Bug#782615: marked as done (nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439)

To: Raphael Hertzog <hertzog@debian.org>
Subject: Bug#782615: marked as done (nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 17 Apr 2015 16:00:05 +0000
Message-id: <[🔎] handler.782615.D782615.142928627129073.ackdone@bugs.debian.org>
References: <20150417155747.GA19088@home.ouaza.com> <[🔎] 20150414201201.GA23238@home.ouaza.com>

Your message dated Fri, 17 Apr 2015 17:57:47 +0200
with message-id <20150417155747.GA19088@home.ouaza.com>
and subject line Re: Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
has caused the Debian Bug report #782615,
regarding nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
782615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782615
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 14 Apr 2015 22:12:01 +0200
Message-id: <[🔎] 20150414201201.GA23238@home.ouaza.com>

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: binnmu
Severity: normal

Hello,

I'm wondering whether bin-NMU are possible in squeeze-lts for packages
which are not in squeeze-lts but in squeeze only.

My question is related to the handling of
https://security-tracker.debian.org/tracker/CVE-2013-7439

I have uploaded a fixed libx11 package in squeeze-lts but the packages
listed in the comment will have to be rebuilt in squeeze against
libx11-dev 2:1.3.3-4+squeeze2 available in squeeze-lts.

If it's possible, feel free to schedule the bin-NMU on amd64 and i386
as soon as the packages are built (or combine them with an appropriate
dep-wait I guess).

nmu libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxrender_1:0.9.6-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxi_2:1.3-8 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxfixes_1:4.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxrandr_2:1.3.0-3+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libsdl1.2_1.2.14-6.1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxv_2:1.0.5-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxp_1:1.0.0.xsf1-2+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw xserver-xorg-video-vmware_1:11.0.1-2 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw cairo_1.8.10-6 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw libxext_2:1.1.2-1+squeeze1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"

nmu open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m "Rebuild against libx11-dev fixed for CVE-2013-7439"
dw open-vm-tools_1:8.4.2-261024-1 . amd64 i386 . squeeze-lts . -m "libx11-dev (>= 2:1.3.3-4+squeeze2)"


Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

--- End Message ---

--- Begin Message ---

To: Niels Thykier <niels@thykier.net>, 782615-done@bugs.debian.org
Subject: Re: Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
From: Raphael Hertzog <hertzog@debian.org>
Date: Fri, 17 Apr 2015 17:57:47 +0200
Message-id: <20150417155747.GA19088@home.ouaza.com>
In-reply-to: <[🔎] 552DFA05.6030008@thykier.net>
References: <[🔎] 20150414201201.GA23238@home.ouaza.com> <[🔎] 552DFA05.6030008@thykier.net>

Hi,

On Wed, 15 Apr 2015, Niels Thykier wrote:
> As mentioned over IRC, it seems we are unable to schedule these binNMUs
> for technical reasons.

I checked with #debian-buildd and Kurt Roeck prefers that we do sourceful
uploads.

23:06 <Q_> Afaik, you can only binNMU when the suite already contains a
binary.
23:08 <Q_> But let's see.
23:10 <Q_> It should be in Installed state.
23:12 <Q_> The buildds are still set up for squeeze, so if you binNMU
something there it will build and upload it.
23:12 <Q_> I'm just not sure what ftp-master will do with it.
23:14 <Q_> Oh, but it should build against -lts I guess.
23:15 <Q_> The squeeze chroot doesn't know anything about squeeze-lts.
23:16 <Q_> Oh, it does.
23:17 <Q_> But I can always trick wanna-build in really building it in
squeeze-lts I guess.
23:18 <Q_> (Or you could do a source upload.)
09:15 <buxy> Q_: would it be complicated to trick w-b to build those in
squeeze-lts? If yes, then I guess I'll do source upload instead.
18:48 <Q_> buxy: I really prefer a source upload.

So I'm closing this ticket and preparing source uploads now.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

--- End Message ---

Reply to:

References:
- Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Bug#782131: marked as done (unblock: apt/1.0.9.8)
Next by Date: Bug#782566: marked as done (unblock: avahi/0.6.31-5)
Previous by thread: Processed: Re: Bug#782615: nmu: multiple bin-NMU in squeeze-lts for CVE-2013-7439
Next by thread: Hints for d-i jessie RC3, part 4
Index(es):
- Date
- Thread