Re: xen_4.1.6.1-1+deb7u2.dsc
Hello Bastian, On Fri, 15 Jul 2016, Bastian Blank wrote: > On Tue, Jul 12, 2016 at 12:13:01AM +0200, Raphael Hertzog wrote: > > On Mon, 11 Jul 2016, Bastian Blank wrote: > > > In my tests this backport works with live migration. Can someone else > > > give it a try? > > > https://github.com/credativ/xen-lts/tree/lts-4.1-xsa-97 > > If you expect people to test, you should provide packages ready to install. > > I asked, I did not expect. I'm not sure what this means. You are free to ask but if having testers is a condition for you to be able to finish your work, then you should state it explicitly. In the LTS team we often ask for testers on this list but we rarely get answers > > But I would rather only sollicit end users for tests on a fully updated > > package that we want to release and not on some intermediary status... > > That's why I asked on -lts, a developer list. -lts is a mixed list with LTS users and with LTS developers > > So I would suggest that you go for this and provide some Xen tree free > > of known security issues, then Brian (or someone else) can build test > > packages and we can ask some users to test the update. > > All security problems affecting the hypervisor itself are fixed in here: > https://github.com/credativ/xen-lts/tree/lts-staging-4.1 Why does https://github.com/credativ/xen-lts/blob/lts-status/security-status.md still have lots of question marks? What are we waiting to get a security release out? Note that I'm not a Xen user and not a Xen developer. I don't know much about Xen and I'm not in a position to test your work. Many of us are in a similar position and if we decided to outsource the work to Credativ, it's because we want you to take care of fixing and testing. The LTS team would like to have to handle only the administrative work of publishing a DLA. On Thu, 21 Jul 2016, Bastian Blank wrote: > Did you get the chance to look at this source? No, cf above. What would you want us to look at? Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
Thanks for looking. This is a server that's was running Squeeze, now Wheezy. I saw the warnings : > > insserv: warning: script 'K02klogd' missing LSB tags and overrides > > insserv: warning: script 'K04sysklogd' missing LSB tags and overrides > > insserv: warning: script 'sysklogd' missing LSB tags and overrides > > insserv: warning: script 'modutils' missing LSB tags and overrides > > insserv: warning: script 'klogd' missing LSB tags and overrides but thought that this : > > insserv: There is a loop between service monit and modutils if stopped > > insserv: loop involving service modutils at depth 2 > > insserv: loop involving service monit at depth 1 > > insserv: Stopping modutils depends on monit and therefore on system > > facility `$all' which can not be true! > > insserv: exiting now without changing boot order! was different and a bit more serious. I can look at editing the various scripts etc. and seeing if I can fix them up better. I don't want things to be fragile and cause updates to fail. Maybe I'll look to upgrade the server to stable. Cheers, Alastair On Thu, Jul 21, 2016, at 09:37 PM, Jan Ingvoldstad wrote: > On 2016-07-21 21:13, Alastair Sherringham wrote: > > Hello, > > Hi! > > > I saw that Apache2 had a Wheezy LTS update today and did the usual : > > > > apt-get update && apt-get dist-upgrade > > > > However, this gave me an error, and it seems to be "monit" : > > > > Processing triggers for man-db ... > > Setting up apache2.2-bin (2.2.22-13+deb7u7) ... > > Setting up apache2-utils (2.2.22-13+deb7u7) ... > > Setting up apache2.2-common (2.2.22-13+deb7u7) ... > > insserv: warning: script 'K02klogd' missing LSB tags and overrides > > insserv: warning: script 'K04sysklogd' missing LSB tags and overrides > > insserv: warning: script 'sysklogd' missing LSB tags and overrides > > insserv: warning: script 'modutils' missing LSB tags and overrides > > insserv: warning: script 'klogd' missing LSB tags and overrides > > insserv: There is a loop between service monit and modutils if stopped > > insserv: loop involving service modutils at depth 2 > > insserv: loop involving service monit at depth 1 > > insserv: Stopping modutils depends on monit and therefore on system > > facility `$all' which can not be true! > > insserv: exiting now without changing boot order! > > There is a problem with your init scripts, you have several ancient init > scripts that have not been updated, not with jessie, and not with wheezy. > > You should probably have manually added LSB tags to these scripts to > ensure that they function properly. > > This is most likely the entire cause of the problem for you. > -- > Cheers, > Jan > -- Alastair Sherringham http://www.sherringham.net
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
On 2016-07-22 10:57, Alastair Sherringham wrote: I can look at editing the various scripts etc. and seeing if I can fix them up better. I don't want things to be fragile and cause updates to fail. Maybe I'll look to upgrade the server to stable. The error message states that the problem is due to dependency resolution in services, where the services' init scripts are missing LSB tags. By adding the missing LSB tags, you most likely will resolve the dependency issues. This will solve at least the first of the two things: 1) The warning noise 2) The issue that's stopping the upgrade (I hope) Upgrading to stable is recommended, but if you carry over legacy boot scripts, and these are missing LSB tags, I'm not sure that this will work as well as you hope. I took the time to fix missing LSB tags around when I upgraded systems to jessie, and life just gets better by having done it. -- Cheers, Jan
Re: Wheezy update of python-django?
Raphael Hertzog writes: > I won't claim the update right now but I would suggest that whoever does > this, also takes this opportunity to rebase the package on top of 1.4.22. > > We got the ack from release team to rebase jessie on latest 1.7.x (see > #807654) and it makes sense to rebase wheezy on latest 1.4.x (in > particular since 1.4.x was a LTS version). I am out of time for this month, however should be able to look at this next month if nobody already has done so. -- Brian May
Re: xen_4.1.6.1-1+deb7u2.dsc
Bastian Blank writes: > Did you get the chance to look at this source? I think I need to see Debian sources to look at... Actually I suspect you are not getting emails from me for some reason, because you haven't responded to any of my recent emails to you. They do seem to be getting to the failing list however. -- Brian May
Re: xen_4.1.6.1-1+deb7u2.dsc
Brian May writes: > seem to be getting to the failing list however. s/failing list/mailing list/ -- Brian May
Re: Wheezy update of python-django?
Hi, On Fri, 22 Jul 2016, Brian May wrote: > > We got the ack from release team to rebase jessie on latest 1.7.x (see > > #807654) and it makes sense to rebase wheezy on latest 1.4.x (in > > particular since 1.4.x was a LTS version). > > I am out of time for this month, however should be able to look at this > next month if nobody already has done so. Note that the security update already happened without the rebase (by Markus) but it still makes sense to do the rebase at some point. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Re: Wheezy update of pdns?
* Lucas Kanashiro [160721 15:24]: > Some hours ago upstream accepted a pull request that fix this flaw in > version 3.4.x [0], which allows one to fix it in stable. Could we work > with that patch for version 3.1 (version in oldstable)? They did; I'd still suggest waiting until it's official. Cheers, -- ,''`. Christian Hofstaedtler : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
Thanks Jan. If I upgrade to stable, I think I'd do a clean install and try and avoind this type of cruft building up and causing issues down the line. I'll need to do some minor testing/planning before though. Cheers, Alastair On Fri, Jul 22, 2016, at 10:52 AM, Jan Ingvoldstad wrote: > On 2016-07-22 10:57, Alastair Sherringham wrote: > > > I can look at editing the various scripts etc. and seeing if I can fix > > them up better. I don't want things to be fragile and cause updates to > > fail. Maybe I'll look to upgrade the server to stable. > > The error message states that the problem is due to dependency > resolution in services, where the services' init scripts are missing LSB > tags. > > By adding the missing LSB tags, you most likely will resolve the > dependency issues. > > This will solve at least the first of the two things: > > 1) The warning noise > 2) The issue that's stopping the upgrade (I hope) > > Upgrading to stable is recommended, but if you carry over legacy boot > scripts, and these are missing LSB tags, I'm not sure that this will > work as well as you hope. > > I took the time to fix missing LSB tags around when I upgraded systems > to jessie, and life just gets better by having done it. > -- > Cheers, > Jan > -- Alastair Sherringham http://www.sherringham.net
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
On Fri, Jul 22, 2016 at 01:52:55PM +0100, Alastair Sherringham wrote: > Thanks Jan. If I upgrade to stable, I think I'd do a clean install and > try and avoind this type of cruft building up and causing issues down > the line. I'll need to do some minor testing/planning before though. > You could probably avoid the re-install route by looking at the output of 'dpkg -l |grep ^rc'. That will show you the packages that have been removed but that still have configuration files on the system. Sometimes the left over maintainer scripts and init scripts that belong to un-purged packages cause the problems you are seeing. You could look at the packages in the list and decide if you need to back up the configurations and then purge them completely. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: Wheezy LTS - apt error with recent apache2 update - monit issue?
On Thu, 2016-07-21 at 22:37 +0200, Jan Ingvoldstad wrote: > On 2016-07-21 21:13, Alastair Sherringham wrote: > > Hello, > > Hi! > > > I saw that Apache2 had a Wheezy LTS update today and did the usual : > > > > apt-get update && apt-get dist-upgrade > > > > However, this gave me an error, and it seems to be "monit" : > > > > Processing triggers for man-db ... > > Setting up apache2.2-bin (2.2.22-13+deb7u7) ... > > Setting up apache2-utils (2.2.22-13+deb7u7) ... > > Setting up apache2.2-common (2.2.22-13+deb7u7) ... > > insserv: warning: script 'K02klogd' missing LSB tags and overrides > > insserv: warning: script 'K04sysklogd' missing LSB tags and overrides > > insserv: warning: script 'sysklogd' missing LSB tags and overrides > > insserv: warning: script 'modutils' missing LSB tags and overrides > > insserv: warning: script 'klogd' missing LSB tags and overrides > > insserv: There is a loop between service monit and modutils if stopped > > insserv: loop involving service modutils at depth 2 > > insserv: loop involving service monit at depth 1 > > insserv: Stopping modutils depends on monit and therefore on system > > facility `$all' which can not be true! > > insserv: exiting now without changing boot order! > > There is a problem with your init scripts, you have several ancient init > scripts that have not been updated, not with jessie, and not with wheezy. > > You should probably have manually added LSB tags to these scripts to > ensure that they function properly. I don't think so. These scripts appear to belong to obsolete packages that have been removed but should now be purged: - modutils (replaced by module-init-tools) - sysklogd (replaced by rsyslog) Ben. > This is most likely the entire cause of the problem for you. -- Ben Hutchings compatible: Gracefully accepts erroneous data from any source signature.asc Description: This is a digitally signed message part
Re: Wheezy update of uclibc?
Hello Chris, 2016-07-21 23:52 GMT+02:00 Chris Lamb : > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of uclibc: > https://security-tracker.debian.org/tracker/CVE-2016-6264 > > (Note that this affects the arm implementation, not x86.) > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > https://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. Excellent! The package is source-only, no binaries involved. Feel free to update it, we do not need to test or review it. Cheers, -- Héctor Orón -.. . -... .. .- -. -.. . ...- . .-.. --- .--. . .-.
Wheezy update of mysql-5.5?
Hello dear maintainer(s), the Debian LTS team would like to fix the security issues which are currently open in the Wheezy version of mysql-5.5: https://security-tracker.debian.org/tracker/CVE-2016-3477 https://security-tracker.debian.org/tracker/CVE-2016-3521 https://security-tracker.debian.org/tracker/CVE-2016-3615 https://security-tracker.debian.org/tracker/CVE-2016-5440 Would you like to take care of this yourself? If yes, please follow the workflow we have defined here: https://wiki.debian.org/LTS/Development If that workflow is a burden to you, feel free to just prepare an updated source package and send it to debian-lts@lists.debian.org (via a debdiff, or with an URL pointing to the source package, or even with a pointer to your packaging repository), and the members of the LTS team will take care of the rest. Indicate clearly whether you have tested the updated package or not. If you don't want to take care of this update, it's not a problem, we will do our best with your package. Just let us know whether you would like to review and/or test the updated package before it gets released. Thank you very much. Chris Lamb, on behalf of the Debian LTS team. PS: A member of the LTS team might start working on this update at any point in time. You can verify whether someone is registered on this update in this file: https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Re: Wheezy update of pdns?
On 07/22/2016 09:00 AM, Christian Hofstaedtler wrote: > They did; I'd still suggest waiting until it's official. > I guess it is an official solution (for old version that upstream still maintains it) because upstream itself accepted it. But ok, let's wait they merge it into master branch and release it, this CVE is a minor issue. Thanks for your fast feedback Christian. Cheers, -- Lucas Kanashiro 8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C signature.asc Description: OpenPGP digital signature
Re: Wheezy update of python-django?
Hi, On 07/22/2016 08:15 AM, Raphael Hertzog wrote: > Hi, > > On Fri, 22 Jul 2016, Brian May wrote: >>> We got the ack from release team to rebase jessie on latest 1.7.x (see >>> #807654) and it makes sense to rebase wheezy on latest 1.4.x (in >>> particular since 1.4.x was a LTS version). >> I am out of time for this month, however should be able to look at this >> next month if nobody already has done so. > Note that the security update already happened without the rebase (by > Markus) but it still makes sense to do the rebase at some point. > I can try to help to rebase wheezy on latest 1.4.x, are you talking about debian/wheezy or debian/wheezy-security branch? Cheers, -- Lucas Kanashiro 8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C signature.asc Description: OpenPGP digital signature
Re: Wheezy update of python-django?
On 07/22/2016 03:43 PM, Lucas Kanashiro wrote: > I can try to help to rebase wheezy on latest 1.4.x, are you talking > about debian/wheezy or debian/wheezy-security branch? > My bad, I checked out the repo and I saw that the mentioned branch is debian/wheezy :) -- Lucas Kanashiro 8ED6 C3F8 BAC9 DB7F C130 A870 F823 A272 9883 C97C signature.asc Description: OpenPGP digital signature
