Control: user -1 release.debian@packages.debian.org
On 05/06/2018 01:51 PM, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Sun, 2018-05-06 at 13:34 +0200, Markus Wanner wrote:
>> Control: reassign -1 release.debian.org
>> Control: user -
essie to oldstable.
> Mapping oldstable to oldstable-proposed-updates.
Thank you for clarification and for taking care.
Kind Regards
Markus Wanner
On 11/18/2017 07:53 PM, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
>
> On Thu, 2017-08-31 at 21:55 +0200, Markus Wanner wrote:
>> here's an update for jessie, fixing #873439 (CVE-2017-13709). It's
>> based on a patch and debdiff by Florent Rougon.
#873439 (CVE-2017-13709 [0]).
Kind Regards
Markus Wanner
[0]:
https://security-tracker.debian.org/tracker/CVE-2017-13709
signature.asc
Description: OpenPGP digital signature
release.
Kind Regards
Markus Wanner
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog 2017-07-02 14:39:08.0 +0200
+++ flightgear-3.0.0/debian/changelog 2017-08-31 09:09:03.0 +0200
@@ -1,3 +1,16 @@
+flightgear
write arbitrary
user's files, possibly even executable ones. The fix is in two parts,
back-ported to older releases by Florent Rougon.
Please verify the attached debdiff for fixing the issue in stretch with
the next point release.
Kind Regards
Markus Wanner
diff -Nru flightgear-2016.4.4+d
Hi Cyril,
On 07/02/2017 11:14 PM, Cyril Brulebois wrote:
> Markus Wanner (2017-07-02):
>> On 28.06.2017 00:43, Cyril Brulebois wrote:
>>> I don't see 3.0.0-5+deb8u1 anywhere?
>>>
>>> flightgear | 3.0.0-5 | oldstable
r. Including
a very minor modification of the patch for it to compile, again, as
discussed with upstream.
Kind Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
Control: -1 tags -moreinfo
Hi,
Tobias uploaded flightgear-1:2016.4.4+dfsg-3 last Friday (thanks,
Tobias), including the security fix. It already migrated to testing as
well a couple hours ago.
Please proceed with this jessie-pu bug.
Kind Regards
Markus
signature.asc
Description: OpenPGP di
; available in order to check.
I think that was the PGP key deprecation issue on my side.
Kind Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
27;?
A debdiff against the current version in stable-sec (3.0.0-5+deb8u1) is
attached. Please note that stable itself is still at 3.0.0-5 and doesn't
offer the first (and related) security fix.
Kind Regards
Markus Wanner
On 05/17/2017 08:57 AM, Salvatore Bonaccorso wrote:
> Hi,
>
>
Dear Release Team,
as per Salvatore Bonaccorso, the current security fix doesn't warrant a
DSA on its own (see below). Is it okay to upload to 'stable'? Or how
shall I proceed?
A debdiff is attached.
Kind Regards
Markus Wanner
On 17.05.2017 08:49, Moritz Muehlenhoff wrote:
&
Control: tags -1 -moreinfo
On 05/07/2017 10:42 PM, Niels Thykier wrote:
> Ack, please go ahead and remove the moreinfo tag once the upload has
> been processed and built on all relevant release architectures.
Uploaded and built on all release arches (and most non-release ones as
well).
Kind Rega
er from stretch, instead. Thank you.
Kind Regards
Markus Wanner
#
# All of the changed documented in the changelog.
#
diff -Nru courier-0.76.3/debian/changelog courier-0.76.3/debian/changelog
--- courier-0.76.3/debian/changelog 2016-12-21 15:03:32.0 +0100
+++ courier-0.76.3/debian
ident 2.3.1+dfsg-2 will build perfectly
fine on stretch as well (where sfcgal is available even for those mipsen).
Please help resolving that situation, thanks.
Kind Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
that.
Kind Regards
Markus Wanner
[0]: Debian Issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858610
[1]: Original PgApt Issue:
https://redmine.postgresql.org/issues/2279
diff -Nru postgis-2.3.1+dfsg/debian/changelog
postgis-2.3.1+dfsg/debian/changelog
--- postgis-2.3.1+dfsg/debian
On 11/21/2016 06:42 PM, Adam D. Barratt wrote:
> +monotone (1.1-4+deb8u2) jessie-security; urgency=high
>
> With the distribution updated to "jessie", please go ahead.
Thanks. With that change, I uploaded monotone-1.1-4+deb8u2.
Regards
Markus
signature.asc
Description: OpenPGP digital signa
.
> (If it were, there would have been no source upload and the binary
> packages would be +something+bX, not +deb8uX.)
Understood. Thanks for clarification.
Please consider 1.1-4+deb8u2.
Kind Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
On 11/21/2016 07:44 AM, Adam D. Barratt wrote:
> 1.1-4+deb8u1 was not a binNMU.
Was it not? I'm sorry, I might be confused by the naming here.
I intended to express that it's just a rebuild against a newer libbotan.
No changes other than the additional entry in debian/changelog.
Regards
Markus
fer on all architectures and
trigger a SIGPIPE. That very same patch is already applied in Debian
testing since 1.1-7.
Attached a source debdiff.
Kind Regards
Markus Wanner
diff -Nru monotone-1.1/debian/changelog monotone-1.1/debian/changelog
--- monotone-1.1/debian/changelog 2016-05-10 17:49:28.0
Control: tags -1 - moreinfo
uploaded, it hit unstable, so please
unblock postgis/2.1.4+dfsg-3
Thanks
Markus Wanner
signature.asc
Description: OpenPGP digital signature
back transactions, shut down and go through the usual
recovery procedures. Being able to trigger that process just by feeding
invalid GeoJSON data (e.g. via a web service) can certainly be
considered an effective DoS-Attack.
The debdiff is attached.
Kind Regards
Markus Wanner
diff -Nru postgis
> the version currently in Jessie and as such I've unblocked it.
Thanks for unblocking.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
mitigation patch through. It got applied upstream, so it already has
some testing mileage. I see no point in delaying it on the grounds that
it fixes only one and not all issues. It certainly didn't introduce any
of the issues you're pointing out.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
new files, though.
Please also keep in mind that the user needs to fetch and install the
untrusted nasal script somehow.
While not covering everything, I still think the recent upload fixes the
most apparent security risk and would appreciate it being unblocked.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
ore restrictive than it
used to be.
According to the comment in that same file, only $FG_HOME and $FG_ROOT
are known variables to be replaced, there. Adding $TMPDIR might be a
bigger effort, but I'm not quite sure what Nasal scripts need to write
temporary XML files.
Rebecca, care to comment?
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
entire filesystem, see #780716. I kept the
packaging changes as minimal as possible. A debdiff and the patch are
both attached for review.
unblock flightgear-data/3.0.0-3
Regards
Markus Wanner
diff -Nru flightgear-data-3.0.0/debian/changelog flightgear-data-3.0.0/debian/changelog
--- flightgear-data
#780712. I kept the packaging changes as
minimal as possible. A debdiff and the patch are attached for review.
unblock flightgear/3.0.0-5
Regards
Markus Wanner
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
--- flightgear-3.0.0/debian/changelog 2014-11-07 17:27
(1:1.10.2-2) unstable; urgency=medium
* Allow tests to pass under restricted environments, like pbuilder,
by adding patch relax-ip-multicast-tests.diff. Closes: #769306.
-- Markus Wanner Fri, 28 Nov 2014 14:31:56 +0100
unblock asio/1:1.10.2-2
Thanks
Markus Wanner
diff -Nru asio-1.10.2
age just arrived, now. I'll write more detailed
changelog entries in the future.
Regards
Markus Wanner
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545e0ece.3050...@bluegap.ch
processing key input).
flightgear (3.0.0-4) unstable; urgency=medium
* Add patch 750939.patch. Closes: #750939.
-- Markus Wanner Fri, 07 Nov 2014 17:27:44 +0100
unblock flightgear/3.0.0-4
Thanks
Markus Wanner
diff -Nru flightgear-3.0.0/debian/changelog flightgear-3.0.0/debian/changelog
kages.
flightgear-data (3.0.0-2) unstable; urgency=medium
[ Rebecca N. Palmer ]
* Fix type mismatch crash. Closes: #766251.
[ Markus Wanner ]
* Add patch translation-update-pt.diff.
-- Markus Wanner Fri, 07 Nov 2014 17:28:09 +0100
unblock flightgear-data/3.0.0-2
Thanks
Markus Wanner
diff
I properly upgraded my build system, I still had libjpeg8-dev
installed, which provides libjpeg-dev. Thus the uploaded amd64 package
still depends on libjpeg8 and didn't transition.
Sorry for the hassle. Please correct that with a rebuild on amd64,
thanks.
Regards
Markus Wanner
signature.
a compiled binary. At the worst, it leads to an FTBFS (as 1.10.1
does for both, BTW).
Granted, I should still have started a proper transition, rather than
uploading (an API-incompatible) 1.10.1 without notice. Please accept my
apologies, I should have known better.
Regards
Markus Wanner
e's no other way
multiple versions of this library can be installed on a system.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
On 02/11/2014 01:01 PM, Andreas Beckmann wrote:
> Or if you want to avoid using epochs, reupload 1.4.8 using as
> 1.10.really.1.4.8 as the upstream version, and upload 1.10 as 1.10.release to
> experimental. Once you upload upstream 1.11 you are back to normal version
> numbers without having us
g me increases
chances to get a timely answer. ;-)
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
te [1], it should be binary compatible. (And their current 3.2
branch still has a SOVERSION of 100.) So going straight through to 100
seems reasonable to me.
Regards
Markus Wanner
[1]: OpenSceneGraph Downloads of stable versions:
http://www.openscenegraph.org/index.php/download-section/stable-re
already.
> "But I will only show you the door"[1].
I already took the red pill. [2]
> As a member of the Release
> Team, I want to know there is someone taking responsibility for making
> flightgear remain RC bug free, so it is not removed from testing again
> due to
Hi,
On 09/27/2013 10:44 PM, Michael Biebl wrote:
> Am 27.09.2013 22:05, schrieb Steven Chamberlain:
>> Control: block 724678 by 724686
>>
>> On 26/09/13 15:34, Markus Wanner wrote:
>>> as correctly reported by Rebecca N. Palmer, flightgear no longer builds
>
Control: reassign -1 ftpmas...@ftp-master.debian.org
Control: affects -1 + ftp.debian.org
Control: affects -1 - release.debian.org
On 09/26/2013 04:52 PM, Jonathan Wiltshire wrote:
> Flightgear is not in testing. Perhaps you meant unstable (and ftp masters)?
Egad, I messed up, sorry. Yes, I mean
to systemd dependency). Please remove the kfreebsd
variants of the flightgear binary package from testing.
Regards
Markus Wanner
--
Debian Maintainer
on behalf of the Flightgear Packaging Crew
signature.asc
Description: OpenPGP digital signature
ezy).
(I'm surprised it worked before. It certainly did work as expected on
the amd64 system... extensive use of compiler magic, I guess).
The modified patch is attached, as I tested it. I'm sorry for not
getting this correct the first time.
Regards
Markus Wanner
Subject: add a safer c
Hi,
Peter Eisentraut wrote:
> I guess the Python-packaging-like solution to that would be to always
> support two PostgreSQL releases per stable Debian release.
I suspect that means one of them overlapping with oldstable, right?
Just wondering: does the python project have any kind of support
pr
in Debian stable, with the proposed policy).
For these reasons, please stop penalize Postgres for providing EOL dates
and rather pass on these seldom pieces of very mature OSS software to
your users.
Regards
Markus Wanner
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
45 matches
Mail list logo
