Bug#611851: marked as done (unblock: ia32-libs-core/20110202)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 3 Feb 2011 14:35:46 +0100
with message-id <20110203133546.GJ10244@radis.liafa.jussieu.fr>
and subject line Re: Bug#611851: unblock: ia32-libs-core/20110202
has caused the Debian Bug report #611851,
regarding unblock: ia32-libs-core/20110202
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
611851: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611851
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: ia32-libs-core/20110202
• From: Goswin von Brederlow <goswin-v-b@web.de>
• Date: Wed, 02 Feb 2011 22:14:09 +0100
• Message-id: <[🔎] 20110202211409.25833.57544.reportbug@frosties.localnet>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock packages ia32-libs-core, ia32-libs and ia32-libs-gtk.

The last upload made by Thijs Kinkhorst to fix security concerns and
to add the security repository to the sources ia32-libs updates from
introduced a small probelm in the fetch-and-build script. The problem
appears when more than one version of a source is known, i.e. when
squeeze and security have different versions. This has 4 effects:

1) both versions are downloaded and included in the source.
2) duplicate entries in copyright
3) duplicate entries in changelog
4) the next fetch-and-build run fails

I could live with the first 3 but the last would make security support
much more difficult.

I included a quick fix for this in fetch-and-build so only the newest
version is included:

======================================================================
diff --git a/fetch-and-build b/fetch-and-build
index 5c986bc..a1c642f 100755
--- a/fetch-and-build
+++ b/fetch-and-build
@@ -105,10 +105,24 @@ done \
                 *) SRC="$VAL";;
               esac;;
       "") echo >&2 "Fetching source $SRC $VER for $PKG"
-         echo "$SRC=$VER";;
+         echo "$SRC $VER";;
     esac
   done \
-| sort -u | (cd srcs; xargs $APT_GET -d source) || exit 1 # Fetch source
+| { sort -u; echo; } \
+| while read SRC VER; do # Filter out old version of duplicate sources
+    if [ "$SRC" = "$LAST_SRC" ]; then
+      if dpkg --compare-versions "$LAST_VER" "<<" "$VER"; then
+       echo >&2 "Skipping $SRC $LAST_VER for $VER"
+       LAST_VER="$VER"
+      else
+       echo >&2 "Keeping $SRC $LAST_VER for $VER"
+      fi
+    else
+      echo "$LAST_SRC=$LAST_VER"
+      LAST_SRC="$SRC"
+      LAST_VER="$VER"
+    fi
+  done | tail --lines +2 | (cd srcs; xargs $APT_GET -d source) || exit 1 # Fetch source
 
 ######################################################################
 # fetch prebuild debs

======================================================================

I also added Thijs Kinkhorst to debian/control since he asked to be
added to the team and offered to keep an eye on security uploads of
the ia32-libs packages for the next stable cycle. I hope that is ok
even this late in the game.

Other than that there are a number of new sources included:

util-linux (2.17.2-9)
eglibc (2.11.2-10)
  * Revert incorrect upstream patch for CVE-2010-3847 and use the correct
    set of patches:
ncurses (5.7+20100313-5)
pango1.0 (1.28.3-1+squeeze1)
  * 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
    corruption. #610792, CVE-2011-0020. LP: #696616.

I hope this can still be included in squeeze.

MfG
	Goswin

PS: The sources are on mentors and need a sponsor for the upload. Thijs?

unblock ia32-libs-core/20110202
unblock ia32-libs/20110202
unblock ia32-libs-gtk/20110202

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (666, 'unstable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-debian-xen-1 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

• To: Philipp Kern <pkern@debian.org>, 611851-done@bugs.debian.org
• Cc: thijs@debian.org
• Subject: Re: Bug#611851: unblock: ia32-libs-core/20110202
• From: Julien Cristau <jcristau@debian.org>
• Date: Thu, 3 Feb 2011 14:35:46 +0100
• Message-id: <20110203133546.GJ10244@radis.liafa.jussieu.fr>
• In-reply-to: <[🔎] 20110203122357.GA4521@thrall.0x539.de>
• References: <[🔎] 20110202211409.25833.57544.reportbug@frosties.localnet> <[🔎] f3ad8d91be0feb914bcc0387f1f86d34.squirrel@wm.kinkhorst.nl> <[🔎] 20110203122357.GA4521@thrall.0x539.de>

On Thu, Feb  3, 2011 at 13:23:57 +0100, Philipp Kern wrote:

> On Thu, Feb 03, 2011 at 09:57:12AM +0100, Thijs Kinkhorst wrote:
> > On Wed, February 2, 2011 22:14, Goswin von Brederlow wrote:
> > > PS: The sources are on mentors and need a sponsor for the upload. Thijs?
> > > unblock ia32-libs-core/20110202
> > > unblock ia32-libs/20110202
> > > unblock ia32-libs-gtk/20110202
> > I would sponsor this if the release team acks that it is still possible.
> 
> Let's do that for 6.0.1.  You can upload it, but it won't hit squeeze
> at this point.
> 
Closing then.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

--- End Message ---