1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • Re: Bug#1020413: nmu: bind-dyndb-ldap_11.6-3

    From Bernhard Schmidt@21:1/5 to Santiago Vila on Sat Jan 7 19:40:01 2023
    Santiago Vila <sanvila@debian.org> wrote:
    El 23/9/22 a las 10:21, Timo Aaltonen escribió:
    Paul Gevers kirjoitti 22.9.2022 klo 22.26:
    So, Timo, is the package in bullseye broken with the security update and does it need a fix, or is it fine?

    It needs a rebuild, [...]

    I think it's really broken:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027825

    Note that bind-dyndb-ldap currently also fails to build in unstable
    since the latest bind9 release, see

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027094

    It is currently preventing bind9 9.18.10-2 from migrating to unstable
    (that fixes a couple of bugs), and bind9 security updates were already following the upstream branch in bullseye (as seen above).

    I'm not entirely familiar with how upstream operates on this, but as far
    as I understand
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503 there is no
    API guarantee whatsoever and bind-dyndb-ldap is the only out-of-tree
    dyndb plugin ever created.

    Unless someone can fix this fast and for good, I'm afraid we will be
    stuck during a rock and a hard place for the entire bookworm release. src:bind9-libs was created to keep isc-dhcp on life support (and I think
    it could be removed from unstable, since isc-dhcp uses the bundled
    libraries instead of https://tracker.debian.org/news/1323159/accepted-isc-dhcp-443-1-source-into-unstable/
    ), but that's an entirely different case (using some functions in bind libraries vs. being a plugin).

    Bernhard

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Salvatore Bonaccorso@21:1/5 to Bernhard Schmidt on Thu Jan 12 08:50:01 2023
    Hi,

    [Cc'ing Timo, Ondrej]

    On Sat, Jan 07, 2023 at 04:39:34PM -0000, Bernhard Schmidt wrote:
    Santiago Vila <sanvila@debian.org> wrote:
    El 23/9/22 a las 10:21, Timo Aaltonen escribió:
    Paul Gevers kirjoitti 22.9.2022 klo 22.26:
    So, Timo, is the package in bullseye broken with the security update and does it need a fix, or is it fine?

    It needs a rebuild, [...]

    I think it's really broken:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027825

    Note that bind-dyndb-ldap currently also fails to build in unstable
    since the latest bind9 release, see

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027094

    It is currently preventing bind9 9.18.10-2 from migrating to unstable
    (that fixes a couple of bugs), and bind9 security updates were already following the upstream branch in bullseye (as seen above).

    I'm not entirely familiar with how upstream operates on this, but as far
    as I understand
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503 there is no
    API guarantee whatsoever and bind-dyndb-ldap is the only out-of-tree
    dyndb plugin ever created.

    as bind-dyndb-ldap would be removed on 25th of january, which then
    should unblock the bind9 situation for unstable/bookworm AFAIU, should
    we ask for removal already earlier? Should it be kept at all, is it
    used? (popcon seems quite low, but that is not necessarily
    reflecting).

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?utf-8?B?T25kxZllaiBTdXLDvQ==?=@21:1/5 to All on Thu Jan 12 09:20:02 2023
    On 12. 1. 2023, at 8:43, Salvatore Bonaccorso <carnil@debian.org> wrote:

    as bind-dyndb-ldap would be removed on 25th of january, which then
    should unblock the bind9 situation for unstable/bookworm AFAIU, should
    we ask for removal already earlier? Should it be kept at all, is it
    used? (popcon seems quite low, but that is not necessarily
    reflecting).

    As far as I understand, it's part of FreeIPA.

    Optionally Domain Names can be managed using the integrated ISC Bind server.

    Ondrej
    --
    Ondřej Surý (He/Him)
    ondrej@sury.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Gevers@21:1/5 to =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= on Thu Jan 12 09:30:01 2023
    To: carnil@debian.org (Salvatore Bonaccorso)
    Copy: berni@debian.org (Bernhard Schmidt)
    Copy: debian-release@lists.debian.org
    Copy: tjaalton@debian.org (Timo Aaltonen)
    Copy: ondrej@debian.org (=?UTF-8?B?T25kxZllaiBTdXLDvQ==?=)

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------5Kch5Y7HIPWbIoA0tQJSF2A8
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGksDQoNCk9uIDEyLTAxLTIwMjMgMDk6MTIsIE9uZMWZZWogU3Vyw70gd3JvdGU6DQo+PiBh cyBiaW5kLWR5bmRiLWxkYXAgd291bGQgYmUgcmVtb3ZlZCBvbiAyNXRoIG9mIGphbnVhcnks IHdoaWNoIHRoZW4NCj4+IHNob3VsZCB1bmJsb2NrIHRoZSBiaW5kOSBzaXR1YXRpb24gZm9y IHVuc3RhYmxlL2Jvb2t3b3JtIEFGQUlVLCBzaG91bGQNCj4+IHdlIGFzayBmb3IgcmVtb3Zh bCBhbHJlYWR5IGVhcmxpZXI/IFNob3VsZCBpdCBiZSBrZXB0IGF0IGFsbCwgaXMgaXQNCj4+ IHVzZWQ/IChwb3Bjb24gc2VlbXMgcXVpdGUgbG93LCBidXQgdGhhdCBpcyBub3QgbmVjZXNz YXJpbHkNCj4+IHJlZmxlY3RpbmcpLg0KPiANCj4gQXMgZmFyIGFzIEkgdW5kZXJzdGFuZCwg aXQncyBwYXJ0IG9mIEZyZWVJUEEuDQoNCkknbSBub3Qgc2VlaW5nIGFueSAoYnVpbGQpIGRl cGVuZGVuY2llcyAobmVpdGhlciBkYWsgbm9yIA0KcmV2ZXJzZS1kZXBlbmRzKSwgc28gSSBh ZGRlZCBhIHJlbW92YWwgaGludC4NCg0KUGF1bA0K

    --------------5Kch5Y7HIPWbIoA0tQJSF2A8--

    -----BEGIN PGP SIGNATURE-----

    wsB5BAABCAAjFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmO/w40FAwAAAAAACgkQnFyZ6wW9dQq2 DwgArOcZpZhG+XxTR+wYwnYgNmAOmFnZyk3m0MI2XFSFvtQUt4z3jlqSHUSTmO/I2kJNHIbhs4IT kUJpr0xM3JBQQam1TlhrlsbKUdq/yPOhZLOp0iibf6KvNQpxfAVLj56kSheQHhvnUlEJo6IiUeqr /reC1zSH0LUBm84fLfi6Eg9D/jFsgtQZkQoxUKwN6hHt4pyUl1jv2UdPKBWCR0tWHbhj/Uq6Isl0 YB4hjgOZdMs3Drkb6eiydT0BX7bHGtd8Vf07I0UuLh1CljE614HLe9EIX4/vA6IvfHh844LWbXWQ NUOHZC3fSGuRKNcVXtec5qtvyagqEQu7EGiAjpvACQ==
    =jYJd
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Timo Aaltonen@21:1/5 to All on Thu Jan 12 14:10:01 2023
    Salvatore Bonaccorso kirjoitti 12.1.2023 klo 9.43:
    Hi,

    [Cc'ing Timo, Ondrej]

    On Sat, Jan 07, 2023 at 04:39:34PM -0000, Bernhard Schmidt wrote:
    Santiago Vila <sanvila@debian.org> wrote:
    El 23/9/22 a las 10:21, Timo Aaltonen escribió:
    Paul Gevers kirjoitti 22.9.2022 klo 22.26:
    So, Timo, is the package in bullseye broken with the security update and does it need a fix, or is it fine?

    It needs a rebuild, [...]

    I think it's really broken:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027825

    Note that bind-dyndb-ldap currently also fails to build in unstable
    since the latest bind9 release, see

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027094

    It is currently preventing bind9 9.18.10-2 from migrating to unstable
    (that fixes a couple of bugs), and bind9 security updates were already
    following the upstream branch in bullseye (as seen above).

    I'm not entirely familiar with how upstream operates on this, but as far
    as I understand
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014503 there is no
    API guarantee whatsoever and bind-dyndb-ldap is the only out-of-tree
    dyndb plugin ever created.

    as bind-dyndb-ldap would be removed on 25th of january, which then
    should unblock the bind9 situation for unstable/bookworm AFAIU, should
    we ask for removal already earlier? Should it be kept at all, is it
    used? (popcon seems quite low, but that is not necessarily
    reflecting).

    Regards,
    Salvatore


    Hi, I'm fixing these errors with upstream one by one, almost finished
    now and will upload a patched version soon.

    --
    t

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?Q?Ond=C5=99ej_Sur=C3=BD?=@21:1/5 to All on Fri Jan 13 10:10:01 2023
    --22a0fedb706b4306968e8358ce6c5609
    Content-Type: text/plain;charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    Hi,

    we should also remove bind-dyndb-ldap from stable and add `Breaks: bind-dyndb-ldap (<< 11.10-2~)` to the next src:bind9 stable upload.

    I can keep bind9-dev package so people can still install the dyndb plugin from the source.

    Ondrej
    --
    Ondřej Surý (He/Him)
    ondrej@sury.org

    --22a0fedb706b4306968e8358ce6c5609
    Content-Type: text/html;charset=utf-8
    Content-Transfer-Encoding: quoted-printable

    <!DOCTYPE html><html><head><title></title><style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style></head><body><div>Hi,</div><div><br></div><div>we should also remove bind-dyndb-ldap from stable and add `Breaks: bind-dyndb-ldap (&lt;&lt; 11.10-
    2~)` to the next src:bind9 stable upload.<br></div><div><br></div><div>I can keep bind9-dev package so people can still install the dyndb plugin from the source.</div><div><br></div><div>Ondrej</div><div id="sig120647512"><div class="signature">--<br></
    <div class="signature">Ondřej Surý (He/Him)<br></div><div class="signature">ondrej@sury.org<br></div></div><div><br></div></body></html>
    --22a0fedb706b4306968e8358ce6c5609--

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Paul Gevers@21:1/5 to =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= on Fri Jan 13 19:50:02 2023
    To: carnil@debian.org (Salvatore Bonaccorso)
    Copy: berni@debian.org (Bernhard Schmidt)
    Copy: debian-release@lists.debian.org
    Copy: tjaalton@debian.org (Timo Aaltonen)
    Copy: ondrej@debian.org (=?UTF-8?B?T25kxZllaiBTdXLDvQ==?=)

    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------CaGPFYngJJ0isWL0VxH9pjAC
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    SGksDQoNCk9uIDEzLTAxLTIwMjMgMTA6MDQsIE9uZMWZZWogU3Vyw70gd3JvdGU6DQo+IHdl IHNob3VsZCBhbHNvIHJlbW92ZSBiaW5kLWR5bmRiLWxkYXAgZnJvbSBzdGFibGUgYW5kIGFk ZCBgQnJlYWtzOiANCj4gYmluZC1keW5kYi1sZGFwICg8PCAxMS4xMC0yfilgIHRvIHRoZSBu ZXh0IHNyYzpiaW5kOSBzdGFibGUgdXBsb2FkLg0KDQpQbGVhc2UgZmlsZSBhIGJ1ZyByZXBv cnQgd2l0aCB0aGUgcmlnaHQgdXNlcnRhZ3MgKHJlcG9ydGJ1ZyBpcyB5b3VyIA0KZnJpZW5k KSBzdWNoIHRoYXQgb3VyIFNSTSBkb24ndCBmb3JnZXQgdG8gcmVtb3ZlIGl0Lg0KDQpJJ2xs IGZpbGUgYSBibG9ja2luZyBidWcgc3VjaCB0aGF0IGl0IGRvZXNuJ3QgZW50ZXIgdGVzdGlu ZyB1bnRpbCBhIA0Kc3VzdGFpbmFibGUgc29sdXRpb24gaGFzIGJlZW4gZm91bmQuDQoNClBh dWwNCg==

    --------------CaGPFYngJJ0isWL0VxH9pjAC--

    -----BEGIN PGP SIGNATURE-----

    wsB5BAABCAAjFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmPBpnsFAwAAAAAACgkQnFyZ6wW9dQrm cQf+LY8snMa35tf4Hl86fyLiSk5PTbRrwBo8VJbBBiuClAnEc2zN1phKDuJ+QZR0wCE5m7tnlpvK zcMFFv8vVyw7AqEJ/O+I42UJBle7uxUf3n1cF+CelgcI6Eofh+2cBgtgTdQfu/5RHnxyD39Jp4o4 d0C+Y95bCzfkkSOQBMy5iGHsn4wKG7zQ0j7kpRVh2gie5k65kqSks7hvG9FiT8ObbWioR9aryXyM wwWeLBr+TmjcD8MxC82CYj/GVlYOBmyts5I7GlZWoZyJ9HahTMWzJAgbH4B33b4mz5nkQOG/s8zd gDg1nt/Cjy4Lg2yixpxUTYBTP6xx/gC8XtDcqMBSaw==
    =T9yp
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)