Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
Hi, On Mon, Feb 23, 2015 at 04:48:59PM +, Adam D. Barratt wrote: On PTS it says: * Unblock request by ivodd ignored due to version mismatch: 2.9.1+dfsg1-5 Anything wrong? Not on our side. The PTS is only checking the excuses for unstable, which is obviously not unblocked. Compare the output of grep-excuses libxml2 and grep-excuses libxml2_tpu. The t-p-u build on arm64 was missing, but it got built and uploaded earlier today, and libxml2 migrated to testing during the last britney run. Cheers, Ivo -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150224134828.gb19...@ugent.be
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Sat, 21 Feb 2015 11:38:05 +0100 Ivo De Decker iv...@debian.org wrote: Hi, On Fri, Feb 20, 2015 at 01:55:27AM +0800, Aron Xu wrote: Go ahead, thanks. Uploaded. Unblocked. On PTS it says: * Unblock request by ivodd ignored due to version mismatch: 2.9.1+dfsg1-5 Anything wrong? Cheers, Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w5f3amure66o2zdq+ag4bmoc3hikus6g79ds0wtg-+...@mail.gmail.com
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Mon, 2015-02-23 at 20:02 +0800, Aron Xu wrote: On Sat, 21 Feb 2015 11:38:05 +0100 Ivo De Decker iv...@debian.org wrote: Hi, On Fri, Feb 20, 2015 at 01:55:27AM +0800, Aron Xu wrote: Go ahead, thanks. Uploaded. Unblocked. On PTS it says: * Unblock request by ivodd ignored due to version mismatch: 2.9.1+dfsg1-5 Anything wrong? Not on our side. The PTS is only checking the excuses for unstable, which is obviously not unblocked. Compare the output of grep-excuses libxml2 and grep-excuses libxml2_tpu. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1424710139.7430.11.ca...@adam-barratt.org.uk
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Thu, Feb 19, 2015 at 4:50 AM, Julien Cristau jcris...@debian.org wrote: On Thu, Feb 12, 2015 at 23:37:48 +0800, Aron Xu wrote: On Wed, Feb 11, 2015 at 5:59 AM, Julien Cristau jcris...@debian.org wrote: On Tue, Feb 3, 2015 at 04:02:51 +0800, Aron Xu wrote: Updated version of debdiff, removing the -O3 change. The changelog still says build with -O3. Updated as attached. Go ahead, thanks. Uploaded. Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w79and0txm+ggdyevjut6pzkcrrtjkzta4pvx3ulmy...@mail.gmail.com
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Thu, Feb 12, 2015 at 23:37:48 +0800, Aron Xu wrote: On Wed, Feb 11, 2015 at 5:59 AM, Julien Cristau jcris...@debian.org wrote: On Tue, Feb 3, 2015 at 04:02:51 +0800, Aron Xu wrote: Updated version of debdiff, removing the -O3 change. The changelog still says build with -O3. Updated as attached. Go ahead, thanks. Cheers, Julien signature.asc Description: Digital signature
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Wed, Feb 11, 2015 at 5:59 AM, Julien Cristau jcris...@debian.org wrote: On Tue, Feb 3, 2015 at 04:02:51 +0800, Aron Xu wrote: Updated version of debdiff, removing the -O3 change. The changelog still says build with -O3. Updated as attached. Cheers, Aron libxml2_2.9.1+dfsg1-5.debdiff Description: Binary data
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Tue, Feb 3, 2015 at 04:02:51 +0800, Aron Xu wrote: Updated version of debdiff, removing the -O3 change. The changelog still says build with -O3. Cheers, Julien signature.asc Description: Digital signature
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Tue, Feb 3, 2015 at 02:23:20 +0800, Aron Xu wrote: On Tue, Feb 3, 2015 at 12:02 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On 2015-02-02 6:37, Aron Xu wrote: On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. These are directly picked from the 2.9.2 upload, which stuck for RC bug. At that time the change was quite big (major release) so those aren't documented in very detail but are in the git for quite some time. Well, the changelog wasn't very detailed for 2.9.2 either. :-) I realise that the changes are in the unstable package (I checked that first), I was more interested in the rationale, particularly for the optimisation change. It's more about a changing attitude on speed/space trade of -O2 and -O3, and more and more apps are using -O3 for release build (e.g. CMake default). If release team believe that's not desired in Jessie, I can keep it out of the way. Anything that's not a minimal fix for a RC bug is not desired for jessie at this stage. Cheers, Julien signature.asc Description: Digital signature
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Tue, Feb 3, 2015 at 3:54 AM, Julien Cristau jcris...@debian.org wrote: On Tue, Feb 3, 2015 at 02:23:20 +0800, Aron Xu wrote: On Tue, Feb 3, 2015 at 12:02 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On 2015-02-02 6:37, Aron Xu wrote: On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. These are directly picked from the 2.9.2 upload, which stuck for RC bug. At that time the change was quite big (major release) so those aren't documented in very detail but are in the git for quite some time. Well, the changelog wasn't very detailed for 2.9.2 either. :-) I realise that the changes are in the unstable package (I checked that first), I was more interested in the rationale, particularly for the optimisation change. It's more about a changing attitude on speed/space trade of -O2 and -O3, and more and more apps are using -O3 for release build (e.g. CMake default). If release team believe that's not desired in Jessie, I can keep it out of the way. Anything that's not a minimal fix for a RC bug is not desired for jessie at this stage. Updated version of debdiff, removing the -O3 change. Regards, Aron libxml2_2.9.1+dfsg1-5_2ndtry.debdiff Description: Binary data
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On 2015-02-02 6:37, Aron Xu wrote: On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. These are directly picked from the 2.9.2 upload, which stuck for RC bug. At that time the change was quite big (major release) so those aren't documented in very detail but are in the git for quite some time. Well, the changelog wasn't very detailed for 2.9.2 either. :-) I realise that the changes are in the unstable package (I checked that first), I was more interested in the rationale, particularly for the optimisation change. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/980e8a71c38e8bb6908973e64e351...@mail.adsl.funky-badger.org
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Tue, Feb 3, 2015 at 12:02 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On 2015-02-02 6:37, Aron Xu wrote: On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. These are directly picked from the 2.9.2 upload, which stuck for RC bug. At that time the change was quite big (major release) so those aren't documented in very detail but are in the git for quite some time. Well, the changelog wasn't very detailed for 2.9.2 either. :-) I realise that the changes are in the unstable package (I checked that first), I was more interested in the rationale, particularly for the optimisation change. It's more about a changing attitude on speed/space trade of -O2 and -O3, and more and more apps are using -O3 for release build (e.g. CMake default). If release team believe that's not desired in Jessie, I can keep it out of the way. Regards, Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w7AZj_-0Mvm6xNL4aozuNE4O9-h-DCh99EYDzJ8_=u...@mail.gmail.com
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock jessie-pu libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this update includes the related regression fix as well. Also, I would like to apply some more upstream memory related patches from 2.9.2, mostly NULL checks, because there are quite a lot deeper issues hiding in libxml2's code base and those fixes shall be deemed beneficial to our support cycle. Regards, Aron Xu diff -Nru libxml2-2.9.1+dfsg1/debian/changelog libxml2-2.9.1+dfsg1/debian/changelog --- libxml2-2.9.1+dfsg1/debian/changelog2014-07-09 06:49:45.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/changelog2015-02-01 13:51:11.0 +0800 @@ -1,3 +1,12 @@ +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds + * Cherry-pick upstream memory related fixes +- Including CVE-2014-3660 (Closes: #765722, #768089) + + -- Aron Xu a...@debian.org Sun, 01 Feb 2015 13:48:36 +0800 + libxml2 (2.9.1+dfsg1-4) unstable; urgency=low [ Christian Svensson ] diff -Nru libxml2-2.9.1+dfsg1/debian/control libxml2-2.9.1+dfsg1/debian/control --- libxml2-2.9.1+dfsg1/debian/control 2014-07-09 06:46:15.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/control 2015-02-01 13:42:06.0 +0800 @@ -4,7 +4,7 @@ Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Uploaders: Aron Xu a...@debian.org, YunQiang Su wzss...@gmail.com Standards-Version: 3.9.5 -Build-Depends: debhelper (= 9), dh-autoreconf, autotools-dev, +Build-Depends: debhelper (= 9), dh-autoreconf, autotools-dev, pkg-config, libpython-all-dev, libpython-all-dbg, python-all-dev:any (= 2.7.5-5~), python-all-dbg:any, zlib1g-dev | libz-dev, liblzma-dev diff -Nru libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch --- libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch 2014-07-09 05:31:33.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch 2015-02-01 13:50:27.0 +0800 @@ -3,11 +3,11 @@ Subject: modify xml2-config and pkgconfig behaviour --- - configure.in |2 +- - libxml-2.0-uninstalled.pc.in |3 ++- - libxml-2.0.pc.in |2 +- - xml2-config.1|4 - xml2-config.in | 22 ++ + configure.in | 2 +- + libxml-2.0-uninstalled.pc.in | 3 ++- + libxml-2.0.pc.in | 2 +- + xml2-config.1| 4 + xml2-config.in | 22 ++ 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/configure.in b/configure.in diff -Nru libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch --- libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch 2014-07-09 06:46:15.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/patches/0002-fix-python-multiarch-includes.patch 2015-02-01 13:50:27.0 +0800 @@ -3,8 +3,8 @@ Subject: fix python multiarch includes --- - python/Makefile.am |2 +- - python/Makefile.in |2 +- + python/Makefile.am | 2 +- + python/Makefile.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/Makefile.am b/python/Makefile.am diff -Nru libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch --- libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch 2014-07-09 06:46:15.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch 2015-02-01 13:50:27.0 +0800 @@ -8,7 +8,7 @@ xmlResetLastError() but the later reallocate the global data freed by previous call. Just swap the two calls. --- - parser.c |2 +- + parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/parser.c b/parser.c diff -Nru libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch --- libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch 2014-07-09 06:46:15.0 +0800 +++ libxml2-2.9.1+dfsg1/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch 2015-02-01 13:50:27.0 +0800 @@ -4,7 +4,7 @@ pointed out by cppcheck --- - python/libxml.c |1 + + python/libxml.c | 1 + 1 file changed, 1 insertion(+) diff --git a/python/libxml.c b/python/libxml.c diff -Nru
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Sun, Feb 1, 2015 at 4:24 PM, Aron Xu a...@debian.org wrote: libxml2 in Jessie has CVE-2014-3600 pending to be addressed This should be CVE-2014-3660. Regards, Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w7n09xn9bjpz6uxujjghclkajhi4uyj9mi7haqf07g...@mail.gmail.com
Processed: Re: Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
Processing control commands: tags -1 + moreinfo Bug #776748 [release.debian.org] (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u) Added tag(s) moreinfo. -- 776748: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b776748.142281081126509.transcr...@bugs.debian.org
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock jessie-pu The -pu tags are for stable updates, rather than tpu. libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this update includes the related regression fix as well. Also, I would like to apply some more upstream memory related patches from 2.9.2, mostly NULL checks, because there are quite a lot deeper issues hiding in libxml2's code base and those fixes shall be deemed beneficial to our support cycle. The changes to patches that haven't materially changed are quite noisy, given the amount of actual changes. +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1422810803.14650.5.ca...@adam-barratt.org.uk
Bug#776748: (pre-approval) unblock: libxml2/2.9.1+dfsg1-5 (via t-p-u)
On Mon, Feb 2, 2015 at 1:13 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: Control: tags -1 + moreinfo On Sun, 2015-02-01 at 16:24 +0800, Aron Xu wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock jessie-pu The -pu tags are for stable updates, rather than tpu. I see, thanks. libxml2 in Jessie has CVE-2014-3600 pending to be addressed and this update includes the related regression fix as well. Also, I would like to apply some more upstream memory related patches from 2.9.2, mostly NULL checks, because there are quite a lot deeper issues hiding in libxml2's code base and those fixes shall be deemed beneficial to our support cycle. The changes to patches that haven't materially changed are quite noisy, given the amount of actual changes. +libxml2 (2.9.1+dfsg1-5) testing; urgency=medium + + * Add pkg-config to B-D + * Use -O3 for normal builds Could you expand on the rationale for introducing those now? Particularly as neither appears to be mentioned in the changelogs for the uploads to unstable. These are directly picked from the 2.9.2 upload, which stuck for RC bug. At that time the change was quite big (major release) so those aren't documented in very detail but are in the git for quite some time. Regards, Aron -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMr=8w5JspY+O=+ov3lo18aqe759zkjmk0mcgumoh0pdc-2...@mail.gmail.com