Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#682683: unblock: sope/1.3.16-1
0 views
Skip to first unread message
Jeroen Dekkers
Jul 24, 2012, 12:10:01 PM7/24/12
to
Package: release.debian.org
Severity: normal
User: release.d...@packages.debian.org
Usertags: unblock
Please unblock package sope
Debian changelog:
sope (1.3.16-1) unstable; urgency=low
* New upstream release.
* Drop patches applied upstream:
- 0006-Fix-compilation-on-GNU-kFreeBSD
- 0008-Fix-stale-cache-issue-when-upgrading.patch
- 0009-GNUstep-1.24-fix.patch
* Build with hardening enabled.
-- Jeroen Dekkers <jer...@dekkers.ch> Fri, 29 Jun 2012 20:53:29 +0200
The upstream release is a bugfix only release. Most of the fixes are
already in 1.3.15-4 because they are debian fixes submitted upstream
or were backported from development version to the debian package. The
only actual changes in the Debian package are:
* Build with hardening enabled
* Addition of two methods to classes in NGLdap
* Change in NGObjWeb to not use a deprecated method
The attached sope-gitdiff.patch is the difference between my git
branches of 1.3.15-4 and 1.3.16-1 that have all debian patches
applied, while the attached sope-debdiff.patch gives the complete
debdiff.
unblock sope/1.3.16-1
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (990, 'precise-updates'), (990, 'precise-security'), (990, 'precise-backports'), (990, 'precise'), (500, 'quantal')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-26-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Severity: normal
User: release.d...@packages.debian.org
Usertags: unblock
Please unblock package sope
Debian changelog:
sope (1.3.16-1) unstable; urgency=low
* New upstream release.
* Drop patches applied upstream:
- 0006-Fix-compilation-on-GNU-kFreeBSD
- 0008-Fix-stale-cache-issue-when-upgrading.patch
- 0009-GNUstep-1.24-fix.patch
* Build with hardening enabled.
-- Jeroen Dekkers <jer...@dekkers.ch> Fri, 29 Jun 2012 20:53:29 +0200
The upstream release is a bugfix only release. Most of the fixes are
already in 1.3.15-4 because they are debian fixes submitted upstream
or were backported from development version to the debian package. The
only actual changes in the Debian package are:
* Build with hardening enabled
* Addition of two methods to classes in NGLdap
* Change in NGObjWeb to not use a deprecated method
The attached sope-gitdiff.patch is the difference between my git
branches of 1.3.15-4 and 1.3.16-1 that have all debian patches
applied, while the attached sope-debdiff.patch gives the complete
debdiff.
unblock sope/1.3.16-1
-- System Information:
Debian Release: wheezy/sid
APT prefers precise-updates
APT policy: (990, 'precise-updates'), (990, 'precise-security'), (990, 'precise-backports'), (990, 'precise'), (500, 'quantal')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-26-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Julien Cristau
Aug 1, 2012, 4:40:01 PM8/1/12
to
On Tue, Jul 24, 2012 at 17:33:09 +0200, Jeroen Dekkers wrote:
> The upstream release is a bugfix only release. Most of the fixes are
> already in 1.3.15-4 because they are debian fixes submitted upstream
> or were backported from development version to the debian package. The
> only actual changes in the Debian package are:
>
> * Build with hardening enabled
> * Addition of two methods to classes in NGLdap
> * Change in NGObjWeb to not use a deprecated method
>
That doesn't sound like it fixes an important bug in the package, or am
> The upstream release is a bugfix only release. Most of the fixes are
> already in 1.3.15-4 because they are debian fixes submitted upstream
> or were backported from development version to the debian package. The
> only actual changes in the Debian package are:
>
> * Build with hardening enabled
> * Addition of two methods to classes in NGLdap
> * Change in NGObjWeb to not use a deprecated method
>
I missing something?
Cheers,
Julien
Jeroen Dekkers
Aug 1, 2012, 7:10:01 PM8/1/12
to
At Wed, 1 Aug 2012 22:36:12 +0200,
Although enabling hardening doesn't fix an important bug, it does add
a lot of protection against security bugs. It's a release goal and if
I'm right changes for release goals are also allowed. SOPE includes a
lot of old code that deals directly with untrusted input from the web,
having hardening enabled for such code is important in my opinion.
The two new NGLdap methods are used by SOGo 1.3.16 and I'm not sure
that it works correctly when used with an older SOPE version that
doesn't have these methods. It's not really a tested/supported
configuration and I would have to check that if the added hardening
isn't a reason to unblock.
The deprecated method change doesn't really matter at all. I prepared
these packages with the intention that they were uploaded before the
freeze, but my sponsor didn't had the time to do the upload. That's
why it's included, but I can't see how that change can cause any
problems.
Kind regards,
Jeroen Dekkers
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
a lot of protection against security bugs. It's a release goal and if
I'm right changes for release goals are also allowed. SOPE includes a
lot of old code that deals directly with untrusted input from the web,
having hardening enabled for such code is important in my opinion.
The two new NGLdap methods are used by SOGo 1.3.16 and I'm not sure
that it works correctly when used with an older SOPE version that
doesn't have these methods. It's not really a tested/supported
configuration and I would have to check that if the added hardening
isn't a reason to unblock.
The deprecated method change doesn't really matter at all. I prepared
these packages with the intention that they were uploaded before the
freeze, but my sponsor didn't had the time to do the upload. That's
why it's included, but I can't see how that change can cause any
problems.
Kind regards,
Jeroen Dekkers
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Debian Bug Tracking System
Sep 15, 2012, 2:30:01 PM9/15/12
to
Your message dated Sat, 15 Sep 2012 20:24:12 +0200
with message-id <2012091518...@radis.cristau.org>
and subject line Re: Bug#682683: unblock: sope/1.3.16-1
has caused the Debian Bug report #682683,
regarding unblock: sope/1.3.16-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
682683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
with message-id <2012091518...@radis.cristau.org>
and subject line Re: Bug#682683: unblock: sope/1.3.16-1
has caused the Debian Bug report #682683,
regarding unblock: sope/1.3.16-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
682683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
0 new messages