Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sat, Nov 08, 2014 at 03:27:26PM +, Julien Cristau wrote: On Sat, Nov 8, 2014 at 10:29:17 +0100, Moritz Mühlenhoff wrote: On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote: On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: Sorry I didn't get to these quickly. Do you have an updated list and/or package versions? Otherwise I'll just go ahead with the original list. I can filter out packages which have been uploaded since then. I'll send you the updated list in a few days. Here's the updated - and compared to the last one - greatly reduced list, also including three packages using hardening-[wrapper|includes] not yet built after these also enabled -strong. A few packages are included which have been an upload to sid, but which didn't make the cutoff for the freeze. I'm including these to ensure that the version in testing is rebuilt, even if some of these later uploads might still be unblocked later: I've scheduled the ones for sid. A mixed list with some jessie and some sid rebuilds is not something I can use, especially if the requested distribution is implicit. Thanks, is something required to migrate these to jessie? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141119220847.GA18108@pisco.westfalen.local
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Wed, Nov 19, 2014 at 23:08:47 +0100, Moritz Mühlenhoff wrote: Thanks, is something required to migrate these to jessie? Britney attempts to migrate binNMUs automatically, they're not affected by the freeze. Of course they only actually migrate if their dependencies are satisfiable. Cheers, Julien signature.asc Description: Digital signature
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote: On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: Sorry I didn't get to these quickly. Do you have an updated list and/or package versions? Otherwise I'll just go ahead with the original list. I can filter out packages which have been uploaded since then. I'll send you the updated list in a few days. Here's the updated - and compared to the last one - greatly reduced list, also including three packages using hardening-[wrapper|includes] not yet built after these also enabled -strong. A few packages are included which have been an upload to sid, but which didn't make the cutoff for the freeze. I'm including these to ensure that the version in testing is rebuilt, even if some of these later uploads might still be unblocked later: Cheers, Moritz afuse alsaplayer antiword aptitude audiofile avahi barnowl bip bogofilter bzip2 cabextract chmlib chrony citadel courier-authlib cpio cups-pk-helper dash debianutils diffutils dvipng ecryptfs-utils ekg elinks enscript exiftags expat fetchmail findutils firebird2.5 flac flex fontforge fuse gdbm gmime heimdal hplip hylafax icinga id3lib3.8.3 imlib2 inotify-tools iptables iputils ircd-ratbox iscsitarget kaffeine ktorrent kvirc l2tpns lcms2 libapache-mod-jk libapache2-mod-auth-pgsql libapache2-mod-authnz-external libapache2-mod-fcgid libcdaudio libdmx libdumb libfs libgtop2 libhtml-parser-perl libmodplug libnss-ldap libpam-krb5 libpam-ldap libpng libproxy libsmi libsndfile libtar libtk-img libwmf libwpd libxcb libxcursor libxfixes libxfont libxi libxinerama libxrandr libxrender libxres libxslt libxt libxtst libxv libxvmc libxxf86dga libxxf86vm libyaml-libyaml-perl links2 linux-ftpd logrotate lurker lynx-cur mailman mapserver maradns mimetex mlmmj nas nbd ndiswrapper net-tools newt ntp nut openconnect opensaml2 tiff xmlsec1 mysql-5.5 znc tar raptor ldns opensc pimd pmount pptpd psi pstotext python-crypto readline6 rssh rsync ruby-gnome2 sdl-image1.2 sed shadow snmptrapfmt socat spamass-milter splitvt super tcpreen telepathy-gabble tinc tinyproxy traceroute unalz unzip x11-xserver-utils xfce4-terminal xml-security-c xz-utils zoo -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141108092917.GA10690@pisco.westfalen.local
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sat, Nov 8, 2014 at 10:29:17 +0100, Moritz Mühlenhoff wrote: On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote: On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: Sorry I didn't get to these quickly. Do you have an updated list and/or package versions? Otherwise I'll just go ahead with the original list. I can filter out packages which have been uploaded since then. I'll send you the updated list in a few days. Here's the updated - and compared to the last one - greatly reduced list, also including three packages using hardening-[wrapper|includes] not yet built after these also enabled -strong. A few packages are included which have been an upload to sid, but which didn't make the cutoff for the freeze. I'm including these to ensure that the version in testing is rebuilt, even if some of these later uploads might still be unblocked later: I've scheduled the ones for sid. A mixed list with some jessie and some sid rebuilds is not something I can use, especially if the requested distribution is implicit. Cheers, Julien signature.asc Description: Digital signature
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote: On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? I think if you have a list now, that would be fine. We can always give them low build priority to not monopolize the buildds. Ok, will send the latest list in a few days. Is a list of source packages enough or do you need to current version in unstable as well? A version would allow us to not do unnecessary rebuilds if there's been a new upload after you generated the list. But if it's painful for you to generate, it's not actually mandatory. ATM I only have a list of source packages, see below. I can whip up a script to generate versions over the weekend, but since these packages haven't seen an upload since August 10th, there's probably little overhead if one or two would be built twice. Sorry I didn't get to these quickly. Do you have an updated list and/or package versions? Otherwise I'll just go ahead with the original list. Cheers, Julien signature.asc Description: Digital signature
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: Sorry I didn't get to these quickly. Do you have an updated list and/or package versions? Otherwise I'll just go ahead with the original list. I can filter out packages which have been uploaded since then. I'll send you the updated list in a few days. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141102225344.gb3...@inutil.org
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Tue, September 23, 2014 22:36, Moritz Mühlenhoff wrote: On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote: On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? ATM I only have a list of source packages, see below. I can whip up a script to generate versions over the weekend, but since these packages haven't seen an upload since August 10th, there's probably little overhead if one or two would be built twice. I'm not sure if this went through already, but it may be useful to include those packages that build-depend on hardening-wrapper or hardening-includes in your set, since that now also has the stronger hardening configuration. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e88c20a0d98f31973517f0fba018ad2a.squir...@aphrodite.kinkhorst.nl
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On 06/10/14 11:48, Thijs Kinkhorst wrote: On Tue, September 23, 2014 22:36, Moritz Mühlenhoff wrote: On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote: On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? ATM I only have a list of source packages, see below. I can whip up a script to generate versions over the weekend, but since these packages haven't seen an upload since August 10th, there's probably little overhead if one or two would be built twice. I'm not sure if this went through already, I don't think it has. I was waiting for the libjpeg62 situation to settle as some of this binNMUs will benefit that, and I'd like to avoid scheduling them twice. Emilio -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54329f48.7040...@debian.org
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote: On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? I think if you have a list now, that would be fine. We can always give them low build priority to not monopolize the buildds. Ok, will send the latest list in a few days. Is a list of source packages enough or do you need to current version in unstable as well? A version would allow us to not do unnecessary rebuilds if there's been a new upload after you generated the list. But if it's painful for you to generate, it's not actually mandatory. ATM I only have a list of source packages, see below. I can whip up a script to generate versions over the weekend, but since these packages haven't seen an upload since August 10th, there's probably little overhead if one or two would be built twice. afuse alsaplayer antiword apr-util aptitude aria2 arpwatch audiofile avahi barnowl bip bogofilter bsdmainutils bzip2 cabextract chmlib chrony citadel clamav collectd courier courier-authlib cpio cron cups-pk-helper cvs cwidget dash debianutils diffutils dvipng ecryptfs-utils ekg elinks enscript exiftags expat fbi fetchmail findutils firebird2.5 flac flex fontforge freeradius fuse gdbm gmime gnash gnumeric gzip heimdal hplip httrack hylafax icinga icu id3lib3.8.3 ifupdown imlib2 inetutils inotify-tools inspircd iptables iputils ircd-ratbox iscsitarget jasper kaffeine ktorrent kvirc l2tpns lcms2 libapache-mod-auth-kerb libapache-mod-jk libapache2-mod-auth-pgsql libapache2-mod-authnz-external libapache2-mod-fcgid libapache2-mod-rpaf libcdaudio libcgroup libdmx libdumb libextractor libfishsound libfs libgd2 libgdata libgsf libgtop2 libhtml-parser-perl libmodplug libnss-ldap libotr libpam-krb5 libpam-ldap libpipeline libpng libproxy libsigc++-2.0 libsmi libsndfile libspf2 libtar libtheora libtk-img libupnp libupnp4 libusb libvorbis libwmf libwpd libxcb libxcursor libxext libxfixes libxfont libxi libxinerama libxml2 libxrandr libxrender libxres libxslt libxt libxtst libxv libxvmc libxxf86dga libxxf86vm libyaml-libyaml-perl links2 linux-ftpd logrotate lurker lynx-cur maildrop mailman mapserver maradns memcached mimetex mlmmj modsecurity-apache mon mono mtr nas nbd ncompress ndiswrapper net-tools netrik newt notmuch nss-pam-ldapd ntp nut openarena openconnect openjpeg opensaml2 opensc openssh pam-pgsql pcsc-lite pdns pimd pmount postgresql-9.4 pound ppp pptpd procps proftpd-dfsg psi pstotext pulseaudio pymongo python-crypto quagga radsecproxy raptor readline6 rssh rsync ruby-gnome2 samba screen sdl-image1.2 sed shadow slang2 slurm-llnl snmptrapfmt socat spamass-milter spamassassin splitvt stunnel4 super sympa systemtap tar tcpreen telepathy-gabble texinfo tiff tinc tinyproxy traceroute unalz unzip util-linux uw-imap varnish vino vsftpd wget wireshark wpa x11-xserver-utils xapian-omega xfce4-terminal xml-security-c xmlsec1 xz-utils zoo Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140923203642.GA6088@pisco.westfalen.local
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? I think if you have a list now, that would be fine. We can always give them low build priority to not monopolize the buildds. Cheers, Julien signature.asc Description: Digital signature
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? I think if you have a list now, that would be fine. We can always give them low build priority to not monopolize the buildds. Ok, will send the latest list in a few days. Is a list of source packages enough or do you need to current version in unstable as well? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140920105354.gc7...@inutil.org
Re: binNMUs for dpkg-buildflags / -fstack-protector-strong
On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team, dpkg-buildflags was switched to the strong stack protector on the 10th of August. Many security-sensitive packages have already been uploaded to unstable since then and I'm tracking which are missing. For the remaining ones I'd like to request binNMUs. Is that ok with and when's the best time? Probably not to early before the freeze since some maintainer uploads will follow anyway, but also not to close to the freeze. Maybe mid-October? I think if you have a list now, that would be fine. We can always give them low build priority to not monopolize the buildds. Ok, will send the latest list in a few days. Is a list of source packages enough or do you need to current version in unstable as well? A version would allow us to not do unnecessary rebuilds if there's been a new upload after you generated the list. But if it's painful for you to generate, it's not actually mandatory. Cheers, Julien signature.asc Description: Digital signature