I uploaded systemd with the build-dep and promoted the package. Thanks
for the review!
** Changed in: libmicrohttpd (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Seth Arnold [2015-12-08 19:28 -]:
> Christian reported to me that he just released "MHD 0.9.47 without
> libmicrospdy in it" -- that may be a cleaner way to remove the spdy
> packages.
Indeed! So we can sync again once Debian updates to the new release.
--
You received this bug notification
Thanks Martin,
Christian reported to me that he just released "MHD 0.9.47 without
libmicrospdy in it" -- that may be a cleaner way to remove the spdy
packages.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks Seth!
I disabled the SPDY packages and added the missing PNG for the info page
in https://launchpad.net/ubuntu/+source/libmicrohttpd/0.9.44+dfsg-
1ubuntu1 . The "postinst-must-call-ldconfig" lintian error sounds like a
bug in debhelper or lintian, not something that an individual package
** Changed in: libmicrohttpd (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To
I'd prefer to disable SPDY entirely; based on what I saw, I'm not sure
that it's ready to be packaged.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To
I reviewed libmicrohttpd version 0.9.44+dfsg-1 as checked into xenial.
This shouldn't be considered a full security audit, but rather a quick
gauge of maintainability.
- [item elided]
- parse_uri() does not check error returns from asprintf()
- store_in_buffer() can leak 'dst' if realloc() fails
@mterry:
> - I wish it passed --disable-spdy in debian/rules, because when building on a
> machine with libopenssl, it will automatically enable that and fail the build
> because of --fail-missing.
This has been fixed in Debian now:
https://tracker.debian.org/news/714880 . The spdy packages are
On 2015-10-14 07:54:49, Martin Pitt wrote:
> @Seth: Do you need any further security info about this?
I don't think we need any further security info at this time. We'll do a
shallow security audit of libmicrohttpd during the 16.04 devel cycle and
report back at that time.
--
You received this
** Changed in: libmicrohttpd (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about
** Changed in: libmicrohttpd (Debian)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this bug go
FTR, I dropped my personal bug subscription and subscribed foundations-
bugs now.
** Bug watch added: Debian Bug tracker #797157
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797157
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Second Debian bug with the autopkgtest is https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=797157
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage
Apparently CVE's search doesn't match word substrings; I adjusted the
description accordingly, there *were* two CVEs in the past. Sorry for
the initially incorrect information.
** Description changed:
Availability: builds on all architectures
Rationale:
- Used by systemd's remote
https://launchpad.net/ubuntu/+source/libmicrohttpd/0.9.37+dfsg-1ubuntu1
now runs tests during build and adds an autopkgtest for the -dev
package. I forwarded both changes to Debian.
** Bug watch added: Debian Bug tracker #797154
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797154
** Also
I am also subscibed to bugs now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this bug go to:
** Changed in: libmicrohttpd (Debian)
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this bug go to:
Does any of this code run in pid 1 when enabled?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this bug go to:
Blockers:
- Tests should be run indeed, thanks for looking into that.
- Needs a team bug subscriber for whomever will look after this in Ubuntu.
Notes:
- I wish it passed --disable-spdy in debian/rules, because when building on a
machine with libopenssl, it will automatically enable that and
Does any of this code run in pid 1 when enabled?
No. This is only used by the split-out systemd-journal-remote package,
by /lib/systemd/systemd/-journal-gatewayd. This runs as user systemd-
journal-gateway and it is tightly locked down in its session cgroup
(see
If this is otherwise fine, I'll work on running the tests during package
build.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1488341
Title:
MIR: libmicrohttpd
To manage notifications about this
21 matches
Mail list logo