Re: dns-root-data in Jessie LTS
Hi Sylvain, I am actually not sure whether BIND 9 in Jessie already uses dns-root-data, so maybe same procedure will be needed for bind9 package. Could you perhaps also check unbound? This is the most probable cause of the weird traffic with old key that DNS Root Operators see at root servers. Just make sure it contains only the new DNSKEY (2017) and not both. Thanks, Ondrej -- Ondřej Surý ond...@isc.org > On 14 May 2019, at 01:38, Sylvain Beucler wrote: > > Hi, > > On 13/05/2019 05:43, Ondřej Surý wrote: >> could you please update dns-root-data package in Jessie LTS to latest >> version from Unstable/Stretch? > > I'll backport it following dkg's stretch update. > > Besides setting up a bind9, anything we should test? > > Cheers! > Sylvain >
dns-root-data in Jessie LTS
Hey, could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch? Thanks, Ondrej -- Ondřej Surý ond...@isc.org
debhelper and friends for LTS
Hey, the jessie-backports removal itself is a logical step and it’s good that it was done. That said, it complicates things a lot when backporting packages to Jessie. Usually, it’s fine to just pull $random extra library to the extra repository, but debhelper and friends is a different beast, as it often requires upgrades in steps, or pulling some extra packages or dropping them, etc. This is now especially painful with the differences between debhelper compact 9/10 and 11/12 as those changes require reverting lots of tiny bits in the source packages as more and more gets converted to v12. I don’t have a good solution for this, but keeping the debhelper and friends (dpkg-dev, dh_) in an extra suite would be very much helpful for people like me backporting bigger stacks to Jessie. I provide PHP (5.6, 7.0 and up), apache2, nginx, ... and it’s very painful from time to time. (As a side remark, I would love to see Debian to settle on one way of maintaining packages, as packages in SVN or even without any SCM are also pain...) Cheers, Ondrej -- Ondřej Surý
KSK2017 in BIND 9 in Wheezy and Jessie LTS releases?
Hi, I have a question - did you update the KSK2017 in bind9 package in Wheezy before it became EOL, and did you update the KSK2017 in Jessie? Would it be still possible to update the keys in bind9 package in Wheezy if that hasn’t been done? It seems like it might be causing some operational problems in the wild... Ondrej -- Ondřej Surý ond...@isc.org
Source for PHP security updates
Hi, there’s a collaborative work on bringing security updates to PHP 5.6 (for jessie LTS) and PHP 7.0 (for stretch LTS): https://github.com/Microsoft/php-src If you are doing security updates, you might want to bookmark this (and use the patches on top of PHP 5.6.40)... Ondrej -- Ondřej Surý ond...@isc.org
Re: PHP5 status
Hi Markus & Salvatore, sorry for not updating PHP 5 in jessie in time. This will now have to be handled by Debian LTS time, I don’t have any spare cycles to care about Debian LTS. Cheers, Ondrej -- Ondřej Surý ond...@sury.org > On 21 Jun 2018, at 20:21, Salvatore Bonaccorso wrote: > > Hi Markus, > > [replying in two parts repsecitvely] > > On Thu, Jun 21, 2018 at 04:24:20PM +0200, Markus Koschany wrote: >> Hello, >> >> a few weeks ago I asked you about the status of PHP5 in Jessie and I got >> the response that someone was already working on it. Do you still plan >> to release the PHP5 update for Jessie? Who is actually working on it? > > This was the maintainer Ondřej Surý , but he did not > finalize the update before 17th, so it's to late for us already for > the regular security-support. You might want to check with him if he > is willing to finalize it now for LTS or wants to hand it over. I'm > cc'ing Ondrej. > > Regards, > Salvatore
Re: [php-maint] php5-curl
Dear Baxtiyor, the Debian Wheezy is now supported by Debian LTS team that can be contacted via: debian-lts@lists.debian.org However you didn't specify any package version, so it's unlikely that anybody can help you if you don't provide more details first like the version of: php5-common php5-cli php5-curl and what libcurl3* package you have installed and what version Cheers, -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba všeho druhu On Thu, May 26, 2016, at 07:45, Baxtiyor Maxsudov wrote: > Hi, > can you help me, > i cant fix this problem: > PHP Warning: PHP Startup: Unable to load dynamic library > '/usr/lib/php5/20100525/curl.so' - > /usr/lib/x86_64-linux-gnu/libgnutls-deb0.so.28: undefined symbol: > p11_kit_module_get_name in Unknown on line 0 > > thanks > ___ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
Re: squeeze update of tiff?
Hi Ben and Laszlo, I have a git mirror[1] (git cvsimport) of upstream CVS and right now it's a tad bit confusing which patches are relevant to those CVEs. I will have more time cherry-picking the patches next week, so if somebody starts the work (even for unstable), I really won't mind. In fact it would be much appreciated. Also feel free to prepare Debian LTS update, I will share relevant patches, but we'll have to prepare security update for jessie and wheezy (+ tiff3 for wheezy), so feel free to take care about this in Debian LTS yourself. Cheers, Ondrej 1. https://github.com/oerdnj/libtiff.git On Thu, Dec 31, 2015, at 01:24, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of tiff: > https://security-tracker.debian.org/tracker/CVE-2015-7554 > https://security-tracker.debian.org/tracker/CVE-2015-8665 > https://security-tracker.debian.org/tracker/CVE-2015-8668 > https://security-tracker.debian.org/tracker/CVE-2015-8683 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Ben Hutchings, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > -- > Ben Hutchings - Debian developer, member of Linux kernel and LTS teams > > > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Re: squeeze update of postfix-policyd (for compatibility against mysql-5.5)?
I would rather suggest doing: Breaks: postfix-policyd (<= 1.82-3) # or something similar postfix-policyd is a long dead upstream and there are better alternatives available. (e.g. I do not intend to work on that.) Cheers, Ondrej On Wed, Dec 2, 2015, at 21:56, Santiago Ruano Rincón wrote: > Dear maintainers, > > As an alternative to the no longer supported-by-upstream MySQL 5.1 in > Squeeze, > the LTS Team is planning to provide *soon* packages for MySQL 5.5 as an > option. > However, the current postfix-policyd package in Squeeze is not fully > compatible > with it, as you can see at [1]. So, before going any further with MySQL > 5.5, we > need to update it first. > > Would you like to fix this issue in postfix-policyd for squeeze lts? > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > Note that you would need to issue a Debian LTS Announcement (DLA) for the > updated packages. > > You can find a set of mysql-5.5 test packages at: > > deb https://people.debian.org/~santiago/debian santiago-squeeze-lts/ > deb-src https://people.debian.org/~santiago/debian > santiago-squeeze-lts/ > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Santiago Ruano Rincón, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update very > soon. You > can verify whether someone is registered on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > [1] https://titanpad.com/cRc6eiCH5t > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Re: [php-maint] Bug#798866: (no subject)
Folks, please report issues related to LTS to appropriate places. https://wiki.debian.org/LTS/FAQ#Where_can_bugs_be_reported.3F I will keep this bug open to LTS team to handle it, but please report the bug to debian-lts@l.d.o, so it gets an attention of the LTS team. Cheers, Ondrej On Fri, Sep 18, 2015, at 13:10, Andreas Schwarz wrote: > I can confirm the issue onmultiple systems. > With "5.3.3.1-7 + squeeze26" there were no problems, the error occurs > only with Update 27 > > ___ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Fwd: Re: php5 in squeeze LTS
FYI > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757342 Personally I would suggest you to do the same for 5.3.x in squeeze LTS. Cheers, -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1408568110.989104.154965573.0884e...@webmail.messagingengine.com