Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Hello, Shouldn't this bug be retitled: jessie-pu: package samba/22:4.2.14+dfsg-0+deb8u1 NB: I plan to add another pu (will file a bug). Regards Mathieu Parent
Processed: Re: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Processing control commands: > tags -1 + pending Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2 Added tag(s) pending. -- 836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Control: tags -1 + pending On 2016-09-24 20:14, Adam D. Barratt wrote: Control: tags -1 -moreinfo +confirmed On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. The 4 Samba releases since 4.2.10 (currently in jessie) only fix important bugs, in particular a CVE (CVE-2016-2119) and various regressions introduced by the security fixes from 4.2.10. Please go ahead, with the changelog distribution set to "jessie". Uploaded and flagged for acceptance. Regards, Adam
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sun, Oct 09, 2016 at 10:34:55AM +0100, Adam D. Barratt wrote: > On Sun, 2016-10-09 at 00:16 +, Jelmer Vernooij wrote: > > On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote: > > > Control: tags -1 -moreinfo +confirmed > > > > > > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > > > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. > > > > > > > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > > > > important bugs, in particular a CVE (CVE-2016-2119) and various > > > > regressions introduced by the security fixes from 4.2.10. > > > > > > Please go ahead, with the changelog distribution set to "jessie". > > > > > > I'll hopefully be able to find a suitable machine on my work network to > > > test with, and I assume at least Lars Maes would also be happy to test. > > > > Can I also upload a new minor version of tevent that's required by > > this version of Samba? > > I'd prefer a separate bug for that, please, as tracking one package > upload per p-u bug makes things much easier. Done, submitted as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840188 signature.asc Description: PGP signature
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sun, 2016-10-09 at 00:16 +, Jelmer Vernooij wrote: > On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote: > > Control: tags -1 -moreinfo +confirmed > > > > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. > > > > > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > > > important bugs, in particular a CVE (CVE-2016-2119) and various > > > regressions introduced by the security fixes from 4.2.10. > > > > Please go ahead, with the changelog distribution set to "jessie". > > > > I'll hopefully be able to find a suitable machine on my work network to > > test with, and I assume at least Lars Maes would also be happy to test. > > Can I also upload a new minor version of tevent that's required by > this version of Samba? I'd prefer a separate bug for that, please, as tracking one package upload per p-u bug makes things much easier. Regards, Adam
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote: > Control: tags -1 -moreinfo +confirmed > > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. > > > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > > important bugs, in particular a CVE (CVE-2016-2119) and various > > regressions introduced by the security fixes from 4.2.10. > > Please go ahead, with the changelog distribution set to "jessie". > > I'll hopefully be able to find a suitable machine on my work network to > test with, and I assume at least Lars Maes would also be happy to test. Can I also upload a new minor version of tevent that's required by this version of Samba? signature.asc Description: PGP signature
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Control: tags -1 -moreinfo +confirmed On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > important bugs, in particular a CVE (CVE-2016-2119) and various > regressions introduced by the security fixes from 4.2.10. Please go ahead, with the changelog distribution set to "jessie". I'll hopefully be able to find a suitable machine on my work network to test with, and I assume at least Lars Maes would also be happy to test. Regards, Adam
Processed: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Processing control commands: > tags -1 -moreinfo +confirmed Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2 Removed tag(s) moreinfo. Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2 Added tag(s) confirmed. -- 836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
I would also like to have this updated. The current version "4.2.10+dfsg-0+deb8u3" is unusable. Is there any way we can speed this up? Greetings, Lars Maes
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sat, Sep 10, 2016 at 12:34:51 +0100, Adam D. Barratt wrote: > On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote: > > Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet). > > But it's true we asked (originally Andrew Barlett), to have samba > > updated via a point release to adresss remaining (minor) regressions > > introduced by the original fixes. Samba upstream has released several > > updates in meanwhile and the idea was to have the packages exposed to > > more wider testing via the jessie-proposed-updates before beeing > > included in stable. > > Okay, thanks. That makes sense, although a package uploaded now will > either not get much (if any) testing or have to wait for 8.7. > Even if we wait for 8.7, it's not like p-u gets a lot of user attention. Cheers, Julien
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote: > Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet). > But it's true we asked (originally Andrew Barlett), to have samba > updated via a point release to adresss remaining (minor) regressions > introduced by the original fixes. Samba upstream has released several > updates in meanwhile and the idea was to have the packages exposed to > more wider testing via the jessie-proposed-updates before beeing > included in stable. Okay, thanks. That makes sense, although a package uploaded now will either not get much (if any) testing or have to wait for 8.7. > If this is not possible at this stage, It would be great to have for > the next point release (in that case maybe we can release a targetted > update for CVE-2016-2119 only via a DSA, but it would not be high > priority). Okay. > Does this clarify? Our prefered view would be to see samba beeing > updated to the latest minor update of the 4.2 series to be included in > stable. Yes, thanks. Regards, Adam
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Hi Adam, On Sat, Sep 10, 2016 at 11:16:00AM +0100, Adam D. Barratt wrote: > Control: tags -1 + moreinfo > > [CC += team@security] > > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. > > This didn't make it to debian-release, most likely due to the size of > the debdiff. > > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > > important bugs, in particular a CVE (CVE-2016-2119) and various > > regressions introduced by the security fixes from 4.2.10. > > Has the possibility of releasing this via the security archive been > discussed? CVE-2016-2119 isn't marked no-dsa in the Security Tracker > currently and by the sound of it the remaining changes relate to fixes > for issues in the previous security update. Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet). But it's true we asked (originally Andrew Barlett), to have samba updated via a point release to adresss remaining (minor) regressions introduced by the original fixes. Samba upstream has released several updates in meanwhile and the idea was to have the packages exposed to more wider testing via the jessie-proposed-updates before beeing included in stable. If this is not possible at this stage, It would be great to have for the next point release (in that case maybe we can release a targetted update for CVE-2016-2119 only via a DSA, but it would not be high priority). Does this clarify? Our prefered view would be to see samba beeing updated to the latest minor update of the 4.2 series to be included in stable. Regards, Salvatore signature.asc Description: PGP signature
Processed: Re: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Processing control commands: > tags -1 + moreinfo Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2 Added tag(s) moreinfo. -- 836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Control: tags -1 + moreinfo [CC += team@security] On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote: > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached. This didn't make it to debian-release, most likely due to the size of the debdiff. > The 4 Samba releases since 4.2.10 (currently in jessie) only fix > important bugs, in particular a CVE (CVE-2016-2119) and various > regressions introduced by the security fixes from 4.2.10. Has the possibility of releasing this via the security archive been discussed? CVE-2016-2119 isn't marked no-dsa in the Security Tracker currently and by the sound of it the remaining changes relate to fixes for issues in the previous security update. Regards, Adam