Bug#748266: wheezy-pu: package python2.7/2.7.3-6+deb7u2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On 18/05/14 16:31, Jonathan Wiltshire wrote:
> Hi,
>
> On 2014-05-15 16:37, Luis Alejandro Martínez Faneyth wrote:
>> There is a serious bug in Wheezy that breaks the upgrade of
>> python2.7. Every person that tries to upgrade python2.7 from
>> version 2.7.3-6 to 2.7.3-6+deb7u2, will have the following
>> error:
>
> This is not quite correct. I could not reproduce the problem
> upgrading a fresh 7.4 system to 7.5, nor have I seen it in the
> wild.
>
Perhaps i should have been more clear on how to reproduce the bug,
sorry. On the test case you are presenting, the bug will only happen
if you do an aptitude safe-upgrade on a i386 machine.
> The file lists for 2.7.3-6 and 2.7.3-6+deb7u2 are identical:
>
> $ debdiff python2.7_2.7.3-6_amd64.deb
> python2.7_2.7.3-6+deb7u2_amd64.deb File lists identical (after any
> substitutions)
>
Not for the i386 build, as bug #702005 says.
$ debdiff python2.7_2.7.3-6_i386.deb python2.7_2.7.3-6+deb7u2_i386.deb
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in first .deb but not in second
- -------------------------------------
- -rw-r--r-- root/root /usr/lib/python2.7/lib-dynload/_hashlib.so
- -rw-r--r-- root/root /usr/lib/python2.7/lib-dynload/_ssl.so
> Only the intermediate package 2.7.3-6+deb7u1, which originated in
> stable-security, contains two files that do not belong to it:
>
> $ debdiff python2.7_2.7.3-6_amd64.deb
> python2.7_2.7.3-6+deb7u1_amd64.deb Files in second .deb but not in
> first ------------------------------------- -rw-r--r-- root/root
> /usr/lib/python2.7/lib-dynload/_hashlib.so -rw-r--r-- root/root
> /usr/lib/python2.7/lib-dynload/_ssl.so
>
> (Slightly truncated.)
>
> According to the changelog [1] the problem was detected and fixed
> in March, so users upgrading from 2.7.3-6 straight to
> 2.7.3-6+deb7u2 will not see a problem. 2.7.3-6+deb7u1 was never
> released in a DSA or through stable, so I don't believe that any
> real users will have it installed.
>
> Therefore although I see the bug, I don't have any reason to
> believe it affects our users directly.
>
> If you want to pursue a fix for it regardless, the correct place to
> do so is in the Replaces field through stable-security, where the
> bug was introduced. Changes in that suite flow through to stable in
> due course.
>
So, should i re-upload the patch pointing to stable-security?
Thanks.
> 1:
> http://metadata.ftp-master.debian.org/changelogs/main/p/python2.7/python2.7_2.7.3-6+deb7u2_changelog
>
>
>
> Thanks,
>
- --
Luis Alejandro Martínez Faneyth
Blog: http://huntingbears.com.ve
Github: http://github.com/LuisAlejandro
Twitter: http://twitter.com/LuisAlejandro
CODE IS POETRY
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iQIcBAEBAgAGBQJTehj+AAoJEPYUWpXnjaouYCsP/1AvEJHSty0Br/sowG+vs2wr
smt5Oa0XGjfv8Bbv+Ev2bczkCU3HASAO12gD/X+3qe4arm+iyn9ejX3AkI7dPIbp
1Xf9Ivq6Zu3gt109ortg2X4EtCwyheeHFpkMXc2c6RrQD6KpJKQhESMNp7Fy3143
qFlTHdnkbC++xNm2UBCo7kdnidtEecEKJjrPs9D9l2jSm9Rc1w2f7Vo/ludJJu+T
jAY00oMSbGYu/f4nkhrNdSbC4OSjs3Vk/AzIARVeFpZSA41inNipWSGEpIl9p8ZT
w3ufyZ5WacOj9di7ILkjqqd8nOGNK5popzf3guo7ITT744wn0AWuLC58jwzCyOkf
SxerHwR0zjsOLxWtpPqUjquCC+eUBMTuujy5RbqSDzlzfEEdLAyS7VWyFz3N7dNf
Qwr9ZfqJoyJ/r55j/4BLRr9ifroYRd9OcjXYPQ3dLAlFCaFE2x1sx5ePHmfMj5h4
eHeIq/7YzPaTKMdvhaaktSg51/D6Ak2de5wNQH54cmg8Qy8cq8oHd2/uLhLhbrGM
6X2rXdIX0PHTXqKc87nSKl6hblSVrGBfBMaqtr6ykfj47wug3xBF/LBNKd0Z4lNP
udfTZNLOgj/8BU2Cp37ICt3qXM/RVfdEOKYvno56OMH8l2eFunqaBHGfKlrzD0tw
77a9K9JWIDee1mTXWqPP
=LAn3
-----END PGP SIGNATURE-----
Reply to: