Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 704829@bugs.debian.org
Subject: Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
From: Tzafrir Cohen <tzafrir@cohens.org.il>
Date: Mon, 8 Apr 2013 22:56:29 +0200
Message-id: <[🔎] 20130408205629.GP28204@lemon.cohens.org.il>
Reply-to: Tzafrir Cohen <tzafrir@cohens.org.il>, 704829@bugs.debian.org
In-reply-to: <[🔎] 1365452023.21256.14.camel@jacala.jungle.funky-badger.org>
References: <[🔎] 20130406133908.9945.58665.reportbug@pungenday.in.cohens.org.il> <[🔎] 1365452023.21256.14.camel@jacala.jungle.funky-badger.org>

On Mon, Apr 08, 2013 at 09:13:43PM +0100, Adam D. Barratt wrote:
> On Sat, 2013-04-06 at 16:39 +0300, Tzafrir Cohen wrote:
> > Please unblock package asterisk. It includes a number of fixes, mostly
> > two series of security fixes.
> 
> It includes a number of things that don't meet the published criteria,
> which is far from ideal for an urgency=high upload at this point in the
> freeze.
> 
> > The extra bug fixes are:
> > 
> > 1. A simple fix to add support for powerpcspe
> 
> Architecture support isn't freeze material to begin with. Support for
> architectures not even in Debian even more so. (I realise it's a tiny
> patch; that's not really the point.)

I would not have included it if that patch were not trivial. But if it's
really an issue, I'll drop it (from the sereis file).

> 
> > +  * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
> > +    - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
> > +      allocations when using TCP.
> > +      The following two fixes were also pulled in order to easily apply it:
> > +      - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
> 
> That patch is more than 30% of the diff on its own. :-(
> 
> How difficult would it have been to backport the fix to the code we have
> in wheezy?

Looking into that.

> 
> > +      - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
> > +    - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
> > +      Exploitation of Device State Caching
> > +  * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
> > +  * README.Debian: document running the testsuite. 
> 
> Helpful as it might be, that could definitely have waited.

Huh? Are there actually problems with documentation-only changes?

Right. I'll drop those. But yeah, the ability to run tests made me more
confident in releasing this. Documenting what tests passed is useful.
Though I could do that elsewhere.

> 
> > +  * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
> 
> And that seems more like it might be stable update material now.

Sorry, I didn't follow: is that good?

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
tzafrir@debian.org    |                    | friend

Reply to:

Follow-Ups:
- Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
  - From: Tzafrir Cohen <tzafrir@debian.org>
- Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#702787: marked as done (pre-approval: unblock: python-pyrrd/0.1.0-2)
Next by Date: Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
Previous by thread: Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
Next by thread: Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
Index(es):
- Date
- Thread