Your message dated Tue, 30 Mar 2021 20:00:27 +0200 with message-id <55268ccf-c0c2-21f3-4976-4f450427a829@debian.org> and subject line Re: Bug#985610: unblock: glib2.0/2.66.8-1 (+ advice on #985890) has caused the Debian Bug report #985610, regarding unblock: glib2.0/2.66.8-1 (+ advice on #985890) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 985610: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985610 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock (pre-approval): glib2.0/2.66.8-1
- From: Simon McVittie <smcv@debian.org>
- Date: Sat, 20 Mar 2021 17:08:14 +0000
- Message-id: <YFYr/jbSJOiYLaZ1@momentum.pseudorandom.co.uk>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock I'd like pre-approval to upload glib2.0/2.66.8-1 to unstable. [ Reason ] * Sync up with upstream 2.66.8 release, 95% of which we already apply via debian/patches * Add an error-handling patch from upstream that they recommended I consider including when backporting recent security fixes to buster * Add missing CVE ID references to changelog [ Impact ] Using 2.66.8 will make it more obvious that we have the CVE-2021-28153 fix. The error handling patch (gio/glocalfileoutputstream.c in the diff) is not critical, but it fixes an oversight in the CVE-2021-28153 fix. If we don't have it, GLib will attempt to close(-1) under some circumstances, which is harmless but gets flagged as an error by static analysis (e.g. Coverity) and debug instrumentation, obscuring more important issues. Upstream recommended that I include this in backports to buster, which I probably will unless the security team or SRMs ask me not to. [ Tests ] GLib has a large test suite which we run at build time and in autopkgtests. I run autopkgtests on amd64 and i386 qemu VMs before each upload. I haven't done any manual testing on this just yet, but I'll use it on my GNOME systems for a while before uploading. [ Risks ] It's an important key package and used in all our desktops, but the changes are targeted and obvious. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing (as with the recent mutter and gnome-shell unblocks, to minimize noise this is a diff between patched trees, excluding the patches themselves) [ Other info ] This is likely to be the last upstream release from the 2.66.x branch, so any subsequent fixes (security or otherwise) will be back to using the patch series. unblock glib2.0/2.66.8-1
--- End Message ---
--- Begin Message ---
- To: 985610-done@bugs.debian.org, Simon McVittie <smcv@debian.org>
- Subject: Re: Bug#985610: unblock: glib2.0/2.66.8-1 (+ advice on #985890)
- From: Paul Gevers <elbrus@debian.org>
- Date: Tue, 30 Mar 2021 20:00:27 +0200
- Message-id: <55268ccf-c0c2-21f3-4976-4f450427a829@debian.org>
- In-reply-to: <YGJQ/IAEkEzCc9o0@ramacher.at>
- References: <YFYr/jbSJOiYLaZ1@momentum.pseudorandom.co.uk> <YFYr/jbSJOiYLaZ1@momentum.pseudorandom.co.uk> <[🔎] YGB68oPBJmfJGL4K@momentum.pseudorandom.co.uk> <YFYr/jbSJOiYLaZ1@momentum.pseudorandom.co.uk> <YGJQ/IAEkEzCc9o0@ramacher.at>
Hi On 30-03-2021 00:13, Sebastian Ramacher wrote: >> For now, would it be possible to apply some age-days to glib2.0 to make >> it migrate sooner than 14 days' time? That would mitigate this. > > Done. It migrated. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---