Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tags -1 + d-i On 2014-11-28 7:58, Daniel Pocock wrote: On 21/11/14 18:58, Niels Thykier wrote: Any news on this upload? :) ~Niels Hi LaMont, I've prepared an NMU, the debdiff is attached and I am happy to upload it if you like I've unblocked 1:9.9.5.dfsg-6, but it'll need a d-i ack due to the udeb. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tag -1 confirmed Adam D. Barratt a...@adam-barratt.org.uk (2014-12-01): I've unblocked 1:9.9.5.dfsg-6, but it'll need a d-i ack due to the udeb. No objections. Mraw, KiBi. signature.asc Description: Digital signature
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 21/11/14 18:58, Niels Thykier wrote:
On 2014-11-17 23:43, LaMont Jones wrote:
[...]
Again, without actually looking at it, I'm inclined to agree. 87k
lines this late in the process is too many.
I'll get a patch together for 9.9.5, but it may be wednesday before I have
it uploaded to sid, and a diff sent to you guys.
lamont
Hi LaMont,
Any news on this upload? :)
~Niels
Hi LaMont,
I've prepared an NMU, the debdiff is attached and I am happy to upload
it if you like
Regards,
Daniel
diff -u bind9-9.9.5.dfsg/debian/changelog bind9-9.9.5.dfsg/debian/changelog
--- bind9-9.9.5.dfsg/debian/changelog
+++ bind9-9.9.5.dfsg/debian/changelog
@@ -1,3 +1,10 @@
+bind9 (1:9.9.5.dfsg-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Ensure dlz_dlopen.h is installed. (Closes: #769117)
+
+ -- Daniel Pocock dan...@pocock.pro Fri, 28 Nov 2014 07:49:27 +0100
+
bind9 (1:9.9.5.dfsg-5) unstable; urgency=medium
* Avoid libnsl dependency on non-linux architectures. Closes: #766430
diff -u bind9-9.9.5.dfsg/debian/rules bind9-9.9.5.dfsg/debian/rules
--- bind9-9.9.5.dfsg/debian/rules
+++ bind9-9.9.5.dfsg/debian/rules
@@ -126,6 +126,7 @@
dh_installdirs
$(MAKE) -C export install DESTDIR=`pwd`/debian/bind9
$(MAKE) install DESTDIR=`pwd`/debian/bind9
+ install -m 644 -o root -g root ./lib/dns/include/dns/dlz_dlopen.h
debian/bind9/usr/include/dns/dlz_dlopen.h
rm -rf debian/bind9/usr/etc
find debian/bind9 -name \*.la -execdir rm -f {} \;
mkdir -p debian/bind9/lib/$(DEB_HOST_MULTIARCH)
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 2014-11-17 23:43, LaMont Jones wrote: [...] Again, without actually looking at it, I'm inclined to agree. 87k lines this late in the process is too many. I'll get a patch together for 9.9.5, but it may be wednesday before I have it uploaded to sid, and a diff sent to you guys. lamont Hi LaMont, Any news on this upload? :) ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Sun, November 16, 2014 17:01, Daniel Pocock wrote: On 16 November 2014 16:58:47 CET, Jonathan Wiltshire j...@debian.org Did you get any responses from elsewhere to this? Not yet, I'll follow up after the weekend. If no response, I'm happy to NMU the one line fix to copy the missing header into the dev package, please advise if that would be OK for the release team. From the security team side I don't think we see a strong case to move to 9.9.6 at this point... Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: testing currently has bind9 version 1:9.9.5.dfsg-5 Upstream released 9.9.6 fixing some bugs with an impact on compatibility and at least one appears to be security related Corrected bugs in the handling of wildcard records by the DNSSEC validator: invalid wildcard expansions could be treated as valid if signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD bit set incorrectly in responses. [RT #37093] [RT #37072] Generally speaking, I have found the fix-level updates to bind to be very safe and sane, although sometimes they are somewhat large. I have not looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to see them do anything in a fix-release than, well, fix things. I would recommend 9.9.6 for the upstream fixes. If that's good, I should be able to upload it tonight. lamont -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 2014-11-17 19:19, LaMont Jones wrote: [...] Generally speaking, I have found the fix-level updates to bind to be very safe and sane, although sometimes they are somewhat large. I have not looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to see them do anything in a fix-release than, well, fix things. I would recommend 9.9.6 for the upstream fixes. If that's good, I should be able to upload it tonight. lamont Hi LaMont, Please note that the release team do not pre-approve changes without seeing a concrete debdiff. In the particular case, it has been suggested that the final changes compared to testing will be 87 000 (or more) lines. Unless 97+% of this is pure documentational/auto-generated changes, which can be filtered out and turn this into a sanely reviewable diff, I find it unlikely that we can approve of these changes. ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 17/11/14 20:06, Niels Thykier wrote: On 2014-11-17 19:19, LaMont Jones wrote: [...] Generally speaking, I have found the fix-level updates to bind to be very safe and sane, although sometimes they are somewhat large. I have not looked at 9.9.6 yet, but I expect it's in the same vein. It is rare to see them do anything in a fix-release than, well, fix things. I would recommend 9.9.6 for the upstream fixes. If that's good, I should be able to upload it tonight. lamont Hi LaMont, Please note that the release team do not pre-approve changes without seeing a concrete debdiff. In the particular case, it has been suggested that the final changes compared to testing will be 87 000 (or more) lines. Unless 97+% of this is pure documentational/auto-generated changes, which can be filtered out and turn this into a sanely reviewable diff, I find it unlikely that we can approve of these changes. Hi LaMont, I suspect this is the final word on it from the release team and we may have to stick with 9.9.5. Here is the patch I submitted in the RC bug, it is one line: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=install_dlz_dlopen.patch;att=1;bug=769117 It has already been tested, it correctly installs the missing header and then my package builds too. Is it OK for you to add this and make the debdiff or would you like me to do it as an NMU? Regards, Daniel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On Mon, Nov 17, 2014 at 08:06:02PM +0100, Niels Thykier wrote: In the particular case, it has been suggested that the final changes compared to testing will be 87 000 (or more) lines. Unless 97+% of this is pure documentational/auto-generated changes, which can be filtered out and turn this into a sanely reviewable diff, I find it unlikely that we can approve of these changes. Again, without actually looking at it, I'm inclined to agree. 87k lines this late in the process is too many. I'll get a patch together for 9.9.5, but it may be wednesday before I have it uploaded to sid, and a diff sent to you guys. lamont -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Control: tag -1 moreinfo On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: I understand the release team would usually prefer to see the one line fix for debian/rules against the existing package and I'm happy to NMU if the maintainers aren't able to provide that in the next couple of days. However, does anybody feel there is a strong enough case to jump directly to the latest version, 9.9.6, does the security team have any opinion on this package and its upstream changelog? Did you get any responses from elsewhere to this? -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 signature.asc Description: Digital signature
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
On 16 November 2014 16:58:47 CET, Jonathan Wiltshire j...@debian.org wrote: Control: tag -1 moreinfo On Fri, Nov 14, 2014 at 07:28:02PM +0100, Daniel Pocock wrote: I understand the release team would usually prefer to see the one line fix for debian/rules against the existing package and I'm happy to NMU if the maintainers aren't able to provide that in the next couple of days. However, does anybody feel there is a strong enough case to jump directly to the latest version, 9.9.6, does the security team have any opinion on this package and its upstream changelog? Did you get any responses from elsewhere to this? Not yet, I'll follow up after the weekend. If no response, I'm happy to NMU the one line fix to copy the missing header into the dev package, please advise if that would be OK for the release team. -- http://danielpocock.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#769583: unblock: bind9/ 9.9.5 with patch or 9.9.6?
Package: release.debian.org X-Debbugs-CC: secur...@debian.org,lam...@debian.org,mgilb...@debian.org User: release.debian@packages.debian.org UserTags: unblock testing currently has bind9 version 1:9.9.5.dfsg-5 Upstream released 9.9.6 fixing some bugs with an impact on compatibility and at least one appears to be security related Corrected bugs in the handling of wildcard records by the DNSSEC validator: invalid wildcard expansions could be treated as valid if signed, and valid wildcard expansions in NSEC3 opt-out ranges had the AD bit set incorrectly in responses. [RT #37093] [RT #37072] Full upstream changelogs: https://kb.isc.org/article/AA-01210/0/BIND-9.9.6-Release-Notes.html I haven't made a debdiff but looking at the list of things in the changelog it probably isn't trivial. There is also one outstanding RC issue in bind9 that can be fixed with a one line patch against the existing package or it is fixed upstream by the 9.9.6 release, missing dlz_dlopen.h header file: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769117 I understand the release team would usually prefer to see the one line fix for debian/rules against the existing package and I'm happy to NMU if the maintainers aren't able to provide that in the next couple of days. However, does anybody feel there is a strong enough case to jump directly to the latest version, 9.9.6, does the security team have any opinion on this package and its upstream changelog? Looking at the upstream support lifecycle, bind9 9.9.x appears to be supported until June 2017, this appears OK for the support lifecycle of jessie: http://www.isc.org/downloads/software-support-policy/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
