Bug#925185: marked as done (unblock sysstat/12.0.3-2)

To: Ivo De Decker <ivodd@respighi.debian.org>
Subject: Bug#925185: marked as done (unblock sysstat/12.0.3-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 08 Apr 2019 14:30:03 +0000
Message-id: <[🔎] handler.925185.D925185.155473358112948.ackdone@bugs.debian.org>
Reply-to: 925185@bugs.debian.org
References: <E1hDVE2-0004LV-Tt@respighi.debian.org> <20190320224150.GA3068@vox.robbo.home>

Your message dated Mon, 08 Apr 2019 14:26:18 +0000
with message-id <E1hDVE2-0004LV-Tt@respighi.debian.org>
and subject line unblock sysstat
has caused the Debian Bug report #925185,
regarding unblock sysstat/12.0.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
925185: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925185
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock pre-approval: sysstat/12.0.3-1 (actually 12.0.3-2)
From: Robert Luberda <robert@debian.org>
Date: Wed, 20 Mar 2019 23:41:50 +0100
Message-id: <20190320224150.GA3068@vox.robbo.home>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please approve sysstat 12.0.3, which is upstream bugfix release,
for uploading to unstable and migrating to testing.

The upstream release contains fix for CVE-2018-19416 [1] and 
CVE-2018-19517 [2]; however the patch [3] is not easily applicable
to the version in buster (12.0.1-1), because it depends on another 
patch [4], which contains a fix for a backward compatibility issue
introduced in 12.0.1.  Apart from the two quite a big patches, the
new upstream a few smaller fixes, like the one related to a fix
for infinite loop [5]. In my opinion it should be quite safe to 
allow it for buster, most probably safer than trying to backport 
the patch [3] to 12.0.1 with getting rid of dependency on [4].

The debian packaging part contains fixes for two small regressions 
against current stretch version of sysstat: one is for init
script failure when systemd is not used [6], and another one is for 
unnecessary execution of systemd service file during upgrades.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914384
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914553
[3] https://github.com/sysstat/sysstat/commit/bf203d645110ecba8ec3a37874b577ce40a2788b
[4] https://github.com/sysstat/sysstat/commit/87bce40bc02ff77edee44a7b9d8233ae6a056012
[5] https://github.com/sysstat/sysstat/commit/45de3c27697d9c1c4d8feb12c865d1fe53ce45bf
[6] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924864

I uploaded systat 12.0.3-1 to experimental a few days ago with the
following changelog:

  sysstat (12.0.3-1) experimental; urgency=medium
  
    * New upstream stable version:
      + sadf: Fix out of bound reads security issues (CVE-2018-19416 and
        CVE-2018-19517, closes: #914384, #914553);
      + sadf: Fix possible infinite loop;
      + sar: Fortify remap_struct() function to prevent possible crashes on
        reading binary datafiles generated by older versions of sysstat.
    * systat.init.d: revert a change introduced in 11.5.5-1, as it caused
      the start script to fail to execute the command that adds "Linux Restart"
      marker into statistics file on systems on which systemd is not used.
      Thanks to Georgios Zarkadas for noticing this (closes: #924864).
    * debian/rules: replace deprecated dh_systemd_start by dh_installsystemd,
      as suggested by lintian; the former command wass ignored by debhelper v11,
      what in turn resulted in the `--no-start' option being ignored, and the
      restart markers were incorrectly added during package upgrades.
  
   -- Robert Luberda <robert@debian.org>  Sun, 17 Mar 2019 23:09:46 +0100

The debdiff against buster is attached. 

If you think this version would be OK for buster, then I can upload -2
to unstable, with no other changes, except for Debian changelog entry.

Otherwise please let me know what would you approve, and what I should do:
 - backport patch [3] only (but I don't think this would be safer);
 - backport both patches, i.e. [3], and [4] (but those are the biggest ones);
 - something else.

Regards,
robert


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (990, 'unstable-debug'), (990, 'stable-updates'), (990, 'unstable'), (990, 'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Attachment: sysstat_12.0.3-1.diff.gz
Description: application/gzip

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 925185-done@bugs.debian.org

Subject: unblock sysstat

From: Ivo De Decker <ivodd@respighi.debian.org>

Date: Mon, 08 Apr 2019 14:26:18 +0000

Message-id: <E1hDVE2-0004LV-Tt@respighi.debian.org>
Unblocked sysstat.
--- End Message ---

Reply to:

Prev by Date: Bug#926611: marked as done (unblock: schema2ldif/1.3-3)
Next by Date: Bug#926622: marked as done (unblock: zulucrypt/5.4.0-3)
Previous by thread: Bug#925604: marked as done (unblock: ruby-doorkeeper-openid-connect/1.5.5-1)
Next by thread: Bug#925489: marked as done (unblock: elogind/241.1-1+debian1)
Index(es):
- Date
- Thread