Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-12-08 Thread Mathieu Parent
Hello,

Shouldn't this bug be retitled:
jessie-pu: package samba/22:4.2.14+dfsg-0+deb8u1

NB: I plan to add another pu (will file a bug).

Regards

Mathieu Parent



Processed: Re: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-10-19 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 + pending
Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Added tag(s) pending.

-- 
836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-10-19 Thread Adam D. Barratt

Control: tags -1 + pending

On 2016-09-24 20:14, Adam D. Barratt wrote:

Control: tags -1 -moreinfo +confirmed

On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is 
attached.


The 4 Samba releases since 4.2.10 (currently in jessie) only fix
important bugs, in particular a CVE (CVE-2016-2119) and various
regressions introduced by the security fixes from 4.2.10.


Please go ahead, with the changelog distribution set to "jessie".


Uploaded and flagged for acceptance.

Regards,

Adam



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-10-09 Thread Jelmer Vernooij
On Sun, Oct 09, 2016 at 10:34:55AM +0100, Adam D. Barratt wrote:
> On Sun, 2016-10-09 at 00:16 +, Jelmer Vernooij wrote:
> > On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote:
> > > Control: tags -1 -moreinfo +confirmed
> > > 
> > > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> > > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.
> > > > 
> > > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> > > > important bugs, in particular a CVE (CVE-2016-2119) and various
> > > > regressions introduced by the security fixes from 4.2.10.
> > > 
> > > Please go ahead, with the changelog distribution set to "jessie".
> > > 
> > > I'll hopefully be able to find a suitable machine on my work network to
> > > test with, and I assume at least Lars Maes would also be happy to test.
> > 
> > Can I also upload a new minor version of tevent that's required by
> > this version of Samba?
> 
> I'd prefer a separate bug for that, please, as tracking one package
> upload per p-u bug makes things much easier.

Done, submitted as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840188


signature.asc
Description: PGP signature


Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-10-09 Thread Adam D. Barratt
On Sun, 2016-10-09 at 00:16 +, Jelmer Vernooij wrote:
> On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 -moreinfo +confirmed
> > 
> > On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> > > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.
> > > 
> > > The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> > > important bugs, in particular a CVE (CVE-2016-2119) and various
> > > regressions introduced by the security fixes from 4.2.10.
> > 
> > Please go ahead, with the changelog distribution set to "jessie".
> > 
> > I'll hopefully be able to find a suitable machine on my work network to
> > test with, and I assume at least Lars Maes would also be happy to test.
> 
> Can I also upload a new minor version of tevent that's required by
> this version of Samba?

I'd prefer a separate bug for that, please, as tracking one package
upload per p-u bug makes things much easier.

Regards,

Adam



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-10-08 Thread Jelmer Vernooij
On Sat, Sep 24, 2016 at 08:14:38PM +0100, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
> 
> On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.
> > 
> > The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> > important bugs, in particular a CVE (CVE-2016-2119) and various
> > regressions introduced by the security fixes from 4.2.10.
> 
> Please go ahead, with the changelog distribution set to "jessie".
> 
> I'll hopefully be able to find a suitable machine on my work network to
> test with, and I assume at least Lars Maes would also be happy to test.

Can I also upload a new minor version of tevent that's required by
this version of Samba?


signature.asc
Description: PGP signature


Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-24 Thread Adam D. Barratt
Control: tags -1 -moreinfo +confirmed

On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.
> 
> The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> important bugs, in particular a CVE (CVE-2016-2119) and various
> regressions introduced by the security fixes from 4.2.10.

Please go ahead, with the changelog distribution set to "jessie".

I'll hopefully be able to find a suitable machine on my work network to
test with, and I assume at least Lars Maes would also be happy to test.

Regards,

Adam



Processed: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-24 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 -moreinfo +confirmed
Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Removed tag(s) moreinfo.
Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Added tag(s) confirmed.

-- 
836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-19 Thread Lars Maes
I would also like to have this updated. The current version 
"4.2.10+dfsg-0+deb8u3" is unusable.

Is there any way we can speed this up?

Greetings, Lars Maes



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-11 Thread Julien Cristau
On Sat, Sep 10, 2016 at 12:34:51 +0100, Adam D. Barratt wrote:

> On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote:
> > Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet).
> > But it's true we asked (originally Andrew Barlett), to have samba
> > updated via a point release to adresss remaining (minor) regressions
> > introduced by the original fixes. Samba upstream has released several
> > updates in meanwhile and the idea was to have the packages exposed to
> > more wider testing via the jessie-proposed-updates before beeing
> > included in stable.
> 
> Okay, thanks. That makes sense, although a package uploaded now will
> either not get much (if any) testing or have to wait for 8.7.
> 
Even if we wait for 8.7, it's not like p-u gets a lot of user attention.

Cheers,
Julien



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-10 Thread Adam D. Barratt
On Sat, 2016-09-10 at 13:15 +0200, Salvatore Bonaccorso wrote:
> Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet).
> But it's true we asked (originally Andrew Barlett), to have samba
> updated via a point release to adresss remaining (minor) regressions
> introduced by the original fixes. Samba upstream has released several
> updates in meanwhile and the idea was to have the packages exposed to
> more wider testing via the jessie-proposed-updates before beeing
> included in stable.

Okay, thanks. That makes sense, although a package uploaded now will
either not get much (if any) testing or have to wait for 8.7.

> If this is not possible at this stage, It would be great to have for
> the next point release (in that case maybe we can release a targetted
> update for CVE-2016-2119 only via a DSA, but it would not be high
> priority).

Okay.

> Does this clarify? Our prefered view would be to see samba beeing
> updated to the latest minor update of the 4.2 series to be included in
> stable.

Yes, thanks.

Regards,

Adam



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-10 Thread Salvatore Bonaccorso
Hi Adam,

On Sat, Sep 10, 2016 at 11:16:00AM +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> [CC += team@security]
> 
> On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> > I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.
> 
> This didn't make it to debian-release, most likely due to the size of
> the debdiff.
> 
> > The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> > important bugs, in particular a CVE (CVE-2016-2119) and various
> > regressions introduced by the security fixes from 4.2.10.
> 
> Has the possibility of releasing this via the security archive been
> discussed? CVE-2016-2119 isn't marked no-dsa in the Security Tracker
> currently and by the sound of it the remaining changes relate to fixes
> for issues in the previous security update.

Thanks for CC'ing. It's right we haven't marked it as no-dsa (yet).
But it's true we asked (originally Andrew Barlett), to have samba
updated via a point release to adresss remaining (minor) regressions
introduced by the original fixes. Samba upstream has released several
updates in meanwhile and the idea was to have the packages exposed to
more wider testing via the jessie-proposed-updates before beeing
included in stable.

If this is not possible at this stage, It would be great to have for
the next point release (in that case maybe we can release a targetted
update for CVE-2016-2119 only via a DSA, but it would not be high
priority).

Does this clarify? Our prefered view would be to see samba beeing
updated to the latest minor update of the 4.2 series to be included in
stable.

Regards,
Salvatore


signature.asc
Description: PGP signature


Processed: Re: Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-10 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 + moreinfo
Bug #836795 [release.debian.org] jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2
Added tag(s) moreinfo.

-- 
836795: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836795
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#836795: jessie-pu: package samba/2:4.1.17+dfsg-2+deb8u2

2016-09-10 Thread Adam D. Barratt
Control: tags -1 + moreinfo

[CC += team@security]

On Mon, 2016-09-05 at 20:50 +, Jelmer Vernooij wrote:
> I'd like to update Samba in jessie to 4.2.14+dfsg. Debdiff is attached.

This didn't make it to debian-release, most likely due to the size of
the debdiff.

> The 4 Samba releases since 4.2.10 (currently in jessie) only fix
> important bugs, in particular a CVE (CVE-2016-2119) and various
> regressions introduced by the security fixes from 4.2.10.

Has the possibility of releasing this via the security archive been
discussed? CVE-2016-2119 isn't marked no-dsa in the Security Tracker
currently and by the sound of it the remaining changes relate to fixes
for issues in the previous security update.

Regards,

Adam