Moritz Mühlenhoff <j...@inutil.org> writes: > On Sat, Nov 07, 2020 at 08:56:38PM +0100, wf...@niif.hu wrote: > >> I propose a security upload with the debdiff below. The patch series >> posted by upstream against 2.0.3 applies cleanly to the buster source, >> and is hereby included. I'll try to do some testing while you review. > > Thanks, this looks. I also compared the upstream 2.0.3 patch set against > the update Ubuntu released for their 20.4 release (which also ships > 2.0.3) and which is identical (and without reported regressions so far)
Cool. One can't possibly test all relevant use cases here. > Please upload to security-master if your tests were fine as well Done. I managed to provoke some of the new denials with the updated package, and basic cluster operation remained unperturbed. I think the changelog entry will work well enough as the DSA text. The LTS update used a shorter version, which is fine as well. > (and remember to build with -sa since pacemaker is new in > buster-security (ftp.debian.org and security.debian.org don't share > tarballs) The --source-only-changes switch of sbuild seems to counteract -sa, but I tried to revert that with changestool. Hope it's fine. If only I also remembered to remove the buildinfo file... Or is that problem fixed already? Salvatore Bonaccorso <car...@debian.org> writes: > Thanks for your upload to unstable! > > On Tue, Nov 10, 2020 at 10:34:18PM +0000, Debian FTP Masters wrote: >> * [6956006] New upstream pre-release (2.0.5~rc2) (Closes: #973254) > > Bonus point: please do include the assigned CVE id references which > makes it easier to cross-check and track fixes for security issues. I'll add the CVE ID to the changelog in the next upload, sorry. > Thanks for your work here and for the stable upload! Rather: thanks for your (plural) tireless work archive wide! -- Cheers, Feri
