Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tag -1 confirmed Adam D. Barratt (2014-12-01): > I've unblocked 1:9.9.5.dfsg-6, but it'll need a d-i ack due to the udeb. No objections. Mraw, KiBi. signature.asc Description: Digital signature
Processed: Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Processing control commands: > tag -1 confirmed Bug #769583 [release.debian.org] unblock: bind9/ 9.9.5 with patch or 9.9.6? Added tag(s) confirmed. -- 769583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769583 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b769583.141743562228209.transcr...@bugs.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tags -1 + d-i On 2014-11-28 7:58, Daniel Pocock wrote: On 21/11/14 18:58, Niels Thykier wrote: Any news on this upload? :) ~Niels Hi LaMont, I've prepared an NMU, the debdiff is attached and I am happy to upload it if you like I've unblocked 1:9.9.5.dfsg-6, but it'll need a d-i ack due to the udeb. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/45df5d5d8cde7d4a9efc824e6ac3d...@mail.adsl.funky-badger.org
Processed: Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Processing control commands: > tags -1 + d-i Bug #769583 [release.debian.org] unblock: bind9/ 9.9.5 with patch or 9.9.6? Added tag(s) d-i. -- 769583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769583 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b769583.141743487022879.transcr...@bugs.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 21/11/14 18:58, Niels Thykier wrote:
> On 2014-11-17 23:43, LaMont Jones wrote:
>> [...]
>>
>> Again, without actually looking at it, I'm inclined to agree. 87k
>> lines this late in the process is too many.
>>
>> I'll get a patch together for 9.9.5, but it may be wednesday before I have
>> it uploaded to sid, and a diff sent to you guys.
>>
>> lamont
>>
>>
> Hi LaMont,
>
> Any news on this upload? :)
>
> ~Niels
>
>
Hi LaMont,
I've prepared an NMU, the debdiff is attached and I am happy to upload
it if you like
Regards,
Daniel
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,10 @@
+bind9 (1:9.9.5.dfsg-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Ensure dlz_dlopen.h is installed. (Closes: #769117)
+
+ -- Daniel Pocock Fri, 28 Nov 2014 07:49:27 +0100
+
bind9 (1:9.9.5.dfsg-5) unstable; urgency=medium
* Avoid libnsl dependency on non-linux architectures. Closes: #766430
diff -u bind9-9.9.5.dfsg/debian/rules bind9-9.9.5.dfsg/debian/rules
--- bind9-9.9.5.dfsg/debian/rules
+++ bind9-9.9.5.dfsg/debian/rules
@@ -126,6 +126,7 @@
dh_installdirs
$(MAKE) -C export install DESTDIR=`pwd`/debian/bind9
$(MAKE) install DESTDIR=`pwd`/debian/bind9
+ install -m 644 -o root -g root ./lib/dns/include/dns/dlz_dlopen.h
debian/bind9/usr/include/dns/dlz_dlopen.h
rm -rf debian/bind9/usr/etc
find debian/bind9 -name \*.la -execdir rm -f {} \;
mkdir -p debian/bind9/lib/$(DEB_HOST_MULTIARCH)
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 2014-11-17 23:43, LaMont Jones wrote: > [...] > > Again, without actually looking at it, I'm inclined to agree. 87k > lines this late in the process is too many. > > I'll get a patch together for 9.9.5, but it may be wednesday before I have > it uploaded to sid, and a diff sent to you guys. > > lamont > > Hi LaMont, Any news on this upload? :) ~Niels -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546f7d3a.5080...@thykier.net
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Mon, Nov 17, 2014 at 08:06:02PM +0100, Niels Thykier wrote: > In the particular case, it has been suggested that the final changes > compared to testing will be 87 000 (or more) lines. Unless 97+% of this > is pure documentational/auto-generated changes, which can be filtered > out and turn this into a sanely reviewable diff, I find it unlikely that > we can approve of these changes. Again, without actually looking at it, I'm inclined to agree. 87k lines this late in the process is too many. I'll get a patch together for 9.9.5, but it may be wednesday before I have it uploaded to sid, and a diff sent to you guys. lamont -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141117224334.ga24...@mix.mmjgroup.com
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 17/11/14 20:06, Niels Thykier wrote: > On 2014-11-17 19:19, LaMont Jones wrote: >> [...] >> Generally speaking, I have found the fix-level updates to bind to be very >> safe and sane, although sometimes they are somewhat large. I have not >> looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to >> see them do anything in a fix-release than, well, fix things. >> >> I would recommend 9.9.6 for the upstream fixes. If that's good, I >> should be able to upload it tonight. >> >> lamont >> >> > > Hi LaMont, > > Please note that the release team do not pre-approve changes without > seeing a concrete debdiff. > > In the particular case, it has been suggested that the final changes > compared to testing will be 87 000 (or more) lines. Unless 97+% of this > is pure documentational/auto-generated changes, which can be filtered > out and turn this into a sanely reviewable diff, I find it unlikely that > we can approve of these changes. > Hi LaMont, I suspect this is the final word on it from the release team and we may have to stick with 9.9.5. Here is the patch I submitted in the RC bug, it is one line: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=install_dlz_dlopen.patch;att=1;bug=769117 It has already been tested, it correctly installs the missing header and then my package builds too. Is it OK for you to add this and make the debdiff or would you like me to do it as an NMU? Regards, Daniel -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546a540d.4020...@pocock.pro
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 2014-11-17 19:19, LaMont Jones wrote: > [...] > Generally speaking, I have found the fix-level updates to bind to be very > safe and sane, although sometimes they are somewhat large. I have not > looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to > see them do anything in a fix-release than, well, fix things. > > I would recommend 9.9.6 for the upstream fixes. If that's good, I > should be able to upload it tonight. > > lamont > > Hi LaMont, Please note that the release team do not pre-approve changes without seeing a concrete debdiff. In the particular case, it has been suggested that the final changes compared to testing will be 87 000 (or more) lines. Unless 97+% of this is pure documentational/auto-generated changes, which can be filtered out and turn this into a sanely reviewable diff, I find it unlikely that we can approve of these changes. ~Niels -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546a471a.7000...@thykier.net
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: > testing currently has bind9 version 1:9.9.5.dfsg-5 > > Upstream released 9.9.6 fixing some bugs with an impact on compatibility > and at least one appears to be security related > "Corrected bugs in the handling of wildcard records by the DNSSEC > validator: invalid wildcard expansions could be treated as valid if > signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD > bit set incorrectly in responses. [RT #37093] [RT #37072]" Generally speaking, I have found the fix-level updates to bind to be very safe and sane, although sometimes they are somewhat large. I have not looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to see them do anything in a fix-release than, well, fix things. I would recommend 9.9.6 for the upstream fixes. If that's good, I should be able to upload it tonight. lamont -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141117181932.ga32...@mix.mmjgroup.com
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Sun, November 16, 2014 17:01, Daniel Pocock wrote: > On 16 November 2014 16:58:47 CET, Jonathan Wiltshire >>Did you get any responses from elsewhere to this? > Not yet, I'll follow up after the weekend. If no response, I'm happy to > NMU the one line fix to copy the missing header into the dev package, > please advise if that would be OK for the release team. >From the security team side I don't think we see a strong case to move to 9.9.6 at this point... Thijs -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/c47d3ccc860407573832ddefcf05cfa1.squir...@aphrodite.kinkhorst.nl
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 16 November 2014 16:58:47 CET, Jonathan Wiltshire wrote: >Control: tag -1 moreinfo > >On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: >> I understand the release team would usually prefer to see the one >line >> fix for debian/rules against the existing package and I'm happy to >NMU >> if the maintainers aren't able to provide that in the next couple of >> days. However, does anybody feel there is a strong enough case to >jump >> directly to the latest version, 9.9.6, does the security team have >any >> opinion on this package and its upstream changelog? > >Did you get any responses from elsewhere to this? Not yet, I'll follow up after the weekend. If no response, I'm happy to NMU the one line fix to copy the missing header into the dev package, please advise if that would be OK for the release team. -- http://danielpocock.com -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/33c1282b-f4f8-4846-921a-4fdef3670...@pocock.pro
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tag -1 moreinfo On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: > I understand the release team would usually prefer to see the one line > fix for debian/rules against the existing package and I'm happy to NMU > if the maintainers aren't able to provide that in the next couple of > days. However, does anybody feel there is a strong enough case to jump > directly to the latest version, 9.9.6, does the security team have any > opinion on this package and its upstream changelog? Did you get any responses from elsewhere to this? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 signature.asc Description: Digital signature
Processed: Re: Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Processing control commands: > tag -1 moreinfo Bug #769583 [release.debian.org] unblock: bind9/ 9.9.5 with patch or 9.9.6? Added tag(s) moreinfo. -- 769583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769583 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b769583.141615353129906.transcr...@bugs.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Package: release.debian.org X-Debbugs-CC: secur...@debian.org,lam...@debian.org,mgilb...@debian.org User: release.debian@packages.debian.org UserTags: unblock testing currently has bind9 version 1:9.9.5.dfsg-5 Upstream released 9.9.6 fixing some bugs with an impact on compatibility and at least one appears to be security related "Corrected bugs in the handling of wildcard records by the DNSSEC validator: invalid wildcard expansions could be treated as valid if signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]" Full upstream changelogs: https://kb.isc.org/article/AA-01210/0/BIND-9.9.6-Release-Notes.html I haven't made a debdiff but looking at the list of things in the changelog it probably isn't trivial. There is also one outstanding RC issue in bind9 that can be fixed with a one line patch against the existing package or it is fixed upstream by the 9.9.6 release, missing dlz_dlopen.h header file: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769117 I understand the release team would usually prefer to see the one line fix for debian/rules against the existing package and I'm happy to NMU if the maintainers aren't able to provide that in the next couple of days. However, does anybody feel there is a strong enough case to jump directly to the latest version, 9.9.6, does the security team have any opinion on this package and its upstream changelog? Looking at the upstream support lifecycle, bind9 9.9.x appears to be supported until June 2017, this appears OK for the support lifecycle of jessie: http://www.isc.org/downloads/software-support-policy/ -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546649b2.9030...@pocock.pro
