Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On Wed, 2019-08-21 at 21:45 +0200, Sebastian Andrzej Siewior wrote: > On 2019-08-20 23:45:18 [+0100], Adam D. Barratt wrote: > > > and then open p-u bugs > > > for the transition? > > > > Is anything required beyond binNMUs of r-deps? > > I tried to highight this in the first email of this bug: Sorry, this is clearly a sign that I should have stopped processing the SRM mail queue earlier last night. So, yes, that sounds like a good plan. We still have a week and a half or so before the point release freeze, which should be plenty of time from the SRM side, moudlo badgering ftp-team for the NEW processing. > [I would also want to update clamav to what we have in stable-pu but > slowly and I *think* it would be good to have this one step in > between unless you prefer otherwise.] I'm quite happy to go with whatever you think is best there. Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On 2019-08-20 23:45:18 [+0100], Adam D. Barratt wrote: > > and then open p-u bugs > > for the transition? > > Is anything required beyond binNMUs of r-deps? I tried to highight this in the first email of this bug: |It affects the following packages as part of the transistion which |require a source-full upload: |- dansguardian | Update based on a patch I provided in #923981. NMU, removed from | unstable. | |- libclamunrar7/non-free | Splitted from clamav, will hit stable-new. | |- python-pyclamav | backported the API change from unstable. | |- havp | backported the API change from unstable. | |- c-icap-modules | backported the API change from unstable. NMU. so are we doing this now or later? [I would also want to update clamav to what we have in stable-pu but slowly and I *think* it would be good to have this one step in between unless you prefer otherwise.] > Regards, > > Adam Seastian
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On Tue, 2019-08-20 at 23:38 +0200, Sebastian Andrzej Siewior wrote: > On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote: > > Indeed, and then we dropped the ball again. :-( > > > > Let's get this going. > > So I upload the here promissed Stretch package Yep, then we smile sweetly at ftp-master to get it processed from NEW. > and then open p-u bugs > for the transition? Is anything required beyond binNMUs of r-deps? Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On 2019-08-20 22:18:28 [+0100], Adam D. Barratt wrote: > Indeed, and then we dropped the ball again. :-( > > Let's get this going. So I upload the here promissed Stretch package and then open p-u bugs for the transition? > Regards, > > Adam Sebastian
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
Control: tags -1 + confirmed On Sat, 2019-05-18 at 23:41 +0200, Sebastian Andrzej Siewior wrote: > On 2019-03-27 19:43:13 [+], Adam D. Barratt wrote: > > Sure. To make things easier to keep track of (at least for me), > > could > > you open a new bug for the 0.100.3 update, and we'll keep using > > this > > one for the effective transition. > > Please find attach a debdiff between 0.100.3 (current Stretch) and > 0.101.2 (Buster and proposed Stretch). > The package is unchanged since I created the bug. I have no idea who > is > waiting here for whom but I *think* the stable team waited for an > update. In case it is not, I am back to patience mode :) Indeed, and then we dropped the ball again. :-( Let's get this going. Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On Wed, 27 Mar 2019 19:43:13 + "Adam D. Barratt" wrote: > On Wed, 2019-03-27 at 19:54 +0100, Sebastian Andrzej Siewior wrote: > > On 2019-03-10 23:55:55 [+0100], To sub...@bugs.debian.org wrote: > > > We would like to update clamav in stable to 0.101.1 which is the > > > latest > > > release provided by upstream. > > > This won't be as easy as it was previously because it will trigger > > > a > > > transistion (libclamav7 -> libclamav9) in stable similar to what we > > > did > > > in unstable (#922004) recently. > > > > upstream released 0.100.3 which fixes three bugs with CVE numbers > > [0]. > > There is also 0.101.2. > > > > For Stretch we tend to upload 0.100.3 before we get an approval for > > this > > one (which would be then 0.101.2). Since the 0.100.3 is smaller, it > > should be easier/quicker tor review. > > Is this okay? > > > > [0] https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-ha > > ve.html > > Sure. To make things easier to keep track of (at least for me), could > you open a new bug for the 0.100.3 update, and we'll keep using this > one for the effective transition. Filed (#926003). Scott K
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On Wed, 2019-03-27 at 19:54 +0100, Sebastian Andrzej Siewior wrote: > On 2019-03-10 23:55:55 [+0100], To sub...@bugs.debian.org wrote: > > We would like to update clamav in stable to 0.101.1 which is the > > latest > > release provided by upstream. > > This won't be as easy as it was previously because it will trigger > > a > > transistion (libclamav7 -> libclamav9) in stable similar to what we > > did > > in unstable (#922004) recently. > > upstream released 0.100.3 which fixes three bugs with CVE numbers > [0]. > There is also 0.101.2. > > For Stretch we tend to upload 0.100.3 before we get an approval for > this > one (which would be then 0.101.2). Since the 0.100.3 is smaller, it > should be easier/quicker tor review. > Is this okay? > > [0] https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-ha > ve.html Sure. To make things easier to keep track of (at least for me), could you open a new bug for the 0.100.3 update, and we'll keep using this one for the effective transition. Regards, Adam
Bug#924278: stretch-pu: package clamav/0.100.2+dfsg-0+deb9u1
On 2019-03-10 23:55:55 [+0100], To sub...@bugs.debian.org wrote: > We would like to update clamav in stable to 0.101.1 which is the latest > release provided by upstream. > This won't be as easy as it was previously because it will trigger a > transistion (libclamav7 -> libclamav9) in stable similar to what we did > in unstable (#922004) recently. upstream released 0.100.3 which fixes three bugs with CVE numbers [0]. There is also 0.101.2. For Stretch we tend to upload 0.100.3 before we get an approval for this one (which would be then 0.101.2). Since the 0.100.3 is smaller, it should be easier/quicker tor review. Is this okay? [0] https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html Sebastian