Univention Bugzilla – Bug 33836
Migrate patches
Last modified: 2014-11-26 06:55:43 CET
Our patches made for UCS 3.x must to be checked whether they need to be merged in 4.0.
I've created two separate bugs for heimdal and OpenLDAP: Bug 35359 - Migrate OpenLDAP patches to UCS 4.0 Bug 35358 - Migrate heimdal patches to UCS 4.0 The Samba patches will be migrate with Bug #35319.
The following patches should be checked: apache2/3.2-0-0-ucs/2.2.16-6+squeeze12-ucs3.2-2 clamav/3.2-0-0-ucs/0.98.1+dfsg-1+deb7u3-errata3.2-2 consolekit/3.2-0-0-ucs/0.4.1-4 cups/3.2-0-0-ucs/1.4.4-7-errata3.2-1 curl/3.2-0-0-ucs/7.21.0-2.1+squeeze8-errata3.2-1 cyrus-imapd-2.2/3.2-0-0-ucs/2.2.13-19+squeeze1 cyrus-imapd-2.4/3.2-0-0-ucs/2.4.9-1 fetchmail/3.2-0-0-ucs/6.3.18-2 firmware-free/3.2-0-0-ucs/3.2 freeradius/3.2-0-0-ucs/2.1.10+dfsg-2-errata3.2-1 grub2/3.2-0-0-ucs/2.00-19 icu/3.2-0-0-ucs/4.4.1-8+squeeze2-ucs3.2-2 initramfs-tools/3.2-0-0-ucs/0.112~bpo70+1 kbuild/3.2-0-0-ucs/1:0.1.9998svn2577+dfsg-3 kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1 krb5/3.2-0-0-ucs/1.8.3+dfsg-4squeeze7 libmodplug/3.2-0-0-ucs/1:0.8.8.1-1+squeeze2+git20130828 libnss-ldap/3.2-0-0-ucs/264-2.2 libxres/3.2-0-0-ucs/2:1.0.4-1+squeeze lighttpd/3.2-0-0-ucs/1.4.28-2+squeeze1.5-ucs3.2-2 linux-tools/3.2-0-0-ucs/3.10-2 mysql-5.1/3.2-0-0-ucs/5.1.73-1-ucs3.2-2 nfs-utils/3.2-0-0-ucs/1:1.2.2-4squeeze2-errata3.2-1 ocfs2-tools/3.2-0-0-ucs/1.6.4-2 openafs/3.2-0-0-ucs/1.6.5-1 openjdk-6/3.2-0-0-ucs/6b31-1.13.3-1~deb6u1-errata3.2-2 openssh/3.2-0-0-ucs/1:5.5p1-6+squeeze3 openssl/3.2-0-0-ucs/0.9.8o-4squeeze14-errata3.2-2 open-vm-tools/3.2-0-0-ucs/2:9.2.3-1031360-7 pcp/3.2-0-0-ucs/3.3.3-squeeze3 php5/3.2-0-0-ucs/5.3.3-7+squeeze18-errata3.2-0 php5/3.2-0-0-ucs/5.4.4-14+deb7u9-php54 php-geoip/3.2-0-0-ucs/1.0.7-8-php54 php-imagick/3.2-0-0-ucs/3.1.0~rc1-1-php54 php-memcache/3.2-0-0-ucs/3.0.6-6-php54 procps/3.2-0-0-ucs/1:3.2.8-9squeeze1-errata3.2-1 pyrad/3.2-0-0-ucs/1.2-1+deb6u1 python2.6/3.2-0-0-ucs/2.6.6-8 python-django/3.2-0-0-ucs/1.2.3-3+squeeze8 qemu-kvm/3.2-0-0-ucs/1.1.2+dfsg-6-errata3.2-1 rsync/3.2-0-0-ucs/3.0.7-2-errata3.2-2 ruby1.8/3.2-0-0-ucs/1.8.7.302-2squeeze1-errata3.2-0 ruby1.9.1/3.2-0-0-ucs/1.9.2.0-2+deb6u1 spamassassin/3.2-0-0-ucs/3.3.1-1.1 squid3/3.2-0-0-ucs/3.1.6-1.2+squeeze3 srtp/3.2-0-0-ucs/1.4.4~dfsg-6+deb6u1-ucs3.2-2 strongswan/3.2-0-0-ucs/4.4.1-5.4-ucs3.2-2 sup-mail/3.2-0-0-ucs/0.11-2+nmu1+deb6u1-ucs3.2-2 virtualbox/3.2-0-0-ucs/4.2.10-dfsg-1 xtables-addons/3.2-0-0-ucs/2.3-1 zoneminder/3.2-0-0-ucs/1.24.2-8+squeeze1
And the following UCS 3.1 patches: apt/3.1-0-0-ucs/0.8.10.3+squeeze1 apt-mirror/3.1-0-0-ucs/0.4.8-3 bacula/3.1-0-0-ucs/5.0.2-2.2+squeeze1-ucs3.1-1 base-files/3.1-0-0-ucs/6.0squeeze6 bind9/3.1-0-0-ucs/1:9.8.0.P4-1-errata3.1-1 cairo/3.1-0-0-ucs/1.10.2-7~bpo60+1-errata3.1-1 checkgmail/3.1-0-0-ucs/1.13+svn43-2+squeeze0.1 dansguardian/3.1-0-0-ucs/2.10.1.1-3-ucs3.1-1 dbus/3.1-0-0-ucs/1.2.24-4+squeeze2-ucs3.1-1 dkms/3.1-0-0-ucs/2.2.0.3-1.1-ucs3.1-1 emesene/3.1-0-0-ucs/1.6.3-1.1 ghostscript/3.1-0-0-ucs/8.71~dfsg2-9+squeeze1-ucs3.1-1 grep/3.1-0-0-ucs/2.6.3-3-errata3.1-1 icedtea-web/3.1-0-0-ucs/1.4-3-errata3.1-1 iceweasel/3.1-0-0-ucs/17.0.8esr-1~deb7u1-errata3.1-1 isc-dhcp/3.1-0-0-ucs/4.1.1-P1-15+squeeze6 libnss-extrausers/3.1-0-0-ucs/0.3-1-ucs3.1-1 libssh/3.1-0-0-ucs/0.4.5-3+squeeze1-ucs3.1-1 libvirt/3.1-0-0-ucs/0.9.12-5-ucs3.1-1 libvpx/3.1-0-0-ucs/1.0.0-2~bpo60+1-errata3.1-1 mono/3.1-0-0-ucs/2.6.7-5.1 nagios3/3.1-0-0-ucs/3.2.1-2+squeeze1-ucs3.1-1 network-manager/3.1-0-0-ucs/0.8.1-6+squeeze2 nspr/3.1-0-0-ucs/2:4.9.2-1~bpo60+1-errata3.1-1 nss/3.1-0-0-ucs/2:3.14.3-1~bpo60+1-errata3.1-1 ntp/3.1-0-0-ucs/1:4.2.6.p3+dfsg-1ubuntu3.1-ucc openoffice.org/3.1-0-0-ucs/1:3.2.1-11+squeeze8-ucs3.1-1 pam/3.1-0-0-ucs/1.1.1-6.1+squeeze1-ucs3.1-1 parted/3.1-0-0-ucs/2.3-5-ucs3.1-1 2.3-8ubuntu5.1-ucc pcp/3.1-0-0-ucs/3.3.3-squeeze2 plymouth/3.1-0-0-ucs/0.8.3-9.2 postgresql-common/3.1-0-0-ucs/113+squeeze1 python-django/3.1-0-0-ucs/1.2.3-3+squeeze3 python-notifier/3.1-0-0-ucs/0.9.5-1-ucs3.1-1 qemu/3.1-0-0-ucs/1.1.2+dfsg-1 qemu-kvm/3.1-0-0-ucs/1.1.2+dfsg-2-ucs3.1-1 ruby1.8/3.1-0-0-ucs/1.8.7.302-2squeeze1-errata3.1-1 sqlite3/3.1-0-0-ucs/3.7.13-1~bpo60+1-errata3.1-1 sysvinit/3.1-0-0-ucs/2.88dsf-13.1+squeeze1 tomcat6/3.1-0-0-ucs/6.0.35-1+squeeze2-errata3.1-1 util-linux/3.1-0-0-ucs/2.17.2-9 xen-4.1/3.1-0-0-ucs/4.1.3-4-errata3.1-0 And for UCS 3.0: acpid/3.0-0-0-ucs/1:2.0.7-1squeeze4-ucs3.0-2 amavisd-new/3.0-0-0-ucs/1:2.6.4-3 backuppc/3.0-0-0-ucs/3.1.0-9.1-ucs3.0-1 base-passwd/3.0-0-0-ucs/3.5.22 bochs/3.0-0-0-ucs/2.4.5-1 busybox/3.0-0-0-ucs/1:1.17.1-8 cherrypy3/3.0-0-0-ucs/3.1.2-1-umcrest chntpw/3.0-0-0-ucs/0.99.6-2 cifs-utils/3.0-0-0-ucs/2:4.5-2-errata3.0-0 console-common/3.0-0-0-ucs/0.7.85 console-setup/3.0-0-0-ucs/1.68+squeeze2 cryptsetup/3.0-0-0-ucs/2:1.1.3-4squeeze2 cups-pdf/3.0-0-0-ucs/2.5.0-16-ucs3.0-1 db3/3.0-0-0-ucs/3.2.9+dfsg-0.1 db4.7/3.0-0-0-ucs/4.7.25-9 db4.8/3.0-0-0-ucs/4.8.30-2 dmidecode/3.0-0-0-ucs/2.9-1.2-ucs3.0-2 expat/3.0-0-0-ucs/2.0.1-7-errata3.0-2 fakechroot/3.0-0-0-ucs/2.9-1.1+squeeze1 firebird2.5/3.0-0-0-ucs/2.5.0.26054~ReleaseCandidate3.ds2-1 firmware-nonfree/3.0-0-0-ucs/0.28+squeeze1 freecell-solver/3.0-0-0-ucs/2.34.0-1 gcc-3.3/3.0-0-0-ucs/1:3.3.6ds1-20 gcc-4.1/3.0-0-0-ucs/4.1.2-29 gcc-4.3/3.0-0-0-ucs/4.3.5-4 gcc-4.4/3.0-0-0-ucs/4.4.5-8 gcj-4.4/3.0-0-0-ucs/4.4.5-2 gdc-4.3/3.0-0-0-ucs/1:1.060-4.3.5-2 gdm/3.0-0-0-ucs/2.20.11-4 ghc6/3.0-0-0-ucs/6.12.1-13 gnustep-gui/3.0-0-0-ucs/0.18.0-5 gnustep-make/3.0-0-0-ucs/2.4.0-3 gpc-4.1/3.0-0-0-ucs/2.1-4.1.2-28 gpsbabel/3.0-0-0-ucs/1.4.0-1 grub/3.0-0-0-ucs/0.97-64 hp-ppd/3.0-0-0-ucs/0.9-0.1 ia32-libs/3.0-0-0-ucs/20111018 ia32-libs-core/3.0-0-0-ucs/20110202 ifupdown-extra/3.0-0-0-ucs/0.14.2-ucs3.0-1 insserv/3.0-0-0-ucs/1.14.0-2 iptables-persistent/3.0-0-0-ucs/0.0.20100801 java-imaging-utilities/3.0-0-0-ucs/0.14.2+3-2 kde4libs/3.0-0-0-ucs/4:4.4.5-2+squeeze3 kdebase-workspace/3.0-0-0-ucs/4:4.4.5-7+squeeze1 ldapvi/3.0-0-0-ucs/1.7-7 libapache2-mod-auth-pam/3.0-0-0-ucs/1.1.1-8 libasyncns/3.0-0-0-ucs/0.3-1.1-ucs3.0-2 libbonobo/3.0-0-0-ucs/2.24.3-1 libbuffy/3.0-0-0-ucs/1.4-1 libdbi/3.0-0-0-ucs/0.8.2-3 libgearman-client-async-perl/3.0-0-0-ucs/0.94-3 libgnome-keyring/3.0-0-0-ucs/2.30.1-1 libofa/3.0-0-0-ucs/0.9.3-3.1-ucs3.0-2 libsigc++-1.2/3.0-0-0-ucs/1.2.7-2 libtest-checkmanifest-perl/3.0-0-0-ucs/1.22-1 libtunepimp/3.0-0-0-ucs/0.5.3-7.3-ucs3.0-2 libwmf/3.0-0-0-ucs/0.2.8.4-6.1-ucs3.0-2 lisaac/3.0-0-0-ucs/1:0.13.1-3 lsb/3.0-0-0-ucs/3.2-23.2squeeze1-ucs3.0-2 mbr/3.0-0-0-ucs/1.1.10-2 memtest86+/3.0-0-0-ucs/4.10-1.1 mercurial-buildpackage/3.0-0-0-ucs/0.9 monkeysphere/3.0-0-0-ucs/0.31-4 msttcorefonts/3.0-0-0-ucs/3.3 nagios-plugins/3.0-0-0-ucs/1.4.15-3squeeze1 oss-compat/3.0-0-0-ucs/0.0.4+nmu3-ucs3.0-2 pacparser/3.0-0-0-ucs/1.2.6-2 pbuilder/3.0-0-0-ucs/0.199+nmu1squeeze1-ucs3.0-1 phonon/3.0-0-0-ucs/4:4.6.0really4.4.2-1 php-horde-form/3.0-0-0-ucs/1.0.5-1-errata3.0-2 php-horde-imp/3.0-0-0-ucs/5.0.11-1-errata3.0-2 php-suhosin/3.0-0-0-ucs/0.9.32.1-1-errata3.0-2 pkg-php-tools/3.0-0-0-ucs/0.5 plymouth/3.0-0-0-ucs/0.8.3-9.1 poppler/3.0-0-0-ucs/0.12.4-1.2-errata3.0-0 posixtestsuite/3.0-0-0-ucs/1.5.2-3 postgresql-common/3.0-0-0-ucs/113 pperl/3.0-0-0-ucs/0.25-5 psqlodbc/3.0-0-0-ucs/1:08.03.0200-1.2 pycairo/3.0-0-0-ucs/1.8.8-1 pygtk/3.0-0-0-ucs/2.17.0-4 pykota/3.0-0-0-ucs/1.26+unofficial python-apt/3.0-0-0-ucs/0.7.100.1+squeeze1 python-ipaddr/3.0-0-0-ucs/2.1.5-2 python-pam/3.0-0-0-ucs/0.4.2-12.2-errata3.0-1 rake/3.0-0-0-ucs/0.8.7-2 rdesktop/3.0-0-0-ucs/1.7.0-1 samba4wins/3.0-0-0-ucs/1.0.8-2 squid/3.0-0-0-ucs/2.7.STABLE9-2.1 sun-java6/3.0-0-0-ucs/6.26-0squeeze1 synaptic/3.0-0-0-ucs/0.70~pre1 texlive-base/3.0-0-0-ucs/2009-11+squeeze1-ucs3.0-2 tokyotyrant/3.0-0-0-ucs/1.1.40-4 tre/3.0-0-0-ucs/0.8.0-3-ucs3.0-2 wims/3.0-0-0-ucs/4.00-4 x2goclient-cli/3.0-0-0-ucs/3.0.1-1.2 x2goserver/3.0-0-0-ucs/3.0.1-6 xf86-input-wacom/3.0-0-0-ucs/0.10.5+20100416-1 xorg/3.0-0-0-ucs/1:7.5+8+squeeze1-ucs3.0-1
(In reply to Stefan Gohmann from comment #3) > And the following UCS 3.1 patches: > > bind9/3.1-0-0-ucs/1:9.8.0.P4-1-errata3.1-1 Split into "Bug #35668 - Migrate bind patches" because bind9 is needed for MS1.
added 3.0-0-0-ucs/1.1.1-8/01_add_pam_service.patch to 4.0-0-0-ucs/1.1.1-9 (needed by univention-nagios-server)
added nagios-plugins/3.0-0-0-ucs/1.4.15-3squeeze1/10-check-ldap-read-password-from-file.patch to nagios-plugins/4.0-0-0/1.4.16-1 (needed for LDAP authentication with password file UNIVENTION_LDAP_AUTH)
(In reply to Stefan Gohmann from comment #3) > And the following UCS 3.1 patches: > base-files/3.1-0-0-ucs/6.0squeeze6 See Bug #35931
* Packages rebuilt with migrated patches: ========================================= plymouth bacula clamav python2.6 amavisd-new hp-ppd synaptic apt-mirror consolekit dbus rsync krb5 base-passwd cups-pdf squid console-common postgresql-common - dropped: 00-readline-wrapper.patch memtest86+ pbuilder - disabled: 25_linux-any.patch.DISABLED lsb chntpw xorg (one patch: links /usb/bin to /usr/X11R6/bin -- still relevant?) gnustep-make db4.7 pycairo libbonobo cryptsetup freeradius squid3 parted grep libnss-extrausers grub php5 pacparser apt dkms phonon apache2 pperl gpsbabel spamassassin srtp lisaac procps gnustep-gui libnss-ldap ruby1.9.1 ========================================= * Complicated patches: isc-dhcp, libnss-extrausers, procps * Packages not rebuilt, all previous patches dropped: ===================================================== rake - dropped: 00-disable-tests.patch python-apt - dropped: 00-skip-testsuite.patch python-ipaddr - dropped: 00-issue-77-wrong-output-of-exploded.patch libssh - dropped: CVE-2013-0176.patch libdbi - dropped: 00-lower-optimization.patch cairo - dropped: backport.patch tokyotyrant - dropped: 00-fix-build.patch open-vm-tools - dropped: backport.patch, backport2.patch sqlite3 - dropped: backport.patch acpid - dropped: 00-fix-handling-of-input-devices.patch mbr - dropped: 00-limit-testsuite.patch java-imaging-utilities: dropped: 00_fix-build.patch nagios3 - dropped: CVE-2011-1523.patch openoffice.org - dropped: 10_rules.patch, 20_build_depends.patch libvpx - dropped: backport.patch python-django - dropped: fix-build-with-sphinx108.patch texlive-base - dropped: 001_breaks_old_ucs24_packages.patch busybox - dropped: 00-fix-incorrect-quilt-usage.patch, 01-build-fix.patch libbuffy - dropped: 00-build-fix.patch xtables-addons - dropped: backport.patch nfs-utils - dropped: 10-increment-the-stdio-file-buffer-size-for-procfs-files.patch ruby1.8 - dropped: CVE-2013-4164_CVE-2013-1821_CVE-2013-4073.patch pam - dropped: 02_CVE-2011-3628.patch, 03_CVE-2010-3853.patch isc-dhcp - dropped: 10_fix_dependency.patch iptables-persistent - dropped: fix-src-format.patch libtest-checkmanifest-perl - dropped: 00-fix-test.patch ghostscript - dropped: 00-fix-build.patch fakechroot - dropped: 00-fix-build.patch, 01-drop-testsuite-test.patch cyrus-imapd-2.4 - dropped: 81_CVE-2011-3481.patch expat - dropped: 01_CVE-2012-0876-1.patch, 01_CVE-2012-0876-2.patch, 01_CVE-2012-0876-3.patch, 02_CVE-2012-1148.patch cifs-utils - dropped: CVE-2011-1678.patch, CVE-2011-2724.patch freecell-solver - dropped: 00-fix-build.patch rdesktop - dropped: 20_enable-smartcard.patch dansguardian - dropped: 02-fix-broken-postinst-preinst.patch icu - dropped: fix-build.patch ia32-libs - dropped: 00-fix-build.patch python-pam - dropped: CVE-2012-1502.patch kbuild - dropped: backport.patch pkg-php-tools - dropped: 0.8/10-control.patch --- still required? Introduced for Bug 22151 - Horde4 für UCS 3.0 ===================================================== * Packages covered by other Bugs: ================================= virtualbox - Bug #35875#c3 libvirt - Bug #35768 openafs - Bug #35875 =================================
And some more: * Packages rebuilt with migrated patches: ========================================= util-linux libgnome-keyring xf86-input-wacom nagios-plugins libsigc++-1.2 network-manager ========================================= * Packages not rebuilt, all previous patches dropped: ===================================================== firmware-free - dropped: fix-build-dep.patch bochs - dropped: 00_fix_build.patch pygtk - dropped: relax-build-deps.patch kde4libs - dropped: 00_backport_locale_handling_from_kde45.patch ===================================================== * Packages covered by other Bugs: ================================= qemu - Bug #35768 =================================
I'm unable to start the dhcp server: Sep 30 01:07:21 ucs-7038 kernel: [ 1518.292996] dhcpd[6253]: segfault at ffffffffb7439bd0 ip 00007f27b51da899 sp 00007fff60bceae0 error 5 in dhcpd[7f27b5181000+1cb000] (gdb) r -f Starting program: /usr/sbin/dhcpd -f [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Internet Systems Consortium DHCP Server 4.2.2 Copyright 2004-2011 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Program received signal SIGSEGV, Segmentation fault. 0x00005555555ad899 in set_ldap_real_base_dn (ld=0x555555a280b0) at ldap.c:147 147 for (vs=0; values != NULL && values[vs] != NULL; vs++) (gdb) (gdb) p values $2 = (char **) 0x55a31230 (gdb) p values[0] Cannot access memory at address 0x55a31230 (gdb) (gdb) bt #0 0x00005555555ad899 in set_ldap_real_base_dn (ld=0x555555a280b0) at ldap.c:147 #1 ldap_start () at ldap.c:1275 #2 0x00005555555b06a5 in ldap_read_config () at ldap.c:1776 #3 0x000055555556e44b in main (argc=<optimized out>, argv=<optimized out>) at dhcpd.c:687 (gdb) I'll attach the core file. (In reply to Arvid Requate from comment #8) > * Packages rebuilt with migrated patches: > ========================================= > plymouth OK > bacula OK > clamav OK, the following patch have been dropped: 02-disable-rules-dh_reconf.patch > python2.6 OK, the following patches have been fixed upstream and dropped: 01-debian_bug_628984.patch 03_CVE-2011-4944_1015_1521_4940-CVE-2012-1150_0845.patch > amavisd-new OK > hp-ppd OK > synaptic OK > apt-mirror OK > consolekit OK > dbus OK > rsync OK > krb5 OK > base-passwd OK > cups-pdf OK > squid OK > console-common OK > postgresql-common - dropped: 00-readline-wrapper.patch OK, 00-readline-wrapper.patch has been fixed upstream > memtest86+ OK > pbuilder - disabled: 25_linux-any.patch.DISABLED OK > lsb OK > chntpw OK > xorg (one patch: links /usb/bin to /usr/X11R6/bin -- still relevant?) I think there might be still software on old customer servers. Let's still use it. > gnustep-make OK > db4.7 OK > pycairo OK > libbonobo OK > cryptsetup OK > freeradius OK, the following patches have been fixed upstream and merged: 004_CVE-2012-3547.patch 005_CVE-2011-4966.patch > squid3 OK > parted OK > grep OK > libnss-extrausers OK > grub OK > php5 OK > pacparser OK > apt OK > dkms OK > phonon OK > apache2 OK > pperl OK > gpsbabel OK > spamassassin OK (01-bump-version.patch has been dropped) > srtp OK > lisaac OK > procps OK > gnustep-gui OK > libnss-ldap OK > ruby1.9.1 OK > ========================================= > > > * Complicated patches: isc-dhcp, libnss-extrausers, procps > > > * Packages not rebuilt, all previous patches dropped: > ===================================================== > rake - dropped: 00-disable-tests.patch OK > python-apt - dropped: 00-skip-testsuite.patch OK > python-ipaddr - dropped: 00-issue-77-wrong-output-of-exploded.patch OK, upstream fixed > libssh - dropped: CVE-2013-0176.patch OK: root@ucs-7038:/usr/share/doc# zgrep CVE-2013-0176 libssh*/changelog.Debian.gz libssh-4/changelog.Debian.gz: (Closes: #698963, CVE-2013-0176 > libdbi - dropped: 00-lower-optimization.patch OK > cairo - dropped: backport.patch OK > tokyotyrant - dropped: 00-fix-build.patch OK > open-vm-tools - dropped: backport.patch, backport2.patch OK > sqlite3 - dropped: backport.patch OK > acpid - dropped: 00-fix-handling-of-input-devices.patch OK, upstream fixed: root@ucs-7038:/usr/share/doc# zgrep 616194 acpid/changelog.Debian.gz (Closes: #616194) root@ucs-7038:/usr/share/doc# zgrep 522756 acpid/changelog.Debian.gz #522756) root@ucs-7038:/usr/share/doc# > mbr - dropped: 00-limit-testsuite.patch OK > java-imaging-utilities: dropped: 00_fix-build.patch OK > nagios3 - dropped: CVE-2011-1523.patch OK, fixed upstream: root@ucs-7038:/usr/share/doc# zgrep CVE-2011-1523 nagios3/changelog.Debian.gz * [785a4e8] Remove unneded patch 99_fix_XSS_CVE-2011-1523 * [b5f30e1] Fix for CVE-2011-1523: XSS problem in statusmap.cgi (Closes: #629127) root@ucs-7038:/usr/share/doc# > openoffice.org - dropped: 10_rules.patch, 20_build_depends.patch OK > libvpx - dropped: backport.patch OK > python-django - dropped: fix-build-with-sphinx108.patch OK > texlive-base - dropped: 001_breaks_old_ucs24_packages.patch OK > busybox - dropped: 00-fix-incorrect-quilt-usage.patch, 01-build-fix.patch OK > libbuffy - dropped: 00-build-fix.patch OK > xtables-addons - dropped: backport.patch OK > nfs-utils - dropped: > 10-increment-the-stdio-file-buffer-size-for-procfs-files.patch OK, fixed upstream > ruby1.8 - dropped: CVE-2013-4164_CVE-2013-1821_CVE-2013-4073.patch OK, fixed upstream: root@ucs-7038:/usr/share/doc# zgrep CVE-2013- ruby1.8/changelog.Debian.gz * debian/patches/CVE-2013-4164.patch: New patch to fix * debian/patches/CVE-2013-4073: fix regression that introduced syntax errors * Add CVE-2013-4073.patch patch. CVE-2013-4073: Fix hostname check bypassing vulnerability in SSL client. * Add CVE-2013-1821.patch patch. CVE-2013-1821: Fix entity expansion DoS vulnerability in REXML. When root@ucs-7038:/usr/share/doc# > pam - dropped: 02_CVE-2011-3628.patch, 03_CVE-2010-3853.patch OK, merged upstream > isc-dhcp - dropped: 10_fix_dependency.patch OK > iptables-persistent - dropped: fix-src-format.patch OK > libtest-checkmanifest-perl - dropped: 00-fix-test.patch OK > ghostscript - dropped: 00-fix-build.patch OK > fakechroot - dropped: 00-fix-build.patch, 01-drop-testsuite-test.patch OK > cyrus-imapd-2.4 - dropped: 81_CVE-2011-3481.patch OK, fixed upstream > expat - dropped: 01_CVE-2012-0876-1.patch, 01_CVE-2012-0876-2.patch, > 01_CVE-2012-0876-3.patch, 02_CVE-2012-1148.patch OK, fixed upstream > cifs-utils - dropped: CVE-2011-1678.patch, CVE-2011-2724.patch OK, fixed upstream > freecell-solver - dropped: 00-fix-build.patch OK > rdesktop - dropped: 20_enable-smartcard.patch OK, fixed upstram > dansguardian - dropped: 02-fix-broken-postinst-preinst.patch OK > icu - dropped: fix-build.patch OK > ia32-libs - dropped: 00-fix-build.patch OK > python-pam - dropped: CVE-2012-1502.patch OK, fixed upstream > kbuild - dropped: backport.patch OK > pkg-php-tools - dropped: 0.8/10-control.patch --- still required? > Introduced for Bug 22151 - Horde4 für UCS 3.0 I don't think we need the patch. Horde was already build for UCS 4: Bug #35888 > ===================================================== > > * Packages covered by other Bugs: > ================================= > virtualbox - Bug #35875#c3 > libvirt - Bug #35768 > openafs - Bug #35875 > ================================= OK (In reply to Arvid Requate from comment #9) > And some more: > > * Packages rebuilt with migrated patches: > ========================================= > util-linux OK > libgnome-keyring OK > xf86-input-wacom OK > nagios-plugins OK > libsigc++-1.2 Failed, there are now two patches: # ls libsigc++-1.2/4.0-0-0-ucs/1.2.7-2/ 001-fixed_priority_to_prevent_bootstrapping_errors.patch 00-fix-package-priority.patch > network-manager OK > ========================================= > > * Packages not rebuilt, all previous patches dropped: > ===================================================== > firmware-free - dropped: fix-build-dep.patch OK > bochs - dropped: 00_fix_build.patch OK > pygtk - dropped: relax-build-deps.patch OK > kde4libs - dropped: 00_backport_locale_handling_from_kde45.patch OK > ===================================================== > > * Packages covered by other Bugs: > ================================= > qemu - Bug #35768 > ================================= OK Changelog: OK Summary: * Please check the DHCP segfault * Please check the libsigc++-1.2 patches TODO for me: I have to check if every package was considered.
Created attachment 6140 [details] core-dhcpd-amd64
(In reply to Stefan Gohmann from comment #2) > kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1 This patch has not been migrated.
> kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1 is now migrated to: okular/4.0-0-0-ucs/4:4.8.4-3/01_bug_34125.patch There are more patches which might need to be moved to a differently named source package, I'll check these again: ============== cyrus-imapd-2.2 mysql-5.1 -> mysql-5.5 ocfs2-tools pcp qemu-kvm xen-4.1 gcc-4.1 gcc-4.3 gcj-4.4 gdc-4.3 gdm ghc6 gpc-4.1 ia32-libs-core kdebase-workspace libgearman-client-async-perl libtunepimp mercurial-buildpackage msttcorefonts php-horde-form php-horde-imp php-suhosin posixtestsuite pykota sun-java6 wims x2goclient-cli x2goserver ============== * The duplicate patch for libsigc++-1.2 has been removed now and the package is rebuilt. * I fixed an obvious flaw in one of the patches for isc-dhcp but I'll have to check if this actually fixes the segv. The package is rebuilt.
(In reply to Arvid Requate from comment #13) > There are more patches which might need to be moved to a differently named > source package, I'll check these again: > ============== > cyrus-imapd-2.2 We don't need it because we are using 2.4 for a long time. > mysql-5.1 -> mysql-5.5 Yes, we need these patches. > ocfs2-tools I don't think we need them. That are backport / build patches > pcp The package is not part of wheezy. Since it is only a version patch we can ignore the patch. > qemu-kvm We are using the source package qemu and Philipp ported the patches. > xen-4.1 We are using the default debian upstream package. We don't need a port. > gcc-4.1 > gcc-4.3 gcc-4.7 is patched as well. We can ignore theses patches. > gcj-4.4 gcj-4.7 is patched as well. We can ignore this patch. > gdc-4.3 Yes, I think the patch should be ported to gdc-4.4 and gdc-4.6. > gdm We switched to kdm and don't need the patch any longer. > ghc6 That was a patch for the UCS 3.0 rebuild. We don't need the patch for UCS 4. > gpc-4.1 The package seems to be removed from wheezy. > ia32-libs-core The handling in Wheezy is different due to multiarch. We don't need these patches. > kdebase-workspace Yes, we should port these patches. > libgearman-client-async-perl Only a build fix. We don't need it. > libtunepimp Only a version fix. We don't need it. > mercurial-buildpackage Only a build fix. We don't need it. > msttcorefonts Yes, we should migrate theses patches. > php-horde-form I've checked our current Horde App. This patch is included. > php-horde-imp I've checked our current Horde App. This patch is included. > php-suhosin This package is not part of Wheezy. > posixtestsuite Only a build fix. We don't need it. > pykota Yes, I think we have to copy the package from UCS 3 if it isn't part of UCS 4 yet. > sun-java6 This package is not part of Wheezy. > wims This package is not part of Wheezy. > x2goclient-cli Let's skip these patches and use the plain Debian version. > x2goserver This is not part of Wheezy. We should skip the patch.
Ok, I fixed another string termination bug in isc-dhcp (reading the LDAP bind password). Now it works. The follwing packages have been rebuilt with merged patches: ============================================================ mysql-5.5 gdc-4.4 gdc-4.6 kde-workspace - dropped: 01-dont-run-kaboom-if-the-old-kde-dir-is-only-a-link.patch, 20_control.patch pykota (cherrypicked from ucs_3.0-0) msttcorefonts (cherrypicked from ucs_3.0-0) ============================================================
Somehow the wheezy package for msttcorefonts had not been imported properly. I now downloaded it manually from http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/.
(In reply to Arvid Requate from comment #16) > Somehow the wheezy package for msttcorefonts had not been imported properly. > I now downloaded it manually from > http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/. Only the main section was imported from Wheezy. All further packages from contrib or non-free (such as the firmware) have always been imported selectively.
(In reply to Moritz Muehlenhoff from comment #17) > (In reply to Arvid Requate from comment #16) > > Somehow the wheezy package for msttcorefonts had not been imported properly. > > I now downloaded it manually from > > http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/. > > Only the main section was imported from Wheezy. All further packages from > contrib or non-free (such as the firmware) have always been imported > selectively. OK, that should be re-checked: Bug #36051 (In reply to Arvid Requate from comment #15) > pykota (cherrypicked from ucs_3.0-0) It is not a maintained package in UCS 4, I've added a new report: Bug #36050 Everything else looks good.
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".