Re: Wheezy update of icedove?

2017-10-31 Thread Carsten Schoenert
Hello Guido and Moritz,

Am 30.10.2017 um 09:29 schrieb Moritz Mühlenhoff:
> On Mon, Oct 30, 2017 at 08:06:27AM +0100, Guido Günther wrote:
>> I've seen preparation mails for Stretch and Jessie. Is there anything
>> missing that I can help with?

I guess we are done with the things that are possible now, jessie and
stretch are on the way.
Upstream was discussing about releasing a version 52.4.1 due some bugs
that aren't fixed in time for 52.4.0 but due a lack of personal
resources no progress until today. And I don't expect this planned
version will still happen. Right now again upstream has again build
issues for the next beta version 57.0b1 ... but that's a bit OT here.

> The stretch version is in NEW due to the rename and needs FTP master
> processing. jessie is ready.

sounds good so far. :)

The git tree on Alioth is up2date about both branches.

-- 
Regards
Carsten Schoenert



signature.asc
Description: OpenPGP digital signature


Re: Wheezy update of icedove?

2017-10-30 Thread Moritz Mühlenhoff
On Mon, Oct 30, 2017 at 08:06:27AM +0100, Guido Günther wrote:
> I've seen preparation mails for Stretch and Jessie. Is there anything
> missing that I can help with?

The stretch version is in NEW due to the rename and needs FTP master
processing. jessie is ready.

Cheers,
Moritz



Re: Wheezy update of icedove?

2017-10-30 Thread Guido Günther
Hi Carsten,
On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote:
> Hi Carsten,
> On Tue, Oct 17, 2017 at 09:05:38PM +0200, Carsten Schoenert wrote:
> > Am 15.10.2017 um 23:24 schrieb Guido Günther:
> > > Hi Carsten,
> > > On Sun, Oct 15, 2017 at 09:46:15PM +0200, Carsten Schoenert wrote:
> > >> Hello Ola,
> > >>
> > >> Am 15.10.2017 um 13:59 schrieb Ola Lundqvist:
> > >>> Sounds good! I have updated dla-needed.txt now.
> > >>
> > >> I uploaded all thunderbird related packages within a new source package
> > >> named thunderbird to NEW on Friday last week. The upload will be
> > >> processed by the ftp-masters soon hopefully.
> > >> The binary packages haven't changed, expect the version bump to 52.4.0
> > >> and the usual small adaptations.
> > >> Once the package is accepted I will push my local modifications to
> > >> Alioth. If Guido is requesting some earlier access to 52.4.0 I can push
> > >> the data before, but I'd prefer to push this all in one go.
> > > 
> > > Why not tag nd push to git right away? The version is used now anyway
> > > even if it should get rejected.
> > 
> > Right.
> > As Chris due a misunderstanding rejected my second upload of
> > src:thunderbird I've re-uploaded all now again to NEW with only some
> > additional added bug reports that should be closed by this version and
> > small modifications of README.source.
> > I also pushed all trees and tags to Alioth right now after I got the
> > message from DAK.
> > 
> > On Alioth I moved the folder icedove.git to thunderbird.git and added
> > also a symlink from icedove.git to the moved folder. So no matter what
> > people are using for getting access to the git tree, they will get it
> > under both names.
> 
> Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
> and Stretch will be done? Wheezy was a straight rebuild of your work so
> Jessie and Stretch should be the same. I'd like to avoid having a newer
> version in Wheezy for too long. Since there's not even a MFSA for
> Thunderbird yet I assume there are no really critical issues.

I've seen preparation mails for Stretch and Jessie. Is there anything
missing that I can help with?
Cheers,
 -- Guido



Re: Wheezy update of icedove?

2017-10-20 Thread Guido Günther
Hi,
On Fri, Oct 20, 2017 at 01:10:56PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote:
> > Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
> > and Stretch will be done? Wheezy was a straight rebuild of your work so
> > Jessie and Stretch should be the same. I'd like to avoid having a newer
> > version in Wheezy for too long. Since there's not even a MFSA for
> > Thunderbird yet I assume there are no really critical issues.
> 
> There is https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/

Missed that one - only saw the one fore Firefox ESR 52.4, thanks.

> But I fail to see how CVE-2017-7793 can be critical for Thunderbird.

Me too but the MFSA has:

| In general, these flaws cannot be exploited through email in the
| Thunderbird product because scripting is disabled when reading mail, but
| are potentially risks in browser or browser-like contexts.

The last ones seemed to be verbatim copies of the Firefox ones with
Thunderbird specific CVEs added - but there weren't any since TB
specific ones since quiet some time.
 
CVE-2017-7805 and CVE-2017-7810 are likely more serious for thunderbird.
Cheers,
 -- Guido



Re: Wheezy update of icedove?

2017-10-20 Thread Moritz Muehlenhoff
On Fri, Oct 20, 2017 at 01:06:09PM +0200, Guido Günther wrote:
> Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
> and Stretch will be done? Wheezy was a straight rebuild of your work so
> Jessie and Stretch should be the same. I'd like to avoid having a newer
> version in Wheezy for too long. Since there's not even a MFSA for
> Thunderbird yet I assume there are no really critical issues.

There is https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/

But I fail to see how CVE-2017-7793 can be critical for Thunderbird.

Cheers,
Moritz



Re: Wheezy update of icedove?

2017-10-20 Thread Guido Günther
Hi Carsten,
On Tue, Oct 17, 2017 at 09:05:38PM +0200, Carsten Schoenert wrote:
> Am 15.10.2017 um 23:24 schrieb Guido Günther:
> > Hi Carsten,
> > On Sun, Oct 15, 2017 at 09:46:15PM +0200, Carsten Schoenert wrote:
> >> Hello Ola,
> >>
> >> Am 15.10.2017 um 13:59 schrieb Ola Lundqvist:
> >>> Sounds good! I have updated dla-needed.txt now.
> >>
> >> I uploaded all thunderbird related packages within a new source package
> >> named thunderbird to NEW on Friday last week. The upload will be
> >> processed by the ftp-masters soon hopefully.
> >> The binary packages haven't changed, expect the version bump to 52.4.0
> >> and the usual small adaptations.
> >> Once the package is accepted I will push my local modifications to
> >> Alioth. If Guido is requesting some earlier access to 52.4.0 I can push
> >> the data before, but I'd prefer to push this all in one go.
> > 
> > Why not tag nd push to git right away? The version is used now anyway
> > even if it should get rejected.
> 
> Right.
> As Chris due a misunderstanding rejected my second upload of
> src:thunderbird I've re-uploaded all now again to NEW with only some
> additional added bug reports that should be closed by this version and
> small modifications of README.source.
> I also pushed all trees and tags to Alioth right now after I got the
> message from DAK.
> 
> On Alioth I moved the folder icedove.git to thunderbird.git and added
> also a symlink from icedove.git to the moved folder. So no matter what
> people are using for getting access to the git tree, they will get it
> under both names.

Thanks. Looks good here on Wheezy. Any idea when the versions for Jessie
and Stretch will be done? Wheezy was a straight rebuild of your work so
Jessie and Stretch should be the same. I'd like to avoid having a newer
version in Wheezy for too long. Since there's not even a MFSA for
Thunderbird yet I assume there are no really critical issues.

Cheers,
 -- Guido



Re: Wheezy update of icedove?

2017-10-17 Thread Carsten Schoenert
Am 15.10.2017 um 23:24 schrieb Guido Günther:
> Hi Carsten,
> On Sun, Oct 15, 2017 at 09:46:15PM +0200, Carsten Schoenert wrote:
>> Hello Ola,
>>
>> Am 15.10.2017 um 13:59 schrieb Ola Lundqvist:
>>> Sounds good! I have updated dla-needed.txt now.
>>
>> I uploaded all thunderbird related packages within a new source package
>> named thunderbird to NEW on Friday last week. The upload will be
>> processed by the ftp-masters soon hopefully.
>> The binary packages haven't changed, expect the version bump to 52.4.0
>> and the usual small adaptations.
>> Once the package is accepted I will push my local modifications to
>> Alioth. If Guido is requesting some earlier access to 52.4.0 I can push
>> the data before, but I'd prefer to push this all in one go.
> 
> Why not tag nd push to git right away? The version is used now anyway
> even if it should get rejected.

Right.
As Chris due a misunderstanding rejected my second upload of
src:thunderbird I've re-uploaded all now again to NEW with only some
additional added bug reports that should be closed by this version and
small modifications of README.source.
I also pushed all trees and tags to Alioth right now after I got the
message from DAK.

On Alioth I moved the folder icedove.git to thunderbird.git and added
also a symlink from icedove.git to the moved folder. So no matter what
people are using for getting access to the git tree, they will get it
under both names.

-- 
Regards
Carsten Schoenert



signature.asc
Description: OpenPGP digital signature


Re: Wheezy update of icedove?

2017-10-15 Thread Guido Günther
Hi Carsten,
On Sun, Oct 15, 2017 at 09:46:15PM +0200, Carsten Schoenert wrote:
> Hello Ola,
> 
> Am 15.10.2017 um 13:59 schrieb Ola Lundqvist:
> > Sounds good! I have updated dla-needed.txt now.
> 
> I uploaded all thunderbird related packages within a new source package
> named thunderbird to NEW on Friday last week. The upload will be
> processed by the ftp-masters soon hopefully.
> The binary packages haven't changed, expect the version bump to 52.4.0
> and the usual small adaptations.
> Once the package is accepted I will push my local modifications to
> Alioth. If Guido is requesting some earlier access to 52.4.0 I can push
> the data before, but I'd prefer to push this all in one go.

Why not tag nd push to git right away? The version is used now anyway
even if it should get rejected.
Cheers,
 -- Guido



Re: Wheezy update of icedove?

2017-10-15 Thread Carsten Schoenert
Hello Ola,

Am 15.10.2017 um 13:59 schrieb Ola Lundqvist:
> Sounds good! I have updated dla-needed.txt now.

I uploaded all thunderbird related packages within a new source package
named thunderbird to NEW on Friday last week. The upload will be
processed by the ftp-masters soon hopefully.
The binary packages haven't changed, expect the version bump to 52.4.0
and the usual small adaptations.
Once the package is accepted I will push my local modifications to
Alioth. If Guido is requesting some earlier access to 52.4.0 I can push
the data before, but I'd prefer to push this all in one go.

-- 
Regards
Carsten Schoenert



signature.asc
Description: OpenPGP digital signature


Re: Wheezy update of icedove?

2017-10-15 Thread Ola Lundqvist
Sounds good! I have updated dla-needed.txt now.

// Ola

On 14 October 2017 at 19:27, Guido Günther  wrote:
> Hi,
> On Sat, Oct 14, 2017 at 07:23:45PM +0200, Ola Lundqvist wrote:
>> Dear maintainers,
>>
>> The Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of icedove:
>> https://security-tracker.debian.org/tracker/source-package/icedove
>>
>> Would you like to take care of this yourself?
>>
>> If yes, please follow the workflow we have defined here:
>> https://wiki.debian.org/LTS/Development
>>
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>>
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>>
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of icedove updates
>> for the LTS releases.
>>
>> Thank you very much.
>
> I can handle that one once we have version in sid.
> Cheers,
>  -- Guido



-- 
 --- Inguza Technology AB --- MSc in Information Technology 
/  o...@inguza.comFolkebogatan 26\
|  o...@debian.org   654 68 KARLSTAD|
|  http://inguza.com/Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---



Re: Wheezy update of icedove?

2017-10-14 Thread Guido Günther
Hi,
On Sat, Oct 14, 2017 at 07:23:45PM +0200, Ola Lundqvist wrote:
> Dear maintainers,
> 
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of icedove:
> https://security-tracker.debian.org/tracker/source-package/icedove
> 
> Would you like to take care of this yourself?
> 
> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
> 
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> 
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
> 
> You can also opt-out from receiving future similar emails in your
> answer and then the LTS Team will take care of icedove updates
> for the LTS releases.
> 
> Thank you very much.

I can handle that one once we have version in sid.
Cheers,
 -- Guido



Wheezy update of icedove?

2017-10-14 Thread Ola Lundqvist
Dear maintainers,

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of icedove:
https://security-tracker.debian.org/tracker/source-package/icedove

Would you like to take care of this yourself?

If yes, please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of icedove updates
for the LTS releases.

Thank you very much.

Ola Lundqvist,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup



Re: Wheezy update of icedove?

2017-06-21 Thread Carsten Schoenert
Hello Raphael,

Am 20.06.2017 um 12:07 schrieb Raphael Hertzog:
> Dear maintainer(s),
> 
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of icedove:
> https://security-tracker.debian.org/tracker/source-package/icedove
> 
> I expect that Guido will take care of this by switching to a newer
> upstream version. Is that correct and what is planned ?

typically Guido is taking care on this so I assume he will this for 52.x
also.

JFR, Upstream is currently preparing a fixup release 52.2.1. as it seems
some users with GMail accounts have problems with 52.2.0. But right now
there is no fixed release date planned. Given the dynamic the Mozilla
guys normally have I expect no release of this fixed version until the
weekend.

-- 
Regards
Carsten Schoenert



signature.asc
Description: OpenPGP digital signature


Wheezy update of icedove?

2017-06-20 Thread Raphael Hertzog
Dear maintainer(s),

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of icedove:
https://security-tracker.debian.org/tracker/source-package/icedove

I expect that Guido will take care of this by switching to a newer
upstream version. Is that correct and what is planned ?

Raphaël Hertzog,
  on behalf of the Debian LTS team.
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/



Re: Wheezy update of icedove?

2017-01-02 Thread Guido Günther
Hi,
On Mon, Jan 02, 2017 at 08:44:14PM +, Chris Lamb wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of icedove:
> https://security-tracker.debian.org/tracker/source-package/icedove
> 
> Would you like to take care of this yourself?
> 
> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
> 
> If that workflow is a burden to you, feel free to just prepare an
> updated source package and send it to debian-lts@lists.debian.org
> (via a debdiff, or with an URL pointing to the source package,
> or even with a pointer to your packaging repository), and the members
> of the LTS team will take care of the rest. Indicate clearly whether you
> have tested the updated package or not.
> 
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
> 
> You can also opt-out from receiving future similar emails in your
> answer and then the LTS Team will take care of icedove updates
> for the LTS releases.

I'll handle icedove as usual.
Cheers,
 -- Guido



Wheezy update of icedove?

2017-01-02 Thread Chris Lamb
Hello dear maintainer(s),

the Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of icedove:
https://security-tracker.debian.org/tracker/source-package/icedove

Would you like to take care of this yourself?

If yes, please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of icedove updates
for the LTS releases.

Thank you very much.

Chris Lamb,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-