patched kio.
The problem with ark (#1069855) remains.
( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070322#129 )
[ Risks ]
I cannot estimate the risk apart from reporting our successful tests.
Perhaps people more familiar with the code can comment.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable (only the libreoffice one)
[ Changes ]
>From the Changelog:
- Don't unlink + rename on CIFS mounts during copy operations; Don't crash
if KMountPoint gives nothing back while checking.
- Don't leak existing file handles to newly spanwed KIO workers.
[ Other info ]
-
diff -Nru kio-5.103.0/debian/changelog kio-5.103.0/debian/changelog
--- kio-5.103.0/debian/changelog2023-02-12 21:44:31.0 +0100
+++ kio-5.103.0/debian/changelog2024-05-23 23:13:17.0 +0200
@@ -1,3 +1,14 @@
+kio (5.103.0-1+deb12u1) bookworm; urgency=medium
+
+ [ Aurélien COUDERC ]
+ * Backport upstream patches to fix incorrect behaviours with CIFS:
+- Don't unlink + rename on CIFS mounts during copy operations; Don't crash
+ if KMountPoint gives nothing back while checking. (Closes: #1069855)
+- Don't leak existing file handles to newly spanwed KIO workers.
+ (Closes: #1070322)
+
+ -- Aurélien COUDERC Thu, 23 May 2024 23:13:17 +0200
+
kio (5.103.0-1) unstable; urgency=medium
[ Aurélien COUDERC ]
diff -Nru kio-5.103.0/debian/patches/fix_cifs_file_locks.patch
kio-5.103.0/debian/patches/fix_cifs_file_locks.patch
--- kio-5.103.0/debian/patches/fix_cifs_file_locks.patch1970-01-01
01:00:00.0 +0100
+++ kio-5.103.0/debian/patches/fix_cifs_file_locks.patch2024-05-23
23:13:17.0 +0200
@@ -0,0 +1,45 @@
+From d1a2dab1da43d613ae5a8459ddcb62c8d78c46ff Mon Sep 17 00:00:00 2001
+From: Kevin Ottens
+Date: Fri, 5 Jan 2024 11:51:49 +0100
+Subject: [PATCH] Don't leak file descriptors when spawning new workers
+
+By default we inherit file descriptors from the parent in
+the worker process. This is a leak of resources since the
+worker won't be able to do anything with them. Also, in
+the case of CIFS this causes locks which might lead to bad
+surprises in the parent process.
+---
+
+Index: kio-5.103.0/src/kioslave/kioslave.cpp
+===
+--- kio-5.103.0.orig/src/kioslave/kioslave.cpp
kio-5.103.0/src/kioslave/kioslave.cpp
+@@ -18,6 +18,10 @@
+ #include
+ #include
+
++#ifdef Q_OS_UNIX
++#include
++#endif
++
+ #ifdef Q_OS_WIN
+ #include
+ #include
+@@ -40,6 +44,17 @@ extern "C" KIO::AuthInfo *_kioslave_init
+
+ int main(int argc, char **argv)
+ {
++#ifdef Q_OS_UNIX
++int max_fd = INT_MAX;
++struct rlimit limit;
++if (getrlimit(RLIMIT_NOFILE, ) == 0) {
++max_fd = limit.rlim_cur;
++}
++for (int fd = STDERR_FILENO + 1; fd < max_fd; fd++) {
++::close(fd);
++}
++#endif
++
+ if (argc < 5) {
+ fprintf(stderr, "Usage: kioslave5
\n\nThis program is part of KDE.\n");
+ return 1;
diff -Nru kio-5.103.0/debian/patches/series kio-5.103.0/debian/patches/series
--- kio-5.103.0/debian/patches/series 2022-05-12 22:53:40.0 +0200
+++ kio-5.103.0/debian/patches/series 2024-05-23 23:13:17.0 +0200
@@ -2,3 +2,6 @@
#fix_kfreebsd_build
hurd_disable_unimplemented.diff
Use-CXX_FLAGS-for-moc_predefs.h.patch
+upstream_3e6800b3_fix_cifs_copy.patch
+upstream_48322f44_fix_crash_when_kmountpoint_gives_nothing_on_cifs.patch
+fix_cifs_file_locks.patch
diff -Nru kio-5.103.0/debian/patches/upstream_3e6800b3_fix_cifs_copy.patch
kio-5.103.0/debian/patches/upstream_3e6800b3_fix_cifs_copy.patch
---
Bug#1056169: bookworm-pu: package di-netboot-assistant/0.78~deb12u1
Hi Kibi, thank you for your comment and explanation! On Sat, Nov 18, 2023 at 10:11:33AM +0100, Cyril Brulebois wrote: > > […] > > The versioning seems a little weird. > > Usually: > - either one cherry-picks stuff on top of the stable package, and uses >0.76+deb12u1; > - or one ships a rebuild of the testing/unstable into stable, and uses >0.78~deb12u1 (adding a changelog entry on top of unstable's, >similarly to what would be done for backports). > > Glancing very briefly at the patch and the git tree, it seems like > you're doing the latter but versioning it like the former. I'll let > others comment as to whether that's some nitpicking that should be > ignored, or something they'd like to see adjusted. Ah, you are absolutely right, makes sense. I started with a 0.76+deb12u1 package, realized that cherry-picking ended up at 0.78, adjusted the version number … but I wasn't aware that the changelog should also be 'reset' to the one from 0.78 (which, I agree, makes perfectly sense). If needed, I can provide another upload. Thanks and best regards, Andi
Bug#1056169: bookworm-pu: package di-netboot-assistant/0.78~deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: di-netboot-assist...@packages.debian.org, a...@debian.org
Control: affects -1 + src:di-netboot-assistant
[ Reason ]
With Bookworm, a few modifications have happened to the Debian Live ISO
images' meta data [1]. These changes make di-netboot-assistant
partially fail when bookworm ISO images are in use (the menus for the
network boot loaders like grub and iPXE are not generated properly).
The Live ISO images side has improved and stabilized [2], and also
di-netboot-assistant has been made more robust to account for these
modifications. In addition a few minor fixes to documentation and
examples (bookworm, preseed file) have been applied.
[1] https://lists.debian.org/debian-live/2023/06/msg00023.html
[2] https://lists.debian.org/debian-live/2023/07/msg00030.html
[ Impact ]
The inclusion of bookworm live ISO images fails.
[ Tests ]
I tested the changes with the 12.2.0 gnome, kde and standard ISOs.
Grub and iPXE menu.
[ Risks ]
There are almost no risks involved.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Mostly parsing latest meta data from the live images and more robust
handling of kernel/initrd (with/without version number).
[ Other info ]
I'll already upload the updated package.
The release team is doing a great job, thank you!
diff -Nru di-netboot-assistant-0.76/config/grub.cfg.HEAD
di-netboot-assistant-0.78~deb12u1/config/grub.cfg.HEAD
--- di-netboot-assistant-0.76/config/grub.cfg.HEAD 2023-03-16
17:05:12.0 +0100
+++ di-netboot-assistant-0.78~deb12u1/config/grub.cfg.HEAD 2023-06-18
09:11:47.0 +0200
@@ -18,7 +18,7 @@
set default='Boot from local disk..'
#set timeout=10
-if background_image
/d-i/n-pkg/images/11/amd64/text/debian-installer/amd64/boot-screens/splash.png;
then
+if background_image
/d-i/n-pkg/images/12/amd64/text/debian-installer/amd64/boot-screens/splash.png;
then
set color_normal=light-gray/black
set color_highlight=white/black
elif background_image /d-i/n-a/stable/amd64/boot-screens/splash.png; then
diff -Nru di-netboot-assistant-0.76/debian/changelog
di-netboot-assistant-0.78~deb12u1/debian/changelog
--- di-netboot-assistant-0.76/debian/changelog 2023-03-16 17:05:12.0
+0100
+++ di-netboot-assistant-0.78~deb12u1/debian/changelog 2023-06-18
09:11:47.0 +0200
@@ -1,3 +1,10 @@
+di-netboot-assistant (0.78~deb12u1) bookworm; urgency=medium
+
+ * Fixes for bookworm live iso image inclusion.
+ * Update/add/fix preseed examples. Thanks to Holger Wansing.
+
+ -- Andreas B. Mundt Sun, 18 Jun 2023 09:11:47 +0200
+
di-netboot-assistant (0.76) unstable; urgency=medium
* Fix typo in preseeding example.
diff -Nru di-netboot-assistant-0.76/di-netboot-assistant
di-netboot-assistant-0.78~deb12u1/di-netboot-assistant
--- di-netboot-assistant-0.76/di-netboot-assistant 2023-03-16
17:05:12.0 +0100
+++ di-netboot-assistant-0.78~deb12u1/di-netboot-assistant 2023-06-18
09:11:47.0 +0200
@@ -26,7 +26,7 @@
# -- Declare the constants --- #
PACKAGE_NAME=di-netboot-assistant
-PACKAGE_VERSION=0.76
+PACKAGE_VERSION=0.78
# -- Initialize the global variables - #
OFFLINE=false
@@ -253,8 +253,8 @@
# Returns: (EXIT STATUS) 0=Success, 1=Error
# #
prepare_grub() {
-local v="" opt=$1 VERS V GRUB AR DIR
-
+local v="" opt=$1 VERS V GRUB AR DIR
+
$VERBOSE && v="-v"
[ -z "$opt" ] && [ -d $TFTP_ROOT/$N_A_DIR/grub ] && return 0
@@ -263,7 +263,7 @@
[ ! -e "$TFTP_ROOT/debian-installer" ] && \
ln -srv $TFTP_ROOT/$N_A_DIR/ $TFTP_ROOT/debian-installer
-for AR in x64 aa64 ; do
+for AR in x64 aa64 ; do
## We link bootnet*.efi and grub*.efi from the latest available image:
echo "I: Preparing EFI executables for '${AR}'."
GRUB=""
@@ -533,7 +533,7 @@
EOF
sed -i "s%\(\# END_PKG_LIVE_MENU.*\)%item $tag $title\n\1%" menu.ipxe
-
+
for AR in amd64 arm64 ; do
gcfg="${TFTP_ROOT}/${relpath}/debian-installer/${AR}/grub/grub.cfg"
if [ -f "$gcfg" ] ; then
@@ -560,7 +560,7 @@
relpath=$(dirname "$x" | sed -e "s#${TFTP_ROOT}##" -e "s#^/*##" -e
"s#\/.disk##")
# shellcheck disable=SC2034
ISO_NAME=$(basename "$relpath")
-title=$(sed -e "s#Official ##" -e "s#T.*\$##" "$x")
+title="$(sed -e "s#Official ##" -e
Bug#1033108: unblock: di-netboot-assistant/0.76
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: di-netboot-assist...@packages.debian.org, a...@debian.org
Control: affects -1 + src:di-netboot-assistant
Hi Release Team!
Please unblock package di-netboot-assistant
[ Reason ]
This upload fixes a few issues in examples and the documentation
provided by the package as well as the Salsa CI autopkgtest.
[ Impact ]
Users will end up with examples that do not work with bookworm.
[ Tests ]
All changes have been tested by me in two unrelated environments.
[ Risks ]
Almost none.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
Especially the changes in the example preseed file are due to the
bookworm release and surfaced recently. Many thanks for all your work!
unblock di-netboot-assistant/0.76
diff -Nru di-netboot-assistant-0.75/config/ipxemenu.HEAD
di-netboot-assistant-0.76/config/ipxemenu.HEAD
--- di-netboot-assistant-0.75/config/ipxemenu.HEAD 2022-12-21
20:49:44.0 +0100
+++ di-netboot-assistant-0.76/config/ipxemenu.HEAD 2023-03-16
17:05:12.0 +0100
@@ -30,7 +30,7 @@
:customized
kernel ${210:string}d-i/n-a/stable/amd64/linux initrd=initrd.gz \
locale?=de_DE mirror/http/proxy?=http://192.168.122.1:3142/ \
- pkgsel/include=etckeeper preseed/late_command="rm -fv /target/etc/
apt/apt.conf" ---
+ pkgsel/include=etckeeper preseed/late_command="rm -fv
/target/etc/apt/apt.conf" ---
initrd ${210:string}d-i/n-a/stable/amd64/initrd.gz
boot
diff -Nru di-netboot-assistant-0.75/debian/changelog
di-netboot-assistant-0.76/debian/changelog
--- di-netboot-assistant-0.75/debian/changelog 2022-12-21 20:49:44.0
+0100
+++ di-netboot-assistant-0.76/debian/changelog 2023-03-16 17:05:12.0
+0100
@@ -1,3 +1,11 @@
+di-netboot-assistant (0.76) unstable; urgency=medium
+
+ * Fix typo in preseeding example.
+ * Fix salsa CI package version check.
+ * Update preseeding example for bookworm.
+
+ -- Andreas B. Mundt Thu, 16 Mar 2023 17:05:12 +0100
+
di-netboot-assistant (0.75) unstable; urgency=medium
* Bump Standards-Version to 4.6.2 (no changes needed).
diff -Nru di-netboot-assistant-0.75/debian/tests/std-run
di-netboot-assistant-0.76/debian/tests/std-run
--- di-netboot-assistant-0.75/debian/tests/std-run 2022-12-21
20:49:44.0 +0100
+++ di-netboot-assistant-0.76/debian/tests/std-run 2023-03-16
17:05:12.0 +0100
@@ -1,9 +1,9 @@
-#!/bin/sh
+#!/usr/bin/bash
## Make sure package and script version are identical:
PV="$(dpkg-query -f='${Version}\n' -W di-netboot-assistant)"
SV="$(di-netboot-assistant -V | cut -d' ' -f2)"
-if [ "${PV%%~*}" != "$SV" ] ; then
+if [ "${PV%%[^.0-9]*}" != "$SV" ] ; then
echo "E: Version of package ($PV) and script ($SV) do not match!"
exit 1
else
diff -Nru di-netboot-assistant-0.75/di-netboot-assistant
di-netboot-assistant-0.76/di-netboot-assistant
--- di-netboot-assistant-0.75/di-netboot-assistant 2022-12-21
20:49:44.0 +0100
+++ di-netboot-assistant-0.76/di-netboot-assistant 2023-03-16
17:05:12.0 +0100
@@ -26,7 +26,7 @@
# -- Declare the constants --- #
PACKAGE_NAME=di-netboot-assistant
-PACKAGE_VERSION=0.75
+PACKAGE_VERSION=0.76
# -- Initialize the global variables - #
OFFLINE=false
diff -Nru di-netboot-assistant-0.75/examples/preseed.cfg
di-netboot-assistant-0.76/examples/preseed.cfg
--- di-netboot-assistant-0.75/examples/preseed.cfg 2022-12-21
20:49:44.0 +0100
+++ di-netboot-assistant-0.76/examples/preseed.cfg 2023-03-16
17:05:12.0 +0100
@@ -30,6 +30,10 @@
d-i debian-installer/locale string en_US
d-i keyboard-configuration/xkb-keymap select us
+## netcfg will choose an interface that has link if possible. This makes it
+## skip displaying a list if there is more than one interface:
+#d-i netcfg/choose_interface select auto
+
## Use hostname assigned by DHCP:
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain
@@ -37,7 +41,13 @@
## Skip root account:
d-i passwd/root-login boolean false
+## If non-free firmware is needed for the network or other hardware, you can
+## configure the installer to always try to load it, without prompting. Or
+## change to false to disable asking.
+d-i hw-detect/load_firmware boolean true
+
### Apt setup
+d-i apt-setup/non-free-firmware boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
@@ -111,6 +121,8 @@
echo "ssh-rsa
B3NzaC1yc2EDAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7pls
Bug#1005000: buster-pu: package atftp/0.7.git20120829-3.2~deb10u2
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fix of CVE-2021-46671 reported in #1004974.
[ Impact ]
Potential information leak under special circumstances.
[ Tests ]
I checked manually that the changes fix the problem. The version in
testing contains the fix already for a long time and no problems have
been observed.
[ Risks ]
Risks are rather low, as changes are not complicated and in place for
the version in testing since quite some time.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
With the fix applied, options sent to the daemon are better checked
to avoid reading past the end of an array.
[ Other info ]
The same problem exists in bullseye and handled in a separate bullseye-pu.
I am going to upload the fixed version already.
diff -u atftp-0.7.git20120829/debian/changelog
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,9 @@
+atftp (0.7.git20120829-3.2~deb10u3) buster; urgency=medium
+
+ * Fix for CVE-2021-46671 (Closes: #1004974)
+
+ -- Andreas B. Mundt Fri, 04 Feb 2022 18:47:25 +0100
+
atftp (0.7.git20120829-3.2~deb10u2) buster; urgency=medium
* Fix for CVE-2021-41054 (Closes: #994895)
diff -u atftp-0.7.git20120829/options.c atftp-0.7.git20120829/options.c
--- atftp-0.7.git20120829/options.c
+++ atftp-0.7.git20120829/options.c
@@ -43,6 +43,12 @@
struct tftphdr *tftp_data = (struct tftphdr *)data;
size_t size = data_size - sizeof(tftp_data->th_opcode);
+ /* sanity check - requests always end in a null byte,
+ * check to prevent argz_next from reading past the end of
+ * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+ return ERR;
+
/* read filename */
entry = argz_next(tftp_data->th_stuff, size, entry);
if (!entry)
@@ -79,6 +85,12 @@
struct tftphdr *tftp_data = (struct tftphdr *)data;
size_t size = data_size - sizeof(tftp_data->th_opcode);
+ /* sanity check - options always end in a null byte,
+ * check to prevent argz_next from reading past the end of
+ * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+ return ERR;
+
while ((entry = argz_next(tftp_data->th_stuff, size, entry)))
{
tmp = entry;
Bug#1004999: bullseye-pu: package atftp/0.7.git20120829-3.3+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
[ Reason ]
Fix of CVE-2021-46671 reported in #1004974.
[ Impact ]
Potential information leak under special circumstances.
[ Tests ]
I checked manually that the changes fix the problem. The version in
testing contains the fix already for a long time and no problems have
been observed.
[ Risks ]
Risks are rather low, as changes are not complicated and in place for
the version in testing since quite some time.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
With the fix applied, options sent to the daemon are better checked
to avoid reading past the end of an array.
[ Other info ]
The same problem exists in buster (I'll open a separate buster-pu).
I am going to upload the fixed version already.
diff -u atftp-0.7.git20120829/debian/changelog
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,9 @@
+atftp (0.7.git20120829-3.3+deb11u2) bullseye; urgency=medium
+
+ * Fix for CVE-2021-46671 (Closes: #1004974)
+
+ -- Andreas B. Mundt Fri, 04 Feb 2022 18:09:05 +0100
+
atftp (0.7.git20120829-3.3+deb11u1) bullseye; urgency=medium
* Fix for CVE-2021-41054 (Closes: #994895)
diff -u atftp-0.7.git20120829/options.c atftp-0.7.git20120829/options.c
--- atftp-0.7.git20120829/options.c
+++ atftp-0.7.git20120829/options.c
@@ -43,6 +43,12 @@
struct tftphdr *tftp_data = (struct tftphdr *)data;
size_t size = data_size - sizeof(tftp_data->th_opcode);
+ /* sanity check - requests always end in a null byte,
+ * check to prevent argz_next from reading past the end of
+ * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+ return ERR;
+
/* read filename */
entry = argz_next(tftp_data->th_stuff, size, entry);
if (!entry)
@@ -79,6 +85,12 @@
struct tftphdr *tftp_data = (struct tftphdr *)data;
size_t size = data_size - sizeof(tftp_data->th_opcode);
+ /* sanity check - options always end in a null byte,
+ * check to prevent argz_next from reading past the end of
+ * data, as it doesn't do bounds checks */
+ if (data_size == 0 || data[data_size-1] != '\0')
+ return ERR;
+
while ((entry = argz_next(tftp_data->th_stuff, size, entry)))
{
tmp = entry;
Bug#994946: bullseye-pu: package atftp/0.7.git20120829-3.3
Hi Adam, On Thu, Sep 30, 2021 at 08:00:30PM +0100, Adam D. Barratt wrote: > […] > > I'm assuming this is from upstream, but as a small note: > > + * the options here for simplicity, which puts us on the save > side. > > s/save/safe/ (in two lines) > > Please go ahead. Version 0.7.git20120829-3.3+deb11u1 with fixed typo uploaded. Thanks and best regards, Andi
Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Hi Adam, On Thu, Sep 30, 2021 at 08:30:19PM +0100, Adam D. Barratt wrote: > […] > > The diff here has the same s/save/safe/g issue as the bullseye diff, > fwiw. > > [...] > > > > I chose the package version to increases from -3.2~deb10u1 to > > -3.2+deb10u2 > > It's not a huge issue, but why? The conventional successor to ~deb10u1 > is ~deb10u2. > > I'd prefer the "~" versioning, but in any case please go ahead. Version 0.7.git20120829-3.2~deb10u2 with fixed typo uploaded. Thanks and best regards! Andi
Bug#994946: bullseye-pu: package atftp/0.7.git20120829-3.3
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hi,
I would like to ask for permission to upload a new atftpd
package 0.7.git20120829-3.3+deb11u1 to fix #994895, buffer
overflow, CVE-2021-41054.
[ Reason ]
Fix a CVE (no DSA)
[ Impact ]
atftpd can be crashed by sending a crafted, but trivial request.
[ Tests ]
I manually tested that the buffer overflow happens in the current
package and is fixed in the new package.
[ Risks ]
very small
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
The patch checks the length of the options of the request and
throws an error if the buffer is too small.
diff -u atftp-0.7.git20120829/debian/changelog
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,9 @@
+atftp (0.7.git20120829-3.3+deb11u1) bullseye; urgency=medium
+
+ * Fix for CVE-2021-41054 (Closes: #994895)
+
+ -- Andreas B. Mundt Wed, 22 Sep 2021 21:15:01 +0200
+
atftp (0.7.git20120829-3.3) unstable; urgency=medium
* Non-maintainer upload.
diff -u atftp-0.7.git20120829/tftpd_file.c atftp-0.7.git20120829/tftpd_file.c
--- atftp-0.7.git20120829/tftpd_file.c
+++ atftp-0.7.git20120829/tftpd_file.c
@@ -183,8 +183,17 @@
/* blksize options */
if ((result = opt_get_blksize(data->tftp_options)) > -1)
{
- if ((result < 8) || (result > 65464))
+ /*
+ * If we receive more options, we have to make sure our buffer for
+ * the OACK is not too small. Use the string representation of
+ * the options here for simplicity, which puts us on the save side.
+ * FIXME: Use independent buffers for OACK and data.
+ */
+ opt_options_to_string(data->tftp_options, string, MAXLEN);
+ if ((result < strlen(string)-2) || (result > 65464))
{
+ logger(LOG_NOTICE, "options <%s> require roughly a blksize of
%d for the OACK.",
+ string, strlen(string)-2);
tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer,
data->data_buffer_size);
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ",
EOPTNEG,
@@ -530,8 +539,17 @@
/* blksize options */
if ((result = opt_get_blksize(data->tftp_options)) > -1)
{
- if ((result < 8) || (result > 65464))
+ /*
+ * If we receive more options, we have to make sure our buffer for
+ * the OACK is not too small. Use the string representation of
+ * the options here for simplicity, which puts us on the save side.
+ * FIXME: Use independent buffers for OACK and data.
+ */
+ opt_options_to_string(data->tftp_options, string, MAXLEN);
+ if ((result < strlen(string)-2) || (result > 65464))
{
+ logger(LOG_NOTICE, "options <%s> require roughly a blksize of
%d for the OACK.",
+ string, strlen(string)-2);
tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer,
data->data_buffer_size);
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ",
EOPTNEG,
Bug#994943: buster-pu: package atftp/0.7.git20120829-3.2~deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: a...@debian.org
Hi,
I would like to ask for permission to upload a new atftpd
package 0.7.git20120829-3.2+deb10u2 to fix #994895, buffer
overflow, CVE-2021-41054.
[ Reason ]
Fix a CVE (no DSA)
[ Impact ]
atftpd can be crashed by sending a crafted, but trivial request.
[ Tests ]
I manually tested that the buffer overflow happens in the current
package and is fixed in the new package.
[ Risks ]
very small
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
The patch checks the length of the options of the request and throws an
error if the buffer is too small.
[ Other info ]
I chose the package version to increases from -3.2~deb10u1 to -3.2+deb10u2
diff -u atftp-0.7.git20120829/debian/changelog
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,9 @@
+atftp (0.7.git20120829-3.2+deb10u2) buster; urgency=medium
+
+ * Fix for CVE-2021-41054 (Closes: #994895)
+
+ -- Andreas B. Mundt Wed, 22 Sep 2021 20:27:34 +0200
+
atftp (0.7.git20120829-3.2~deb10u1) buster; urgency=medium
* Non-maintainer upload.
diff -u atftp-0.7.git20120829/tftpd_file.c atftp-0.7.git20120829/tftpd_file.c
--- atftp-0.7.git20120829/tftpd_file.c
+++ atftp-0.7.git20120829/tftpd_file.c
@@ -183,8 +183,17 @@
/* blksize options */
if ((result = opt_get_blksize(data->tftp_options)) > -1)
{
- if ((result < 8) || (result > 65464))
+ /*
+ * If we receive more options, we have to make sure our buffer for
+ * the OACK is not too small. Use the string representation of
+ * the options here for simplicity, which puts us on the save side.
+ * FIXME: Use independent buffers for OACK and data.
+ */
+ opt_options_to_string(data->tftp_options, string, MAXLEN);
+ if ((result < strlen(string)-2) || (result > 65464))
{
+ logger(LOG_NOTICE, "options <%s> require roughly a blksize of
%d for the OACK.",
+ string, strlen(string)-2);
tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer,
data->data_buffer_size);
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ",
EOPTNEG,
@@ -530,8 +539,17 @@
/* blksize options */
if ((result = opt_get_blksize(data->tftp_options)) > -1)
{
- if ((result < 8) || (result > 65464))
+ /*
+ * If we receive more options, we have to make sure our buffer for
+ * the OACK is not too small. Use the string representation of
+ * the options here for simplicity, which puts us on the save side.
+ * FIXME: Use independent buffers for OACK and data.
+ */
+ opt_options_to_string(data->tftp_options, string, MAXLEN);
+ if ((result < strlen(string)-2) || (result > 65464))
{
+ logger(LOG_NOTICE, "options <%s> require roughly a blksize of
%d for the OACK.",
+ string, strlen(string)-2);
tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer,
data->data_buffer_size);
if (data->trace)
logger(LOG_DEBUG, "sent ERROR ",
EOPTNEG,
Bug#991499: unblock: atftp/0.7.git20120829-3.3
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: a...@debian.org
Please unblock package atftp
[ Reason ]
It has been found and reported in #988456 that atftpd is missing
a dependency, tcpd. This is the sole thing corrected with the NMU
upload prepared.
[ Impact ]
atftpd and atftp will be missing in bullseye. Upstream has become more
active in recent years and it makes sense to keep the package available.
[ Tests ]
I checked manually that the dependency is available after installation
and general functionality.
[ Risks ]
The changes are trivial, but on the other hand alternatives like
tftp-hpa exist.
However, they do not have all the features available from atftpd.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
I am about to help co-maintaining the package.
unblock atftp/0.7.git20120829-3.3
diff -u atftp-0.7.git20120829/debian/changelog
atftp-0.7.git20120829/debian/changelog
--- atftp-0.7.git20120829/debian/changelog
+++ atftp-0.7.git20120829/debian/changelog
@@ -1,3 +1,10 @@
+atftp (0.7.git20120829-3.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add missing dependency tcpd. (Closes: #988456)
+
+ -- Andreas B. Mundt Sun, 25 Jul 2021 18:26:09 +0200
+
atftp (0.7.git20120829-3.2) unstable; urgency=medium
* Non-maintainer upload.
diff -u atftp-0.7.git20120829/debian/control
atftp-0.7.git20120829/debian/control
--- atftp-0.7.git20120829/debian/control
+++ atftp-0.7.git20120829/debian/control
@@ -17,7 +17,7 @@
Package: atftpd
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, update-inetd, lsb-base
+Depends: ${shlibs:Depends}, ${misc:Depends}, update-inetd, lsb-base, tcpd
Recommends: inet-superserver
Conflicts: tftpd
Suggests: logrotate
Bug#925392: unblock: di-netboot-assistant/0.62
Control: tag -1 - moreinfo Dear Jonathan, On Sun, Mar 24, 2019 at 04:29:24PM +, Jonathan Wiltshire wrote: > Control: tag -1 moreinfo > > On Sun, Mar 24, 2019 at 12:23:48PM +0300, Andreas B. Mundt wrote: > > di-netboot-assistant 0.61. In addition, a typo has been fixed and the > > dh compat level has been bumped with no further changes needed. > > dh compat level changes aren't appropriate, please revert this. I've reverted the bump and uploaded 0.62, sorry for underestimating the relevance of the dh-bump. The debdiff from the version in buster is now the following: diff -Nru di-netboot-assistant-0.60/config/di-sources.list di-netboot-assistant-0.62/config/di-sources.list --- di-netboot-assistant-0.60/config/di-sources.list2019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.62/config/di-sources.list2019-03-24 19:57:26.0 +0300 @@ -30,22 +30,6 @@ oldstable-gtk i386 https://deb.debian.org/debian/dists/oldstable/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz ### Releases by name: -## Debian Wheezy -wheezy amd64 https://deb.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ netboot/netboot.tar.gz -wheezy i386 https://deb.debian.org/debian/dists/wheezy/main/installer-i386/current/images/ netboot/netboot.tar.gz -wheezy ia64 https://deb.debian.org/debian/dists/wheezy/main/installer-ia64/current/images/ netboot/netboot.tar.gz -wheezy sparc https://deb.debian.org/debian/dists/wheezy/main/installer-sparc/current/images/ netboot/boot.img -# Graphical Installer (GTK) -wheezy-gtk amd64 https://deb.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz -wheezy-gtk i386 https://deb.debian.org/debian/dists/wheezy/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz - -## Debian Jessie -jessie amd64 https://deb.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ netboot/netboot.tar.gz -jessie i386 https://deb.debian.org/debian/dists/jessie/main/installer-i386/current/images/ netboot/netboot.tar.gz -# Graphical Installer (GTK) -jessie-gtk amd64 https://deb.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz -jessie-gtk i386 https://deb.debian.org/debian/dists/jessie/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz - ## Debian Stretch stretchamd64 https://deb.debian.org/debian/dists/stretch/main/installer-amd64/current/images/ netboot/netboot.tar.gz stretchi386 https://deb.debian.org/debian/dists/stretch/main/installer-i386/current/images/ netboot/netboot.tar.gz @@ -133,6 +117,22 @@ # Obsolete distributions (unsupported) ### Old (discontinued) distributions may work with di-netboot-assistant, or not! +### Debian Jessie +#jessieamd64 https://archive.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ netboot/netboot.tar.gz +#jessiei386 https://archive.debian.org/debian/dists/jessie/main/installer-i386/current/images/ netboot/netboot.tar.gz +## Graphical Installer (GTK) +#jessie-gtkamd64 https://archive.debian.org/debian/dists/jessie/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz +#jessie-gtki386 https://archive.debian.org/debian/dists/jessie/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz +# +### Debian Wheezy +#wheezyamd64 http://archive.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ netboot/netboot.tar.gz +#wheezyi386 http://archive.debian.org/debian/dists/wheezy/main/installer-i386/current/images/ netboot/netboot.tar.gz +#wheezyia64 http://archive.debian.org/debian/dists/wheezy/main/installer-ia64/current/images/ netboot/netboot.tar.gz +#wheezysparc http://archive.debian.org/debian/dists/wheezy/main/installer-sparc/current/images/ netboot/boot.img +## Graphical Installer (GTK) +#wheezy-gtkamd64 http://archive.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz +#wheezy-gtki386 http://archive.debian.org/debian/dists/wheezy/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz +# ### Debian Squeeze #squeeze amd64 http://archive.debian.org/debian/dists/squeeze/main/installer-amd64/current/images/ netboot/netboot.tar.gz #squeeze i386 http://archive.debian.org/debian/dists/squeeze/main/installer-i386/current/images/ netboot/netboot.tar.gz diff -Nru di-netboot-assistant-0.60/debian/changelog di-netboot-assistant-0.62/debian/changelog --- di-netboot-assistant-0.60/debian/changelog 2019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.62/debian/changelog 2019-03-24 19:57:26.0 +0300 @@ -1,3 +1,19 @@ +di-netboot-assistant (0.6
Bug#925392: unblock: di-netboot-assistant/0.61
+0300 @@ -1,3 +1,12 @@ +di-netboot-assistant (0.61) unstable; urgency=medium + + * Fix typo in manual page. + * Bump dh compat level to 12. No changes needed. + * Remove jessie and wheezy from the list of supported releases, they +have been archived. Adapt autopkgtest accordingly (closes: #925368). + + -- Andreas B. Mundt Sun, 24 Mar 2019 09:54:31 +0300 + di-netboot-assistant (0.60) unstable; urgency=medium * Add option to overwrite TFTP_ROOT variable (closes: #537656, #923460). diff -Nru di-netboot-assistant-0.60/debian/compat di-netboot-assistant-0.61/debian/compat --- di-netboot-assistant-0.60/debian/compat 2019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.61/debian/compat 2019-03-24 09:54:31.0 +0300 @@ -1 +1 @@ -11 +12 diff -Nru di-netboot-assistant-0.60/debian/control di-netboot-assistant-0.61/debian/control --- di-netboot-assistant-0.60/debian/control2019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.61/debian/control2019-03-24 09:54:31.0 +0300 @@ -5,7 +5,7 @@ Uploaders: Andreas B. Mundt , Christian Perrier , Frank Lin PIAT -Build-Depends: debhelper (>= 11) +Build-Depends: debhelper (>= 12) Homepage: https://wiki.debian.org/DebianInstaller/NetbootAssistant Standards-Version: 4.3.0 Vcs-Browser: https://salsa.debian.org/installer-team/netboot-assistant diff -Nru di-netboot-assistant-0.60/debian/tests/std-run di-netboot-assistant-0.61/debian/tests/std-run --- di-netboot-assistant-0.60/debian/tests/std-run 2019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.61/debian/tests/std-run 2019-03-24 09:54:31.0 +0300 @@ -14,7 +14,7 @@ echo "## # $c" $c -c='di-netboot-assistant install wheezy --alias=oldi' +c='di-netboot-assistant install stretch --alias=oldi' echo "## install with alias (oldest debian release not yet archived):" echo "## # $c" $c diff -Nru di-netboot-assistant-0.60/di-netboot-assistant.1 di-netboot-assistant-0.61/di-netboot-assistant.1 --- di-netboot-assistant-0.60/di-netboot-assistant.12019-03-01 18:50:34.0 +0300 +++ di-netboot-assistant-0.61/di-netboot-assistant.12019-03-24 09:54:31.0 +0300 @@ -108,7 +108,7 @@ To toggle firmware for packaged debian-installer netboot images, all architectures: .br -\fBdi\-netboot\-assistant fw-toggle d\-pkg \-\-arch=all\fP +\fBdi\-netboot\-assistant fw-toggle n\-pkg \-\-arch=all\fP .br .RE Many thanks and best regards, Andi unblock di-netboot-assistant/0.61 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#786863: jessie-pu: package debian-lan-config/0.19
Hi Adam, On Fri, May 29, 2015 at 08:16:26AM +0100, Adam D. Barratt wrote: Control: tags -1 + pending On 2015-05-28 18:50, Adam D. Barratt wrote: Control: tags -1 + confirmed On Thu, 2015-05-28 at 16:27 +0200, Andreas B. Mundt wrote: I hope this is in a better shape now, a new debdiff is attached. Thanks. Please feel free to upload. Uploaded and flagged for acceptance. Great! Many thanks (in this special case and for your and the release team's work in general). Regards, Andi -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150529190918.GA10342@fuzi
Bug#786863: jessie-pu: package debian-lan-config/0.19
Control: tags -1 - moreinfo Hi Adam, thank you for thorough review. I worked through the changelog again: On Tue, May 26, 2015 at 01:10:26PM +0100, Adam D. Barratt wrote: On 2015-05-26 9:05, Andreas B. Mundt wrote: [...] * Workarounds: #759424 (di-n-a) removed, #774033 (deadlock) added. [di-netboot-assistant finally made it to jessie, but problems with NFS4 and the live system could not be solved - switch back to NFS3 here] The changelog entry for the latter could do with being much more detailed. (It doesn't mention nfs at all, for one thing.) I reworked this changelog entry and added the details. [...] * Describe how to use an arbitrary hostname for the 'mainserver'. * Add libcgi-fast-perl to make the zoom in munin work. [Some packages have been removed from jessie, this one is needed in addition.] That last change doesn't appear to have been made in the unstable package (0.20) Indeed, I just uploaded 0.21 with the fix included to unstable (accepted). There are other changes, which don't appear to be mentioned: -adzapper + +## FIXME #722717 +#adzapper [...] OK, the explanation (package has been removed from jessie) has been added. What are these about? -# FIXME: Bug #759424; chain.c32 is needed to boot from the local hard disk. [...] Why are the files other than chain.c32 no longer copied? Again, a more detailed explanation is now in the changelog. I hope this is in a better shape now, a new debdiff is attached. Best regards, Andi diff -Nru debian-lan-config-0.19/debian/changelog debian-lan-config-0.19+deb8u1/debian/changelog --- debian-lan-config-0.19/debian/changelog 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/debian/changelog 2015-05-28 15:56:03.0 +0200 @@ -1,3 +1,23 @@ +debian-lan-config (0.19+deb8u1) stable-proposed-updates; urgency=medium + + * Fix package names on i386. + * Workarounds: #759424 (di-n-a) removed, #774033 (deadlock) added. +- With the NMUed di-netboot-assistant package available in jessie, + only chain.c32 has to be copied to the tftp-boot directory. It is + needed to boot from the local disk in the Debian-LAN PXE menu. +- The Debian-LAN live system freezes when mounting the home + directory with NFSv4. Switch back to NFSv3 which works fine. + * Fix squid configuration: Modify ordering to succeed in a single +cfengine pass. + * Comment 'browser-plugin-gnash' and 'adzapper' in the package-list and +the corresponding script: These packages did not make it into jessie. + * Define the replacement of exim4-daemon-light by exim4-daemon-heavy and +sudo by sudo-ldap to make conversion more robust. + * Describe how to use an arbitrary hostname for the 'mainserver'. + * Add libcgi-fast-perl to make the zoom in munin work. + + -- Andreas B. Mundt a...@debian.org Sun, 17 May 2015 20:22:54 +0200 + debian-lan-config (0.19) unstable; urgency=medium * Adapt to the format of '/etc/debian_version' (closes: #774035). diff -Nru debian-lan-config-0.19/debian/README.Debian debian-lan-config-0.19+deb8u1/debian/README.Debian --- debian-lan-config-0.19/debian/README.Debian 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/debian/README.Debian 2015-05-28 15:56:03.0 +0200 @@ -62,6 +62,21 @@ Adapt the config space to your needs if necessary and run FAI with the variable CONVERT set to true: + export SUDO_FORCE_REMOVE=yes # to switch from sudo to sudo-ldap export CONVERT=true ; fai -vN -s file:///srv/fai/config/ softupdate - -- Andreas B. Mundt a...@debian.org Wed, 30 Jan 2013 18:50:03 +0100 + +Further Notes +- + +If you prefer not to use the hostname 'mainserver' but $HOSTNAME, use +the following commands to replace it in the fai config space: + + cd /srv/fai/config/ + for FILE in $(grep -rl mainserver *) ; \ + do sed -i s/mainserver/$HOSTNAME/g $FILE ; done + + mv files/etc/hosts/mainserver files/etc/hosts/$HOSTNAME + cd - + + -- Andreas B. Mundt a...@debian.org Tue, 31 Mar 2015 22:50:03 +0200 diff -Nru debian-lan-config-0.19/fai/config/files/etc/fai/NFSROOT/FAISERVER debian-lan-config-0.19+deb8u1/fai/config/files/etc/fai/NFSROOT/FAISERVER --- debian-lan-config-0.19/fai/config/files/etc/fai/NFSROOT/FAISERVER 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/fai/config/files/etc/fai/NFSROOT/FAISERVER 2015-05-28 15:56:03.0 +0200 @@ -33,7 +33,7 @@ PACKAGES aptitude I386 grub-pc -linux-image-686 +linux-image-686-pae PACKAGES aptitude AMD64 grub-pc diff -Nru debian-lan-config-0.19/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER debian-lan-config-0.19+deb8u1/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER --- debian-lan-config-0.19/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/fai/config/files/usr/local/sbin/debian-lan-chroots
Bug#786863: jessie-pu: package debian-lan-config/0.19
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I would like to ask for an update of the debian-lan-config package in jessie. The debian-lan-config package provides a FAI config space to install Debian with centralized administration in a local area network. The following modifications and improvements happened after the freeze and have been fixed now: * Fix package names on i386. [Due to rarely testing of i386 the renaming of packages got lost.] * Workarounds: #759424 (di-n-a) removed, #774033 (deadlock) added. [di-netboot-assistant finally made it to jessie, but problems with NFS4 and the live system could not be solved - switch back to NFS3 here] * Fix squid configuration: Modify ordering to succeed in a single cfengine pass. [This is important to make the package cache work from the beginning.] * Define the replacement of exim4-daemon-light by exim4-daemon-heavy and sudo by sudo-ldap to make conversion more robust. [When converting a Debian installation, problems may occur, because sudo and exim4-daemon-light must be replaced by their siblings.] * Describe how to use an arbitrary hostname for the 'mainserver'. * Add libcgi-fast-perl to make the zoom in munin work. [Some packages have been removed from jessie, this one is needed in addition.] Please find the debdiff attached to this report. Thanks and best regards, Andi diff -Nru debian-lan-config-0.19/debian/changelog debian-lan-config-0.19+deb8u1/debian/changelog --- debian-lan-config-0.19/debian/changelog 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/debian/changelog 2015-05-17 20:23:36.0 +0200 @@ -1,3 +1,16 @@ +debian-lan-config (0.19+deb8u1) stable-proposed-updates; urgency=medium + + * Fix package names on i386. + * Workarounds: #759424 (di-n-a) removed, #774033 (deadlock) added. + * Fix squid configuration: Modify ordering to succeed in a single +cfengine pass. + * Define the replacement of exim4-daemon-light by exim4-daemon-heavy and +sudo by sudo-ldap to make conversion more robust. + * Describe how to use an arbitrary hostname for the 'mainserver'. + * Add libcgi-fast-perl to make the zoom in munin work. + + -- Andreas B. Mundt a...@debian.org Sun, 17 May 2015 20:22:54 +0200 + debian-lan-config (0.19) unstable; urgency=medium * Adapt to the format of '/etc/debian_version' (closes: #774035). diff -Nru debian-lan-config-0.19/debian/README.Debian debian-lan-config-0.19+deb8u1/debian/README.Debian --- debian-lan-config-0.19/debian/README.Debian 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/debian/README.Debian 2015-05-17 20:23:36.0 +0200 @@ -62,6 +62,21 @@ Adapt the config space to your needs if necessary and run FAI with the variable CONVERT set to true: + export SUDO_FORCE_REMOVE=yes # to switch from sudo to sudo-ldap export CONVERT=true ; fai -vN -s file:///srv/fai/config/ softupdate - -- Andreas B. Mundt a...@debian.org Wed, 30 Jan 2013 18:50:03 +0100 + +Further Notes +- + +If you prefer not to use the hostname 'mainserver' but $HOSTNAME, use +the following commands to replace it in the fai config space: + + cd /srv/fai/config/ + for FILE in $(grep -rl mainserver *) ; \ + do sed -i s/mainserver/$HOSTNAME/g $FILE ; done + + mv files/etc/hosts/mainserver files/etc/hosts/$HOSTNAME + cd - + + -- Andreas B. Mundt a...@debian.org Tue, 31 Mar 2015 22:50:03 +0200 diff -Nru debian-lan-config-0.19/fai/config/files/etc/fai/NFSROOT/FAISERVER debian-lan-config-0.19+deb8u1/fai/config/files/etc/fai/NFSROOT/FAISERVER --- debian-lan-config-0.19/fai/config/files/etc/fai/NFSROOT/FAISERVER 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/fai/config/files/etc/fai/NFSROOT/FAISERVER 2015-05-17 20:23:36.0 +0200 @@ -33,7 +33,7 @@ PACKAGES aptitude I386 grub-pc -linux-image-686 +linux-image-686-pae PACKAGES aptitude AMD64 grub-pc diff -Nru debian-lan-config-0.19/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER debian-lan-config-0.19+deb8u1/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER --- debian-lan-config-0.19/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER 2014-12-31 10:44:11.0 +0100 +++ debian-lan-config-0.19+deb8u1/fai/config/files/usr/local/sbin/debian-lan-chroots/FAISERVER 2015-05-17 20:23:36.0 +0200 @@ -101,7 +101,8 @@ label Debian-LAN/FAI Live System kernel $KERNEL -append initrd=$INITRD ip=dhcp root=nfs4:/$(basename $DLROOT) aufs +## FIXME #774033 ## append initrd=$INITRD ip=dhcp root=nfs4:/$(basename $DLROOT) aufs +append initrd=initrd.img ip=dhcp root=/dev/nfs nfsroot=/srv/nfs4/live aufs EOF ## Create pxelinux boot configuration for disklessXX. diff -Nru debian-lan-config-0.19/fai/config/package_config/DEBIAN debian-lan-config-0.19+deb8u1/fai/config/package_config/DEBIAN --- debian-lan-config-0.19/fai
Bug#777124: unblock: di-netboot-assistant/0.38a+nmu1
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear Release Team,
please unblock package di-netboot-assistant which was just accepted
into unstable.
The package has finally been fixed to work with jessie and the nmu
closes #759424 and #776565.
The patch has been tested before, but an upload never happened, cf.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776565#34
Note that di-netboot-assistant is used in debian-lan and removal from
jessie would break part of the PXE installation functionality there.
I plan to take care of the package in the future.
Debdiff is attached, thanks and best regards,
Andi
unblock di-netboot-assistant/0.38a+nmu1
diff -Nru -w di-netboot-assistant-0.38a/config/di-sources.list di-netboot-assistant-0.38a+nmu1/config/di-sources.list
--- di-netboot-assistant-0.38a/config/di-sources.list 2013-07-13 10:31:11.0 +0200
+++ di-netboot-assistant-0.38a+nmu1/config/di-sources.list 2015-02-03 09:25:27.0 +0100
@@ -49,13 +49,13 @@
squeeze-gtk i386 http://ftp.debian.org/dists/squeeze/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz
#Debian/Jessie (not released yet, As of writing this file)
-#jessie amd64 http://ftp.debian.org/dists/jessie/main/installer-amd64/current/images/ netboot/netboot.tar.gz
-#jessie i386 http://ftp.debian.org/dists/jessie/main/installer-i386/current/images/ netboot/netboot.tar.gz
+jessie amd64 http://ftp.debian.org/dists/jessie/main/installer-amd64/current/images/ netboot/netboot.tar.gz
+jessie i386 http://ftp.debian.org/dists/jessie/main/installer-i386/current/images/ netboot/netboot.tar.gz
#jessie ia64 http://ftp.debian.org/dists/jessie/main/installer-ia64/current/images/ netboot/netboot.tar.gz
#jessie sparc http://ftp.debian.org/dists/jessie/main/installer-sparc/current/images/ netboot/boot.img
##Graphical Installer (GTK)
-#jessie-gtk amd64 http://ftp.debian.org/dists/jessie/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz
-#jessie-gtk i386 http://ftp.debian.org/dists/jessie/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz
+jessie-gtk amd64 http://ftp.debian.org/dists/jessie/main/installer-amd64/current/images/ netboot/gtk/netboot.tar.gz
+jessie-gtk i386 http://ftp.debian.org/dists/jessie/main/installer-i386/current/images/ netboot/gtk/netboot.tar.gz
# DEVELOPMENT (( http://www.debian.org/devel/debian-installer/ ))
diff -Nru -w di-netboot-assistant-0.38a/debian/changelog di-netboot-assistant-0.38a+nmu1/debian/changelog
--- di-netboot-assistant-0.38a/debian/changelog 2013-07-16 07:17:24.0 +0200
+++ di-netboot-assistant-0.38a+nmu1/debian/changelog 2015-02-03 09:25:27.0 +0100
@@ -1,3 +1,19 @@
+di-netboot-assistant (0.38a+nmu1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix package for jessie. The patch has been mostly provided by Jonas
+Smedegaard and should fix all issues related to new syslinux:
+- Lookup pxelinux.0 in /usr/lib/PXELINUX (not only
+ /usr/lib/syslinux).
+- Lookup only BIOS binaries (not accidentally include EFI binaries).
+- Install core modules in tftpd debian-installer dir.
+- Keep vesamenu and menu modules in sync with PXELINUX.
+- Enable jessie releases.
+For details, see the discussion in the bugs closed. Thanks to Jonas
+Smedegaard and Martin F Krafft. (Closes: #759424, closes: #776565)
+
+ -- Andreas B. Mundt a...@debian.org Mon, 02 Feb 2015 19:46:08 +0100
+
di-netboot-assistant (0.38a) unstable; urgency=low
[ Frank Lin PIAT ]
diff -Nru -w di-netboot-assistant-0.38a/di-netboot-assistant di-netboot-assistant-0.38a+nmu1/di-netboot-assistant
--- di-netboot-assistant-0.38a/di-netboot-assistant 2013-07-13 10:31:11.0 +0200
+++ di-netboot-assistant-0.38a+nmu1/di-netboot-assistant 2015-02-03 09:25:27.0 +0100
@@ -200,12 +200,13 @@
# #
# find_file()
# Return the name of the first file matching criteria.
-# Parameters: dir name
+# Parameters: name dir [dir...]
# Returns: (STRING) file
# #
find_file() {
if [ $1 -a $2 ]; then
- find $2 -type f -name $1 | head -n 1
+ local name=$1; shift
+ find $@ -type f -name $name | head -n 1
else
echo
fi
@@ -241,7 +242,14 @@
[ ! $src -o ! $dst ] return 1
+ if [ $SYSLINUX = $src ]; then
+ # avoid recent SYSLINUX EFI binaries incompatible with PXELINUX
+ [ ! -d $src/modules/bios ] || src=$src/modules/bios
+ # recent SYSLINUX ships PXELINUX at separate location
+ newbin=$(find_file pxelinux.0 /usr/lib/PXELINUX $SYSLINUX 2/dev/null)
+ else
newbin=$(find_file pxelinux.0 $src 2/dev/null)
+ fi
[ ! -f $dst/pxelinux.0 -a ! -f $newbin ] return 1
pxe_new_ver=$(pxelinux_version $newbin)
@@ -253,7 +261,11 @@
echo I: Upgrading PXELinux ($pxe_cur_ver to $pxe_new_ver)
for f in pxelinux.0 menu.c32 vesamenu.c32; do
+ if [ pxelinux.0
Bug#774261: (pre-approval) unblock: debian-lan-config/0.19
Control: tags -1 - moreinfo
Control: retitle -1 unblock: debian-lan-config/0.19
Hi Ivo,
On Wed, Dec 31, 2014 at 12:21:00AM +0100, Ivo De Decker wrote:
On Tue, Dec 30, 2014 at 10:34:27PM +0100, Andreas B. Mundt wrote:
[...]
-DISTRI=$(sed s%/.*$%% ${target}/etc/debian_version)
+DISTRI=stable
Wouldn't it be better to replace this with 'jessie' instead of 'stable'.
That's what was there before. Also that will be correct now (before jessie is
stable), after the release, and even after later releases (when jessie is
oldstable).
Yes, indeed, but current di-netboot-assistant has only 'testing'
(that's what worked before the change in base-files).
However, taking a look at '/etc/di-netboot-assistant/di-sources.list',
I found that 'jessie' is available but commented out. I added a sed
command now to enable it for the time being.
(Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759424#72 )
With the change mentioned above, please go ahead and remove the moreinfo tag
from this bug once it's in unstable.
One minor trivial fix: I added chain.c32 to the files copied to the
tftp installer directory, it's needed to make booting from the local
hard disk work.
I hope you are still happy with the debdiff attached below.
Thanks and best regards,
Andi
$ debdiff debian-lan-config_0.18.dsc debian-lan-config_0.19.dsc
diff -Nru debian-lan-config-0.18/debian/changelog
debian-lan-config-0.19/debian/changelog
--- debian-lan-config-0.18/debian/changelog 2014-12-05 14:04:45.0
+0100
+++ debian-lan-config-0.19/debian/changelog 2014-12-31 10:44:11.0
+0100
@@ -1,3 +1,11 @@
+debian-lan-config (0.19) unstable; urgency=medium
+
+ * Adapt to the format of '/etc/debian_version' (closes: #774035).
+ * Enable 'jessie' repositories for di-netboot-assistant.
+ * Preseed the grub installation and fix PXE-boot from the local disk.
+
+ -- Andreas B. Mundt a...@debian.org Wed, 31 Dec 2014 10:38:21 +0100
+
debian-lan-config (0.18) unstable; urgency=medium
* Work around broken di-netboot-assistant only if necessary to avoid
diff -Nru debian-lan-config-0.18/fai/config/scripts/FAISERVER/50-di-netboot
debian-lan-config-0.19/fai/config/scripts/FAISERVER/50-di-netboot
--- debian-lan-config-0.18/fai/config/scripts/FAISERVER/50-di-netboot
2014-12-05 14:04:45.0 +0100
+++ debian-lan-config-0.19/fai/config/scripts/FAISERVER/50-di-netboot
2014-12-31 10:44:11.0 +0100
@@ -2,10 +2,12 @@
set -e
-DISTRI=$(sed s%/.*$%% ${target}/etc/debian_version)
-
+DISTRI=jessie
if [ $FAI_ACTION == install ] || [ $CONVERT == true ] ; then
+## Enable jessie in di-netboot-assistant (FIXME #759424):
+sed -i s/^#jessie/jessie/
${target}/etc/di-netboot-assistant/di-sources.list
+
cat ${target}/etc/di-netboot-assistant/pxelinux.HEAD EOF
LABEL Local Boot
MENU LABEL Boot from local hard disk
@@ -88,8 +90,8 @@
#tasksel tasksel/desktop multiselect kde, xfce
# Individual additional packages to install
d-i pkgsel/include string fai-client nfs-common aptitude
-### FIXME: GRUB default does not work: #712907 #759737
-
+### GRUB on default disk:
+d-i grub-installer/bootdev string default
### This command is run just before the install finishes, it does all the FAI
magic:
d-i preseed/late_command string mkdir -p /target/var/lib/fai/config; \\
in-target modprobe nfsv4; \\
@@ -105,8 +107,8 @@
$ROOTCMD di-netboot-assistant install $DISTRI --arch=i386
$ROOTCMD di-netboot-assistant rebuild-menu
-# FIXME: Bug #759424
-for FILE in ldlinux.c32 libcom32.c32 libutil.c32 ; do
+# FIXME: Bug #759424; chain.c32 is needed to boot from the local hard disk.
+for FILE in ldlinux.c32 libcom32.c32 libutil.c32 chain.c32 ; do
if [ ! -e $target/srv/tftp/debian-installer/$FILE ] ; then
$ROOTCMD cp /usr/lib/syslinux/modules/bios/$FILE
/srv/tftp/debian-installer/
fi
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141231112828.GA7237@flashgordon
Bug#774261: (pre-approval) unblock: debian-lan-config/0.19
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear Release Team,
there have been two modifications in jessie which make it necessary to
adapt the debian-lan-config package:
With the latest base-files package the content of
'/etc/debian_version' switched format [1]:
- Use 8.0 as version in /etc/debian_version. As usual, this is
expected to change at every point release.
(from the Changelog)
This breaks the code in debian-lan which determines the version (Cf:
#774035, before it was 'jessie/sid' in /etc/debian_version).
Further more, #759737 has been fixed and allows to preseed the grub
installation.
Please consider pre-approving an unblock of the debian-lan-config package.
Best regards,
Andi
[1]
http://metadata.ftp-master.debian.org/changelogs//main/b/base-files/base-files_8_changelog
The expected diff is pretty small:
diff --git a/fai/config/scripts/FAISERVER/50-di-netboot
b/fai/config/scripts/FAISERVER/50-di-netboot
index 64a4796..1416c14 100755
--- a/fai/config/scripts/FAISERVER/50-di-netboot
+++ b/fai/config/scripts/FAISERVER/50-di-netboot
@@ -2,7 +2,7 @@
set -e
-DISTRI=$(sed s%/.*$%% ${target}/etc/debian_version)
+DISTRI=stable
if [ $FAI_ACTION == install ] || [ $CONVERT == true ] ; then
@@ -88,8 +88,8 @@ tasksel tasksel/first multiselect
#tasksel tasksel/desktop multiselect kde, xfce
# Individual additional packages to install
d-i pkgsel/include string fai-client nfs-common aptitude
-### FIXME: GRUB default does not work: #712907 #759737
-
+### GRUB on default disk:
+d-i grub-installer/bootdev string default
### This command is run just before the install finishes, it does all the FAI
magic:
d-i preseed/late_command string mkdir -p /target/var/lib/fai/config; \\
in-target modprobe nfsv4; \\
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/20141230213427.7065.77614.reportbug@flashgordon
Bug#772477: nmu: irssi-plugin-xmpp_0.52+git20140102-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu irssi-plugin-xmpp_0.52+git20140102-2 . ALL . -m Rebuild against irssi 0.8.17 This should fix #766773, irssi-plugin-xmpp not working anymore with irssi 0.8.17. Best regards, Andi -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141207155154.18798.28316.reportbug@flashgordon
Bug#771586: unblock: debian-lan-config/0.18
Control: tags -1 - moreinfo + patch
Control: retitle -1 unblock: debian-lan-config/0.18
Hi,
On Wed, Dec 03, 2014 at 07:51:56PM +0100, Ivo De Decker wrote:
[...]
It's probably best to create a version based on what
you know now and upload it to unstable before the weekend. Ideally, the
changes should work with the packages currently in testing and with the
packages fixing the bugs you listed above.
A new debian-lan-config package is available in unstable now (0.18).
It addresses the issues discussed above. Please unblock the package.
Thanks and best regards,
Andi--looking forward to the jessie release ... :-)
The final patch looks like this:
$ debdiff debian-lan-config_0.17.dsc debian-lan-config_0.18.dsc
diff -Nru debian-lan-config-0.17/debian/changelog
debian-lan-config-0.18/debian/changelog
--- debian-lan-config-0.17/debian/changelog 2014-10-23 08:47:11.0
+0200
+++ debian-lan-config-0.18/debian/changelog 2014-12-05 14:04:45.0
+0100
@@ -1,3 +1,12 @@
+debian-lan-config (0.18) unstable; urgency=medium
+
+ * Work around broken di-netboot-assistant only if necessary to avoid
+problems with the (expected) fixed di-netboot-assistant package.
+ * Enable SSL for the dovecot imap server. The dovecot package switched
+to no SSL by default.
+
+ -- Andreas B. Mundt a...@debian.org Fri, 05 Dec 2014 14:02:20 +0100
+
debian-lan-config (0.17) unstable; urgency=medium
* Update package selection: Standard Gnome desktop on clients.
diff -Nru debian-lan-config-0.17/fai/config/scripts/FAISERVER/50-di-netboot
debian-lan-config-0.18/fai/config/scripts/FAISERVER/50-di-netboot
--- debian-lan-config-0.17/fai/config/scripts/FAISERVER/50-di-netboot
2014-10-23 08:47:11.0 +0200
+++ debian-lan-config-0.18/fai/config/scripts/FAISERVER/50-di-netboot
2014-12-05 14:04:45.0 +0100
@@ -106,11 +106,11 @@
$ROOTCMD di-netboot-assistant rebuild-menu
# FIXME: Bug #759424
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/ldlinux.c32
/srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libcom32.c32
/srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libutil.c32
/srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/chain.c32
/srv/tftp/debian-installer/
-
+for FILE in ldlinux.c32 libcom32.c32 libutil.c32 ; do
+if [ ! -e $target/srv/tftp/debian-installer/$FILE ] ; then
+$ROOTCMD cp /usr/lib/syslinux/modules/bios/$FILE
/srv/tftp/debian-installer/
+fi
+done
#wheezy:
#d-i preseed/late_command string mkdir -p /target/var/lib/fai/config; \
diff -Nru debian-lan-config-0.17/fai/config/scripts/MAIL_SERVER/30-certs
debian-lan-config-0.18/fai/config/scripts/MAIL_SERVER/30-certs
--- debian-lan-config-0.17/fai/config/scripts/MAIL_SERVER/30-certs
2014-10-23 08:47:11.0 +0200
+++ debian-lan-config-0.18/fai/config/scripts/MAIL_SERVER/30-certs
2014-12-05 14:04:45.0 +0100
@@ -40,6 +40,10 @@
$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT
-keyout $KEY
$ROOTCMD chmod 640 $KEY $CERT $CONF
$ROOTCMD chown root:dovecot $KEY $CERT
+## Switch on SSL:
+$ROOTCMD sed -i -e s/^ssl = no/ssl = yes/ \
+ -e s/^#ssl_cert =/ssl_cert =/ \
+ -e s/^#ssl_key =/ssl_key =/ /etc/dovecot/conf.d/10-ssl.conf
else
echo ${target}/$CONF exists, nothing done!
fi
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141205135215.GA2093@flashgordon
Bug#771586: pre-approval/advice: debian-lan-config/0.17
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team! I am the author of the debian-lan-config package. It provides a FAI config space and instruction on how to roll out a complete local area network within Debian. Currently, I am aware of two issues that probably need minor changes in debian-lan-config 0.17 to make it work as flawlessly as it works right now: 1) Modifications in dovecot (1:2.2.13-7, not yet in jessie) removed the creation of self signed certificates. This resulted in #771407, #771334. -- The certificate handling has to be moved to debian-lan-config. 2) di-netboot-assistant will hopefully/probably be updated to support jessie, cf. #759424 -- A workaround for the current di-netboot-assistant package can be removed from debian-lan-config. With the stricter freeze policy from the 5th of December on, I fear to not be allowed to get these fixes/adaptions into jessie's debian-lan-config package. debian-lan-config is a configuration package. It is highly dependent on a huge number of packages and their interplay. I would like to ask if it might be possible to allow an updated debian-lan-config package, which provides the changes described above, into jessie after the 5th of December. (When the 'final' dovecot and di-netboot-assistant packages are available in jessie). Alternatively, I could try to estimate the changes and prepare a package which already handles the issues. As this seems to be a moving target right now, I would prefer not to do that, but instead wait for a more stable jessie with regard to dovecot and di-netboot-assistant. It would be great if you could share your opinion on that. Many thanks and best regards, Andi -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141130214513.2440.94879.reportbug@flashgordon
Bug#756986: wheezy-pu: package debian-lan-config/0.13~bpo70+5
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu Dear release managers! I would like to ask for the permission to upload and the inclusion of the latest debian-lan-config package in the upcoming wheezy point release. The debian-lan-config package is kind of special, as it contains no 'program' in itself, but instructions (in a FAI config space) on how to build a composed system within debian, cf. URL:https://wiki.debian.org/DebianLAN. The package did not make it for the wheezy freeze and I provided it via backports after the release. However, with further improvements, it got less and less justified to use backports, as the wheezy package is not a strict 'backport' of the version in jessie, which is of course targeted at jessie. Content and history of the package is available here: URL:http://anonscm.debian.org/cgit/collab-maint/debian-lan.git/log/?h=wheezy The package should not pose any risk to the distribution, as it needs to be 'activated' manually to do anything at all. To get an idea, cf. URL:http://anonscm.debian.org/cgit/collab-maint/debian-lan.git/tree/debian/README.Debian?h=wheezy. Best regards and thanks for your consideration, Andi -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140804081900.3191.93217.reportbug@flashgordon
Bug#756986: wheezy-pu: package debian-lan-config/0.13~bpo70+5
Hi Adam, thanks for your quick reply. On Mon, Aug 04, 2014 at 09:52:35AM +0100, Adam D. Barratt wrote: On 2014-08-04 9:19, Andreas B. Mundt wrote: [...] The package did not make it for the wheezy freeze and I provided it Many packages didn't make the freeze. That doesn't mean we should add them all to stable. I absolutely agree; this was not meant as an argument. Looking at the package's upload history, the first upload reached the archive a few weeks before the wheezy release, with the first upload to unstable being on the day of the release. That's really not the same as did not make it for the wheezy freeze, which had happened almost a year earlier. Yes. But if you look at the complete history in git, you'll see that there has been done a lot of work much earlier. I did not upload that work because wheezy was still a moving target and the package would not have worked without issues. The problem is, that it builds on the finished distribution and therefore has to wait for all ingredients being ready. (Comparable to the debian-edu-config package). via backports after the release. However, with further improvements, it got less and less justified to use backports, as the wheezy package is not a strict 'backport' of the version in jessie, which is of course targeted at jessie. Given it's a configuration package, the diffstat of 66 files changed, 390 insertions(+), 245 deletions(-) doesn't look crazy for a backport. Reading the unstable changelog, I have to admit that I'm not sure why you're maintaining the backport as a separate branch and wonder how big the diff would be if one took the current package from testing and then applied the changes required for wheezy. OK, in my experience the setup is very fragile and it's hard to oversee and test all modifications. Therefore, I chose the path to only cherry-pick stuff from testing and keep the well-tested core from the wheezy-version. (Comparable to the stable distribution where usually only bugs are fixed.) Concerning backports, I already had a discussion [1] about the issue; we agreed that it's better to use a point release for debian-lan. So I find myself caught between two stools now. [...] It's not a question of posing a risk, but rather what compelling reason there is to break the general policy of adding new packages to stable - particularly a package that was barely in the archive when stable released. I hope I could explain the reason why the upload happened late above. The situation in jessie looks slightly better (apart from the fact that the package is already in the archive now) and I hope all needed stuff is available before the freeze this time. However, it would be nice to have the package in wheezy too. Best regards, Andi [1] Thread: URL:https://lists.debian.org/debian-backports/2014/05/msg00049.html -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140804104619.GA3672@flashgordon
Bug#694378: please allow up-to-date apt-cacher-ng in wheezy
Hi, again (cf. #683803) I was bitten by (apt-cacher-ng 0.7.6-1): Sun Feb 17 11:47:50 2013|http.debian.net/debian/pool/main/p/popt/libpopt0_1.16-7_i386.deb storage error [301 Moved Permanently], last errno: Operation now in progress Sun Feb 17 11:56:55 2013|http.debian.net/debian/pool/main/libc/libcap2/libcap2_2.22-1.2_i386.deb storage error [301 Moved Permanently], last errno: Operation now in progress This happens rarely, but even with RedirMax: 0, and it spoils the debian-lan setup. So please consider the fixed package for wheezy. Offering a fixed package in backports doesn't make Debian better, because either you use the package from backports which will not be better by being in backports or you don't use acng at all - which will not need a fixed package. And it causes extra work to include backport repositories, especially for debian-lan. Best regards, Andi -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130218174724.GA12095@fuzi
