Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Robie, On Wed, Jan 27, 2016 at 06:32:24PM +, Robie Basak wrote: > On Wed, Jan 27, 2016 at 07:15:24PM +0100, Salvatore Bonaccorso wrote: > > Yes the dak mails for security-master are only sent to the security > > team. I can confirm that > > > > mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed > > > > and > > > > mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed > > > > The buildd have picked up the work and builds are coming in. > > Great. Thanks! Please let us know if we can help with anything else. Sure. At the moment nothing. The build on arm64, armel and armhf failed for the jessie-build but I guess it's a transient issue (I have given back those and now they are in building status). Regards, Salvatore
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Salvatore, On Tue, Jan 26, 2016 at 08:17:30PM +0100, Salvatore Bonaccorso wrote: > On Tue, Jan 26, 2016 at 06:36:06PM +, Robie Basak wrote: > > Hi Salvatore, > > > > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote: > > > Thank you looks good to me. > > > > > > I haven't seen the same for jessie, but assuming it is basically the > > > same and matching what you showed me initially from git, let's go > > > ahead with an upload. > > > > FYI, we're still working on this. I've hit some kind of issue with my > > build chroot that I created from scratch for this task, so I think it > > may be a bug in sid somewhere. I'm investigating. I'd prefer to > > understand the root cause so that I can be sure that we don't upload bad > > binaries. > > Thanks for the status-update! Now uploaded. I took care to follow your instructions and the ones listed at https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security carefully. I expected email confirmations back but haven't received anything. Can you check if it worked, please? If anyone's interested, the reason for the delay was that debootstrap 1.0.76 regresses chroots created with mk-sbuild, so the chroots I created to build were broken and causing build failures. I filed https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812811 and reverted the offending commit locally to work around this. A second issue is that parallel builds are broken in the packaging in wheezy and jessie. These is fixed in testing. I thought it would be quicker to work around for now by not parallel building rather than delay further by attempting to cherry-pick the fix. Robie signature.asc Description: Digital signature
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
On Wed, Jan 27, 2016 at 07:15:24PM +0100, Salvatore Bonaccorso wrote: > Yes the dak mails for security-master are only sent to the security > team. I can confirm that > > mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed > > and > > mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed > > The buildd have picked up the work and builds are coming in. Great. Thanks! Please let us know if we can help with anything else. signature.asc Description: Digital signature
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Robie, On Wed, Jan 27, 2016 at 05:10:58PM +, Robie Basak wrote: > Hi Salvatore, > > On Tue, Jan 26, 2016 at 08:17:30PM +0100, Salvatore Bonaccorso wrote: > > On Tue, Jan 26, 2016 at 06:36:06PM +, Robie Basak wrote: > > > Hi Salvatore, > > > > > > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote: > > > > Thank you looks good to me. > > > > > > > > I haven't seen the same for jessie, but assuming it is basically the > > > > same and matching what you showed me initially from git, let's go > > > > ahead with an upload. > > > > > > FYI, we're still working on this. I've hit some kind of issue with my > > > build chroot that I created from scratch for this task, so I think it > > > may be a bug in sid somewhere. I'm investigating. I'd prefer to > > > understand the root cause so that I can be sure that we don't upload bad > > > binaries. > > > > Thanks for the status-update! > > Now uploaded. I took care to follow your instructions and the ones > listed at > https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security > carefully. I expected email confirmations back but haven't received > anything. Can you check if it worked, please? Yes the dak mails for security-master are only sent to the security team. I can confirm that mysql-5.5_5.5.47-0+deb8u1_amd64.changes ACCEPTED into stable->embargoed and mysql-5.5_5.5.47-0+deb7u1_amd64.changes ACCEPTED into oldstable->embargoed The buildd have picked up the work and builds are coming in. > If anyone's interested, the reason for the delay was that debootstrap > 1.0.76 regresses chroots created with mk-sbuild, so the chroots I > created to build were broken and causing build failures. I filed > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812811 and reverted > the offending commit locally to work around this. > > A second issue is that parallel builds are broken in the packaging in > wheezy and jessie. These is fixed in testing. I thought it would be > quicker to work around for now by not parallel building rather than > delay further by attempting to cherry-pick the fix. Thanks for this additional information. Regards, Salvatore signature.asc Description: PGP signature
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Lars, On Tue, Jan 26, 2016 at 01:11:45AM -0800, Lars Tangvald wrote: > Wheezy package has been built and tested > > At the moment it's just on my personal github at > https://github.com/ltangvald/mysql-5.5/tree/debian/wheezy, but we > should get it uploaded to Alioth soon. > Attaching the debdiff and debian/ diff. Thank you looks good to me. I haven't seen the same for jessie, but assuming it is basically the same and matching what you showed me initially from git, let's go ahead with an upload. Please remember to do the jessie-security first (built with -sa) and then after ~20 minutes the wheezy-security one (explicitly without -sa, and not including the orig source tarball; this is due to some limitation in the archive software). The upload needs to be signed by a a key in the DD keyring. I will then wait for the builds and then take care of releasing the packages with a DSA. Regards, Salvatore signature.asc Description: Digital signature
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Salvatore, On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote: > Thank you looks good to me. > > I haven't seen the same for jessie, but assuming it is basically the > same and matching what you showed me initially from git, let's go > ahead with an upload. FYI, we're still working on this. I've hit some kind of issue with my build chroot that I created from scratch for this task, so I think it may be a bug in sid somewhere. I'm investigating. I'd prefer to understand the root cause so that I can be sure that we don't upload bad binaries. > Please remember to do the jessie-security first (built with -sa) and > then after ~20 minutes the wheezy-security one (explicitly without > -sa, and not including the orig source tarball; this is due to some > limitation in the archive software). > > The upload needs to be signed by a a key in the DD keyring. > > I will then wait for the builds and then take care of releasing the > packages with a DSA. Ack. Robie signature.asc Description: Digital signature
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Hi Robie, On Tue, Jan 26, 2016 at 06:36:06PM +, Robie Basak wrote: > Hi Salvatore, > > On Tue, Jan 26, 2016 at 01:19:26PM +0100, Salvatore Bonaccorso wrote: > > Thank you looks good to me. > > > > I haven't seen the same for jessie, but assuming it is basically the > > same and matching what you showed me initially from git, let's go > > ahead with an upload. > > FYI, we're still working on this. I've hit some kind of issue with my > build chroot that I created from scratch for this task, so I think it > may be a bug in sid somewhere. I'm investigating. I'd prefer to > understand the root cause so that I can be sure that we don't upload bad > binaries. Thanks for the status-update! Regards, Salvatore
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
Is anyone working on the build/test/upload of the final binaries? Excerpts from Norvald H. Ryeng's message of 2016-01-19 13:02:57 -0800: > The Critical Patch Update is out: > http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html > > The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 to > 5.5.47: > > CVE-2016-0505 > CVE-2016-0546 > CVE-2016-0597 > CVE-2016-0598 > CVE-2016-0600 > CVE-2016-0606 > CVE-2016-0608 > CVE-2016-0609 > CVE-2016-0596 > CVE-2016-0616 > > Regards, > > Norvald H. Ryeng >
Bug#811428: [debian-mysql] Bug#811428: Bug#811428: mysql-5.5: Multiple security fixes from the January 2016 CPU
The git tree is missing a copyright update made by the security team, which will need to be merged. -- Lars Tangvald On 01/19/2016 10:02 PM, Norvald H. Ryeng wrote: The Critical Patch Update is out: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html The following vulnerabilities are fixed by upgrading from MySQL 5.5.46 to 5.5.47: CVE-2016-0505 CVE-2016-0546 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0596 CVE-2016-0616 Regards, Norvald H. Ryeng ___ pkg-mysql-maint mailing list pkg-mysql-ma...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mysql-maint