Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
On Sat, Jun 15, 2024 at 04:23:25PM +0100, Adam D. Barratt wrote: > On Tue, 2024-05-21 at 12:00 +0200, Marc Haber wrote: > > aide 0.18 has introduced some concurrency in processing. There is a > > bug > > that makes fail to concurrently read extended attributes (xattrs) due > > to > > variables shared between worker threads. > > Please go ahead. Uploaded! Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1071564: bookworm-pu: package aide/0.18.3-1+deb12u3
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide User: release.debian@packages.debian.org Usertags: pu This upload fixes #1070805. The reporter, Hannes, is upstream and a DD, and thinks the issue warrants a stable update. [ Reason ] aide 0.18 has introduced some concurrency in processing. There is a bug that makes fail to concurrently read extended attributes (xattrs) due to variables shared between worker threads. [ Impact ] Incomplete aide checks [ Tests ] The fix is in productive use (in a git snapshot of HEAD) at upstream and the Debian maintainer. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Upstream patch 732e7e2e diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/changelog2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u3) bookworm; urgency=medium + + * Upstream patch to fix concurrent reading of extended +attributes (xattrs) (Closes: #1070805) + + -- Marc Haber Thu, 16 May 2024 13:32:11 +0200 + aide (0.18.3-1+deb12u2) bookworm; urgency=medium * Upstream patch to fix child directory processing on equal match diff -Nru aide-0.18.3/debian/patches/debian-bug-1070805 aide-0.18.3/debian/patches/debian-bug-1070805 --- aide-0.18.3/debian/patches/debian-bug-1070805 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1070805 2024-05-16 13:32:11.0 +0200 @@ -0,0 +1,47 @@ +Description: Fix concurrent reading of extended attributes (xattrs) +Author: Hannes von Haugwitz +Origin: 732e7e2e7dc91bb614c508518c0abc6cab85565c +Date: Mon May 16 13:30:00 2024 +0200 +Forwarded: not-needed +--- a/src/do_md.c b/src/do_md.c +@@ -478,14 +478,13 @@ static void xattr_add(xattrs_type *xattr + void xattrs2line(db_line *line) { + /* get all generic user xattrs. */ + xattrs_type *xattrs = NULL; +-static ssize_t xsz = 1024; +-static char *xatrs = NULL; + ssize_t xret = -1; + + if (!(ATTR(attr_xattrs)&line->attr)) + return; + +-if (!xatrs) xatrs = checked_malloc(xsz); ++ssize_t xsz = 1024; ++char *xatrs = xatrs = checked_malloc(xsz); + + while (((xret = llistxattr(line->fullpath, xatrs, xsz)) == -1) && (errno == ERANGE)) { + xsz <<= 1; +@@ -498,10 +497,8 @@ void xattrs2line(db_line *line) { + log_msg(LOG_LEVEL_WARNING, "listxattrs failed for %s:%s", line->fullpath, strerror(errno)); + } else if (xret) { + const char *attr = xatrs; +-static ssize_t asz = 1024; +-static char *val = NULL; +- +-if (!val) val = checked_malloc(asz); ++ssize_t asz = 1024; ++char *val = checked_malloc(asz); + + xattrs = xattr_new(); + +@@ -529,7 +526,9 @@ next_attr: + attr += len + 1; + xret -= len + 1; + } ++free(val); + } ++free(xatrs); + + line->xattrs = xattrs; + } diff -Nru aide-0.18.3/debian/patches/series aide-0.18.3/debian/patches/series --- aide-0.18.3/debian/patches/series 2023-07-01 14:37:51.0 +0200 +++ aide-0.18.3/debian/patches/series 2024-05-16 13:32:11.0 +0200 @@ -1,3 +1,4 @@ debian-bug-1039936 debian-bug-1037436 compare-logs +debian-bug-1070805
Re: /usr-move: Do we support upgrades without apt?
On Thu, Dec 21, 2023 at 11:19:48AM -0300, Antonio Terceiro wrote: > On Thu, Dec 21, 2023 at 10:41:57AM +0100, Helmut Grohne wrote: > > Is it ok to call upgrade scenarios failures that cannot be reproduced > > using apt unsupported until we no longer deal with aliasing? > > I think so, yes. I don't think it's likely that there are people doing > upgrades on running systems not using apt. Do those GUI frontends that work via packagekit or other frameworks count as "using apt"? I now that WE recommend using apt in a text console outside of X, but even many of our own users do what their Desktop Environment does, and our downstreams like *b*nt* recommend other ways to upgrade as well. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1007787: bullseye-pu: package adduser/3.118
On Tue, Jul 25, 2023 at 10:57:31PM +0100, Jonathan Wiltshire wrote: > No, it's fine as it is. Please go ahead. Upload done. I hope still in time. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
On Thu, Jul 06, 2023 at 07:25:35PM +0100, Adam D. Barratt wrote: > Please go ahead. Thanks for your advice. Uploaded. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1040142: bookworm-pu: package aide/0.18.3-1+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-proposed-updates [ Reason ] This update augments 0.18.3-1+deb12u1 which has already been accepted for bookworm-pu last week. It fixes #1039936, an important bug that is a regression from bullseye and affects directory processing when using equals rules. [ Impact ] Without this bug fixes, equals rules concerning directories are incorrectly processed, which differs from the way that bullseye's aide handled this case and also differs from the way operation is documented. Debian's default configuration doesn't use equals rules and is therefore not affected, but local configurations might be. [ Tests ] Sadly, none. [ Risks ] The fix is reasonably simple, and we have done manual tests. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] In aide-0.18.3/debian/aide-common.postinst a typo in a version number in a comment is fixed, which reduces ambiguity and will reduce the size of future diffs. aide-0.18.3/debian/patches/debian-bug-1039936 adds the actual patch. It has been cherry-picked from upstream's 0.18.5 release. [ Other info ] The attached debdiff is the debdiff between 0.18.3-1+deb12u1, which is already in bookworm-proposed-updates and the newly suggested 0.18.3-1+deb12u2 which we are discussing right now. I hope this is the right thing to do to save you from reviewing the 0.18.3-1+deb12u1 changes a second time. Should you agree and tell me to go ahead with this upload, I'm planning to do the upload after 0.18.5-1 has migrated to testing to make sure that the version in testing and bookworm-pu have the issue both fixed. Greetings Marc diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst --- aide-0.18.3/debian/aide-common.postinst 2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/aide-common.postinst 2023-07-01 14:37:51.0 +0200 @@ -94,7 +94,7 @@ chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true fi if dpkg --compare-versions "$2" le 0.18.3-1; then -# we're updating from 0.18-3 or earlier, chown aideinit logs +# we're updating from 0.18.3-1 or earlier, chown aideinit logs chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true fi diff -Nru aide-0.18.3/debian/changelog aide-0.18.3/debian/changelog --- aide-0.18.3/debian/changelog2023-06-14 17:04:20.0 +0200 +++ aide-0.18.3/debian/changelog2023-07-01 14:37:51.0 +0200 @@ -1,3 +1,10 @@ +aide (0.18.3-1+deb12u2) bookworm; urgency=medium + + * Upstream patch to fix child directory processing on equal match +(Closes: #1039936) + + -- Marc Haber Sat, 01 Jul 2023 14:37:51 +0200 + aide (0.18.3-1+deb12u1) bookworm; urgency=medium * call dh_installsysusers manually in debian/rules diff -Nru aide-0.18.3/debian/patches/debian-bug-1039936 aide-0.18.3/debian/patches/debian-bug-1039936 --- aide-0.18.3/debian/patches/debian-bug-1039936 1970-01-01 01:00:00.0 +0100 +++ aide-0.18.3/debian/patches/debian-bug-1039936 2023-07-01 14:37:51.0 +0200 @@ -0,0 +1,21 @@ +Subject: Fix child directory proccessing on equal match +Forwarded: not-needed +Source: https://github.com/aide/aide/commit/cf5026bf0852d350030d6d1a7a0351573c9512e6 +--- a/src/db_disk.c b/src/db_disk.c +@@ -171,13 +171,12 @@ void scan_dir(char *root_path, bool dry_ + #endif + switch (match) { + case RESULT_SELECTIVE_MATCH: ++case RESULT_EQUAL_MATCH: + if (S_ISDIR(fs.st_mode)) { +-log_msg(log_level, "scan_dir: add child directory '%s' to scan stack (reason: selective match)", &entry_full_path[conf->root_prefix_length]); ++log_msg(log_level, "scan_dir: add child directory '%s' to scan stack (reason: selective/equal match)", &entry_full_path[conf->root_prefix_length]); + queue_enqueue(stack, entry_full_path); + free_entry_full_path = false; + } +-// fall through +-case RESULT_EQUAL_MATCH: + if (!dry_run) { + handle_matched_file(entry_full_path, rule->attr, fs); +
Bug#1039609: bookworm-pu: package sudo/1.9.13p3-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: s...@packages.debian.org Control: affects -1 + src:sudo Dear stable release team, this pre-upload request for the sudo package is filed to ask for guidance whether this package is suitable for bookworm-proposed-updates. [ Reason ] This upload fixes the broken log format of "ENV=..." event logging, Bug #1039557. This is an upstream regression since bullseye. The patch being applied is from Upstream, is already in unstable (since today), and will also be part of the next upstream release. [ Impact ] This bug affects log parsing and filtering, for example using logcheck. As sudo is a security relevant package, this is a rather bad bug. [ Tests ] Sadly, none. [ Risks ] This is a one-line change adding a semicolon to a log string. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] The patch adds a verbatim, static semicolon to the logging buffer. [ Other info ] The change is rather fresh in unstable. I am filing this pre-upload request to make it easier for the fixed package to find its way to the first bookworm point release which is due soon. If the time frame was not as tight, I'd have held back this bugreport for a week, but I think that this fix should probably be in the first point release already. diff -Nru sudo-1.9.13p3/debian/changelog sudo-1.9.13p3/debian/changelog --- sudo-1.9.13p3/debian/changelog 2023-03-08 21:17:05.0 +0100 +++ sudo-1.9.13p3/debian/changelog 2023-06-27 13:45:00.0 +0200 @@ -1,3 +1,10 @@ +sudo (1.9.13p3-1+deb12u1) bookworm; urgency=medium + + * add upstream patch to fix event log format. +Thanks to Kimmo Suominen (Closes: #1039557) + + -- Marc Haber Tue, 27 Jun 2023 13:45:00 +0200 + sudo (1.9.13p3-1) unstable; urgency=medium * new upstream version: diff -Nru sudo-1.9.13p3/debian/patches/debian-bug-1039557 sudo-1.9.13p3/debian/patches/debian-bug-1039557 --- sudo-1.9.13p3/debian/patches/debian-bug-1039557 1970-01-01 01:00:00.0 +0100 +++ sudo-1.9.13p3/debian/patches/debian-bug-1039557 2023-06-27 13:45:00.0 +0200 @@ -0,0 +1,14 @@ +Desciption: fix event log format with environment variables +Origin: https://github.com/sudo-project/sudo/commit/12648b4e0a8cf486480442efd52f0e0b6cab6e8b +Bug: https://github.com/sudo-project/sudo/issues/254 +Forwarded: not-needed +--- a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c +@@ -189,6 +189,7 @@ new_logline(int event_type, int flags, s + sudo_lbuf_append_esc(lbuf, LBUF_ESC_CNTRL, " %s", + evlog->env_add[i]); + } ++ sudo_lbuf_append(lbuf, " ; "); + } + if (evlog->command != NULL && evlog->argv != NULL) { + /* Command plus argv. */ diff -Nru sudo-1.9.13p3/debian/patches/series sudo-1.9.13p3/debian/patches/series --- sudo-1.9.13p3/debian/patches/series 2023-03-08 21:17:05.0 +0100 +++ sudo-1.9.13p3/debian/patches/series 2023-06-27 13:45:00.0 +0200 @@ -1,6 +1,7 @@ # 1004909-ftbfs-kfreebsd # debian-bugs-1019428 # dont-create-ChangeLog +debian-bug-1039557 paths-in-samples.diff Whitelist-DPKG_COLORS-environment-variable.diff sudo-ldap-docs
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sun, Jun 25, 2023 at 05:29:12PM +0100, Adam D. Barratt wrote: > On Sat, 2023-06-24 at 11:43 +0200, Marc Haber wrote: > > On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > > > I was about to say "nothing other than a little more patience", > > > given > > > the request is only a few days old at this point. Looking back, > > > however, it appears that there isn't actually a debdiff attached, > > > as > > > was claimed in the original mail. > > > > I apologize. Here we go. > > > > Thanks. Please go ahead. Done. One more question that might be a good candidate for more in-depth docs: With both the bullseye and bookworm versions having been accepted to the respective proposed-updates repository, there is no longer need to hold back uploads to unstable, right? I can resume normal work on the packages after the acceptance of the package for bullseye? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, Jun 24, 2023 at 11:11:18AM +0100, Adam D. Barratt wrote: > Please feel free to upload. Done (for bookworm). Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Sat, Jun 24, 2023 at 10:47:31AM +0100, Adam D. Barratt wrote: > Looking at the upstream issue linked from #1037436, it suggests that > the extended attributes fix is likely to create a large amount of noise > on the next aide run. If that's correct, is it worth adding a > NEWS.Debian entry to warn users that this is expected? I deliberately didnt do that to keep the debdiff small, but I can add a paragraph if you think that's a good idea. I'd do the same for the bullseye-pu upload and the next sid upload then. However, this bug only shows itself if both the symlink AND the target of the symlink do have extended attributes. I dont think that's a very commmon case. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Sat, Jun 24, 2023 at 10:13:58AM +0100, Adam D. Barratt wrote: > I was about to say "nothing other than a little more patience", given > the request is only a few days old at this point. Looking back, > however, it appears that there isn't actually a debdiff attached, as > was claimed in the original mail. I apologize. Here we go. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 diff -Nru aide-0.17.3/debian/changelog aide-0.17.3/debian/changelog --- aide-0.17.3/debian/changelog2022-01-16 13:36:56.0 +0100 +++ aide-0.17.3/debian/changelog2023-06-21 18:28:37.0 +0200 @@ -1,3 +1,9 @@ +aide (0.17.3-4+deb11u2) bullseye; urgency=medium + + * Fix handling of extended attributes on symlinks. (Closes: #1037436) + + -- Marc Haber Wed, 21 Jun 2023 18:28:37 +0200 + aide (0.17.3-4+deb11u1) bullseye-security; urgency=high * Apply upstream patch to fix heap-based buffer overflow in base64 functions diff -Nru aide-0.17.3/debian/patches/debian-bug-1037436 aide-0.17.3/debian/patches/debian-bug-1037436 --- aide-0.17.3/debian/patches/debian-bug-1037436 1970-01-01 01:00:00.0 +0100 +++ aide-0.17.3/debian/patches/debian-bug-1037436 2023-06-21 18:28:37.0 +0200 @@ -0,0 +1,25 @@ +Description: Fix handling of extended attributes on symlinks +Author: Hannes von Haugwitz +Origin: 04b34dd46292dedf830ef2366a8869a31488 +Date: Mon Jun 12 22:20:50 2023 +0200 +Forwarded: not-needed +--- a/src/do_md.c b/src/do_md.c +@@ -565,7 +565,7 @@ void xattrs2line(db_line *line) { + strncmp(attr, "trusted.", strlen("trusted."))) + goto next_attr; /* only store normal xattrs, and SELinux */ + +-while (((aret = getxattr(line->fullpath, attr, val, asz)) == ++while (((aret = lgetxattr(line->fullpath, attr, val, asz)) == + -1) && (errno == ERANGE)) { + asz <<= 1; + val = realloc (val, asz); +@@ -574,7 +574,7 @@ void xattrs2line(db_line *line) { + if (aret != -1) + xattr_add(xattrs, attr, val, aret); + else if (errno != ENOATTR) +-log_msg(LOG_LEVEL_WARNING, "getxattr failed for %s:%s", line->fullpath, strerror(errno)); ++log_msg(LOG_LEVEL_WARNING, "lgetxattr failed for %s:%s", line->fullpath, strerror(errno)); + + next_attr: + attr += len + 1; diff -Nru aide-0.17.3/debian/patches/series aide-0.17.3/debian/patches/series --- aide-0.17.3/debian/patches/series 2022-01-16 13:09:51.0 +0100 +++ aide-0.17.3/debian/patches/series 2023-06-21 18:28:37.0 +0200 @@ -1 +1,2 @@ 20-aide-0.17-cve-2021-45417.patch +debian-bug-1037436
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 05:27:29PM +0200, Marc Haber wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: a...@packages.debian.org > Control: affects -1 + src:aide The BTS overview page has this as "awaiting upload", but there is no message making that clear. Is that the "confirmed" tag? Is there anything I am supposed to do before going forward with the upload? Greetings Marc
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
On Wed, Jun 21, 2023 at 06:42:27PM +0200, Marc Haber wrote: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: a...@packages.debian.org > Control: affects -1 + src:aide This is in status "needs info" on the BTS overview page, but there were no questions asked other than an "okay huh" which looks like an answer by a confused bystander. What am I supposed to add before we can proceed with the upload? Greetings Marc
Bug#1038813: bullseye-pu: package aide/0.17.3-4+deb11u2
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable releas team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bullseye-proposed-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. A fixed package has recently migrated to testing, the corresponding bookworm request is #1037945. [ Reason ] This update fixes #1037436, a "just" important bug that causes incorrect processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD). [ Impact ] Without this fix, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] This bug is sadly not covered by automated tests. I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit b1d036a82a336836f05ed0d6dcb0b4bab6c7501f (HEAD -> bullseye) Author: Marc Haber Date: Wed Jun 21 18:29:23 2023 +0200 prepare upload to bullseye Git-Dch: ignore commit 60e63ac4052724be4a2b078940e266e835e89bf7 Author: Marc Haber Date: Wed Jun 21 18:27:56 2023 +0200 refresh patch for bullseye Git-Dch: ignore commit f2912c100a5d3d9b37d4ab9318d5b8b9bf45025c Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). [ Other info ] source debdiff attached. A binary debdiff will be delivered on request. Please indicate whether this package might be a valid candidate to be in the next bullseye point release. Greetings Marc
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 06:20:44PM +0100, Adam D. Barratt wrote: > One small comment: > > +if dpkg --compare-versions "$2" le 0.18.3-1; then > +# we're updating from 0.18-3 or earlier, chown aideinit logs > > That should presumably be "from 0.18.3". In the mean time, 0.18.3-1 has reached testing. Are you ok with me uploading 0.18.3-1+deb12u1 to bookworm-proposed-updates? I guess that I should also file a bug for 0.17.3-4+deb11u2 because the bullseye point release is planned earlier than the bookworm point release, right? Greetings Marc
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
On Wed, Jun 14, 2023 at 06:20:44PM +0100, Adam D. Barratt wrote: > On Wed, 2023-06-14 at 17:27 +0200, Marc Haber wrote: > > this pre-upload request for the aide package is filed to ask for > > guidance whether this package is suitable for bookworm-updates. > > Do you actually mean bookworm-updates here (i.e. pushed to users in > advance of 12.1), or simply (bookworm-)proposed-updates, therefore > reaching users with the release of 12.1? I would be fine with either, proposed-updates of course being less invasive. Probably a misunderstanding because of me being too stupidto find the docs. I'll read up on what you linked to me. > I'd be interested in seeing a binary debdiff (for an arbitrary > architecture) with "--controlfiles=ALL" to see the changes made to the > maintainer scripts, but overall I think this looks OK. aide-dynamic: 1 [23/4887]mh@salida:~/packages/aide $ debdiff --controlfiles=ALL 20230614/aide-dynamic_0.18.3-1_all.deb build-area/aide-dynamic_0.18.3-1+deb12u1_all.deb File lists identical (after any substitutions) Control files: lines which differ (wdiff format) Recommends: aide-common (= [-0.18.3-1)-] {+0.18.3-1+deb12u1)+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} 1 [24/4888]mh@salida:~/packages/aide $ aide: [19/4883]mh@salida:~/packages/aide $ debdiff --controlfiles=ALL 20230614/aide_0.18.3-1_amd64.deb build-area/aide_0.18.3-1+deb12u1_amd64.deb File lists identical (after any substitutions) Control files: lines which differ (wdiff format) Installed-Size: [-289-] {+293+} Recommends: aide-common (= [-0.18.3-1)-] {+0.18.3-1+deb12u1)+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} 1 [20/4884]mh@salida:~/packages/aide $ aide-common is attached. > > One small comment: > > +if dpkg --compare-versions "$2" le 0.18.3-1; then > +# we're updating from 0.18-3 or earlier, chown aideinit logs > > That should presumably be "from 0.18.3". Yes. fixed in git and master. Thanks for spotting this. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 [The following lists of changes regard files as different if they have different names, permissions or owners.] Files in second .deb but not in first - -rw-r--r-- root/root /usr/lib/sysusers.d/aide-common.conf No differences were encountered between the config files Control files: lines which differ (wdiff format) Depends: aide (>= 0.17), liblockfile1, ucf (>= 2.0020), debconf (>= 0.5) | [-debconf-2.0-] {+debconf-2.0, systemd | systemd-standalone-sysusers | systemd-sysusers+} Installed-Size: [-449-] {+451+} Version: [-0.18.3-1-] {+0.18.3-1+deb12u1+} Postinst files: lines which differ (wdiff format) - [-if dpkg --compare-versions "$2" lt 0.17.5-1; then-] [-# we're updating from a version earlier than 0.17.5, chown logs-] [-# and databases-] [-chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true-] [-chmod --quiet 2755 /var/log/aide || true-] [-chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true-] [-fi-] [-if dpkg --compare-versions "$2" lt 0.18-3; then-] [-# we're updating from a version earlier than 0.18-3, chown aideinit logs-] [-chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true-] [-fi-] # Automatically added by {+dh_installsysusers/13.11.4+} {+if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then+} {+ systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} aide-common.conf+} {+fi+} {+# End automatically added section+} {+# Automatically added by+} dh_installtmpfiles/13.11.4 {+# this needs to be after debhelper, otherwise the account doesn't+} {+# yet exist.+} {+if dpkg --compare-versions "$2" lt 0.17.5-1; then+} {+# we're updating from a version earlier than 0.17.5, chown logs+} {+# and databases+} {+chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true+} {+chmod --quiet 2755 /var/log/aide || true+} {+chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true+} {+fi+} {+if dpkg --compare-versions "$2" le 0.18.3-1; then+} {+# we're updating from 0.18-3 or earlier, chow
Bug#1037945: bookworm-pu: package aide/aide_0.18.3-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide Dear stable release team, this pre-upload request for the aide package is filed to ask for guidance whether this package is suitable for bookworm-updates. I have never done this before and am open for suggestions to improve and for documentation pointers. I haven't found the bookwork point release policy yet, for example. A fixed package has been uploaded to unstable minutes ago, and I do not plan to actually upload the deb12u1 version of the package until the fixes have reached testing. [ Reason ] This update fixes #1037171, a serious bug that prevents new installations and upgrades of aide due to a misunderstanding in the dh code regarding dh_installsysusers. Embarrassing. And it also fixes #1037436, a "just" important bug that will fix correct processing of extended attributes on symlinks that are monitored by aide. This is a fix suggested by upstream (who is also a DD) and I will create a similiar package for bullseye. [ Impact ] Regarding #1037171, Aide will not be useable until the _aide account is manually created and some file permissions fixed. While package installation will succeed, neither aideinit nor the daily aide cronjob are invokeable and will error out. Regarding #1037436, Aide will wrongly process extended attributes for the file a symlink points to, which is not the intended behavior. The fixed aide will process the extended attributes of a symlink. [ Tests ] Both bugs are sadly not covered by automated tests, but I am kind of surprised that piuparts didn't catch #1037171. Regarding #1037171, I tested: - installation of aide in a bookworm VM with no aide installed before - updating 0.18.3-1 to 0.18.3-2 in a bookworm VM - updating 0.17.3-4+deb11u1 (oldstable) to 0.18.3-2 in a bookworm VM Regarding #1037436, I created a symlink with extended attributes pointing to a file with different extended attributes and verified that actually the extended attributes of the symlink show up in the database. [ Risks ] Risks are that I goofed up in the fixes. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] commit 456704ab523c6b7ca088a15ffde543fbac3fa391 Author: Marc Haber Date: Wed Jun 14 16:51:03 2023 +0200 remove trailing whitespace in debian/rules Git-Dch: ignore commit 2c221fd08e6c4d570c4a2c86c87d0a94201fbe9d Author: Marc Haber Date: Wed Jun 14 15:28:15 2023 +0200 chown aide logs even when updating from 0.18.3-1 0.18.3-1 doesn't create the account, so we need to see for correct file ownership when updating to a version that actually creates the account. commit 11547993349b3dffad11f2d6998875d58f6b0395 Author: Marc Haber Date: Wed Jun 14 04:15:51 2023 +0200 Fix handling of extended attributes on symlinks Closes: #1037436 This fixes wrong behavior regarding extended attributes on symlinks. Prior versions of aide would wrongly process the extended attributes of the file a symlink points to. This fix makes aide correctly process the extended attributes of the link itself, which is the intended behavior. The fix for extended attributes on symlinks might lead to reported changed entries during the next AIDE run. You can use the `report_ignore_changed_attrs` option (see aide.conf(5)) to ignore changes of the xattrs attribute; but be aware that this will not only exclude the expected changes (of the symlink files) but also the unexpected changes (of other files). commit 0d0251e639334e0ef139c1f6f9d34b6032378d3d Author: Marc Haber Date: Tue Jun 13 16:53:49 2023 +0200 Move chown calls after #DEBHELPER# This is part of the fix for #1037171, the account is only created in the code inserted by debhelper at the #DEBHELPER# token. We thus cannot use the account after that tag. commit 218fff3fc157b89e53ece470267cb238fac5daac Author: Marc Haber Date: Sun Jun 11 22:54:19 2023 +0200 call dh_installsysusers manually in debian/rules Thanks: Tomasz Ciolek Closes: #1037171 dh_installsysusers is not called in the normal dh calling sequence in dh compat level 13. This resulted in the account not being created in new installs and probably also during upgrades from bullseye. Thix fixes the issue by calling dh_installsysusers explicitly in override_dh_auto_install. [ Other info ] source debdiff attached. Please indicate whether this package might be a valid candidate to be in the next bookworm point relase once 0.18.3-2 has reached testing. Greetings Marc diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst --- aide-0.18.3/de
Re: non-essential adduser poses problems to purging packages
On Thu, May 18, 2023 at 12:24:39AM +0200, Johannes Schauer Marin Rodrigues wrote: > Marc, the same offer to you for your recent adduser upload to unstable. Yes, please. Thanks for your work. adduser probably needs an additional hint because the new upload makes piuparts fail now, as discussed yesterday. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Re: non-essential adduser poses problems to purging packages
Hi, On Wed, May 17, 2023 at 10:06:16AM +0200, Marc Haber wrote: > On Tue, May 16, 2023 at 11:48:05PM +0200, Johannes Schauer Marin Rodrigues > wrote: > > I've submitted a merge request for adduser adding the Protected:yes field: > > > > https://salsa.debian.org/debian/adduser/-/merge_requests/86 > > I have merged this and prepared a release. Will upload later today. I have just uploaded to unstable. Please feel free to expedite migration to bookworm any time it seems appropriate. adduser has lots of autopkgtests, and the debdiff is minimal, so there should be no issues. [23/4705]mh@salida:~/packages/adduser/build-area $ debdiff adduser_3.132.dsc adduser_3.133.dsc | diffstat debian/changelog|7 +++ debian/control |1 + doc/po4a/po/adduser.pot |2 +- doc/po4a/po/fr.po |2 +- doc/po4a/po/pt.po |2 +- 5 files changed, 11 insertions(+), 3 deletions(-) [24/4706]mh@salida:~/packages/adduser/build-area $ Let me know if you want me to write the unblock message myself if one is needed. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Re: non-essential adduser poses problems to purging packages
On Wed, May 17, 2023 at 10:06:16AM +0200, Marc Haber wrote: > On Tue, May 16, 2023 at 11:48:05PM +0200, Johannes Schauer Marin Rodrigues > wrote: > > I've submitted a merge request for adduser adding the Protected:yes field: > > > > https://salsa.debian.org/debian/adduser/-/merge_requests/86 > > I have merged this and prepared a release. Will upload later today. Can somebody in the audience please take a look at the piuparts failure on salsa (https://salsa.debian.org/debian/adduser/-/jobs/4223693) and confirm that this might be a failure that is caused either by the pipeline/job being broken and/or the issue we're discussing here? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Re: non-essential adduser poses problems to purging packages
On Tue, May 16, 2023 at 11:48:05PM +0200, Johannes Schauer Marin Rodrigues wrote: > I've submitted a merge request for adduser adding the Protected:yes field: > > https://salsa.debian.org/debian/adduser/-/merge_requests/86 I have merged this and prepared a release. Will upload later today. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1034060: unblock: aide/0.18.2-1
On Fri, Apr 07, 2023 at 07:34:54PM +0200, Marc Haber wrote: > I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart > to the respective commits, 273 lines length including commit messages, > comments and the noise caused by the release. Forgot trhe attachment. -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 commit 3d5b18b9e5e1c51533ac01d8acd3499b2f9fcc2e Author: Hannes von Haugwitz Date: Fri Apr 7 16:06:18 2023 +0200 Release aide 0.18.2 commit adc07f01042f327b78e4e787bb0afbbae73d566a Author: Hannes von Haugwitz Date: Mon Apr 3 21:15:05 2023 +0200 Add another missing lock for tree operations commit d3376eb6523bbae5ee8b8ea32c14355045524e12 Author: Hannes von Haugwitz Date: Sat Apr 1 11:21:54 2023 +0200 Add missing lock for tree operations during file system scan commit 5d46267c5d72bc2263aba76496707490acdb2a28 Author: Hannes von Haugwitz Date: Wed Mar 8 20:50:58 2023 +0100 Add warning if rules contain not compiled-in attributes commit 5d46267c5d72bc2263aba76496707490acdb2a28 Author: Hannes von Haugwitz Date: Wed Mar 8 20:50:58 2023 +0100 Add warning if rules contain not compiled-in attributes diff --git a/ChangeLog b/ChangeLog index 31ff00c..b6435bf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2023-03-08 Hannes von Haugwitz + * Add warning if rules contain not compiled-in attributes (closes: #153) + 2023-03-04 Hannes von Haugwitz * Release aide 0.18.1 diff --git a/NEWS b/NEWS index 88ae5af..97db895 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Version 0.18.2 (UNRELEASED) +* Add warning if rules contain not compiled-in attributes + Version 0.18.1 (2023-03-04) * Fix handling of empty growing files * Fix segfault when using --dry-init diff --git a/src/commandconf.c b/src/commandconf.c index 1fcfbaa..e5ef8b9 100644 --- a/src/commandconf.c +++ b/src/commandconf.c @@ -338,14 +338,40 @@ bool add_rx_rule_to_tree(char* rx, char* rule_prefix, RESTRICTION_TYPE restricti r->config_line = checked_strdup(linebuf); r->prefix = rule_prefix; +char *str; + DB_ATTR_TYPE unsupported_hashes = attr&(get_hashes(true)&~get_hashes(false)); if (unsupported_hashes) { -char *str; LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring unsupported hash algorithm(s): %s", str = diff_attributes(0, unsupported_hashes)); free(str); attr &= ~unsupported_hashes; } +DB_ATTR_TYPE unsupported_attrs = attr& +(0 +#ifndef WITH_ACL + |ATTR(attr_acl) +#endif +#ifndef WITH_SELINUX + |ATTR(attr_selinux) +#endif +#ifndef WITH_XATTR + |ATTR(attr_xattrs) +#endif +#ifndef WITH_E2FSATTRS + |ATTR(attr_e2fsattrs) +#endif +#ifndef WITH_CAPABILITIES + |ATTR(attr_capabilities) +#endif +) +; +if (unsupported_attrs) { +LOG_CONFIG_FORMAT_LINE(LOG_LEVEL_WARNING, "ignoring not compiiled-in attribute(s): %s", str = diff_attributes(0, unsupported_attrs)); +free(str); +attr &= ~unsupported_attrs; +} + r->attr=attr; if (attr&ATTR(attr_sizeg)) { log_msg(LOG_LEVEL_NOTICE, "%s:%d: Using 'S' attribute is DEPRECATED and will be removed in the release after next. Update your config and use 'growing+s' instead (line: '%s')", filename, linenumber, linebuf); commit d3376eb6523bbae5ee8b8ea32c14355045524e12 Author: Hannes von Haugwitz Date: Sat Apr 1 11:21:54 2023 +0200 Add missing lock for tree operations during file system scan diff --git a/ChangeLog b/ChangeLog index b6435bf..80d0366 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2023-04-01 Hannes von Haugwitz + * Add missing lock for tree operations during file system scan + 2023-03-08 Hannes von Haugwitz * Add warning if rules contain not compiled-in attributes (closes: #153) diff --git a/NEWS b/NEWS index 97db895..5904559 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ Version 0.18.2 (UNRELEASED) * Add warning if rules contain not compiled-in attributes +* Add missing lock for tree operations during file system scan Version 0.18.1 (2023-03-04) * Fix handling of empty growing files diff --git a/src/db_disk.c b/src/db_disk.c index a1f1606..1bc91bb 100644 --- a/src/db_disk.c +++ b/src/db_disk.c @@ -46,6 +46,10 @@ #include #endif +#ifdef WITH_PTHREAD +pthread_mutex_t seltree_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif + static int get_file_status(char *filename, struct stat *fs) { int sres =
Bug#1034060: unblock: aide/0.18.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: a...@packages.debian.org Control: affects -1 + src:aide This is a pre-upload request for guidance regarding aide 0.18.2. upstream released a new version that fixes a number of locking issues, each of which possible a release-critical bug. Debian does not have reports of these bugs since aide is seldomly used on unstable/testing machines, but they have shown up during testing on upstream side and are fixed now. All downstream dependencies of aide are either in-package or Recommends/Suggests, so breaking other packages unlikely. I am attaching the upstream diff between 0.18.1 and 0.18.2, pulled apart to the respective commits, 273 lines length including commit messages, comments and the noise caused by the release. The aide package has autopkgtests. I reviewed the changes and approve them. Please indicate whether you would be ok with going with the upstream release via unstable to bookworm. A debdiff of the actual package will be delivered for approval before upload once you have indicated that you would consider approval. Thanks in advance. Greetings Marc
Bug#1021406: nmu: * against debhelper 13.9.1
On Fri, Oct 07, 2022 at 06:44:53PM +0200, Adam Borowski wrote: > nmu sudo 1.9.11p3-1 . ANY . unstable . -m "Rebuild with debhelper 13.9.1" Sudo will do an upload this weekend, so you don't need to NMU. If it's a fully automated process on your side, go ahead, but don't waste any of your time. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Bug#1007787: bullseye-pu: package adduser/3.118
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu [ Reason ] Bug #940577 reports a command injection vulnerability into deluser which can be exploited by an external entity that can can create strangely named user accounts. This is a privilege escalation on systems that have their account database externally managed, for example in LDAP. This issue is present in adduser since nearly forever (2006) and has just recently been fixed in unstable. [ Impact ] Possible privilege escalation. [ Tests ] Adduser in unstable has an autopkgtest covering the issue; adduser in stable sadly not. [ Risks ] Due to changes in the syntax of the crontab executable, the entire code is non-functional; the only function it provides is thus to offer the command injection. [ Checklist ] [ ] *all* changes are documented in the d/changelog [ ] I reviewed all changes and I approve them [ ] attach debdiff against the package in (old)stable [ ] the issue is verified as fixed in unstable [ Changes ] The suggested fix differs from the fix employed for unstable and just removes the affected code: diff --git a/deluser b/deluser index b1bf56b..c27ec8d 100644 --- a/deluser +++ b/deluser @@ -348,13 +348,6 @@ if($action eq "deluser") { } } -if (system("crontab -l $user >/dev/null 2>&1") == 0) { - # crontab -l returns 1 if there is no crontab - my $crontab = &which('crontab'); - &systemcall($crontab, "-r", $user); - s_print (gtx("Removing crontab ...\n")); -} - s_printf (gtx("Removing user `%s' ...\n"),$user); my @members = get_group_members($maingroup); if (@members == 0) { [ Other info ] This is my first try to do a stable upload. Since adduser is a vital package, but my time is rather limited at the moment, I would like to know whether this fix is acceptable for stable before I prepare an actual package. Also, the fix suggested for stable is not the same fix that is in place in unstable and testing (that one also fixes the broken functionality and adds more safety). Greetings Marc
Bug#994091: nmu: aide_0.17.3-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu [this is my first binNMU request, I hope that I did everything right] aide is statically linked. With the new glibc, NSS calls get somehow still some dynamic linking, which causes a reproducible and unconditional segfault one aide uses an NSS-releated call. A rebuild fixes this issue. I am currently discussing this issue with upstream to find out whether we can do things a bit better in the future. Greetings Marc nmu aide_0.17.3-4 . ANY . unstable . -m "Rebuild against the new glibc"
Re: Bug#810785: ifupdown breaks debootstrap of Debian
On Thu, Mar 03, 2016 at 09:08:38PM -0500, allen wrote: > So here it is March 3, tonight I've tried to install Debian Testing, on a new > to me laptop, and I've run into a failure at the 'Select and Install > Software' > step. Opening a shell and looking at syslog reveals that the problem is bug > #810785. Now what to do. If there is any workaround I'd love to know what > it > is? Debian testing is an unreleased development version of Debian. It is expected that it might break from time to time. Would installing Debian stable and then upgrading to testing be an option? I would like to suggest staying with what Debian has actually released, "stable" aka "jessie", if you find it hard to find even simple workarounds for bugs that _are_ present in Debian testing. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany| lose things."Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
python-weblib => python-pyweblib
Hi, the python-weblib package in Debian has recently been taken over by me. The package has a long-standing mis-name bug, since it should be called python-pyweblib to be in alignment with the python policy. Would it be possible to do this rename for wheezy? A transitional python-weblib package would of course be provided. python-weblib does not have any reverse dependencies at this time. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120714204951.gc27...@torres.zugschlus.de
freeze exception for systemd integration of atop?
Hi, the systemd community in Debian is a loud and persistent one. Would a version of atop that has systemd integration added to the package be a candidate for a freeze exception at this time of the freeze, or is this post-wheezy material? Greetings Marc P.S.: http://packages.qa.debian.org/a/atop.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679983 -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120712083256.gb26...@torres.zugschlus.de
Re: Bug#645765: please consider allowing to load installer components from a different mirror
On Tue, Oct 18, 2011 at 11:28:54PM +0200, Philipp Kern wrote: > On 2011-10-18, Marc Haber wrote: > > when entities deploy Debian via network install, point releases can > > pose challenges. For example, a site I consult for has a mirror which > > is rsynced daily, but the installation server is not updated > > automatically with the latest initrd and kernel files. > > There are debian-installer-6.0-netboot-* packages for this in squeeze > now, FWIW. It helps in quite a bunch of cases, just maybe not in yours. > (The install server needs to run on squeeze.) ;-) The install server in question is an ancient CentOS for historic reasons. > > [1] I don't have the slightest idea why this issue has only surfaced > > after 6.0.3 > > It certainly happens for new kernel ABIs. But yeah, point releases > regularly break d-i netboot images because of the way they work. > Basically whenever we respin the kernel udebs and then d-i to > incorporate new security updates / other misc bugfixes. I wonder what > was different here if it didn't happen with .1 or .2 (which both had > non-ABI breaking d-i kernel updates). Do you have some sort of > failure message? I don't remember exactly, the symptom was that the mptsas driver didn't load (and also wasn't loadable manually), leaving the system diskless. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111019080559.ga24...@torres.zugschlus.de
Re: stable proposed update: ser2net, fixing #535159
On Tue, Sep 28, 2010 at 09:47:02PM +0100, Adam D. Barratt wrote: > Thanks. Please go ahead with the upload. Uploaded. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2010100515.gs30...@torres.zugschlus.de
Re: stable proposed update: ser2net, fixing #535159
Hi, On Sun, Sep 19, 2010 at 05:07:18PM +0100, Adam D. Barratt wrote: > Looking at the code, only the changes in the third hunk (around line > 583) actually appear to make any practical difference; the others > shouldn't hurt though, for a "belt and braces" approach. It is the patch published by upstream to patch the issue; I'd like to take that one in full and verbatim to stay synchronized with upstream. > In terms of a stable update, we prefer not to change or introduce patch > systems so the changes should be applied directly via the .diff.gz. Done. > One also assumes that the copy of config.log from an aborted run was > not intended to be included. :-) Strike. New debdiff attached. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 diff -u ser2net-2.5/debian/changelog ser2net-2.5/debian/changelog --- ser2net-2.5/debian/changelog +++ ser2net-2.5/debian/changelog @@ -1,3 +1,9 @@ +ser2net (2.5-1+lenny1) stable; urgency=low + + * add patch from Sebastian Andrzej Siewior. Closes: #535159 + + -- Marc Haber Tue, 28 Sep 2010 19:58:37 + + ser2net (2.5-1) unstable; urgency=low * new upstream version. only in patch2: unchanged: --- ser2net-2.5.orig/controller.c +++ ser2net-2.5/controller.c @@ -550,17 +550,17 @@ if (write_count == -1) { if (errno == EINTR) { /* EINTR means we were interrupted, just retry by returning. */ - return; + goto out; } if (errno == EAGAIN) { /* This again was due to O_NONBLOCK, just ignore it. */ } else if (errno == EPIPE) { - shutdown_controller(cntlr); + goto out_fail; } else { /* Some other bad error. */ syslog(LOG_ERR, "The tcp write for controller had error: %m"); - shutdown_controller(cntlr); + goto out_fail; } } else { int i, j; @@ -572,7 +572,7 @@ if (td->out_telnet_cmd_size != 0) /* If we have more telnet command data to send, don't send any real data. */ - return; + goto out; } } @@ -583,11 +583,11 @@ if (errno == EAGAIN) { /* This again was due to O_NONBLOCK, just ignore it. */ } else if (errno == EPIPE) { - shutdown_controller(cntlr); + goto out_fail; } else { /* Some other bad error. */ syslog(LOG_ERR, "The tcp write for controller had error: %m"); - shutdown_controller(cntlr); + goto out_fail; } } else { cntlr->outbuf_count -= write_count; @@ -604,6 +604,11 @@ SEL_FD_HANDLER_DISABLED); } } + out: +return; + + out_fail: +shutdown_controller(cntlr); } /* Handle an exception from the TCP port. */
Re: Bug#597566: clamav-getfiles: Fails to create package with multiple perl undefined reference errors
Hi, On Mon, Sep 20, 2010 at 05:20:07PM -0400, Eric Reischer wrote: > All known active versions of clamav-getfiles fail to produce a package. I'll check that, earliest next week. Release team, please pull clamav-getfiles form squeeze in the mean time. > Also, this bug appears to be affecting the auto-update tool that posts > clamav-data packages to volatile. The last updated definition package > is dated 2010-08-21, which is a month old. clamav-data in volatile died when volatile went under new "official" owners. Sorry about that, and also sorry to see my own work going down the drain. http://lists.debian.org/debian-volatile-announce/2009/msg3.html > This potentially represents a security issue to people who rely on > updated virus definition packages over clamav-freshclam. Yes. Please complain to ftpmaster who believe that noone uses clamav-data anyway. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100921095834.gd18...@torres.zugschlus.de
stable proposed update: ser2net, fixing #535159
Hi, Stable Release Team, please review the attached patch against ser2net for inclusion in the next stable point release. It is supposed to fix #535159, which I don't understand zilch, so I applied it verbatim. Please indicate whether it's worth the trouble to actually pbuild and upload the package. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 diff -u ser2net-2.5/debian/rules ser2net-2.5/debian/rules --- ser2net-2.5/debian/rules +++ ser2net-2.5/debian/rules @@ -6,4 +6,5 @@ # automatic debian/control generation disabled, cdbs bug #311724. +include /usr/share/cdbs/1/rules/dpatch.mk include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk diff -u ser2net-2.5/debian/control ser2net-2.5/debian/control --- ser2net-2.5/debian/control +++ ser2net-2.5/debian/control @@ -4,7 +4,7 @@ Maintainer: Marc Haber Homepage: http://sourceforge.net/projects/ser2net Standards-Version: 3.7.2.2 -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), libwrap0-dev +Build-Depends: cdbs (>= 0.4.23-1.1), dpatch, debhelper (>= 5), libwrap0-dev Package: ser2net Architecture: any diff -u ser2net-2.5/debian/changelog ser2net-2.5/debian/changelog --- ser2net-2.5/debian/changelog +++ ser2net-2.5/debian/changelog @@ -1,3 +1,9 @@ +ser2net (2.5-1+lenny1) stable; urgency=low + + * add patch from Sebastian Andrzej Siewior. Closes: #535159 + + -- Marc Haber Tue, 14 Sep 2010 22:41:25 +0200 + ser2net (2.5-1) unstable; urgency=low * new upstream version. only in patch2: unchanged: --- ser2net-2.5.orig/config.log +++ ser2net-2.5/config.log @@ -0,0 +1,594 @@ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by configure, which was +generated by GNU Autoconf 2.61. Invocation command line was + + $ /mnt/bigstuff/home/mh/chroot/lenny-backports/home/mh/ser2net/ser2net-2.5/./configure --build=i486-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/ser2net --disable-maintainer-mode --disable-dependency-tracking --disable-silent-rules --srcdir=. + +## - ## +## Platform. ## +## - ## + +hostname = nechayev +uname -m = i686 +uname -r = 2.6.35.4-zgsrv20080 +uname -s = Linux +uname -v = #1 SMP PREEMPT Fri Sep 3 15:29:53 CEST 2010 + +/usr/bin/uname -p = unknown +/bin/uname -X = unknown + +/bin/arch = unknown +/usr/bin/arch -k = unknown +/usr/convex/getsysinfo = unknown +/usr/bin/hostinfo = unknown +/bin/machine = unknown +/usr/bin/oslevel = unknown +/bin/universe = unknown + +PATH: /usr/sbin +PATH: /usr/bin +PATH: /sbin +PATH: /bin +PATH: /usr/bin/X11 + + +## --- ## +## Core tests. ## +## --- ## + +configure:1965: checking for a BSD-compatible install +configure:2021: result: /usr/bin/install -c +configure:2032: checking whether build environment is sane +configure:2075: result: yes +configure:2140: checking for gawk +configure:2170: result: no +configure:2140: checking for mawk +configure:2156: found /usr/bin/mawk +configure:2167: result: mawk +configure:2178: checking whether make sets $(MAKE) +configure:2199: result: yes +configure:2431: checking for gcc +configure:2447: found /usr/bin/gcc +configure:2458: result: gcc +configure:2696: checking for C compiler version +configure:2703: gcc --version >&5 +gcc (Debian 4.4.4-12) 4.4.5 20100902 (prerelease) +Copyright (C) 2010 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +configure:2706: $? = 0 +configure:2713: gcc -v >&5 +Using built-in specs. +Target: i486-linux-gnu +Configured with: ../src/configure -v --with-pkgversion='Debian 4.4.4-12' --with-bugurl=file:///usr/share/doc/gcc-4.4/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.4 --enable-shared --enable-multiarch --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.4 --libdir=/usr/lib --enable-nls --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu +Thread model: posix +gcc version 4.4.5 20100902 (prerelease) (Debian 4.4.4-12) +configure:2716: $? = 0 +configure:2723: gcc -V >&5 +gcc:
Pre-clearance for aide bug fix of #596230
Hi, Hannes von Haugwitz has found a bad bug in aide 0.15 (#596230). Upstream has released 0.15.1, which contains only the patches listed in #596230 (aside from using a later autofoo). We also have a number of smaller changes against the rules we ship: --- a/debian/aide.conf.d/31_aide_apt +++ b/debian/aide.conf.d/31_aide_apt @@ -55,6 +55,11 @@ echo "${VARDIR}/extended_states$ VarFile" echo "${VARDIR}$ VarDir" echo "${LOGDIR}/term\.log$ Log" +echo "/var/backups/apt\.extended_states\.0$ LowLog" +echo "/var/backups/apt\.extended_states\.1\.gz$ LoSerMemberLog" +echo "/var/backups/apt\.extended_states\.[2345]\.gz$ SerMemberLog" +echo "/var/backups/apt\.extended_states\.6\.gz$ HiSerMemberLog" + if [ "$IGNORE_ARCHIVES" = "yes" ]; then echo "!$ARCHIVESDIR/[-a-zA-Z0-9%\.~_+]+_(@@{ARCH}|all)\.deb$" fi diff --git a/debian/aide.conf.d/31_aide_munin b/debian/aide.conf.d/31_aide_munin index ce05b60..71e64b6 100644 --- a/debian/aide.conf.d/31_aide_munin +++ b/debian/aide.conf.d/31_aide_munin @@ -10,7 +10,7 @@ !/var/run/munin/munin-(update|datafile|graph|limits|html)\.lock$ /var/lib/munin/(limits|datafiles|munin-(update|graph)\.stats)$ VarFile !/var/lib/munin/munin-(update|graph)\.stats\.tmp$ -/var/lib/munin/plugin-state/(exim_mailstats|(smart-[sh]d[a-z]|munin-cupsys-pages)\.state)$ VarFile +/var/lib/munin/plugin-state/(exim_mailstats(-(([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5])\.){3}([0-9]|([1-9]|1[0-9]|2[0-4])[0-9]|25[0-5]))?|(smart-[sh]d[a-z]|munin-cupsys-pages)\.state)$ VarFile /var/lib/munin/plugin-state/(postfix_mailvolume|_proc_net_tcp[6]?)$ VarFile /var/lib/munin/datafile$ VarFile /var/lib/munin$ VarDir diff --git a/debian/aide.conf.d/31_aide_rkhunter b/debian/aide.conf.d/31_aide_rkhunter index 49dfce4..26cbeba 100644 --- a/debian/aide.conf.d/31_aide_rkhunter +++ b/debian/aide.conf.d/31_aide_rkhunter @@ -1,4 +1,5 @@ -/var/lib/rkhunter/db/(rkhunter\.dat(\.old)?|(mirrors|rkhunter_prop_list)\.dat)$ VarTime +/var/lib/rkhunter/db/(mirrors|rkhunter_prop_list)\.dat$ VarTime +/var/lib/rkhunter/db/rkhunter\.dat(\.old)?$ InodeData /var/lib/rkhunter/tmp/(group|passwd)$ VarFile /var/lib/rkhunter/(db|tmp)$ VarDir /var/log/rkhunter\.log$ Log What would the release team prefer to get these fixes into squeeze: - upload aide 0.15.1 to unstable, let it migrate to squeeze - update aide 0.15 with the patches that virtually make it aide 0.15.1? - Add the rule patches or not? Please indicate what you would prefer. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100911183615.ge23...@torres.zugschlus.de
Re: [Pkg-clamav-devel] Please unblock clamav-data
On Wed, Sep 08, 2010 at 01:11:42PM +0200, Michael Tautschnig wrote: > I have no idea whether you have already come to a conclusion regarding > clamav-data. We have. Clamav-data is dead, the host that was building it retired and decommissioned, all monitoring jobs disabled, a lot of work flushed down the drain. Frustration stays. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100908143808.gc12...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Wed, Aug 25, 2010 at 11:46:13AM +0200, Julien Cristau wrote: > On Tue, Aug 24, 2010 at 17:25:45 +0200, Marc Haber wrote: > > ping. aide 0.15 has now been running ok on all my servers, and no bugs > > have been reported. I think it's safe to allow aide into squeeze. > > > Unblocked. Thanks! Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100825103017.ga16...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Fri, Aug 13, 2010 at 07:05:46PM +0200, Marc Haber wrote: > On Tue, Aug 10, 2010 at 10:21:18PM -0400, Julien Cristau wrote: > > On Mon, Aug 9, 2010 at 17:11:25 +0200, Marc Haber wrote: > > > I have uploaded the diffs to > > > http://q.bofh.de/~mh/stuff/diff (full diff) > > > http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant > > > changes removed) for your review. > > > > > > I'd really appreciate an appropriate exception. > > > > > Thanks, the stripped down diff looks sane on a quick glance. Can you > > upload to unstable, make sure the package is as well tested as possible, > > and get back to us in a couple of weeks (or whenever you're confident > > that it's ready for squeeze)? > > Hannes uploaded, and I will ping you in about two weeks (should no > bugs arise). ping. aide 0.15 has now been running ok on all my servers, and no bugs have been reported. I think it's safe to allow aide into squeeze. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100824152545.gg21...@torres.zugschlus.de
Please unblock clamav-data
Please unblock clamav-data as this will bring more virus signatures into lenny. The package is built and tested automatically inside the debian-volatile infrastructure. If you can establish a permanent unblock for anything named clamav-data, this package is a good candidate for that. A new clamav-data is uploaded to unstable about every two weeks. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100816085617.gb1...@torres.zugschlus.de
Re: aide 0.15 in unstable - please consider a freeze exception
On Tue, Aug 10, 2010 at 10:21:18PM -0400, Julien Cristau wrote: > On Mon, Aug 9, 2010 at 17:11:25 +0200, Marc Haber wrote: > > I have uploaded the diffs to > > http://q.bofh.de/~mh/stuff/diff (full diff) > > http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant > > changes removed) for your review. > > > > I'd really appreciate an appropriate exception. > > > Thanks, the stripped down diff looks sane on a quick glance. Can you > upload to unstable, make sure the package is as well tested as possible, > and get back to us in a couple of weeks (or whenever you're confident > that it's ready for squeeze)? Hannes uploaded, and I will ping you in about two weeks (should no bugs arise). Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100813170546.gb10...@torres.zugschlus.de
aide 0.15 in unstable - please consider a freeze exception
esn't exist +- include database name in error message if database doesn't exist +- exit with fatal error if new database does not exist +- reworked FILTERINSTALLATIONS and FILTERUPDATES + * 31_aide_smartmontools: +- handle files in /var/lib/smartmontools/ + * 31_aide_dhcp3-client: +- /var/lib/dhcp3/ has been moved to /var/lib/dhcp/ + * 31_aide_pm-utils: new +- handle files in /var/run/pm-utils/ + * 31_aide_apt: +- fixed handling of comments in sources.list, thanks to Harvey Muller for + the patch (LP: #112242) + * 31_aide_kerberos: +- handle principal and principal.ok + + -- Hannes von Haugwitz Thu, 29 Jul 2010 08:38:20 +0200 I have uploaded the diffs to http://q.bofh.de/~mh/stuff/diff (full diff) http://q.bofh.de/~mh/stuff/manual-diff (generated files and irrelevant changes removed) for your review. I'd really appreciate an appropriate exception. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100809151125.gb26...@torres.zugschlus.de
Re: squeeze-ignore (was: potential removals from testing)
Hi, On Wed, Mar 24, 2010 at 09:46:33AM +, Robert Lemmen wrote: > On Tue, Mar 23, 2010 at 07:31:29PM +0100, Andreas Barth wrote: > > * Robert Lemmen (rober...@semistable.com) [100323 17:54]: > > > clamav-getfiles > > > rc-buggy: #502751 > > > no resolution in sight > > > maintainer agrees > > > low popcon > > > > I think we could squeeze-ignore the bug - at least I'd be willing to > > do that. > > ok, i'll discuss that with the maintainer and let him decide. I'm of course ok with that. For the record, I still think that the package's current state is the least evil of the other options. Additionally, ftpmaster indicated multiple times that they would like to get rid of clamav-data in volatile, which would in turn make clamav-getfiles unnecessary. clamav-data and clamav-getfiles are still there because ftpmaster (thankfully) never formaly asked me to refrain from uploading clamav-data. If they did, clamav-getfiles in Debian will die a quick death as this would immediately stop me from wanting to spend any more time on clamav-data. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100324122108.ga9...@torres.zugschlus.de
Re: Notes on IRC meeting
On Wed, Mar 17, 2010 at 04:35:48PM +, Sune Vuorela wrote: > It is also a problem that the longer we wait for a new major kde release > to put it in debian, the harder it is to get upstream to care for the > problems we get into. Afaics as a mere user, KDE upstream stops caring about their releases about the second the tarball is out of the door. > And it is also a problem for the KDE team that we are working hard to > get something ready in order to just get stalled by other things. This > also hurts our ability to attract and keep new people for the Debian KDE > team as it might take months for their work to be able to reach the > archive. KDE is a huge pile of code with an even higher number of dependencies, which is neither easy nor fast to maintain. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100317172135.gl14...@torres.zugschlus.de
Re: Notes on IRC meeting
On Wed, Mar 17, 2010 at 03:15:32PM +, Sune Vuorela wrote: > On 2010-03-17, Marc Haber wrote: > > On Wed, Mar 17, 2010 at 02:13:42PM +, Sune Vuorela wrote: > >> On 2010-03-17, Marc Haber wrote: > >> > On Tue, Mar 16, 2010 at 10:02:05PM +, Sune Vuorela wrote: > >> >> and we would really like to have more than a couple of weeks > >> >> from 'upload to unstable' to 'debian freeze'. We kind of expected to > >> >> have a couple of months with real users testing it. > >> > > >> > So you would want to have the freeze delayed even more to accomodate > >> > you? > >> > >> We would have uploaded several weeks ago if the release team hadn't > >> asked us to wait. > > > > Did they state a reason? > > They want to break the archives with some transitions before they let us > break the archive. That sounds like a perfectly valid reason, allowing you to enter your transition without having to think about others. A KDE transition is hard enough even when one doesn't need to think about a truckload of other transitions that may interfere. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100317155852.gi14...@torres.zugschlus.de
Re: Notes on IRC meeting
On Wed, Mar 17, 2010 at 02:13:42PM +, Sune Vuorela wrote: > On 2010-03-17, Marc Haber wrote: > > On Tue, Mar 16, 2010 at 10:02:05PM +, Sune Vuorela wrote: > >> and we would really like to have more than a couple of weeks > >> from 'upload to unstable' to 'debian freeze'. We kind of expected to > >> have a couple of months with real users testing it. > > > > So you would want to have the freeze delayed even more to accomodate > > you? > > We would have uploaded several weeks ago if the release team hadn't > asked us to wait. Did they state a reason? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100317141628.gg14...@torres.zugschlus.de
Re: Notes on IRC meeting
On Tue, Mar 16, 2010 at 10:02:05PM +, Sune Vuorela wrote: > and we would really like to have more than a couple of weeks > from 'upload to unstable' to 'debian freeze'. We kind of expected to > have a couple of months with real users testing it. So you would want to have the freeze delayed even more to accomodate you? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100317135606.gc14...@torres.zugschlus.de
Re: please unblock clamav-data
Hi, On Thu, Jan 22, 2009 at 11:28:15PM +0100, Luk Claes wrote: > Marc Haber wrote: > > Please unblock clamav-data as this will bring more virus signatures > > into lenny. The package is built and tested automatically inside the > > debian-volatile infrastructure. > > unblocked Thanks. I immediately built and uploaded a new version for unstable; can you already unblock that one so that it automatically migrates to testing once its ten day waiting period is over? This would have the advantage of not breaking my verification automatisms and would automatically remind me to build the next version - it took me two months to notice this time. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
please unblock clamav-data
Please unblock clamav-data as this will bring more virus signatures into lenny. The package is built and tested automatically inside the debian-volatile infrastructure. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Request for freeze exception: apt-cacher-ng
On Fri, Nov 21, 2008 at 10:22:18AM +0100, Eduard Bloch wrote: > Okay, simple question: how many RC bugs do you need to allow the push of > the Unstable version at the moment? I have one RC candidate (#506273), I am sure that a minimal patch against the version currently in lenny, fixing the RC bugs, would be a candiate for inclusion. You have been a DD for long enough to know how our release process works. Greetings Marc, not speaking for the release team -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
please unblock clamav-data
Please unblock clamav-data as this will bring more virus signatures into lenny. The package is built and tested automatically inside the debian-volatile infrastructure. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
please unblock snoopy
Please unblock snoopy Changelog: snoopy (1.3-15) unstable; urgency=low * ACK NMU * New translation: tr (Turkish) by Mert Dirik. Closes: #489156 * Add homepage field * Standards-Version: 3.8.0.0 * Remove Linda Overrides * Lintian: * Override command-with-path-in-maintainer-script prerm:26 /usr/sbin/ld.so.preload-manager warning - we need to be absolutely sure that the ld.so.preload-manager binary is the one that we expect, or we risk leaving a preload entry without the corresponding library. So we abort if we are not sure about this. * Temporarily Override snoopy: sharedobject-in-library-directory- missing-soname lib/snoopy.so - lintian is right, but this change cannot be in lenny. #502712. * Temporarily Override snoopy: description-contains-homepage The Homepage stanza is in the description on purpose, and will go away post-lenny. #502713. * Add -e to postinst and config -- Marc Haber <[EMAIL PROTECTED]> Sun, 19 Oct 2008 13:31:01 +020 snoopy (1.3-14.1) unstable; urgency=low * Non-maintainer upload to fix pending l10n issues. * Debconf translations: - Finnish. Closes: #468354 - Brazilian Portuguese. Closes: #473243 - Russian. Closes: #488133 - Galician. Closes: #488187 - Romanian. Closes: #488705 - Basque. Closes: #488797 -- Christian Perrier <[EMAIL PROTECTED]> Tue, 24 Jun 2008 07:52:20 +0200 This fixes translation issues and makes the package lintian clean (modulo further changes that should not be done during the freeze). Interdiff attached. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 diff -u snoopy-1.3/debian/control snoopy-1.3/debian/control --- snoopy-1.3/debian/control +++ snoopy-1.3/debian/control @@ -2,8 +2,9 @@ Section: admin Priority: optional Maintainer: Marc Haber <[EMAIL PROTECTED]> +Homepage: http://sourceforge.net/projects/snoopylogger/ Build-Depends: debhelper (>= 4.1.0), dpatch, cdbs (>= 0.4.29) -Standards-Version: 3.7.3 +Standards-Version: 3.8.0.0 Package: snoopy Architecture: any @@ -20 +21 @@ - Upstream URL: http://sourceforge.net/projects/snoopylogger/ + Homepage: http://sourceforge.net/projects/snoopylogger/ diff -u snoopy-1.3/debian/install snoopy-1.3/debian/install --- snoopy-1.3/debian/install +++ snoopy-1.3/debian/install @@ -1,3 +1,2 @@ debian/overrides/lintian/snoopy usr/share/lintian/overrides -debian/overrides/linda/snoopy usr/share/linda/overrides debian/tmp/lib/snoopy.so lib diff -u snoopy-1.3/debian/postinst snoopy-1.3/debian/postinst --- snoopy-1.3/debian/postinst +++ snoopy-1.3/debian/postinst @@ -1,5 +1,7 @@ #!/bin/sh +set -e + . /usr/share/debconf/confmodule [ -n "$SNOOPYDEBUG" ] && set -x diff -u snoopy-1.3/debian/config snoopy-1.3/debian/config --- snoopy-1.3/debian/config +++ snoopy-1.3/debian/config @@ -1,5 +1,7 @@ #!/bin/sh +set -e + . /usr/share/debconf/confmodule [ -n "$SNOOPYDEBUG" ] && set -x @@ -13,3 +15,3 @@ -db_input critical snoopy/install-ld-preload +db_input critical snoopy/install-ld-preload || true db_go diff -u snoopy-1.3/debian/changelog snoopy-1.3/debian/changelog --- snoopy-1.3/debian/changelog +++ snoopy-1.3/debian/changelog @@ -1,3 +1,26 @@ +snoopy (1.3-15) unstable; urgency=low + + * ACK NMU + * New translation: tr (Turkish) by Mert Dirik. Closes: #489156 + * Add homepage field + * Standards-Version: 3.8.0.0 + * Remove Linda Overrides + * Lintian: +* Override command-with-path-in-maintainer-script prerm:26 + /usr/sbin/ld.so.preload-manager warning - we need to be absolutely + sure that the ld.so.preload-manager binary is the one that we expect, + or we risk leaving a preload entry without the corresponding library. + So we abort if we are not sure about this. +* Temporarily Override snoopy: sharedobject-in-library-directory- + missing-soname lib/snoopy.so - lintian is right, but this change + cannot be in lenny. #502712. +* Temporarily Override snoopy: description-contains-homepage + The Homepage stanza is in the description on purpose, and will + go away post-lenny. #502713. + * Add -e to postinst and config + + -- Marc Haber <[EMAIL PROTECTED]> Sun, 19 Oct 2008 13:31:01 +0200 + snoopy (1.3-14.1) unstable; urgency=low * Non-maintainer upload to fix pending l10n issues. diff -u snoopy-1.3/debian/overrides/lintian/snoopy snoopy-1.3/debian/overrides/lintian/snoopy --- snoopy-1.3/debian/overrides/lintian/snoopy +++ snoopy-1.3/debian/overrides/lintian/snoopy @@ -1,0 +2,3 @@ +snoopy: command-with-path-in-maintainer-script prerm:26 /usr/sbin/ld.so.preload-manager +snoopy: sharedobjec
please unblock clamav-getfiles
Please unblock clamav-getfiles. Changelog: clamav-getfiles (2.0-5) unstable; urgency=low * Update Swedish (sv) translation of -data debconf messages. Thanks to Martin Bagge. Closes: #491940 * Update German (de) translation of -getfiles debconf messages. Thanks to Frederik Schwarzer. Closes: #502692 * run config with -e in both -data and -getfiles * fix "debconf-is-not-a-registry" overrides * -data has Standards-Version: 3.8.0 as well (no changes necessary) This fixes translation issues and makes the package lintian clean. This is the software version used to automatically build clamav-data packages for sid, lenny and volatile and should be in lenny. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#490440: Change default syslog daemon to rsyslog in time for lenny
On Sun, Jul 13, 2008 at 10:49:33AM +0200, Philipp Kern wrote: > On Sun, Jul 13, 2008 at 10:39:14AM +0200, Joerg Jaspert wrote: > > The discussion just raised again on -release. Joey got CCed in one or > > two mails now. Pushing with the bug on the same day is too fast. Instead > > I like the proposal to wait until Tuesday and then take action. > > He got Cc'ed earlier already. I just looked and discovered at least one > mail from Apr 05 by Luk on d-release on which he Cc'ed him about this > issue. I bet there are more, as there were multiple threads raising > the switch already, both on -release and -devel. Even if, Tuesday would be perfectly fine, even if it were Tuesday a week later. It's not _that_ urgend, the change just needs to be before the freeze. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bug#490440: Change default syslog daemon to rsyslog in time for lenny
On Sun, Jul 13, 2008 at 12:56:11AM +0200, Jonas Meurer wrote: > On 12/07/2008 Joerg Jaspert wrote: > > Those two links clearly say "Its better to not have force involved" and > > let the maintainers agree on it. Why do you ignore that and try to force > > it now, not giving the maintainers any time to act on this? > > Joey Schulze never contributed to the discussion at any time Judging from the degree how good sysklogd is "maintained", if sysklogd's Owner (I don't dare to say "maintainer" here for a reason) needs to consent, we'll have sysklogd as default syslogd until hell freezes over. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: status of default syslog daemon for lenny
On Sat, Jul 12, 2008 at 03:07:20PM +0200, Luk Claes wrote: > Marc Haber wrote: > > On Sat, Jul 12, 2008 at 12:02:25PM +0200, Jonas Meurer wrote: > >> So what's does process to change a default look like usually? Simply do > >> a coordinated upload of both old and new default packages with inverted > >> priorities? > > > > It is actually an unilateral decision of ftpmaster. When exim4 became > > the default, the maintainer team wasn't even informed of that > > decision, we just received an override disparity when we uploaded. > > Note that it's not comparable IMHO as exim was meant to go away in > favour of exim4 anyway. I do think that exim going away was a > maintainer's decision, though I might be wrong... exim4 became the default years before exim 3 was removed. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: status of default syslog daemon for lenny
On Sat, Jul 12, 2008 at 12:02:25PM +0200, Jonas Meurer wrote: > So what's does process to change a default look like usually? Simply do > a coordinated upload of both old and new default packages with inverted > priorities? It is actually an unilateral decision of ftpmaster. When exim4 became the default, the maintainer team wasn't even informed of that decision, we just received an override disparity when we uploaded. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Considerations for lilo removal
On Mon, Jun 16, 2008 at 11:19:03AM +0200, Mike Hommey wrote: > On Mon, Jun 16, 2008 at 10:57:32AM +0200, Frans Pop wrote: > > We still very regularly get installation reports where people use lilo > > rather than grub, so it must still have a fairly significant user base. I > > would say that the activity on the bug report shows the same. > > OTOH, aren't most of these choosing lilo over grub only doing so by > habit ? I am usually using grub, but I still have some systems that don't boot with grub, and the vendor citing the usual we don't support Linux, our systems boot just fine with all flavours of Windows, go take a hike. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Freeze exception for dpkg 1.14.18
On Sun, Apr 27, 2008 at 10:59:30AM +0800, Stefano Zacchiroli wrote: > FWIW, in my view Raphael's claim is not such a strong claim that needs > the motivation you are asking for. I think we can all imagine how a > "fight" like those between Guillem and Ian can delay work on one side: > you have emotionally to deal with the fight, and you have technically to > work with the FTP guys to deal with the issue (for example to explain > the motivation so that they lift the upload restriction). All these > things take time away. I guess that having the package unaccepted ate at most 30 minutes. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Freeze exception for dpkg 1.14.18
On Sat, Apr 26, 2008 at 04:18:29PM +0200, Raphael Hertzog wrote: > I would have liked to upload all this sooner, but Guillem absolutely > wanted to merge the triggers in dpkg 1.14.17 and with the hijack story, > it delayed the whole for several weeks. Please explain how Ian's upload (which was promptly unaccepted) delayed Guillem's work. It's a real shame, but you guys are too late. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: RFH: Multiarch capable toolchain as release goal
On Sun, 20 Apr 2008 17:49:07 +0200, Robert Millan <[EMAIL PROTECTED]> wrote: >Before you bring this to the tech ctte and such, don't you need a refusal >by the maintainer? Acticaly refusing things is not part of Mr. Troup's operations. He rather sits on such issues for years until they solve themselves. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: RFH: Multiarch capable toolchain as release goal
On Wed, 16 Apr 2008 06:24:09 +0200, Goswin von Brederlow <[EMAIL PROTECTED]> wrote: >Ove Kaaven <[EMAIL PROTECTED]> writes: >> The way I understand it, they HAVE been pushing... and pushing... for >> a long time... against a nonresponsive binutils maintainer. This >> thread is just their latest, last-ditch effort since nothing else >> worked so far. But I could be wrong, I guess. > >You are right. The patch has been around for years and requests for any >response to the patch have just been ignored. Why did I guess the name of binutils' maintainer correctly _before_ looking into the PTS? I bet that multiarch gets included into Ubuntu about two weeks after we released lenny without multiarch. Greetings Marc -- ------ !! No courtesy copies, please !! - Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Re: ghc6
On Sat, Apr 05, 2008 at 04:01:45PM +0200, Bastian Blank wrote: > On Sat, Apr 05, 2008 at 02:03:50PM +0100, Ian Lynagh wrote: > > Can you please trigger build-attempts for ghc6 on > > mips, mipsel, powerpc and s390 > > Nack for s390. For the futre, please explain why you reject requests that sound reasonable on the first look. This prevents irritation on other people's part. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Tue, Jul 31, 2007 at 11:13:42AM +0200, Wouter Verhelst wrote: > In all other cases, your machine should do the resolving, try to > connect, _immediately_ get a "no route to host", and fall back to v4. I > don't see the problem? Issues imposed by high latency, high packet loss or slow DNS servers are likely to be doubled by the double DNS query. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debian release cycle for enterprise ?
On Thu, Jun 07, 2007 at 08:25:14PM -0700, Steve Langasek wrote: > Personally, I would like to see us able to provide security support for > sarge through the release of lenny, so that users can opt to skip a release > if they need a longer cycle, passing through etch only long enough to adjust > their sources.list. Do we have the issues that are present with security support for "current stable" solved, so that we are already able to think about providing _more_ support than we currently claim to do? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Solving the linux-2.6 firmware issue
On Fri, Jan 05, 2007 at 10:54:42PM +0100, Frederik Schueler wrote: > The following drivers will be completely removed from the next upload, > because they contain legally not distributable components: > > keyspan So keyspan USB devices will be useless with Debian kernels in the very near future, since there is no alternative to the kernel driver? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please consider granting a permanent freeze-exception for clamav-data
Hi release managers! Clamav-data is a packaged version of clamav.net's malware database suitable for use with clamav and clamav daemon. The package is built - for volatile - on a 30-minute-basis whenever a new database is released, and uploaded automatically - unsigned - to volatile. The same process is used to build packages for unstable, which are - manually signed - uploaded whenever the unstable version has migrated to testing. The automated build process tests the new clamav-data packages on unstable, testing, stable+volatile and plain stable and only releases the packages if clamav-testfiles and an eicar.com file are correctly detected with the new databases. This process is running for more than a year now and has never failed to either produce a working package, or to catch an error and fail with an error message and without producing a package at all. I am pretty sure that this process is going to work even with testing frozen. It would be a good idea to really have a current clamav-data in etch when we release. I'd therefore like to ask you to grant a permanent freeze exception for clamav-data, allowing the package to migrate from unstable to testing normally after the normal waiting period has passed. I promise that I am not going to touch the build process during the freeze without notifying you to allow the freeze exception to be revoked. Please, additionally, consider forcing the clamav-data from unstable to testing just before the actual release is done. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Request permission to upload aide 0.13
Hi release managers! I'd like to upload aide 0.13 (upstream stable), because this version fixes numerous nasty bugs reported upstream (but not to the Debian bts) and to the Debian BTS. Aide has received a lot of attention lately. I'd like to see it in etch. I don't expect any RC bug arising with this new version. The only packages depending on aide are harden-environment and checksecurity, and aide's interface has not changed. Do you (the RMs) allow me to upload it to sid (for inclusion into etch)? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Request permission to upload Nagios2 2.6
Hi release managers! I'd like to upload nagios2 2.6 (upstream stable), because this version fixes numerous nasty bugs reported upstream (but not to the Debian bts). I'd like to see it in etch. I don't expect any RC bug arising with this new version. The only package depending on binary packages built from nagios2 is education-main-server which is an otherwise empty metapackage. Do you (the RMs) allow me to upload it to sid (for inclusion into etch)? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please approve adduser 3.99
On Fri, Oct 27, 2006 at 02:12:56PM +0200, Marc 'HE' Brockschmidt wrote: > Marc Haber <[EMAIL PROTECTED]> writes: > > please approve adduser 3.99 for etch. It fixes a bug in option > > parsing, allows building with later perl versions, makes life easier > > for mail server administrators and includes many new translations. > > Done. Thanks! Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please approve adduser 3.99
Hi, please approve adduser 3.99 for etch. It fixes a bug in option parsing, allows building with later perl versions, makes life easier for mail server administrators and includes many new translations. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please remove rageircd from testing
Hi, please remove rageircd from testing. It is unlikely that the existing RC bugs are going to be fixed in time for etch due to lack of upstream support. Greetings Marc, rageircd maintainer -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please accept packages to proposed-updates
On Wed, Jul 26, 2006 at 07:19:41AM +0200, Christian Perrier wrote: > (updates handled by the SRM team) > > > Not checked too. > > We have a nice backlog. We go as fast as possible, but are currently > > slowed down because some stuff depends on ftp-master will. > > > Is there some reason for not having at least one SRM team member in > the ftpmaster team? I find that a very very good idea. This will help in lessening ftpmaster's work load, and will thus not only speed up the stable point releases, but also other things that fall into ftpmaster's domain since the work load of supporting the stable release team is not any more necessary. > Delegating a part of the ftpmaster power to the SRM team and also > probably the security team seems to be seomthing that could at least > temporarily solve such a problem.waiting for possibly "cleaner" > solutions for the long term. Amen. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: how to cleanly get rid of exim 3 for etch?
On Sun, Jul 30, 2006 at 02:08:23PM +0200, Martin Schulze wrote: > Marc Haber wrote: > > (2) Update exim3 with the warning message in sarge via s-p-u and a > > point release. > > If this is a required step upon the upgrade/removal, then your path > is flawed. No, it is not requied, but an additional courtesy towards people who keep their system up to date. The people that don't are going to stick with the unsupported exim 3 anyway. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
how to cleanly get rid of exim 3 for etch?
Hi, currently, Debian etch still contains a package of exim 3, an outdated version of our Default MTA which is still in wide use, but has been unsupported by upstream for years. Even its maintainer has stopped using it in the mean time, so exim 3 users _really_ _really_ should upgrade. Unfortunately, there is no clear upgrade path from exim 3 to exim4. In coordination with the exim 3 and the exim4 team, in June 2006 I NMUed exim3 in sid with a new description that strongly discourages using exim 3 and strongly _en_courages updating to exim4. This package has migrated to etch in the mean time. The exim3 packages have been displaying a similiar warning on installation and/or upgrade since March 2005. My communications with the release team in early 2006 have outlined the following steps. (1) Get exim3 with the warning description into etch (2) Update exim3 with the warning message in sarge via s-p-u and a point release. (3) Get the "exim 3 is unsupported, update to exim4 manually ASAP" message inluded in the etch release notes. (4) Get exim 3 removed from etch and sid. Step (1) is done, I am now ready to proceed with (2). Unfortunately, the release team seems to have changed their mind in the mean time, and have indicated that exim 3.36-16sarge1 would not be accepted for the next sarge point release with the changed description. I happen to strongly disagree with that assessment. It is a clear RC bug to have no support at all - there is no upstream, no active maintainer, no nothing. Uploading the changed description to sarge is one step towards having this RC bug fixed by having exim 3 removed from Debian. I find it very unfair towards our users and the release team to still have exim 3 in etch, and/or to not encourage them appropriately to upgrade to exim4. I would like to strongly ask the release team to agree - again - to what we agreed in early 2006, to prevent etch from releasing with exim 3 in a clean way. I am ready to NMU exim 3.36-16sarge1 to s-p-u on short notice. About a week after exim 3.36-16sarge1 being in a sarge point release, exim 3 can be removed from etch and sid. Please not that this procedere might set a precedent for other, similiar transitions, apache => apache2 probably being the most prominent of them. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Secure APT Key Management
On Wed, Jul 26, 2006 at 05:06:27PM +0100, martin f krafft wrote: > also sprach Marc Haber <[EMAIL PROTECTED]> [2006.07.26.1632 +0100]: > > While we're at it, I am very much in favor that we start accepting > > binary package signatures again. We were on the right way to assure > > package integrity on a package level when our archive suddenly stopped > > accepting signed binary packages. > > Where's the added benefit if our archive serves binaries with > signatures? I am actually in favour of this, but I do remember that > this was the question neuro threw back at me when I brought it up in > Mexico. It is much easier to verify package integrity since the signature is directly on the binary package. It works for out-of-tree software, and it helps just in case you are too paranoid to trust ftpmaster. I remember that back in the days of the 2003 compromise, ftpmaster was - as usual - less than cooperative towards the people who wanted to do their own verification of archive integrity. For example, if I remember correctly, the question whether the automatic archive signing key was stored on one of the compromised boxes, was never clearly answered. secure apt has greatly improved things (with secure apt, one does not any more need the changes files to verify the archive, IIRC), but I still feel more comfortable if the more distributed model of binary packages signed by the builder were supported again. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Secure APT Key Management
On Wed, Jul 26, 2006 at 04:22:12PM +0100, martin f krafft wrote: > The way I envision key management is that every Debian machine > trusts the SPI CA. Then we provide a page to download and verify > keys, protected by SSL/TLS. Finally, we give the user easy-to-use > tools to install these keys, and proper error messages from APT that > will make it obvious what to do. > > I don't think it's asking too much of our users to manually declare > trust for a new release. But we should definitely get rid of the > one-year-long archive keys, which make no sense. Instead, have a key > for etch, one for sid, one for etch+1, one for security, and so on. > The user can then pick which ones s/he wants to trust. While we're at it, I am very much in favor that we start accepting binary package signatures again. We were on the right way to assure package integrity on a package level when our archive suddenly stopped accepting signed binary packages. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Proposal for public announcement for the next release update
On Mon, Jul 24, 2006 at 04:20:26PM +0200, Martin Schulze wrote: > Andreas Barth wrote: > > just two things: > > > > First, I think the release team has the right to send out texts to > > debian-news on his own. Why didn't you approve our mail? I'm considering > > to ask the mailing list admins to give us direct permissions to post to > > that list. > > I don't think so. I didn't think the mail was suitable for the list > as is, May I ask why you found the draft not suitable? Maybe outlining your rationale will help people draft announcements in a way acceptable to you. > which is why I took the liberty to start from scratch and phrase it > properly (imho) based on the detailed mail and information Marc sent > to the -devel-announce list before This was obviously not appreciated by the release team who probably had some special things in mind by submitting the press draft the way they did. > > Second, though I really welcome more announcements about the release of > > Etch, please wait until you get an ok from a release team member, > > I would have, if you and Marc wouldn't have whined so much before and > gotton onto my nerves. That left me with the impression that this > issue is so pressing that I must not delay it any further and send it > out as soon as I consider it suitable. I'm sorry if I have gotton a > wrong impression. I think you're overreacting here. Marc and aba pressed you to post _their_ version of the announcement. I suspect that if you had told them "your draft is not suiteable for publication because of foo and bar" they would have come up with an adapted version quite fast. I can at least partly understand why they take your ditching of their preparing work as an offense. > Unfortunately, this is the second time something like that happens, > and it has happened exactly after the same receipe. You prepare an > announcement, whine about it, adding pressure to me, so that I send it > out without enough time for re-confirmation, and then you're not happy > with the result either. Had you posted their prepared announcement, they would have been happy with the result. I think that a big part of the problem is your insisting on editing every piece of mail that goes over the press list. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: draft of announcement for sarge r2
On Wed, Apr 12, 2006 at 11:06:57AM +0200, Andreas Barth wrote: > Miscellaneous Bugfixes > -- > > This revision adds important corrections to the following packages. > Most of them don't affect the security of the system, but may affect > data integrity. aide is missing in that list. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: wanna-build only knows about older versions?
On Tue, Jul 05, 2005 at 03:02:53PM -0700, Steve Langasek wrote: > On Tue, Jul 05, 2005 at 11:49:15PM +0200, Florian Weimer wrote: > > * Steve Langasek: > > > > Of course security support is essential for released architectures, > > > I don't think this is the case. Apparently, we have successfully > > without security support, therefore it cannot be "essential". > > This sentence no verb. In addition, this sentence big troll. Can we please > stop playing this little game of implying that the people involved think > it's somehow acceptable to not have security support for stable? If that's the case, why do the people involved tolerate no security support for stable being available for more than a month now? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please consider exim4 4.50-8 for testing (666 lines of functional diff)
Hi, please consider pushing exim4 4.50-8 from unstable into testing as a last-minute update. The package - again - fixes a huge number of documentation issues which will hopefully help reducing the avalanche of bug reports we expect after sarge's release. After stripping all documentation fixes from the 118 Kbyte interdiff, 28 Kilobytes (666 lines) of functional fixes remain. This is what we did in detail (sorted in descending appropriateness): - we build against libmysqlclient12, as requested by the release team (PAM, NSS etc are already on 12). - In some circumstances, exim dumps arbitrary parts of /etc/passwd, /etc/group to the reject log. This is a local exim bug, a harmless one, but it is scary to people as the data is logged as being received from the remote side, causing "wtf, why is the other side sending me part of _my_ user database" kind of reactions, probably triggering security incident procedures. (no Debian bug number, backported upstream fix, 40 lines C diff). - The "installed debconf version is broken" message is now clearly flagged as a warning, issued by exim4-config.postinst. This might reduce bugs being filed against dpkg and/or debconf. Diff: 1 line. - We now ask for a mail-hub name unconditionally in satellite setups. This hopefully eases user confusion when installing for satellite setups. #304838, 70 lines diff. - dpkg-reconfigure exim4-config now has the changes effective immediately. A bad goof in the maintainer scripts had the changes ignored until a manual daemon reload (we reloaded the daemon at a stage in reconfiguration where the new configuration was not yet written). #310703, approx 40 lines shellscript diff. - The SASL code doesn't any more create log entries for trying unavailable mechanisms. This is a backported upstream fix. (#299743, 60 lines C diff) - A exim4.conf.localmacros file is now read in non-split config setups to allow more easy setting of local macros. (approx 100 lines of shellscript diff, a lot of them caused by a lengthy disclaimer which is added to the generated config file being moved to a different place in the script) - we now preserve escape sequences in /etc/exim4/update-exim4.conf.conf, which no longer breaks regular expressions given as answer to the debconf questions. Mostly, we replace calls to echo with calls to printf, and use environment variables to communicate with awk. (Bug #305957, approx 190 lines shellscript diff). - the local parts accepted by the ACLs are now locally configurable. This might be important since we are pretty restrictively filtering here. (#306094, approx 35 lines of configuration diff) Dear Release Managers, you're doing a superb job, please continue to do so. While I'd prefectly like to read an "approved" message in response to this message, in the event of these changes not being accepted in their entirety, please indicate which of these changes - all of which should be in sarge according to the Debian exim4 maintainers - would be appropriate for sarge. Please consider accepting exim4 4.50-8 for sarge. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim4 sarge package status (was: Please consider exim4 4.50-6 into testing)
Hi, exim4 4.50-6 is now 32 days old. It has been uploaded well before the base-freeze morphed to the full freeze, and would have propagated to testing on April 27, a week before the full freeze was allowed, if it had not been prematurely been frozen over a year ago on March 29, 2004. To take work load from the translators, the Debian exim4 maintainer team had decided to freeze the debconf templates even well before (last template change was on January 15, 2004, according to the changelog). This premature template freeze has turned out to backfire badly at us, since we will be releasing a package with debconf templates that might be misleading novice users. We still are getting many bugreports which are caused by the bad templates that we have been unable to change for 15 months now, and we expect an avalanche of bug reports after the release. -6 contains a lot of documentation fixes which can probably remedy the sheer number of bug reports expected after the release. Dear release team, pretty please consider approving exim4 4.50-6, or indicate what kind of information might be missing to speed up exim4 4.50-6's approval into sarge. Bug #307961 is one important bug being fixed in this version. #297670 might backfire at the security team, since failing patches might not be noticed during package build #299051 is bad one, breaking libnss-ldap setups, which concerns the interoperability with Windows infrastructures #303351 breaks the conftype "none". #300967 is an FTBFS on an unreleased architecture, kfreebsd-gnu. > > and integration of alternative configuration schemes which doesn't > > matter for sarge since these are for local use only anyway. > > These changes are no-ops for sarge, but prevent outdated but unused > code from being shipped with sarge. The removal of the skeletons for exim4-config-simple and exim4-config-medium from the source package is about half of the interdiff between -4, and -6. If you ignore these changes (which are guaranteed no-ops for sarge), the diff becomes much more manageable. Please approve exim4 4.50-6 for sarge. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: gnupg RC bugs
Hi, On Sun, May 08, 2005 at 12:36:12AM -0700, Steve Langasek wrote: > On Sun, May 08, 2005 at 01:59:01AM +0200, Norbert Tretkowski wrote: > > * Steve Langasek wrote: > > > On Sat, May 07, 2005 at 04:12:05PM +0200, Norbert Tretkowski wrote: > > > > Looks like James is no longer interested in maintaining gnupg. He > > > > doesn't respond to bugreports, and he also didn't respond to mails > > > > from the release managers where they asked him if a newer version > > > > of gnupg should get pushed into sarge. > > I would be doubly wary of letting a new upstream version of a package into > testing as an NMU. If James agrees that 1.4.1 is the way to go for sarge, I > would probably be willing to go with it since we know gnupg gets heavily > exercised by developers; otherwise, I think we're going to need backports > for the bugs in question. What are you going to do if James continues to ignore you as it seems to be the case from Norbert's narrative? Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
exim4 sarge package status (was: Please consider exim4 4.50-6 into testing)
Hi, exim4 4.50-6, currently in sid ~~ On Fri, Apr 29, 2005 at 11:12:28AM +0200, Marc Haber wrote: > It fixes a number of small bugs, including two that upstream really > wants to have fixed in the Debian package. #299733 causes SASL challenges to contain the wrong host name. I cannot comment about the severeness of that bug. The fix is, however, trivial, see debian/patches/82_upstream_fix-299733.dpatch #303351 completely breaks "conftype none" due to a bug in update-exim4.conf, again with a trivial fix. #296492 breaks host fallback when ipv6 is used. The code doesn't fall back to ipv4 in that case, preventing delivery of mail. #300967 allows building on kfreebsd-gnu #299051 is a bad one, breaking usage of exim4 with libnss-ldap #302060 sometimes results in mails being sent out with a syntactically invalid sender conftype non has always used split config even if non-split config was explicitly asked for lso, we added a fix to the build process which makes the build _really_ fail in case of a mis-applied patch. > The default configuration > has been re-worked to be more flexible and more orthogonal without > having too many functional changes. This fixes some wishlist requests asking for more possibilities of interfering with the configuration. > Other changes are documentation We have clarified documentation a lot, based on user's experience with the package and the docs in older versions, and sincerely hope that having a package with the improved documentation in sarge will reduce user questions. > and integration of alternative configuration schemes which doesn't > matter for sarge since these are for local use only anyway. These changes are no-ops for sarge, but prevent outdated but unused code from being shipped with sarge. > This package concentrates on packaging changes which have been held > back in the last package versions due to new upstream versions, and to > keep the interdiffs small and more easily manageable for the release > team. Please approve exim4 4.50-6 for sarge. exim4 4.50-7, in the process of being prepared ~~ fyi, we have the following changes already in the queue, and needlessly to say we'd like to have _these_ changes in sarge as well: The ACL documentation has become inconsistent in earlier versions. 4.50-7 will fix this. In some circumstances, exim writes parts of the local /etc/passwd and/or /etc/group to the rejectlog and claims that this information was received as part of an incoming e-mail. This suggests the local system being exploited and is actually quite scary. An upstream patch fixing this has been applied. #305957 rightfully complains that the debconf interface doesn't support regexps to be incorporated in update-exim4.conf.conf and generates invalid configuration in that case. This has been fixed. #299743 clutters logs with unsuccessful tries of using unsupported SASL mechanisms. This has been fixed by an upstream fix. #306970 We build against libmysqlclient12-dev now #304838 makes debconf always ask the dc_readhost question in case of satellite since this is needed and will lead to invalid messages being generated if not set. Otherwise, there are - again - minor changes to the configuration enhancing flexibility, and documentation clarification which hopefully helps to reduce user questions during sarge's stable phase. Please indicate whether 4.50-7 would have a chance for sarge, and how you'd like the package to be uploaded (priority- and distribution-wise). exim4 4.51-1, which could happen on request ~~~ Upstream is not too happy with the 4.50 version which was the first one being released under the new multi-developer concept. They have released 4.51 on May 4, 2005: ftp://ftp.exim.org/pub/exim/ChangeLogs/NewsStuff-4.51 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.51 This version has most of the fixes that we currently patch in in the upstream sources, reducing Debian's deviation from upstream. It allows us to more easily fix #285371 since dh parameters are now written in a format that can be generated by certtool as well. It allows redefinition of macros in the configuration file which will allow us to get rid of most of the ugly .ifdef constructs in configuration. Also, it allows macro definition not only in the main configuration, but also at later parts of configuration, making it possible to set macros where they are used. In short, that upstream version fixes a lot of issues that we'd have to live with through sarge lifetime, and some of the fixes have been done especially for Debian. It would be a shame not to have these things in the stable rlease. Please indicate whether a 4.51-1 would have a chance for sarge, and how you'd like the package to b
Please consider exim4 4.50-6 into testing
Hi, please consider pushing exim4 4.50-6 from unstable into testing. The package has been in sid for 10 days without any new bad bugs surfacing. It fixes a number of small bugs, including two that upstream really wants to have fixed in the Debian package. The default configuration has been re-worked to be more flexible and more orthogonal without having too many functional changes. Other changes are documentation and integration of alternative configuration schemes which doesn't matter for sarge since these are for local use only anyway. This package concentrates on packaging changes which have been held back in the last package versions due to new upstream versions, and to keep the interdiffs small and more easily manageable for the release team. If you need any more information, please ask. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim4_4.50-6 is needed to work with libnss-ldap
Hi, On Wed, Apr 20, 2005 at 10:19:57PM -0700, Steve Langasek wrote: > On Wed, Apr 20, 2005 at 11:14:38PM -0400, Jonathan Bastien-Filiatrault wrote: > > Bug #299051 renders the MTA unusable and fills up the /var partition on > > a machine with NSS/LDAP setup. The testing version 4.50-4 is hit by that > > bug. It would greatly be appreciated if a release manager could bring > > version 4.50-6 into testing. > > That request needs to come from the exim4 maintainers when they believe the > package is ready. 4.50-6 has been uploaded to unstable last weekend and thus is not old enough to get into testing. I consider the libnss-ldap issue a nuisance, but not bad enough a but to warrant an upload with non-low priority, risking breakage in other areas. The fix for the libnss-ldap issues has issues with the Installer, which is the cause for the fix being tested _very_ thoroughly. The installer, in my opinion, is much more important than libnss-ldap. When 4.50-6 passes the 10 days margin, I will ask for consideration to include ths version into testing, but currently it is way too early. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please push exim4 4.50-4 into testing
Hi, On Sun, Mar 13, 2005 at 08:41:00AM +0100, Marc Haber wrote: > please consider pushing exim4 4.50-4 from unstable into testing. The > package has been in sid for 10 days without any new bad bugs > surfacing. exim4 4.50 has been in sid for some time longer since we > hat two RC bugs in the first versions of the package. Additionally, it is now clear that exim4 4.50 actually fixes #293314, which is a quite bad bug which leads to corrupt spool files being created by exim. This fix should be in sarge. > If you need any more information, please ask. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please push exim4 4.50-4 into testing
Hi, please consider pushing exim4 4.50-4 from unstable into testing. The package has been in sid for 10 days without any new bad bugs surfacing. exim4 4.50 has been in sid for some time longer since we hat two RC bugs in the first versions of the package. It fixes a number of small bugs, introduces desireable features like submission mode which makes exim4 behave better when used as a smarthost, especially when MUAs are directly delivering via SMTP to it, and advances the package to the latest and greatest upstream version. The upstream patch is rather large, so we again tried to concentrate on the upstream code this time, not changing too much in the packaging code to reduce breakage possibility. Package creation has been closely coordinated with aba to ease the transition into sarge. If you need any more information, please ask. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do not make gratuitous source uploads just to provoke the buildds!
On Fri, Mar 11, 2005 at 05:03:55PM -0800, Thomas Bushnell BSG wrote: > Unfortunately, the queue ordering policy is unclear. I was guessing > that the priority of the upload would have something to do with > queueing policy. > > Since the all but one of the other arch buildd's have empty > needs-build queues, it is harmless to force them to execute a > recompile and costs no scarce resources. I did check this before > uploading. Did you also check how much network traffic would be wasted by rolling out the unnecessary package to all mirrors? Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please push adduser 3.62 into testing
On Fri, Mar 04, 2005 at 07:30:57AM +0100, Marc Haber wrote: > This is obviously a mistake. I'll upload a new version. 3.63 is now in unstable. A pity that we'll lose another ten days now. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please push adduser 3.62 into testing
On Thu, Mar 03, 2005 at 10:06:08PM -0800, Steve Langasek wrote: > @@ -718,23 +726,24 @@ > # is name ok? > sub checkname { > my ($name) = @_; > -if ($allow_badname && $name !~ /^[A-Za-z_][-_A-Za-z0-9]*\$?$/) { > +if ($name !~ /^[-\.A-Za-z0-9]*\$?$/) { > print STDERR > -"$0: ",_("To avoid problems, the username should consist of a letter or > -underscore followed by letters, digits, underscores, and dashes. For > -compatibility with Samba machine accounts \$ is also supported at the > -end of the username\n"); > +"$0: ",_("To avoid problems, the username should consist of > +letters, digits, underscores, periods and dashes. For compatibility with > +Samba machine accounts \$ is also supported at the end of the username\n"); > exit 1; > } > > At a glance, this change to adduser seems to be intended to relax the regex > used for checking the validity of the usernames, but on close inspection I > see that _ was previously an allowed character and is no longer allowed > (even if configuring name_regex). I don't see any rationale for this change > in the changelog, could you explain why this was done? This is obviously a mistake. I'll upload a new version. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please push adduser 3.62 into testing
Hi, please consider pushing adduser 3.62 into testing. The package hass been in sid for 10 days without bad bugs surfacing, and has spent some time in experimental before. It fixes a number of small bugs, and has a number of new safety features which can be used to avoid bigger parts of the system (including / and /usr) when removing accounts with insanely set home directories. If you need any more information, please ask. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please push exim4 4.44-2 into testing
Hi, please consider pushing exim4 4.44-2 from unstable into testing. The package hass been in sid for 19 days without bad bugs surfacing. It fixes a number of small bugs, introduces desireable features and advances the package to the latest and greatest upstream version. The upstream patch is rather large, so we tried to concentrate on the upstream code this time, not changing too much in the packaging code to reduce breakage possibility. Package creation has been closely coordinated with aba to ease the transition into sarge. If you need any more information, please ask. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Please hint exim4 4.34-10 into sarge
Hi, please allow exim4 4.34-10 from unstable into sarge. This version fixes two security issues (CAN-2005-021 and CAN-2005-0022), and only contains build-time and documentation fixes. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Re: 4.34-4sarge3 uploaded (was: Exim4 upload?)
On Thu, Oct 14, 2004 at 11:23:18AM -0700, Steve Langasek wrote: > Sorry for putting you to the extra effort, Marc, it was never > actually my intention that you upload to t-p-u for this matter. :/ $CURSE > If there are no objections from the exim4 maintainers, I can push -6 > into testing, and then we can look at debootstrap again. Marc, this > means that any changes included in -4sarge3 but not in -6 would need to > be reuploaded to unstable once -6 goes in; which is really the case > anyway, if those changes should be there for etch. Andreas is still offline, so I'll say that pushing in -6 is fine. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 151 152 442 95 Nordisch by Nature | How to make an American Quilt |
4.34-4sarge3 uploaded (was: Exim4 upload?)
On Fri, Oct 08, 2004 at 11:23:51AM +0200, Marc Haber wrote: > I plan to upload on sunday. done. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Re: Exim4 upload?
On Fri, Oct 08, 2004 at 09:10:30AM +0200, Marc Haber wrote: > I will try to prepare a sarge-targeted upload over the weekend, > including gnutls11. Since I don't have any clue about TLS, some > testing done by somebody familiar with gnutls would be greatly > appreciated. The prepared version can be downloaded from http://q.bofh.de/~mh/debian/exim4/sarge I'd appreciate testing, especially gnutls related. I plan to upload on sunday. Andreas, how do I configure cvs-buildpacke in a way so that it allows usage despite the directory being called exim, not exim4? I had to build manually. lintian and linda give a truckload of errors, are these known and intended? I deliberately left the sid version untouched. Most changes need to be merged there. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Re: Exim4 upload?
On Fri, Oct 08, 2004 at 07:15:28AM +0200, Christian Perrier wrote: > Andreas, He is currently on vacation. > A few discussions seen recently in -release (IIRC...it was maybe > somewhere else) showed that exim4 may need an sarge-targeted upload (I > don't have the BTS available right now so I don't remember why exactly). > > May I remind you that a few translations are currently pending (uk and > very recently ro) ? > > If you plan an upload, could you include these translations as well > (the release team is OK with that)? > > If you don't have time for sich upload, are you OK with a NMU? I will try to prepare a sarge-targeted upload over the weekend, including gnutls11. Since I don't have any clue about TLS, some testing done by somebody familiar with gnutls would be greatly appreciated. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Re: FTFBS in sarge
On Thu, Sep 02, 2004 at 04:23:46PM +0200, Bastian Blank wrote: > The chroots have no proc mounted. Nothing describes them as necesary. zebra used to ftbfs without /proc. I remember a length debugging session when backporting because the build error message given was _very_ obscure. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Re: Can adduser 0.59 be hinted to sarge?
On Mon, Aug 16, 2004 at 12:58:30AM +0100, Colin Watson wrote: > On Sun, Aug 15, 2004 at 10:21:06PM +0200, Marc Haber wrote: > > Currently, sarge has adduser 0.57, sid has adduser 0.59 > > > > 0.59 has been uploaded on July 30, before the freeze, and both 0.58 > > and 0.59 have been translation updates only without the actual code > > being touched. > > > > Can 0.59 be hinted to sarge, or should I upload a 0.60 to t-p-u? > > Diff approved; I've marked adduser 2.59 to be forced into sarge. 3.59. Even I didn't get my own version numbers right. > [Sorry if you didn't want a CC; it's kind of awkward to decide whether > to treat debian-release as a role address or as a mailing list ...] no sweat. Greetings Marc -- ----- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29
Can adduser 0.59 be hinted to sarge?
Currently, sarge has adduser 0.57, sid has adduser 0.59 0.59 has been uploaded on July 30, before the freeze, and both 0.58 and 0.59 have been translation updates only without the actual code being touched. Can 0.59 be hinted to sarge, or should I upload a 0.60 to t-p-u? Thanks for your information. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things."Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29