Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Tue, 6 Feb 2024 at 18:13, Jonathan Wiltshire wrote: > > Hi, > > On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote: > > We would like to upload the latest stable point release of ovn 23.03 > > to bookworm-p-u. Stable release branches are maintained upstream with > > the intention of providing bug fixes only and no compatibility > > breakages, and with automated non-trivial CI jobs that also cover > > Debian and Ubuntu. > > > > Debdiff attached. Packaging updated with gbp/salsa config for new > > bookworm stable branch and in-flight patches to fix an issue with > > unnecessary logging breaking one of the tests introduced in the point > > release. > > This request was approved but not uploaded in time for the previous point > release (12.5). Should it be included in 12.6, or should this request be > abandoned and closed? Sorry, I missed that this was already approved and I was waiting for a go-ahead. I have done the upload just now.
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Hi, On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote: > We would like to upload the latest stable point release of ovn 23.03 > to bookworm-p-u. Stable release branches are maintained upstream with > the intention of providing bug fixes only and no compatibility > breakages, and with automated non-trivial CI jobs that also cover > Debian and Ubuntu. > > Debdiff attached. Packaging updated with gbp/salsa config for new > bookworm stable branch and in-flight patches to fix an issue with > unnecessary logging breaking one of the tests introduced in the point > release. This request was approved but not uploaded in time for the previous point release (12.5). Should it be included in 12.6, or should this request be abandoned and closed? Thanks, -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Processed: Re: Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Processing control commands: > tags -1 confirmed Bug #1051466 [release.debian.org] bookworm-pu: package ovn/23.03.1-1~deb12u1 Added tag(s) confirmed. -- 1051466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051466 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Control: tags -1 confirmed On Fri, 2023-09-08 at 13:32 +0200, Frode Nordahl wrote: > We would like to upload the latest stable point release of ovn 23.03 > to bookworm-p-u. Stable release branches are maintained upstream with > the intention of providing bug fixes only and no compatibility > breakages, and with automated non-trivial CI jobs that also cover > Debian and Ubuntu. > > Debdiff attached. Packaging updated with gbp/salsa config for new > bookworm stable branch and in-flight patches to fix an issue with > unnecessary logging breaking one of the tests introduced in the point > release. As Salvatore noted, the mail I'm quoting never made it to debian- release, most likely due to the size of the attached diff. For future reference, you may wish to try to reduce the size of the attachment by e.g. compressing the diff. You could also filter out e.g. test suite changes, so long as you clearly note in the request exactly what filtering you have applied. For instance, your original diff comes to 78 files changed, 5643 insertions(+), 1808 deletions(-) but excluding "*/tests/*" reduces that to 62 files changed, 2179 insertions(+), 791 deletions(-) Please go ahead, using the newer diff with the bug closure in the changelog. Regards, Adam
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Thu, 28 Sept 2023 at 21:13, Adam D. Barratt wrote: > > On Tue, 2023-09-19 at 08:59 +0100, Luca Boccassi wrote: > > On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso < > > car...@debian.org> wrote: > [...] > > > Two obervations: Can you please close #1043598 in the > > > debian/changelog as well as the update addresses CVE-2023-3153. > [...] > > Changelog mentions CVE and bug: > > > > ovn (23.03.1-1~deb12u1) bookworm; urgency=medium > > > > * Team upload. > > * Update upstream source from tag 'upstream/23.03.1' > > - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. > > (Closes: #1043598) > > * d/p/*vif-plug-representor*: Lower severity of failure to set udev > > receive buffer size (LP: #2034700). > > > > In fact, the debdiff that was attached to the request does not contain > that bug closure: > > + * Team upload. > + * Update upstream source from tag 'upstream/23.03.1' > +- Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. > + * d/p/*vif-plug-representor*: Lower severity of failure to set udev > +receive buffer size (LP: #2034700). > > Is it not the correct debdiff? Yes it was the old one, I just downloaded it from the original mail, forgetting that we made that change later. New one: https://pastebin.ubuntu.com/p/5TV6fWFYtx/
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Tue, 2023-09-19 at 08:59 +0100, Luca Boccassi wrote: > On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso < > car...@debian.org> wrote: [...] > > Two obervations: Can you please close #1043598 in the > > debian/changelog as well as the update addresses CVE-2023-3153. [...] > Changelog mentions CVE and bug: > > ovn (23.03.1-1~deb12u1) bookworm; urgency=medium > > * Team upload. > * Update upstream source from tag 'upstream/23.03.1' > - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. > (Closes: #1043598) > * d/p/*vif-plug-representor*: Lower severity of failure to set udev > receive buffer size (LP: #2034700). > In fact, the debdiff that was attached to the request does not contain that bug closure: + * Team upload. + * Update upstream source from tag 'upstream/23.03.1' +- Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. + * d/p/*vif-plug-representor*: Lower severity of failure to set udev +receive buffer size (LP: #2034700). Is it not the correct debdiff? Regards, Adam
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Tue, 19 Sep 2023 08:59:05 +0100 Luca Boccassi wrote: > On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso wrote: > > > > Hi > > > > (not a SRM here, but below some comments) > > > > On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote: > > > Package: release.debian.org > > > Severity: normal > > > Tags: bookworm > > > User: release.debian@packages.debian.org > > > Usertags: pu > > > X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org > > > > > > Dear Release Team, > > > > > > We would like to upload the latest stable point release of ovn 23.03 > > > to bookworm-p-u. Stable release branches are maintained upstream with > > > the intention of providing bug fixes only and no compatibility > > > breakages, and with automated non-trivial CI jobs that also cover > > > Debian and Ubuntu. > > > > > > Debdiff attached. Packaging updated with gbp/salsa config for new > > > bookworm stable branch and in-flight patches to fix an issue with > > > unnecessary logging breaking one of the tests introduced in the point > > > release. > > > > Your debdiff did not make it to the list I think because of the size. > > > > Two obervations: Can you please close #1043598 in the debian/changelog > > as well as the update addresses CVE-2023-3153. > > > > You would need first to make sure the fixes land in unstable unless > > you plan to diverge and go to a new upstream version for another > > branch. But make sure CVE-2023-3153 / #1043598 fix is included in > > usntable as well. > > > > Hope this helps, > > Yes this will diverge from unstable, where we have just uploaded a new > major version. > > Changelog mentions CVE and bug: > > ovn (23.03.1-1~deb12u1) bookworm; urgency=medium > > * Team upload. > * Update upstream source from tag 'upstream/23.03.1' > - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. > (Closes: #1043598) > * d/p/*vif-plug-representor*: Lower severity of failure to set udev > receive buffer size (LP: #2034700). > > -- Frode Nordahl Fri, 08 Sep 2023 09:02:09 +0200 Hi, Any update on this? We'd like to have it in 12.2 as it fixes a (minor) CVE. Attaching link to debdiff so that it doesn't trigger the size issue: https://pastebin.ubuntu.com/p/wqQ9SnNcH4/ -- Kind regards, Luca Boccassi signature.asc Description: This is a digitally signed message part
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
On Tue, 19 Sept 2023 at 08:21, Salvatore Bonaccorso wrote: > > Hi > > (not a SRM here, but below some comments) > > On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote: > > Package: release.debian.org > > Severity: normal > > Tags: bookworm > > User: release.debian@packages.debian.org > > Usertags: pu > > X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org > > > > Dear Release Team, > > > > We would like to upload the latest stable point release of ovn 23.03 > > to bookworm-p-u. Stable release branches are maintained upstream with > > the intention of providing bug fixes only and no compatibility > > breakages, and with automated non-trivial CI jobs that also cover > > Debian and Ubuntu. > > > > Debdiff attached. Packaging updated with gbp/salsa config for new > > bookworm stable branch and in-flight patches to fix an issue with > > unnecessary logging breaking one of the tests introduced in the point > > release. > > Your debdiff did not make it to the list I think because of the size. > > Two obervations: Can you please close #1043598 in the debian/changelog > as well as the update addresses CVE-2023-3153. > > You would need first to make sure the fixes land in unstable unless > you plan to diverge and go to a new upstream version for another > branch. But make sure CVE-2023-3153 / #1043598 fix is included in > usntable as well. > > Hope this helps, Yes this will diverge from unstable, where we have just uploaded a new major version. Changelog mentions CVE and bug: ovn (23.03.1-1~deb12u1) bookworm; urgency=medium * Team upload. * Update upstream source from tag 'upstream/23.03.1' - Add CoPP for the svc_monitor_mac. This addresses CVE-2023-3153. (Closes: #1043598) * d/p/*vif-plug-representor*: Lower severity of failure to set udev receive buffer size (LP: #2034700). -- Frode Nordahl Fri, 08 Sep 2023 09:02:09 +0200
Bug#1051466: bookworm-pu: package ovn/23.03.1-1~deb12u1
Hi (not a SRM here, but below some comments) On Fri, Sep 08, 2023 at 01:32:05PM +0200, Frode Nordahl wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian@packages.debian.org > Usertags: pu > X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org > > Dear Release Team, > > We would like to upload the latest stable point release of ovn 23.03 > to bookworm-p-u. Stable release branches are maintained upstream with > the intention of providing bug fixes only and no compatibility > breakages, and with automated non-trivial CI jobs that also cover > Debian and Ubuntu. > > Debdiff attached. Packaging updated with gbp/salsa config for new > bookworm stable branch and in-flight patches to fix an issue with > unnecessary logging breaking one of the tests introduced in the point > release. Your debdiff did not make it to the list I think because of the size. Two obervations: Can you please close #1043598 in the debian/changelog as well as the update addresses CVE-2023-3153. You would need first to make sure the fixes land in unstable unless you plan to diverge and go to a new upstream version for another branch. But make sure CVE-2023-3153 / #1043598 fix is included in usntable as well. Hope this helps, Regards, Salvatore