Re: Y2038-safe replacements for utmp/wtmp and lastlog

> "Chris" == Chris Hofstaedtler writes: Chris> Fellow Developers, Chris> you are probably aware of the time_t-64bit migration :-) Chris> However, this does not magically transition all data formats to 64bit Chris> times. One such instance is the set of utmp/wtmp and lastlog

Bug#1036884: 64-bit time_t: updated archive analysis, proposed transition plan with timeline

> "Ansgar" == Ansgar writes: Ansgar> As far as I understand this approach will break any consumer Ansgar> on a library whose ABI changes to to the ABI changes Ansgar> introduced here unless the consumer is built with the flags Ansgar> from `dpkg-buildflags` (which would now

Re: severity of bugs that FTBFS because of missing B-D

> "Johannes" == Johannes Schauer Marin Rodrigues writes: >> also because technically it's the right decision from the release >> team. these bugs are *currently*, in real life, merely cosmetic. Johannes> I disagree they are cosmetic or otherwise I would not've Johannes>

Re: Upcoming changes to Debian Linux kernel packages

> "Bastian" == Bastian Blank writes: Bastian> The same as now: nowhere, because those packages have been Bastian> removed from the archive already. Bastian> And sadly you did not answer the question why a second Bastian> degree error must not be worse then a worked around

Re: Upcoming changes to Debian Linux kernel packages

> "Bastian" == Bastian Blank writes: Bastian> On Mon, Sep 25, 2023 at 04:35:08AM +0200, Andreas Beckmann wrote: >> On 25/09/2023 00.50, Bastian Blank wrote: >> > Already built modules remain until someone deletes it. So you >> can also > switch back to the still installed

Bug#1052433: bookworm-pu: package pam/1.5.2-6+deb12u1

+ + -- Sam Hartman Thu, 21 Sep 2023 14:55:12 -0600 + pam (1.5.2-6) unstable; urgency=medium * Update debian/copyright, Thanks Bastian Germann, Closes: #460232 diff --git a/debian/control b/debian/control index 4b685f16..9cdc3f81 100644 --- a/debian/control +++ b/debian/control @@ -1,8 +1,8

Bug#1049374: bullseye-pu: package krb5/1.18.3-6+deb11u4

) bullseye; urgency=medium + + * Fixes CVE-2023-36054: a remote authenticated attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:42:46 -0600 + krb5 (1.18.3-6+deb11u3

Bug#1049373: bookworm-pu: package krb5/1.20.1-2+deb12u1

attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 + krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means

Re: Is an MBF and unblock for packages introducing new files in /bin or /sbin or /lib in Bookworm acceptable at this stage?

> "Luca" == Luca Boccassi writes: >> I suspect the reason you want to make this MBF is that you >> believe it Luca> will somehow make the transition easier if there are fewer Luca> files in /bin or /usr/bin. Luca> IE, you immediately escalated it with aggressiveness

Re: Is an MBF and unblock for packages introducing new files in /bin or /sbin or /lib in Bookworm acceptable at this stage?

;> "Luca" == Luca Boccassi writes: Luca> So what you are worried is the combination of a testing Luca> installation from~one year ago, that is otherwise never Luca> touched for say another year, and also that has one of those Luca> 23 packages installed in the old version, and

Re: Is an MBF and unblock for packages introducing new files in /bin or /sbin or /lib in Bookworm acceptable at this stage?

>>>>> "Michael" == Michael Biebl writes: Michael> Am 22.05.23 um 21:34 schrieb Sam Hartman: >> enough benefit to justify breaking testing. >> Michael> No-one is breaking testing, as files are not moved between Michael> p

Re: Is an MBF and unblock for packages introducing new files in /bin or /sbin or /lib in Bookworm acceptable at this stage?

>>>>> "Luca" == Luca Boccassi writes: Luca> On Mon, 22 May 2023 at 20:22, Sam Hartman wrote: >> >> >>>>> "Luca" == Luca Boccassi writes: >> Luca> Hello Release Team, If we were to do a MBF again

Re: Is an MBF and unblock for packages introducing new files in /bin or /sbin or /lib in Bookworm acceptable at this stage?

> "Luca" == Luca Boccassi writes: Luca> Hello Release Team, If we were to do a MBF against packages Luca> that in _Bookworm_ have introduced new files in /bin, /sbin or Luca> /lib*, would you accept the consequent mass unblock request? Luca> I am asking beforehand as there's

Bug#1036234: unblock: krb5/1.20.1-2

: #1036055 + + + -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 + krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] diff --git a/debian/libkrb5support0.symbols b/debian/libkrb5support0.symbols index 827d80898a..5c3de884f5 100644 --- a/debian/libkrb5support0.symbols +++ b/debian

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

> "Michael" == Michael Biebl writes: Michael> If a service is not supposed to be enabled, then an Michael> override for dh_installsystemd is the correct solution, Michael> setting --no-enable, but not by moving it into a Michael> subpackage. Sorry, I was imprecise. Imagine

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

>> Moreover, I suspect in a number of the cases related to this >> current bug, replaces will be likely. I suspect that in some of >> the cases where units have been introduced that are disabled >> currently, but will be enabled by the dh_installsystemd change, >> we will

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

> "Sebastian" == Sebastian Ramacher writes: Sebastian> Can you expand your concern? I expect that this issue Sebastian> goes away as soon as we can assume that all systems are Sebastian> /usr-merged. At that point I expect that we are able to Sebastian> drop the workaround

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

>>>>> "Sebastian" == Sebastian Ramacher writes: Sebastian> On 2023-02-23 11:12:00 -0700, Sam Hartman wrote: >> >>>>> "Sean" == Sean Whitton writes: >> Sean> Hello, Sean> On Wed 22 Feb 2023 at 09:55

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

> "Sean" == Sean Whitton writes: Sean> Hello, Sean> On Wed 22 Feb 2023 at 09:55AM +01, Sebastian Ramacher wrote: >> Unless I am missing something, having dh_installsystemd look at >> the service files in /usr/lib is the only viable solution for >> bullseye -> bookworm.

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

>>>>> "Michael" == Michael Biebl writes: Michael> Am 21.02.23 um 17:45 schrieb Sam Hartman: >>>>>>> "Michael" == Michael Biebl writes: Michael> Excluding packages that only ship overrides/drop-ins, this Michael&

Re: Bug#1031695: dh_installsystemd doesn't handle files in /usr/lib/systemd/system

> "Michael" == Michael Biebl writes: Michael> Excluding packages that only ship overrides/drop-ins, this Michael> makes 37 affected packages in bookworm. If I'm understanding this issue correctly, the concern would be a package that moved from /lib/systemd/system to

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

> "Theodore" == Theodore Ts'o writes: Theodore> So enabling what may be convenient, but ultimately an Theodore> anti-pattern is something that hopefully in the long-term Theodore> Debian should be trying to *avoid*. That's certainly true. I am not entirely convinced that using

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

> "Adrian" == Adrian Bunk writes: Adrian> Below is my attempt to give an overview of the situation, Adrian> feel free to amend/correct if anything is missing or wrong. I believe your summary is correct and includes the issues I am aware of. I believe I am following things enough

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

Replying off list, because I don't think it matters much for the RT discussion. > "Russ" == Russ Allbery writes: Russ> Yes, I'm probably understating the difficulty of making this Russ> change in practice inside image building software as it's Russ> currently constructed.

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

> "Adrian" == Adrian Bunk writes: Adrian> On Thu, Feb 16, 2023 at 05:48:22PM +0100, Daniel Leidert wrote: >> Am Donnerstag, dem 16.02.2023 um 18:37 +0200 schrieb Adrian Bunk: >> > On Wed, Feb 15, 2023 at 12:05:41AM +0100, Daniel Leidert wrote: >> > > ... > > Reasons: > > ...

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

> "Sebastian" == Sebastian Ramacher writes: Sebastian> To better understand the impact of this change, I was Sebastian> wondering which tools / image builders in the archive Sebastian> would be affected by this change. I've cloned the bug to Sebastian> vmdb2, but what about

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

>>>>> "Theodore" == Theodore Ts'o writes: Theodore> On Wed, Feb 15, 2023 at 01:17:38PM -0700, Sam Hartman wrote: >> >> I.E. I think your question of "for how long" has a very simple >> answer based on our history: if we ca

Bug#1031325: e2fsprogs 1.47.0 introduces a breaking change into Bookworm, breaking grub and making installations of Ubuntu and Debian releases via debootstrap impossible

> "Theodore" == Theodore Ts'o writes: the answer to your "how long" is that packages >> should also work with the kernel from the previous and the kernel >> from the next Debian release. Theodore> This isn't a problem with the kernel. I don't think that was Adrian's point. I

Bug#1030957: release.debian.org: please have rust-rustls ignore CI tests for s390x and ppc64el

> "Jonas" == Jonas Smedegaard writes: Jonas> Yes, I am aware that the Rust team packages arch-all code as Jonas> arch-any packages, but I am unaware that their reasoning is Jonas> well documented anywhere. The only reason I was aware of Jonas> when I did the switch was that

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

> "Guillem" == Guillem Jover writes: Guillem> …but hmm, is this perhaps not taking into account Guillem> Pre-Depends? Something seems to be wrong. It was very convenient that pam is not in the essential set--I got to update it. And yet login , which sure appears to be essential

Re: Bug#1028451: 2nd DisplayPort doesn't get video

> "Moritz" == Moritz Mühlenhoff writes: Moritz> Not moving to 6.1.x (which is most likely the next Linux Moritz> kernel LTS) is by far a worse regression since it applies to Moritz> every single Debian system. Moritz> As a community distro without paid, full time kernel

Bug#1028612: unblock: pam/1.5.2-6

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: p...@packages.debian.org Control: affects -1 + src:pam Please unblock package pam If I am reading https://qa.debian.org/excuses.php?package=pam right, it looks like pam is

Re: SONAME bumps (transitions) always via experimental

> "Andreas" == Andreas Metzler writes: Andreas> Afaiui Graham's *question* was in response to Bastian's Andreas> "However, please describe an actionable plan." Obviously it Andreas> would be a lot easier if we could require to have all NEW Andreas> uploads go to experimental

Re: SONAME bumps (transitions) always via experimental

> "Graham" == Graham Inggs writes: Graham> Hi All Graham> On Fri, 6 Jan 2023 at 00:33, Bastian Blank wrote: Graham> Would it be a bad thing to require all uploads that need to Graham> go through NEW (source and binary) to target experimental? Graham> I have been doing

Bug#1026199: release.debian.org: Is the toolchain list updated for bookworm

Package: release.debian.org Severity: normal I was looking at https://release.debian.org/testing/essential-and-build-essential.txt trying to figure out which packages I'm involved in are covered by the toolchain freeze. I am wondering what's still pulling libgssapi-krb5-2 and friends into

Re: Help with resolving an issue with wxwidgets3.2

> "Scott" == Scott Talbert writes: Scott> Would Option 1, which was "Rebuild wxWidgets and then binNMU Scott> all packages that link with libwx_gtk3u_gl library (about a Scott> dozen packages)." be acceptable? We could also add Scott> appropriate "Breaks" to the library

Bug#1017999: bullseye-pu: package krb5/1.18.3-6+deb11u2

@@ -1,3 +1,10 @@ +krb5 (1.18.3-6+deb11u2) bullseye; urgency=medium + + * Use SHA256 as Pkinit CMS Digest, Closes: #1017995 + + + -- Sam Hartman Tue, 23 Aug 2022 14:49:09 -0600 + krb5 (1.18.3-6+deb11u1) bullseye; urgency=medium * Fix KDC null dereference crash on FAST request with no server field

Bug#1017998: buster-pu: package krb5/1.17-3+deb10u4

+1,9 @@ +krb5 (1.17-3+deb10u4) buster; urgency=medium + + * Use SHA256 as Pkinit CMS Digest, Closes: #1017995 + + -- Sam Hartman Tue, 23 Aug 2022 14:28:40 -0600 + krb5 (1.17-3+deb10u3) buster; urgency=high * Fix KDC null dereference crash on FAST request with no server field, diff --git

Bug#995025: bullseye-pu: package pam/1.4.0-9+deb11u1

dee3f32b..8d9b0773 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +pam (1.4.0-9+deb11u1) bullseye; urgency=medium + + * Fix syntax error in libpam0g.postinst when a systemd unit fails, +Closes: #992538 + + + -- Sam Hartman Thu, 26 Aug 2021 13:11:23 -0600 + pam (1.4.0-9

Bug#993277: buster-pu: package krb5/1.17-3+deb10u3

dereference crash on FAST request with no server field, +CVE-2021-37750, Closes: #992607 + * Fix memory leak in krb5_gss_inquire_cred, Closes: #991140 + + + -- Sam Hartman Sun, 29 Aug 2021 16:23:02 -0600 + krb5 (1.17-3+deb10u2) buster-security; urgency=high * Import upstream patch for CVE

Bug#993276: bullseye-pu: package krb5/1.18.3-6+deb11u1

: #991140 + + + -- Sam Hartman Sun, 29 Aug 2021 16:38:12 -0600 + krb5 (1.18.3-6) unstable; urgency=high * Pull in upstream patch to fix CVE-2021-36222 (KDC NULL dereference), diff --git a/debian/patches/0011-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch b/debian/patches/0011-Fix-KDC-null

Bug#990957: unblock: pam/1.4.0-9

in the multiarch path. + + -- Sam Hartman Fri, 09 Jul 2021 10:55:02 -0600 + +pam (1.4.0-8) unstable; urgency=high + + [ Hideki Yamane ] + * debian/patches-applied/lib_security_multiarch_compat +- Fix regression introduced in 1.4.0-1: search both /lib/security and +/lib/[multiarch_tripple]/security

Bug#986051: unblock: krb5/1.18.3-5

5crypto3 toward other internal libraries because +of removed internal symbols, Closes: #985739 + + -- Sam Hartman Sun, 28 Mar 2021 13:43:01 -0400 + krb5 (1.18.3-4) unstable; urgency=medium diff --git a/debian/control b/debian/control index 55fea8c334..c0e10fe25d 100644 --- a/debian/contr

Bug#985361: unblock: pam/1.4.0-7

this unless the user has overwridden the configuration +- Fix capitalization of pam_Tally in debconf description + + + -- Sam Hartman Mon, 15 Mar 2021 15:01:55 -0400 + pam (1.4.0-6) unstable; urgency=medium * Clearly it's been too long since I've done debconf; run diff --git a/debian

Bug#983407: Pam: Multiple issues Affecting Upgrades

> "Paul" == Paul Gevers writes: Paul> Just to elaborate, that set is frozen because bits that Paul> influence a lot of builds can become difficult to manage if a Paul> bug sneaks in. So it's good to discuss here how much pam can Paul> influence the built artifacts. Hence,

Bug#983407: Pam: Multiple issues Affecting Upgrades

>>>>> "Paul" == Paul Gevers writes: Paul> On 23-02-2021 19:17, Sam Hartman wrote: >> This is just a FYI, opened as a bug because you've expressed a Paul> If it's in time to migrate before March 12, there's nothing to Paul> unblock.

Bug#983407: Pam: Multiple issues Affecting Upgrades

Package: release.debian.org Severity: normal X-Debbugs-Cc: vor...@debian.org Hi. I'm writing with my pam uploader hat on to give you a heads up about two issues that are kind of nasty and affect upgrades. This is just a FYI, opened as a bug because you've expressed a preference for that

Bug#974982: transition: krb5

I've proposed a patch to libapache-mod-auth-kerb. If someone tests the patch, I'll NMU. mia-query on the maintainer of libapache-mod-auth-kerb is revealing; I'll contact the MIA team and suggest orphaning or removing libapache-mod-auth-kerb.

Bug#974982: transition: krb5

> "Paul" == Paul Wise writes: Paul> switching to another module but I suspect that modauthkerb Paul> should just get removed from Debian in favour of Paul> mod_auth_gssapi, which is supposed to be a replacement. I think that mod_auth_gssapi plus mod_auth_pam and libpam-sss or

Bug#974982: transition: krb5

>>>>> "Sam" == Sam Hartman writes: >>>>> "Sebastian" == Sebastian Ramacher writes: >>> I've uploaded to unstable. There's what tracker lists as a >>> regression in CI tests: >>> https://ci.debian.net/dat

Bug#974982: transition: krb5

> "Sebastian" == Sebastian Ramacher writes: >> I've uploaded to unstable. There's what tracker lists as a >> regression in CI tests: >> https://ci.debian.net/data/autopkgtest/testing/ppc64el/s/squid/8297228/log.gz >> >> I don't think that regression looks caused by

Bug#974982: transition: krb5

I've uploaded to unstable. There's what tracker lists as a regression in CI tests: https://ci.debian.net/data/autopkgtest/testing/ppc64el/s/squid/8297228/log.gz I don't think that regression looks caused by krb5 after examining the log. Do you need me to request binnmu of

Bug#974982: transition: krb5

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition Hi. I've uploaded krb5 1.18 to experimental, and the soname of the administrative libraries (and libkdb5, but that's purely internal) changed. The ABI differs, but the API is the same.

Bug#963754: nmu: moonshot-gss-eap_1.0.1-6

Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: binnmu nmu moonshot-gss-eap_1.0.1-6 . ANY . unstable . -m "Rebuild for shibboleth transition" Please rebuild moonshot-gss-eap now that new libshibsp-dev and libshibresolver-dev are in unstable.

Bug#955622: release.debian.org: Testing auto removal claims moonshot-ui to be removed for bug it fixesmoonsot

Package: release.debian.org Severity: normal I got a message from testing auto removal saying: >moonshot-ui 1.1.0+libsecret~2 is marked for autoremoval from testing on >2020-04-27 >It is affected by these RC bugs: >952054: moonshot-ui: FTBFS: libmoonshot.vapi:45.34-45.56:

Updating the Release Team Delegation

Dear Debian: I hereby appoint the following as members of the Debian Release Team: - Emilio Pozuelo Monfort (pochu) - Adam D. Barratt (adsb) - Julien Cristau (jcristau) - Cyril Brulebois (kibi) - Ivo De Decker (ivodd) - Jonathan Wiltshire (jmw) - Paul Gevers (elbrus) -

Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1

>>>>> "Sam" == Sam Hartman writes: >>>>> "Josue" == Josue Ortega writes: Josue> On Mon, Sep 09, 2019 at 08:27:31PM -0400, Sam Hartman wrote: >>> What are the security implications of enabling this configure >&

Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1

>>>>> "Josue" == Josue Ortega writes: Josue> On Mon, Sep 09, 2019 at 08:27:31PM -0400, Sam Hartman wrote: >> What are the security implications of enabling this configure >> flag? Josue> Enabling this flag lets rpcbind to open random l

Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1

What are the security implications of enabling this configure flag? Why is it off by default?

Bug#934132: Unblock elogind 241.3-1+debian1 migration to bullseye

> "Mark" == Mark Hindley writes: Mark> Michael, Mark> On Tue, Sep 03, 2019 at 04:56:13PM +0200, Michael Biebl wrote: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934491 >> >> This bug report should be taken into account here. Not sure why >> this is not

Re: Bypassing the 2/3/4GB virtual memory space on 32-bit ports

> "Luke" == Luke Kenneth Casson Leighton writes: Luke> On Wed, Aug 14, 2019 at 5:13 PM Aurelien Jarno wrote: >> > a proper fix would also have the advantage of keeping linkers >> for > *other* platforms (even 64 bit ones) out of swap-thrashing, >> saving > power consumption

Re: Bits from the Release Team: ride like the wind, Bullseye!

> "Ben" == Ben Hutchings writes: Ben> On Sun, 2019-07-07 at 02:47 +0100, Jonathan Wiltshire wrote: Ben> [...] >> No binary maintainer uploads for bullseye >> = >> >> The release of buster also means the bullseye release cycle

Bug#931282: unblock: s-nail/14.9.11-3

> "Paride" == Paride Legovini writes: I think you could make a compelling argument for an important bug for this because for those users it will make the package unusable. I'm not a stable release team member though.

Bug#930293: unblock: docker.io/18.09.1+dfsg1-7

Regretfully, I was unable to validate my hypothesis. We really need better explanations about why skipping this test is appropriate. --Sam

Bug#930293: unblock: docker.io/18.09.1+dfsg1-7

Hi, Paul. I can think of a number of cases why docker tests might be problematic in our build environment. I actually think that if these tests run in a VM but not in a build environment within a schroot, it's a fairly good sign that the tests are problematic the way we do builds. I'll try to do

Bug#928185: unblock: openjdk-11/11.0.3+7-4

> "tony" == tony mancill writes: tony> Hi Paul, tony> I emailed ar...@buildd.debian.org regarding that this morning tony> (at 13:35 UTC), but haven't received a response yet. Perhaps tony> related, but the first arm64 build failed for the upload to tony> unstable last

Re: Bug#927667: gnome: please confirm or revert choice of Wayland for default desktop

I'm writing with my DPL hat on in the role of a facilitator/mediator. I have no actual power in this situation and it is entirely reasonable to ignore me. I feel very uncomfortable with a change as big as this revert happening this late in the release cycle. I think that my reading of how the

Bug#930686: unblock: krb5/1.17-3

none + * Merge in two upstream documentation changes + + -- Sam Hartman Tue, 18 Jun 2019 08:00:29 -0400 + krb5 (1.17-2) unstable; urgency=medium * Finish removing the run kadmind debconf template which was obsoleted diff --git a/debian/patches/series b/debian/patches/series index

Bug#930683: unblock: geophar/18.08.2+dfsg1-2

The release team has told other people in the past that they value having the bug metadata like severity accurate. So if you think the severity is too low yes raising it is appreciated. I am not part of the release team, I've just been watching a bunch of their responses to others.

Bug#928185: unblock: openjdk-11/11.0.3+7-4

>>>>> "Emmanuel" == Emmanuel Bourg writes: Emmanuel> Le 10/06/2019 à 18:22, Sam Hartman a écrit : >> we release with pre-releases for other packages all the time when >> maintainers believe that's the right call to make. This is an >

Bug#928185: unblock: openjdk-11/11.0.3+7-4

> "Emmanuel" == Emmanuel Bourg writes: Emmanuel> Le 10/06/2019 à 16:18, tony mancill a écrit : >> Emmanuel, I recognize that I am reversing position turn on this. >> I know that you had expressed reservations about shipping with an >> EA version as well. I took a look at the

Re: apology: Bug#929607: unblock: qemu/1:3.1+dfsg-8 (pre-upload)

That second reply was not intended to go to the bug. My apologies for cluttering the list and potentially increasing tension. --Sam

Bug#929607: unblock: qemu/1:3.1+dfsg-8 (pre-upload)

> "Moritz" == Moritz Mühlenhoff writes: Moritz> There's an existing unblock request for gcc-8 at #928188 What's going on here? Did you believe Paul was unaware of that request?

Bug#929607: unblock: qemu/1:3.1+dfsg-8 (pre-upload)

> "Moritz" == Moritz Mühlenhoff writes: Moritz> On Tue, Jun 04, 2019 at 09:27:55PM +0200, Paul Gevers wrote: >> Hi Michael, Jonathan, >> >> On Tue, 4 Jun 2019 14:11:23 +0100 Jonathan Wiltshire wrote: >> > On Mon, May 27, 2019 at 08:23:09AM +0300, Michael Tokarev wrote:

Bug#928807: unblock: mesa/18.3.6-2

Hi. It would be great to get as many mesa fixes into buster as possible, so I decided to review all your git commits. I have no idea if the release team will find this useful or not, but there's no way I could construct a useful argument in favor of the inclusion without the review. I am *not*

Bug#928746: unblock: zfs-linux/0.7.13-1

Please start talking to the kernel team now, and let them know your position. If you strongly suspect you're going to file an RC bug in the future, you should be talking now, not just holding back. I'm available to mediate if that ends up being useful.

Bug#928381: unblock: stunnel4/3:5.54~b3-1

> "Peter" == Peter Pentchev writes: Peter> On Thu, May 30, 2019 at 09:00:18PM +0200, Paul Gevers wrote: >> Hi Peter, >> >> On 30-05-2019 11:24, Peter Pentchev wrote: >> > Just for my information, is there a chance that this upgrade >> could be > allowed later on

Re: That merged-usr is mandatory is RC

> "Ivo" == Ivo De Decker writes: Ivo> Hi, Given that there is still discussion about the impact of Ivo> merged /usr at this very late point of the freeze, I think Ivo> having merged /usr by default for new installations should be Ivo> reconsidered. What discussion are you

Bug#928185: unblock: openjdk-11/11.0.3+7-4

>>>>> "Matthias" == Matthias Klose writes: Matthias> On 29.05.19 00:23, Sam Hartman wrote: >>>>>>> "Emmanuel" == Emmanuel Bourg writes: >> >> I'm not on the release team and cannot authorize a TPU. >&

Bug#928185: unblock: openjdk-11/11.0.3+7-4

> "Emmanuel" == Emmanuel Bourg writes: I'm not on the release team and cannot authorize a TPU. As an interested bystander I'd ask that you make sure any TPU contains a fix for the serious accessibility issue in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900912

Bug#929370: unblock: lprng/3.8.B-2.2

: #908770 + + -- Sam Hartman Wed, 22 May 2019 09:18:03 -0400 + lprng (3.8.B-2.1) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/lprng.init.in b/debian/lprng.init.in index b4df6b7..97edabd 100644 --- a/debian/lprng.init.in +++ b/debian/lprng.init.in @@ -97,7 +97,7 @@ case

Re: That merged-usr is mandatory is RC

> "Ian" == Ian Jackson writes: Ian> (sending this because I got the release team address wrong) Ian Ian> Jackson writes ("That merged-usr is mandatory is RC"): >> Control: severity -1 serious >> >> In #923091, Guillem (with dpkg maintainer hat on) asks for a >>

Re: How to handle daemon-not-running bugs of debhelper compat level 11?

> "Michael" == Michael Biebl writes: Michael> If the release teams thinks that this should be fixed for Michael> buster, I wonder if we shouldn't consider a second Michael> approach: Updating debhelper to use compat mode 12 Michael> behaviour for

Bug#924523: unblock: plinth/19.2

> "Sunil" == Sunil Mohan Adapa writes: Sunil> On 23/04/19 3:44 am, Ivo De Decker wrote: >> Hi, Sunil> However, there were still issues that we felt needed fixing Sunil> for a stable release. Some of these fixes are workarounds for Sunil> issues that were not fixed in

Bug#925242: NMUDIFF for csound 1:6.12.2~dfsg-3.1

index 84a4831..72a6859 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +csound (1:6.12.2~dfsg-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix diskgrain, syncgrain and syncloop when sample rate of sample +differs from orchestra, Closes: #924260 + + -- Sam

Bug#925242: unblock: csound/1:6.12.2~dfsg-3.1

(1:6.12.2~dfsg-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix diskgrain, syncgrain and syncloop when sample rate of sample +differs from orchestra, Closes: 924260 + + -- Sam Hartman Thu, 21 Mar 2019 10:31:29 -0400 + csound (1:6.12.2~dfsg-3) unstable; urgency=medium

Re: Fixing Linux getrandom() in stable

> "Thorsten" == Thorsten Glaser writes: Thorsten> Adrian Bunk dixit: >> As an example, what happens if I debootstrap and deploy the >> resulting filesytem to a large number of identical embedded >> systems without entropy sources? Thorsten> Just get into

Re: Proposed (lib)curl switch to openssl 1.1

> "Julien" == Julien Cristau writes: >> Following discussion on the ticket (#858398) it was suggested to >> follow the strategy used for the GCC 5 C++ ABI transition, that >> is, rename the libcurl package and add Conflicts+Replaces for teh >> old

Re: Proposed (lib)curl switch to openssl 1.1

What about the possibility of changing the package name but *not* the soname. That would allow to catch all the dependencies within Debian, but would neither diverge the soname nor detect dependency breakage with non-packaged builds. That said, libcurl is popular enough and basic enough I'd

Bug#872056: jessie-pu: package krb5/1.12.1+dfsg-19+deb8u2

I just uploaded the jessie update after fixing the extra comma in the changelog. I did run tests covering these security updates. I found that some of the tests included in make check were already failing on jessie and were still failing after this update. It looks like this may be related to

Bug#872056: jessie-pu: package krb5/1.12.1+dfsg-19+deb8u2

(kdc crash on restrict_anon_to_tgt), , Closes: +#832572 + * fix for CVE-2016-3119: remote DOS with ldap for authenticated +attackers, Closes: #819468 + * Prevent requires_preauth bypass (CVE-2015-2694), Closes: #783557 + + -- Sam Hartman <hartm...@debian.org> Sun, 13 Aug 2017 18

Bug#871720: stretch-pu: package krb5/1.15-1

specified v4 wildcard +address; regression over previous versions, Closes: #860767 + * Fix SRV lookups to respect udp_preference_limit, regression over +previous versions with OTP, Closes: #856307 + + -- Sam Hartman <hartm...@debian.org> Wed, 09 Aug 2017 12:19:50 -0400 + krb5 (

Re: Bug#850887: Decide proper solution for binutils' mips* bug

As a FYI, Matthias wrote to me in IRC just now indicating that he plans to upload a patch in the next couple of days. (He needs to get to the location where he has the right environment before preparing the upload). As such, I'm planning on holding off on calling for any votes.

Re: Bug#850887: [TIMELY for TC members] Interim Ballot Proposal: #850887 binutils mips

> "Ian" == Ian Jackson writes: Ian> You should explicitly state whether you want this NMU to be Ian> DELAYED. Good point. I think we don't want a delay. Updated the ballot in git.

[TIMELY for TC members] Interim Ballot Proposal: #850887 binutils mips

I heard back from doko today. We can expect a reply tomorrow. We also talked briefly about the issue. Realistically, i cannot imagine the TC coming to any final decision on something like this in under three weeks. That timeline seems fairly aggressive actually. However, I think the TC could

Re: Bug#850887: Decide proper solution for binutils' mips* bug

Hi. I'd really appreciate comments from debian-release on this issue. Would debian-release like us to take this up? If so, I have a proposal for how to fast-track this situation, but I am only comfortable doing that if the release team is involved.

Bug#827061: Please commit to OpenSSL 1.0.2 in stretch now not constantly re-evaluateing

>>>>> "Sebastian" == Sebastian Andrzej Siewior <sebast...@breakpoint.cc> writes: Sebastian> On 2016-10-31 11:16:38 [-0400], Sam Hartman wrote: >> At least one of the clusters of packages I'm involved >> in--shibboleth and moonshot will re

Bug#827061: Please commit to OpenSSL 1.0.2 in stretch now not constantly re-evaluateing

My understanding of the current plan is that we're adding openssl 1.1.0 to unstable, but will make a decision about whether to drop libssl1.0.2 later. That's really frustrating for the rest of the ecosystem--our users and our upstreams, and I'd ask the release team to commit now to 1.0.2 being

Re: Bug#830978: Browserified javascript and DFSG 2

> "Neil" == Neil Williams writes: >> > * The point of having the source code (with an appropriate >> licence > etc.) is so that all our contributors, downstreams, and >> users are > able to modify the code and to share their >> modifications with each >

Re: Bug#830978: Browserified javascript and DFSG 2

> "Ian" == Ian Jackson writes: Ian> I would like to comment briefly on the general idea about the Ian> TC offering advice and making statements of opinion. Ian> If someone in authority in the project, such as a maintainer of Ian> the

  1   2   >