Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hi On Mon, Jul 31, 2017 at 08:18:31AM -0300, Carsten Schoenert wrote: > Hello Philipp, > > Am 31.07.2017 um 05:36 schrieb Philipp Pilhofer: > > Am 28.07.2017 um 21:17 schrieb Moritz Mühlenhoff: > >> On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: > >>> Hello Debian Security Team, > >> > >> The enigmail update had just been released. > >> > > > > For some reason, the new enigmail has only been built for "all" in > > jessie, but not for the single architecture. On my machines (i386 and > > amd64) there's no update available, I would have to manually download > > and install the file as far as I see. > > this 'some reason' is grounded on the control file for the recent update > of enigmail. That's right. But Philipp OTOH was right that the upload was not seen. I contacted earlier FTP masters, which needed to decruft the old package (since it is not auto-decrufted). That has been sorted out now, and the enigmail package should be installable from security.d.o. root@jessie-amd64:~# apt-cache policy enigmail enigmail: Installed: (none) Candidate: 2:1.9.8.1-1~deb8u1 Version table: 2:1.9.8.1-1~deb8u1 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 2:1.8.2-4~deb8u1 0 500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages Regards and hope this helps, Salvatore ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hello Philipp, Am 31.07.2017 um 05:36 schrieb Philipp Pilhofer: > Am 28.07.2017 um 21:17 schrieb Moritz Mühlenhoff: >> On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: >>> Hello Debian Security Team, >> >> The enigmail update had just been released. >> > > For some reason, the new enigmail has only been built for "all" in > jessie, but not for the single architecture. On my machines (i386 and > amd64) there's no update available, I would have to manually download > and install the file as far as I see. this 'some reason' is grounded on the control file for the recent update of enigmail. https://anonscm.debian.org/git/pkg-mozext/enigmail.git/tree/debian/control?h=jessie There you can see that only one binary package is gonna build from the sources and this has architecture all. So this is all correct. If you don't see an update please check your sources files for apt. Substitute your release with the 'stretch': https://www.debian.org/security/ If you have further question please choose one of the supporting channels like mailing lists or IRC. https://www.debian.org/support -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hello Moritz, Am 28.07.2017 um 11:01 schrieb Moritz Muehlenhoff: > On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: >> What's the opinion of the security team for another update of the >> existing Thunderbird packages in oldstable? >> I mean, we can't solve the problem of the needed version of Enigmail for >> users of Jessie, we just can add a proper Breaks to the control file. >> But doping so would need potentially somewhere manually updates on some >> users side. >> OTOH we can add the correct Breaks for Thunderbird with version 52.3.0 >> which should arrive in the next two weeks or so. > > We'll update enigmail in jessie-security and stretch-security, so we won't > need an update for thunderbird? yes. The update for Thunderbird would (and can) only bring a corrected version for enigmail in the Breaks field. So I would prefer if we not need to upload a new version of Thunderbird to security as we can't solve any real issue by that right now. >> We need some auto testing stuff that will help to discover such problems >> early as there are also some other typical extensions that maybe break >> by every new ESR version of Thunderbird. >> Hopefully we find some time to talk about that all at DebCamp/DebConf? > > Yes, let's do that. I'll be around. Fine, I'm also around starting on Monday, August 31. -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
[Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hello Debian Security Team, unfortunately the introduction of Thunderbird ESR52 packages in jessie-security was bringing some regression for users of the Enigmail extension due we have forgotten to add a breaks against the version of enigmail in Jessie. This was resulting in the following bug reports: Bug report against Thunderbird https://bugs.debian.org/869789 Bug Report against Enigmail https://bugs.debian.org/869774 Thunderbird greater or equal version ESR 52.0 needs the Enigmail extension version 1.9.6 or greater. As Daniel pointed out in #869774 there are some other issues found within the Enigmail extension which solved by 1.9.8.1 and user should use them on TB52. While writing this email Jessie has only version 1.8.2. > $ rmadison enigmail | grep oldstable > enigmail | 2:1.7.2-3| oldstable-kfreebsd | source, kfreebsd-amd64, > kfreebsd-i386 > enigmail | 2:1.8.2-4~deb7u1 | oldoldstable | source, amd64, armel, > armhf, i386, ia64, kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, > s390, s390x, sparc > enigmail | 2:1.8.2-4~deb8u1 | oldstable | source, amd64, arm64, > armel, armhf, i386, mips, mipsel, powerpc, ppc64el, s390x Because of the not increased version of enigmail that is breaking with Thunderbird all users of oldstable with updated Thunderbird packages have now a not working Enigmail extension due API incompatibilities. We would like to prepare a new version of Thunderbird for oldstable with a corrected version for enigmail that's breaking Thunderbird. I've seen Daniel has prepared a new update for the enigmail package for olsdtable that will solve the problem for users with Jessie. Daniel, thanks for quickly working on that! What's the opinion of the security team for another update of the existing Thunderbird packages in oldstable? I mean, we can't solve the problem of the needed version of Enigmail for users of Jessie, we just can add a proper Breaks to the control file. But doping so would need potentially somewhere manually updates on some users side. OTOH we can add the correct Breaks for Thunderbird with version 52.3.0 which should arrive in the next two weeks or so. I fully agree with Daniel that the enigmail extension is some kind of special of all the various Mozilla extensions and we should always take care that even oldstable has a working combination of Thunderbird and Enigmail. I think the possibility of using encryption is really important today. Maybe blame me as I've totally forgotten to take a deeper look at the symbiotic relationship of Enigmail and Thunderbird after the release of TB ESR52. But due the long standing problems we had while building Thunderbird (mostly me have worked on that for over 2 months!) and the end of the freeze process for Stretch has taken much energy. We need some auto testing stuff that will help to discover such problems early as there are also some other typical extensions that maybe break by every new ESR version of Thunderbird. Hopefully we find some time to talk about that all at DebCamp/DebConf? -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers