Bug#882909: marked as done (jessie-pu: package mariadb-10.0/10.0.33-0+deb8u1)
Your message dated Sun, 17 Jun 2018 20:14:26 +0100
with message-id <1529262866.2082.31.camel@adam-barratt.org.uk>
and subject line Re: Bug#882904: MariaDB 10.0.33 to next Jessie point release
has caused the Debian Bug report #882904,
regarding jessie-pu: package mariadb-10.0/10.0.33-0+deb8u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
882904: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882904
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package mariab-10.1/10.0.33-1
- From: Otto Kekäläinen <otto@debian.org>
- Date: Mon, 27 Nov 2017 21:40:25 +0200
- Message-id: <CAHj_TLBamt6o8pTK7z-9cBbrrcSuwLK0nDRs0_0PzHqsF__bAg@mail.gmail.com>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
I hereby request permission from the release team to upload
mariadb-10.0 release 10.0.33-1 to the next Jessie point release.
This upload does not strictly qualify the criteria listed at
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
but the security team suggested this upstream micro release, which
contains a few minor security fixes, would be a good fit for a stable
point release instead of going in as an urgent security update.
Current changelog draft:
+mariadb-10.0 (10.0.33-0+deb8u1) jessie; urgency=medium
+
+ * New upstream version 10.0.33. Includes fixes for the following
+ security vulnerabilities:
+ - CVE-2017-10378, MDEV-13819
+ - CVE-2017-10268
+ * Refresh patches on top of MariaDB 10.0.33
+
+ -- Otto Kekäläinen <otto@debian.org> Tue, 21 Nov 2017 11:05:51 +0100
I will prepare the final changelog when I have thumbs up from you to
do so. Please also advise me on what is the correct revision string
and release pocket string – my experience is mostly about security
uploads, very seldom have I done point release stable updates.
Here is debdiff for current git head;
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debian/?id2=debian/10.0.32-1&id=jessie
and diff off the whole package, including upstream sources:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/?id2=debian/10.0.32-1&id=jessie
--- End Message ---
--- Begin Message ---
Control: tags -1 + wontfix
On Fri, 2018-06-08 at 21:34 +0100, Adam D. Barratt wrote:
> Control: tags -1 +moreinfo
>
> On Mon, 2017-11-27 at 19:50 +0000, Adam D. Barratt wrote:
> ...
> > On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote:
>
> ...
> > > I will prepare the final changelog when I have thumbs up from you
> > > to
> > > do so.
> >
> > You appear to be stuck in a little bit of a chicken-and-egg
> > situation,
> > given that the final decision as to whether to accept the package
> > will
> > be based on a diff of the final source package.
> >
>
> ...
> > We very much prefer diffs to form part of the bug log, not least
> > because they're guaranteed to persist in that manner.
> >
>
> That never happened, and 10.0.32 is stuck in oldstable-new because it
> FTBFS on multiple architectures. Is 10.0.33 expected to fix all of
> those issues?
Unfortunately there was no reply to the above query, and the window for
getting fixes in to the final point release for jessie (before it moves
to LTS support) has now closed.
Regards,
Adam
--- End Message ---
Reply to: