Bug#925265: unblock: ntp/1:4.2.8p12+dfsg-4 or ntp/1:4.2.8p13+dfsg-2 (pre-approval)
Control: tags -1 confirmed moreinfo
Hi,
On Fri, Mar 22, 2019 at 12:11:29AM +0100, Bernhard Schmidt wrote:
> The other option would be to only backport the fix for CVE-2019-8936 and upload
> -4.
>
> While processing this I discovered three small commits sitting in the master
> branch that had not been uploaded yet. They could be backed out if you want to.
> They fix important Bug#772790, normal Bug#764546 and remove a leftover from the
> locking that used to be in place to prevent a race between ntpd and the ntpdate
> ifupdown hooks. The ifupdown hooks have been removed since September, so the
> locking is not necessary anymore.
>
> Please tell me what you want me to upload
>
> a) 1:4.2.8p13+dfsg-1 currently in experimental (as -2)
> b) 1:4.2.8p13+dfsg-1 currently in experimental (as -2), but with some/all not
> previously uploaded changes to debian/ dropped
> c) 1:4.2.8p12+dfsg-4 containing only the CVE fix
> d) 1:4.2.8p12+dfsg-4 containing the CVE fix and some/all not previously uploaded
> changes to debian/
Both option c or d sound ok. Options a and b really don't sound like something
we should do at this point.
So please go ahead with the 1:4.2.8p12+dfsg-4 upload and remove the moreinfo
tag from this bug once the package is in unstable.
Thanks,
Ivo
Reply to: