Bug#611851: unblock: ia32-libs-core/20110202
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock packages ia32-libs-core, ia32-libs and ia32-libs-gtk.
The last upload made by Thijs Kinkhorst to fix security concerns and
to add the security repository to the sources ia32-libs updates from
introduced a small probelm in the fetch-and-build script. The problem
appears when more than one version of a source is known, i.e. when
squeeze and security have different versions. This has 4 effects:
1) both versions are downloaded and included in the source.
2) duplicate entries in copyright
3) duplicate entries in changelog
4) the next fetch-and-build run fails
I could live with the first 3 but the last would make security support
much more difficult.
I included a quick fix for this in fetch-and-build so only the newest
version is included:
======================================================================
diff --git a/fetch-and-build b/fetch-and-build
index 5c986bc..a1c642f 100755
--- a/fetch-and-build
+++ b/fetch-and-build
@@ -105,10 +105,24 @@ done \
*) SRC="$VAL";;
esac;;
"") echo >&2 "Fetching source $SRC $VER for $PKG"
- echo "$SRC=$VER";;
+ echo "$SRC $VER";;
esac
done \
-| sort -u | (cd srcs; xargs $APT_GET -d source) || exit 1 # Fetch source
+| { sort -u; echo; } \
+| while read SRC VER; do # Filter out old version of duplicate sources
+ if [ "$SRC" = "$LAST_SRC" ]; then
+ if dpkg --compare-versions "$LAST_VER" "<<" "$VER"; then
+ echo >&2 "Skipping $SRC $LAST_VER for $VER"
+ LAST_VER="$VER"
+ else
+ echo >&2 "Keeping $SRC $LAST_VER for $VER"
+ fi
+ else
+ echo "$LAST_SRC=$LAST_VER"
+ LAST_SRC="$SRC"
+ LAST_VER="$VER"
+ fi
+ done | tail --lines +2 | (cd srcs; xargs $APT_GET -d source) || exit 1 # Fetch source
######################################################################
# fetch prebuild debs
======================================================================
I also added Thijs Kinkhorst to debian/control since he asked to be
added to the team and offered to keep an eye on security uploads of
the ia32-libs packages for the next stable cycle. I hope that is ok
even this late in the game.
Other than that there are a number of new sources included:
util-linux (2.17.2-9)
eglibc (2.11.2-10)
* Revert incorrect upstream patch for CVE-2010-3847 and use the correct
set of patches:
ncurses (5.7+20100313-5)
pango1.0 (1.28.3-1+squeeze1)
* 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
corruption. #610792, CVE-2011-0020. LP: #696616.
I hope this can still be included in squeeze.
MfG
Goswin
PS: The sources are on mentors and need a sponsor for the upload. Thijs?
unblock ia32-libs-core/20110202
unblock ia32-libs/20110202
unblock ia32-libs-gtk/20110202
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (666, 'unstable'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-debian-xen-1 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Reply to: