Re: jessie-security packages missing from ftp-master

Hi Adam, Following up on some issues: On Sun, Jun 10, 2018 at 07:35:16PM +0100, Adam D. Barratt wrote: > Is it worth retrying any of these? > > * graphicsmagick 1.3.20-3+deb8u2 (powerpc) Tried a giveback, but it's a persistent test suite which breaks the build. Not sure. > * mariadb-10.0

Re: Your upload of goldencheetah to stretch

Jonathan Wiltshire schrieb: > Hi, > > You uploaded goldencheetah 4.0.0~DEV1607-2+deb9u1 to proposed-updates but > with a target suite of stretch-security. Was that meant to go to the > security archive? This was released via the security update, it was part of the compat changes

Re: Scheduling final Jessie point release, 8.11

On Mon, May 14, 2018 at 06:26:08PM +0100, Jonathan Wiltshire wrote: > Hi, > > According to my records main security support for Jessie can end any time > after 17th June. > > So to the security team: do you have a date in mind? The 17th :-) Cheers, Moritz

Re: openafs bug 886768

On Tue, Feb 20, 2018 at 01:56:12PM -0600, Benjamin Kaduk wrote: > On Tue, Feb 20, 2018 at 08:51:16PM +0100, Salvatore Bonaccorso wrote: > > Hi Thorsten, > > > > On Tue, Feb 20, 2018 at 02:45:48PM +0100, Thorsten Alteholz wrote: > > > Hi everybody, > > > > > > the latest security update of the

Bug#885183: stretch-pu: package ntopng/2.4+dfsg1-3+deb9u1

On Mon, Dec 25, 2017 at 09:26:58PM +0100, Ludovico Cavedon wrote: > - #866721 and #866719, which are securirity-related issues. Do you want > me to reach out to the security team about these first? Those are marked no-dsa for quite a while, so not needed. Cheers, Moritz

Re: Bug#885172: transition: libsodium

Emilio Pozuelo Monfort schrieb: > DSA shut down the kfreebsd buildds. Is that a temporary measure or permanently due to the state of the port? (Just wondering since there's unofficial security builds for kfreebsd-* despite not being a release arch; if that also affects those

Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

On Sun, Nov 26, 2017 at 01:52:04PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Fri, 2017-11-24 at 23:18 +0100, Moritz Muehlenhoff wrote: > > I'd like to add a fix for a minor security issue in Python 2.7 to the > > as a followup update to what's already in spu. debdiff is

Re: Proposed (lib)curl switch to openssl 1.1

Sebastian Andrzej Siewior schrieb: > I did a grep and it seems that all affected users are blocked by > #858398 except for hhvm. I have patches to switch HHVM to openssl 1.1, only need to find some time to prepare an upload. Cheers, Moritz

Bug#873103: [release.debian.org] Plan for imagemagick7 landing before next stable

On Thu, Aug 24, 2017 at 05:23:53PM +0200, Bastien ROUCARIÈS wrote: > Package: release.debian.org > Severity: wishlist > > Hi, > > I plan to release imagemagick 7 before next stable version. And I want to > coexist imagemagick6 and imagemagick7. Why? That means twice the security updates (which

Bug#869414: package smplayer/16.11.0~ds0-1+deb9u1

On Sun, Jul 23, 2017 at 12:20:25PM +0200, Mateusz Łukasik wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian@packages.debian.org > Usertags: pu > > Dear SRMs, > > I would like to update smplayer in Stretch to fix #869411, it was already > fixed in

Bug#867461: should ca-certificates certdata.txt synchronize across all suites?

On Fri, Jul 21, 2017 at 09:51:45AM -0400, Antoine Beaupré wrote: > On 2017-07-20 18:15:00, Philipp Kern wrote: > > On 07/17/2017 09:41 PM, Antoine Beaupré wrote: > >> Let's not jump the gun here. We're not shipping NSS in ca-certificates, > >> just a tiny part of it: one text file, more or less. >

Bug#868459: stretch-pu: package libquicktime/2:1.2.4-10+deb9u1

Salvatore Bonaccorso wrote: > > Unfortunately, I've had to flag the upload for rejection - it's somehow > > picked up a new dependency on "libschroedinger-1.0-0 (>= 1.0.0)", but > > that binary package is not in stretch. > > Hmm, could it be the building chroot was unclean (contained jessie >

Bug#868459: stretch-pu: package libquicktime/2:1.2.4-10+deb9u1

On Sat, Jul 15, 2017 at 09:19:08PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sat, 2017-07-15 at 19:12 +0200, Moritz Muehlenhoff wrote: > > some minor security fixes for libquicktime, identical to what's > > already in unstable and also tested with reverse deps on

Bug#863915: unblock: webkit2gtk/2.16.3-2

Adam wrote: > I'm not entirely sure how you think p-u is better placed to do so, given > the amount of visible testing packages from it get before a point > release. It's not necessarily for the additional testing done on p-u (although I personally use it like that and probably others well),

Bug#827061: transition: openssl

On Sat, Jan 28, 2017 at 07:37:09PM +0100, Julien Cristau wrote: > On Sat, Jun 11, 2016 at 20:59:53 +0200, Kurt Roeckx wrote: > > > OpenSSL will soon release a new upstream version with a new > > soname. This new version will break various packages, see: > >

Re: Draft for taging 32 RC bugs with can-defer, will-remove or is-blocker

Niels Thykier schrieb: >> 852603 virglrenderer can-defer virglrenderer: >> CVE-2016-10163 >> 852604 virglrenderer can-defer virglrenderer: >> CVE-2017-5580 This hasn't been in a stable release yet and it already orphaned. If noone

Re: embedding openssl source in sslcan

On Thu, Jan 05, 2017 at 09:39:16PM +0100, Sebastian Andrzej Siewior wrote: > On 2016-12-31 17:35:47 [+0100], Julien Cristau wrote: > > Is this really something we need to be shipping? If yes, I'd personally > > really like this to get an explicit exemption from normal policy by the > > security

Bug#829606: jessie-pu: package duck/0.7+deb8u1

On Sun, Aug 28, 2016 at 03:55:24PM +0100, Adam D. Barratt wrote: > Control: tags -1 +confirmed -moreinfo > > [re-ordered] > > > Am 2016-07-29 um 14:20 schrieb Julien Cristau: > > > Control: tag -1 moreinfo > > > > > > On Mon, Jul 4, 2016 at 18:22:46 +0200, Simon Kainz wrote: > [...] > > >>

Bug#843905: jessie-pu: package akonadi/1.13.0-2+deb8u2

> > The latest security upload of mysql-5.5 breaks akonadi-backend-mysql in > stable, > this is due to a change in the compiled-in configuration values that are > incompatible with the ones shipped in the akonadi backend *. > > In the bug #843520 [1] the mysql maintainers requested this to be

Re: Porter roll call for Debian Stretch

Niels Thykier schrieb: > If I am to support powerpc as a realease architecture for Stretch, I > need to know that there are *active* porters behind it committed to > keeping it in the working. People who would definitely catch such > issues long before the release. People who

Re: Bug#839226: [PATCH] cups : SSL is vulnerable to POODLE

Hi Didier, > Have we removed protocols' support in {old,}stable before?. We have done that on a case-by-case basis via point updates in the past, seems also fine here. Cheers, Moritz

Re: Porter roll call for Debian Stretch

John Paul Adrian Glaubitz schrieb: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > --a6PKWkjgHofM7jQeP6IIWOK9h7Ax8iC64 > Content-Type: multipart/mixed; boundary="bwOPGPFUk1EHlmixEJpS4SCMBBipFWjH9"; > protected-headers="v1" > From: John Paul Adrian

Re: The (uncalled for) toolchain maintainers roll call for stretch

Matthias Klose wrote: > Afaiu the security team also doesn't care > about these ports when they fail to build for security updates. Indeed. The openjdk updates are already really time-consuming, we can't afford additional update rounds for exotic archs without official upstream support. Cheers,

Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1

buzz (0.9.35-2+deb8u1) jessie; urgency=medium > > + > > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b to > > address > > +CVE-2016-2052 > > + > > + -- Moritz Mühlenhoff <j...@debian.org> Mon, 30 May 2016 23:49:46 +0200 > > + &g

Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1

Aurelien Jarno schrieb: > On 2016-08-14 16:00, Salvatore Bonaccorso wrote: >> Package: release.debian.org >> Severity: normal >> Tags: jessie >> User: release.debian@packages.debian.org >> Usertags: pu >> >> Dear SRM >> >> I would like to propose the following

Bug#829135: jessie-pu: package python2.7/2.7.9-2+deb8u1

On Tue, Jul 12, 2016 at 09:55:23PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2016-06-30 at 22:17 +0200, Moritz Muehlenhoff wrote: > > +python2.7 (2.7.9-2+deb8u1) jessie; urgency=medium > > + > > + * Backport upstream commit b3ce713fb9beebfff9848cefa0acbd59acc68fe9

Bug#829136: jessie-pu: package harfbuzz/0.9.35-2+deb8u1

On Tue, Jul 12, 2016 at 09:56:12PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2016-06-30 at 22:19 +0200, Moritz Muehlenhoff wrote: > > +harfbuzz (0.9.35-2+deb8u1) jessie; urgency=medium > > + > > + * Backport upstream commit 613e630617074eb9b62b794cc37c9b42a7fb079b

Re: Dropping src:torque from archive? (was: Re: Bug#767411: torque: should not be released with jessie)

On Sat, May 28, 2016 at 08:32:04PM +0200, Salvatore Bonaccorso wrote: > Hi all, > > On Sat, Nov 01, 2014 at 08:50:05PM +0100, Moritz Mühlenhoff wrote: > > On Sat, Nov 01, 2014 at 02:30:02PM -0400, Michael Gilbert wrote: > > > On Sat, Nov 1, 2014 at 11:46 AM, Sa

Bug#818549: jessie-pu: package icedtea-web/1.5.3-1

On Tue, May 24, 2016 at 09:34:49PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Thu, 2016-03-17 at 23:06 +0100, Moritz Muehlenhoff wrote: > > I'd like to update icedtea-web in jessie to 1.5.3 in the next > > jessie point release. This fixes two security issues

Bug#825127: RM: mediawiki/1:1.19.20+dfsg-2.3

On Mon, May 23, 2016 at 09:48:30PM +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo jessie > > On Mon, 2016-05-23 at 22:33 +0200, Moritz Muehlenhoff wrote: > > please remove mediawiki in the upcoming jessie point release. Security > > support for it was limited for a year as mentioned

Bug#818549: jessie-pu: package icedtea-web/1.5.3-1

On Thu, Mar 17, 2016 at 11:06:05PM +0100, Moritz Muehlenhoff wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Hi, > I'd like to update icedtea-web in jessie to 1.5.3 in the next > jessie point release. This

Bug#822616: jessie-pu: package poppler/0.26.5-2+deb8u1

On Mon, Apr 25, 2016 at 07:16:02PM +0200, Pino Toscano wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Hi, > > simple jessie-pu for poppler, just fixed in unstable, which fixes > CVE-2015-8868; attached

Re: New oldstable-proposed-updates diff: tomcat6 6.0.45+dfsg-1~deb7u1

On Tue, Mar 29, 2016 at 11:23:30PM +0200, Markus Koschany wrote: > Am 29.03.2016 um 23:01 schrieb Moritz Mühlenhoff: > > On Tue, Mar 29, 2016 at 10:03:56PM +0200, Markus Koschany wrote: > >> The Security Team decided to mark the issues in Jessie as no-dsa because > >> w

Bug#818615: jessie-pu: package gtk+2.0

On Thu, Mar 24, 2016 at 06:35:55AM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2016-03-23 at 23:12 +0100, Moritz Mühlenhoff wrote: > [...] > > > > > On Fri, 2016-03-18 at 19:33 +0100, Moritz Muehlenhoff wrote: > > > > > > I

Bug#819119: jessie-pu: package libsndfile/1.0.25-9.1+deb8u1

On Wed, Mar 23, 2016 at 10:11:32PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2016-03-23 at 22:56 +0100, Moritz Muehlenhoff wrote: > > Another update for no-dsa security issues, this time in libsndfile. > > The patches have been used in unstable for over four months,

Bug#818615: jessie-pu: package gtk+2.0

tags 818615 -moreinfo thanks On Tue, Mar 22, 2016 at 07:56:40PM +, Adam D. Barratt wrote: > On Fri, 2016-03-18 at 20:58 +0100, Salvatore Bonaccorso wrote: > > HI Adam, > > > > Not Moritz here but can answer the question as well: > > > > On Fri, Mar 18, 2016 at 07:22:34PM +, Adam D.

Bug#818801: jessie-pu: package cairo/1.14.0-2.1+deb8u1

On Sun, Mar 20, 2016 at 06:43:48PM +, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2016-03-20 at 19:33 +0100, Moritz Muehlenhoff wrote: > > +cairo (1.14.0-2.1+deb8u1) jessie; urgency=medium > > + > > + * Fix CVE-2016-3190 > > I'd prefer a slightly more detailed

Bug#818150: jessie-pu: package php5/5.6.19+dfsg-0+deb8u1

On Mon, Mar 14, 2016 at 11:00:12AM +0100, Ondřej Surý wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > security team still seems to be heavily

Bug#816198: jessie-pu: package php-dompdf/0.6.1+dfsg-2

On Sun, Feb 28, 2016 at 07:42:46PM +0100, Salvatore Bonaccorso wrote: > Hi Markus, > > Just one note: > > On Sun, Feb 28, 2016 at 06:22:08PM +0100, Markus Frosch wrote: > > +php-dompdf (0.6.1+dfsg-2+deb8u1) UNRELEASED; urgency=medium > > + > > + * Non-maintainer upload. > > + * [22610bd] Add

Re: Opinion about linux-grsec in a stable release

On Wed, Mar 02, 2016 at 09:01:34PM +0100, Yves-Alexis Perez wrote: > On mer., 2016-03-02 at 20:06 +0100, Moritz Muehlenhoff wrote: > > Before considering that, did anyone approch grsecurity whether we can get > > access to the grsecurity stable patches? We would most definitely have > > Debian >

Dropping jasper from stretch

Hi, see 812630/816228 (also discussed with Roland): Security team would to drop jasper from stretch (and eventually from the archive). Some high-profile users like gdk-pixbuf already had it dropped some time ago. Ok with the release team? Could you please setup a removal/transition tracker for

Re: wheezy-security to wheezy-lts transition

On Mon, Feb 22, 2016 at 06:42:20PM +0100, Guido Günther wrote: > Hi Adam, > On Sat, Feb 20, 2016 at 02:27:27PM +, Adam D. Barratt wrote: > > [apologies to anyone who's ended up with three copies of this; the > > original got eaten due to a misconfiguration on my side - please only > > reply to

Re: Kernel version for stretch

On Thu, Jan 28, 2016 at 08:15:30PM +, Ben Hutchings wrote: > On Thu, 2016-01-28 at 20:01 +0100, Moritz Mühlenhoff wrote: > > Ben Hutchings <b...@decadent.org.uk> wrote: > > > For stretch, I would very much like to choose a kernel version for > > > stretch that

Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]

On Fri, Jan 15, 2016 at 04:09:58PM +0100, Norvald H. Ryeng wrote: > so I'll need the complete list of > requirements first. The Debian MySQL team has asked for a list, in > writing, several times now, but that list has not been produced. Here's what it essentially boils down to: - Public,

Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]

On Mon, Jan 11, 2016 at 08:14:06PM +, Robie Basak wrote: > On Mon, Jan 11, 2016 at 07:27:30PM +0100, Moritz Mühlenhoff wrote: > > *Sigh*. And that is exactly the problem (and we've already pointed this > > out at DebConf half a year ago) > > > > We should reall

Re: Request for release team decision on MySQL and MariaDB [was: Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6]

On Mon, Jan 11, 2016 at 02:13:40PM +0100, Norvald H. Ryeng wrote: > On Mon, 11 Jan 2016 13:59:07 +0100, Otto Kekäläinen wrote: > > >2016-01-11 13:54 GMT+02:00 Norvald H. Ryeng : > >>On Mon, 28 Dec 2015 13:28:18 +0100, Otto Kekäläinen >

Bug#765639: Bug#802159: New OpenSSL upstream version

Hi, Personally I'm in favour of following the openssl point updates and I'd like to add an additional data point to the discussion: CVE-2015-3196 was already fixed as a plain bugfix in an earlier point release, but the security impact was only noticed later on, so following the point updates

Bug#803336: RM: mopidy/1.1.1-1

On Thu, Oct 29, 2015 at 08:48:27AM +, Julien Cristau wrote: > On Wed, Oct 28, 2015 at 23:06:07 +0100, Moritz Muehlenhoff wrote: > > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: rm > > > > Hi, > > please remove mopidy as

Bug#803410: jessie-pu: package libvdpau/0.8-3+deb8u2

On Thu, Oct 29, 2015 at 07:52:23PM +, luca wrote: > Package: release.debian.org > Severity: normal > Tags: jessie > User: release.debian@packages.debian.org > Usertags: pu > > Dear release team, > > We would like to update libvdpau in jessie to address a segmentation fault in > a >

Bug#796281: jessie-pu: package pcre3/2:8.35-3.3+deb8u1

On Tue, Sep 15, 2015 at 09:16:48PM +0100, Adam D. Barratt wrote: > Control: tags -1 -moreinfo +confirmed > > On Fri, 2015-09-11 at 20:24 +0200, Moritz Mühlenhoff wrote: > > On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote: > > > Control: tags -1 + moreinfo &

Bug#796281: jessie-pu: package pcre3/2:8.35-3.3+deb8u1

On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > On Fri, 2015-08-21 at 01:35 +0200, Moritz Muehlenhoff wrote: > > This update fixes four minor security issues which don't warrant > > a DSA. These have been tested in a production setup and were > >

Bug#786830: wheezy-pu: package debian-security-support

On Sat, Aug 29, 2015 at 04:15:55PM +0100, Adam D. Barratt wrote: Control: tags -1 + confirmed On Mon, 2015-05-25 at 23:13 +0200, Moritz Muehlenhoff wrote: it has been requested multiple times to also provide debian-security-support for wheezy. All the data relevant for wheezy is

Bug#796281: jessie-pu: package pcre3/2:8.35-3.3+deb8u1

On Fri, Aug 21, 2015 at 03:59:15PM +0100, Adam D. Barratt wrote: Control: tags -1 + moreinfo On Fri, 2015-08-21 at 01:35 +0200, Moritz Muehlenhoff wrote: This update fixes four minor security issues which don't warrant a DSA. These have been tested in a production setup and were working

Re: Bug#793316: [debian-mysql] Bug#793316: transition: mysql-5.6

Clint Byrum spam...@debian.org schrieb: I'd be interested to hear the security team's impressions on how shipping micro releases of MySQL has gone for them. We're planning to discuss that at DebConf (and will also include the release team). Sure they have a _ridiculous_ policy about not

Re: Bug#763148: Prevent migration to jessie

Andreas Cadhalpun wrote: But having mysql-5.5 and mariadb-10.0 in jessie is apparently no problem, despite previous claims. What's the difference? To properly migrate over a daemon they need to co-exist for a stable release, while a lib does not. Stretch will only have one of them. How do

Re: Bug#763148: Prevent migration to jessie

On Wed, Apr 29, 2015 at 08:33:07PM +0200, Andreas Cadhalpun wrote: Having both for a year along each other will only waste people's time. Now at the beginning of the release cycle is the time to make a decision, not by dragging things into a year as of today. Picking one of the two won't

Bug#782769: unblock: chromium-browser/42.0.2311.90-1

On Sun, Apr 26, 2015 at 11:57:43AM +0100, Jonathan Wiltshire wrote: On Fri, Apr 17, 2015 at 05:21:05PM +0200, Moritz Muehlenhoff wrote: Please unblock package chromium-browser. It fixes multiple security issues (and would also need some aging at this point) Should this be progressed to

Bug#782770: unblock: openjdk-7/7u79-2.5.5-1

tOn Thu, Apr 23, 2015 at 10:03:02PM +0100, Jonathan Wiltshire wrote: Control: tag -1 moreinfo On Fri, Apr 17, 2015 at 05:23:39PM +0200, Moritz Muehlenhoff wrote: Please unblock package openjdk-7. It fixes multiple security issues. ATM the build failed on mips (that was sorted out with a

Re: Bug#746946: wheezy-pu: package distro-info-data/0.23~deb7u1

On Thu, Apr 16, 2015 at 04:02:23PM +0200, Raphael Hertzog wrote: Yes there are packages which are unsupported in Squeeze but very much like there are unsupported packages in Wheezy right now: Also, all other distros with long support have some level of reduced support over time, see for example

Bug#778332: RM: oss4/4.2-build2010-1.1

On Wed, Mar 04, 2015 at 09:46:20AM +0100, Ivo De Decker wrote: Hi, On Fri, Feb 13, 2015 at 05:52:36PM +0100, Moritz Muehlenhoff wrote: please remove oss4 from jessie. There's been no maintainer followup since a month (plus no action back then we Ben initially reported it to the

Bug#775892: unblock (pre-approval): python-django/1.7.3-1

On Fri, Jan 23, 2015 at 02:26:06PM +0100, Raphael Hertzog wrote: On Wed, 21 Jan 2015, Raphael Hertzog wrote: Some notes: - the final upload will include the bug closure of #775375 - there's a small tweak of a Suggests dependency, it was not intended for jessie but I don't see how it can

Bug#774211: freeze exception for binutils 2.25-3

On Tue, Dec 30, 2014 at 12:29:35PM +0100, Matthias Klose wrote: forgot to mention that there are no regression in the binutils testsuite on all release architectures, and that there are no regression in the gcc-4.8 and gcc-4.9 testsuites on all release architectures. Did someone from the

Bug#774299: wheezy-pu: openssl: disable SSLv3 by default

On Wed, Dec 31, 2014 at 04:41:29PM +0100, Kurt Roeckx wrote: On Wed, Dec 31, 2014 at 02:00:23PM +, Adam D. Barratt wrote: Control: tags -1 + moreinfo On Wed, 2014-12-31 at 13:52 +0100, Kurt Roeckx wrote: I would like to disable SSLv3 by default in wheezy. Do we know how well

Bug#770463: unblock: dhcpcd5/6.0.5-2

On Fri, Nov 21, 2014 at 08:30:37PM +0100, Niels Thykier wrote: On 2014-11-21 14:56, Salvatore Bonaccorso wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please unblock package dhcpcd5, which

Re: binNMUs for dpkg-buildflags / -fstack-protector-strong

On Sat, Nov 08, 2014 at 03:27:26PM +, Julien Cristau wrote: On Sat, Nov 8, 2014 at 10:29:17 +0100, Moritz Mühlenhoff wrote: On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote: On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014

Re: binNMUs for dpkg-buildflags / -fstack-protector-strong

On Sun, Nov 02, 2014 at 11:53:44PM +0100, Moritz Muehlenhoff wrote: On Sun, Nov 02, 2014 at 06:19:51PM +0100, Julien Cristau wrote: On Tue, Sep 23, 2014 at 22:36:43 +0200, Moritz Mühlenhoff wrote: Sorry I didn't get to these quickly. Do you have an updated list and/or package versions

Re: Bug#767411: torque: should not be released with jessie

On Sat, Nov 01, 2014 at 02:30:02PM -0400, Michael Gilbert wrote: On Sat, Nov 1, 2014 at 11:46 AM, Salvatore Bonaccorso wrote: Given Dominique's reply on #767411, from my POV I think the best solution would be to remove torque completely for jessie (i.e. first drop support from openmpi to be

Re: Bug#763278: wheezy-pu: gcc-4.9/4.9.1-14~deb7u1

Adam D. Barratt a...@adam-barratt.org.uk schrieb: On 2014-10-01 13:25, Moritz Mühlenhoff wrote: Adam D. Barratt a...@adam-barratt.org.uk schrieb: The alternative is to drop chromium security support for wheezy way too soon. They're not the only alternatives. Granted, they may be the only

Re: Bug#763278: wheezy-pu: gcc-4.9/4.9.1-14~deb7u1

Adam D. Barratt a...@adam-barratt.org.uk schrieb: The alternative is to drop chromium security support for wheezy way too soon. They're not the only alternatives. Granted, they may be the only ones which you're willing to support. What other alternatives do you have in mind? Cheers,

Re: Bug#763148: Prevent migration to jessie

On Wed, Oct 01, 2014 at 04:32:24PM +0200, Andreas Cadhalpun wrote: However, I can understand why one embedded code copy is better than one embedded code copy plus a library in addition to it. This would be understandable, yes. There are now two options: a) Let FFmpeg migrate to testing

Re: Bug#763148: Prevent migration to jessie

On Sun, Sep 28, 2014 at 11:27:03AM +0200, Andreas Cadhalpun wrote: So would you please explain why you see a problem? It has all been written before, I'm not going to repeat it all over again. We can pick libav _or_ ffmpeg for jessie+1. EOD for me. Chromium using a local copy of the lib doesn't

Re: FFmpeg in Jessie

Alessio Treglia ales...@debian.org schrieb: On Fri, Sep 26, 2014 at 10:28 PM, Andreas Barth a...@ayous.org wrote: That sounds like we should drop libav and release with ffmpeg. Is this also the opinion of the libav maintainers? Or is there a strong reason why this is not possible? Although

Re: [debian-mysql] MySQL in Jessie

On Sat, Sep 20, 2014 at 04:04:11PM +0300, Otto Kekäläinen wrote: Hello! 2014-09-17 22:57 GMT+03:00 Moritz Mühlenhoff j...@inutil.org: Has there been any progress? The freeze is coming closer. Both MySQL 5.6 and MariaDB 10.0 are still only in experimental. The 5.5 versions are in testing

Re: binNMUs for dpkg-buildflags / -fstack-protector-strong

On Sat, Sep 20, 2014 at 02:18:34PM +0200, Julien Cristau wrote: On Sat, Sep 20, 2014 at 12:53:54 +0200, Moritz Muehlenhoff wrote: On Sat, Sep 20, 2014 at 10:45:00AM +0200, Julien Cristau wrote: On Wed, Sep 17, 2014 at 22:29:10 +0200, Moritz Muehlenhoff wrote: Hi release team,

Re: [debian-mysql] MySQL in Jessie

On Wed, Aug 27, 2014 at 12:55:15PM +0200, Bjoern Boschman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 moin, to sum things up: * mariadb-5.5 within testing * mariadb-10.0 within experimental * mysql-5.5 within testing * mysql-5.6 within experimental *

Bug#757342: wheezy-pu: package php5/5.4.31-0+deb7u1

On Wed, Aug 20, 2014 at 12:07:03PM +0200, Ondřej Surý wrote: On Wed, Aug 20, 2014, at 11:53, Moritz Mühlenhoff wrote: On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote: Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org

Bug#757342: wheezy-pu: package php5/5.4.31-0+deb7u1

On Thu, Aug 07, 2014 at 11:37:30AM +0200, Ondřej Surý wrote: Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear release team, as discussed on #debian-release about

Re: Bug#758492: RM: lcms/1.19.dfsg2-1.5

Niels Thykier ni...@thykier.net schrieb: This in fact requires a bit more time, see below: Checking reverse dependencies... # Broken Depends: devil: libdevil1c2 I've reopened the bug, a resolution is pending. foo2zjs: printer-driver-foo2zjs This is #757384 gimp: gimp I've reopened the

Bug#751976: pu: package cmus/2.4.3-2+deb7u1

:09.0 +0200 +++ cmus-2.4.3/debian/changelog 2014-06-18 14:18:17.0 +0200 @@ -1,3 +1,10 @@ +cmus (2.4.3-2+deb7u1) wheezy; urgency=low + + * Fix FTBFS related to the libmodplug upgrade in DSA 2751, patch as used in +2.5.0-4 (Closes: #724181) + + -- Moritz Mühlenhoff muehlenh

Bug#751976: pu: package cmus/2.4.3-2+deb7u1

Hi all, I've just noticed the last message on #724181, and I am sorry about the late reply. On Wed, Jun 18, 2014 at 1:25 PM, Moritz Mühlenhoff muehlenh...@univention.de wrote: Hi, attached debdiff fixes a FTBFS of cmus in stable. Should I wait for the ACK from the release team

Re: Updating tor (was: Upcoming stable point release (7.6))

Peter Palfrader wea...@debian.org schrieb: Hi! On Wed, 11 Jun 2014, Adam D. Barratt wrote: The next point release for wheezy (7.6) is scheduled for Saturday, July 12th. Stable NEW will be frozen during the preceding weekend. I propose to update Tor in stable to the version that is now in

Bug#744850: pu: package gst-plugins-bad0.10/0.10.23-7.1+deb7u1

Control: tags -1 + confirmed On Tue, 2014-04-15 at 14:51 +0200, Moritz Mühlenhoff wrote: Attached debdiff fixes a FTBFS of gst-plugins-bad0.10 in stable (caused by the libmodplug update in DSA 2751) Please go ahead. Uploaded. Cheers, Moritz -- Moritz Mühlenhoff Open Source Software

Bug#744850: pu: package gst-plugins-bad0.10/0.10.23-7.1+deb7u1

) stable; urgency=low + + * Fix FTBFS related to the libmodplug upgrade in DSA 2751 (Closes: #726871) + + -- Moritz Mühlenhoff muehlenh...@univention.de Mon, 07 Apr 2014 15:56:32 +0200 + gst-plugins-bad0.10 (0.10.23-7.1) unstable; urgency=low * Non-maintainer upload. diff -Nru gst-plugins

Bug#742703: pu: package gorm.app/1.2.16-1+deb7u1

Control: tags -1 + confirmed On Wed, 2014-03-26 at 15:05 +0100, Moritz Mühlenhoff wrote: gorm.app FTBFSes in stable. The attached debdiff fixes the build using the same patch already used in the NMU for unstable. Please go ahead; thanks. Uploaded. Cheers, Moritz -- Moritz Mühlenhoff

Re: Bug#739069: wheezy-pu: package sage-extension/1.5.2-1~deb7u1

Adam D. Barratt a...@adam-barratt.org.uk schrieb: Control: tags -1 + moreinfo Apologies for the delays in getting back to this. On Sat, 2014-02-15 at 17:53 +0100, Sébastien Villemot wrote: The version of sage-extension currently in wheezy does not work against iceweasel 24 (in

Bug#742793: RM: t1lib/5.1.2-4

On Thu, Mar 27, 2014 at 10:05:09PM +0100, Mehdi Dogguy wrote: Le 2014-03-27 20:08, Niels Thykier a écrit : I noticed that the fix for gtkmathview is sadly incomplete (see #638761). AFAICT lablgtkmathview does not have an (open) RC bug for this problem. I hace CC'ed the OCAML maintainers to

Re: Bug#739069: wheezy-pu: package sage-extension/1.5.2-1~deb7u1

Moritz Mühlenhoff j...@inutil.org schrieb: Thus we either have to assume that most users have already upgraded to 24 from security and that the extension packages are most likely not used on the missing architectures (ia64 and mips*), If there's no reaction soon I recommend to follow

Bug#742703: pu: package gorm.app/1.2.16-1+deb7u1

gorm.app-1.2.16/debian/changelog --- gorm.app-1.2.16/debian/changelog +++ gorm.app-1.2.16/debian/changelog @@ -1,3 +1,10 @@ +gorm.app (1.2.16-1+deb7u1) stable; urgency=low + + * Fix FTBFS using the same patch already used in the 1.2.16-1.1 NMU by +Gregor Herrmann (Closes: #707393) + + -- Moritz

Bug#741232: pu: package newsbeuter/2.5-2+deb7u1

=low + + * Fix FTBFS issue due to json's switch from boolean to json_bool (Closes: #689225) + + -- Moritz Mühlenhoff muehlenh...@univention.de Thu, 27 Feb 2014 14:42:50 +0100 + newsbeuter (2.5-2) unstable; urgency=low * Fix build errors with gcc-4.7 (Closes: #667296). diff -Nru newsbeuter

Bug#739079: transition: libav10

On Tue, Feb 18, 2014 at 08:16:05PM +0100, Sebastian Ramacher wrote: (Putting the bug back into the loop.) On 2014-02-16 21:47:25, Moritz Mühlenhoff wrote: On Sun, Feb 16, 2014 at 03:44:01PM -0500, Reinhard Tartler wrote: On Sun, Feb 16, 2014 at 11:22 AM, Moritz Mühlenhoff j...@inutil.org

Bug#739079: transition: libav10

On Sat, Feb 15, 2014 at 08:57:47PM +0100, Julien Cristau wrote: On Sat, Feb 15, 2014 at 19:37:54 +0100, Sebastian Ramacher wrote: Hi Reinhard On 2014-02-15 17:42:41, Reinhard Tartler wrote: Unfortunately, this new release does break a number of packages in the debian archive. At

Re: Bug#739079: transition: libav10

Reinhard Tartler siret...@tauware.de schrieb: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi, We have a new libav transition pending. Libav 10 is prepared in debian/experimental, and I've started to build packges against

Re: Bug#739079: transition: libav10

On Sun, Feb 16, 2014 at 03:44:01PM -0500, Reinhard Tartler wrote: On Sun, Feb 16, 2014 at 11:22 AM, Moritz Mühlenhoff j...@inutil.org wrote: Reinhard Tartler siret...@tauware.de schrieb: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags

Bug#731735: pu: package glance/2012.1.1-5+deb7u1

I have prepared an update for Glance over here: http://archive.gplhost.com/pub/security/glance/ The security tracker lists this issue as potentially open in Wheezy: https://security-tracker.debian.org/tracker/CVE-2013-4354 Does this affect stable and is there a fix which can be included

Bug#719632: Prepared a new Wheezy update for Nova

Here's the new changelog, with the remarks of J.Cristau taken into account: [ Thomas Goirand ] * CVE-2013-4261: [OSSA 2013-026] Fix problem with long messages in Qpid. * CVE-2013-2096: [OSSA 2013-012] Check QCOW2 image size during root disk creation (Closes: #710157). The security tracker

Bug#717852: pu: package devscripts/2.12.6+deb7u1

On Thu, Oct 03, 2013 at 07:05:46PM +0100, Adam D. Barratt wrote: Control: tags -1 + confirmed On Fri, 2013-07-26 at 16:59 +0200, Moritz Muehlenhoff wrote: On Thu, Jul 25, 2013 at 05:18:02PM +0100, Adam D. Barratt wrote: diff -Nru devscripts-2.12.6/scripts/build-rdeps.pl [...] -my

Re: Call for Jessie Release Goals

Jonathan Wiltshire j...@debian.org schrieb: Goals which were accepted for the Wheezy cycle, but did not reach completion, can be carried over for Jessie. However, we require re-submission of those goals (and any that have been discussed up until now - we are starting with a clean slate) to

Re: Call for Jessie Release Goals

On Wed, Sep 25, 2013 at 07:06:37PM +0200, Niels Thykier wrote: On 2013-09-25 19:02, Moritz Mühlenhoff wrote: Jonathan Wiltshire j...@debian.org schrieb: Goals which were accepted for the Wheezy cycle, but did not reach completion, can be carried over for Jessie. However, we require re

Re: Roll call for porters of architectures in sid and testing (Status update)

John David Anglin dave.ang...@bell.net schrieb: On 21-Sep-13, at 7:23 PM, Ben Hutchings wrote: I'll continue testing/software development activity on ia64 for the Jessie cycle, and more generally, until Debian drops ia64. I'm already waiting for Wayland on ia64 and other big updates. So

Bug#706798: transition: Libav 9

On Fri, Sep 06, 2013 at 05:06:03PM +0200, Moritz Mühlenhoff wrote: Hi, two more testing removals related to the libav9 transition: - libavg 1.7.1-3 fails to build for unrelated boost reasons. Popcon is virtually non-existant. - imageshack-uploader 2.2+hg20100408.d802dea89428-5.1 patch

<    1   2   3   >