On Mon, Apr 08, 2013 at 09:13:43PM +0100, Adam D. Barratt wrote: > On Sat, 2013-04-06 at 16:39 +0300, Tzafrir Cohen wrote: > > Please unblock package asterisk. It includes a number of fixes, mostly > > two series of security fixes. > > It includes a number of things that don't meet the published criteria, > which is far from ideal for an urgency=high upload at this point in the > freeze. > > > The extra bug fixes are: > > > > 1. A simple fix to add support for powerpcspe > > Architecture support isn't freeze material to begin with. Support for > architectures not even in Debian even more so. (I realise it's a tiny > patch; that's not really the point.)
I would not have included it if that patch were not trivial. But if it's really an issue, I'll drop it (from the sereis file). > > > + * Patches backported from Asterisk 1.8.19.1 (Closes: #697230): > > + - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack > > + allocations when using TCP. > > + The following two fixes were also pulled in order to easily apply it: > > + - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop > > That patch is more than 30% of the diff on its own. :-( > > How difficult would it have been to backport the fix to the code we have > in wheezy? Looking into that. > > > + - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code > > + - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through > > + Exploitation of Device State Caching > > + * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505). > > + * README.Debian: document running the testsuite. > > Helpful as it might be, that could definitely have waited. Huh? Are there actually problems with documentation-only changes? Right. I'll drop those. But yeah, the ability to run tests made me more confident in releasing this. Documenting what tests passed is useful. Though I could do that elsewhere. > > > + * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272). > > And that seems more like it might be stable update material now. Sorry, I didn't follow: is that good? -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
