[SRU] backport fdroidserver 1.0.9-1 from cosmic to bionic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fdroidserver (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Please include fdroidserver 1.0.9-1 (universe) in Ubuntu/bionic LTS as a Stable Release Update. It can be sourced from Debian testing (main) and Ubuntu cosmic (universe).
[Impact]
We (the Debian Android Tools Team) did a bunch of testing related to the Ubuntu/bionic release. This package also received a full third party security audit after the DebianImportFreeze. Then there was a focused effort to get the full test suite running in autopkgtest. These changes were mostly done upstream. These are the final round of bugfixes from both those efforts.
This also fixes:
* https:/
* https:/
[Test Case]
The security issues fixed will be documented once we publicly publish the security audit report. That report includes issues in other F-Droid packages, so even though all fdroidserver issues have been fixed, we can't yet publish the full report.
The upstream dev process includes a large test suite:
https:/
It also now has autopkgtest passing on ARM and x86 https:/
Also in Debian:
https:/
The test suite has never 100% passed for ppc64el and s390x, due to issues in the dependencies. Therefore, autopkgtest is still failing on those arches. Fixing them would require complicated fixes to dependencies.
[Regression Potential]
The regression potential is basically zero. Upstream focused development on making this package work well with Ubuntu/bionic, and new features have not been added since bionic has been released. The existing, extensive, upstream test suite is now run via autopkgtest. The changes were only to fix release-critical bugs. I'm also part of upstream on this package.
[Other Info]
Changelog entries since current bionic version 1.0.2-1:
fdroidserver (1.0.9-1) unstable; urgency=medium
* New upstream version
-- Hans-Christoph Steiner <email address hidden> Thu, 19 Jul 2018 16:14:09 +0200
fdroidserver (1.0.8-3) unstable; urgency=medium
* hack to get autopkgtest to skip failing gpg test
-- Hans-Christoph Steiner <email address hidden> Wed, 27 Jun 2018 21:03:54 +0200
fdroidserver (1.0.8-2) unstable; urgency=medium
* autopkgtest: explicitly purge gnupg so tests pass
-- Hans-Christoph Steiner <email address hidden> Mon, 25 Jun 2018 23:28:06 +0200
fdroidserver (1.0.8-1) unstable; urgency=medium
* New upstream version
* remove python3-distutils, it is no longer needed
-- Hans-Christoph Steiner <email address hidden> Mon, 25 Jun 2018 13:12:21 +0200
fdroidserver (1.0.7-2) unstable; urgency=medium
* Depends: python3-distutils so its always there
-- Hans-Christoph Steiner <email address hidden> Mon, 25 Jun 2018 13:12:19 +0200
fdroidserver (1.0.7-1) unstable; urgency=medium
* New upstream release
* fix autopkgtest
-- Hans-Christoph Steiner <email address hidden> Wed, 20 Jun 2018 22:27:59 +0200
fdroidserver (1.0.6-1) unstable; urgency=medium
* New upstream release
-- Hans-Christoph Steiner <email address hidden> Fri, 25 May 2018 17:15:51 +0200
fdroidserver (1.0.4-3) unstable; urgency=medium
* fix autopkgtest run: working dir, and UTF-8 environment
-- Hans-Christoph Steiner <email address hidden> Fri, 18 May 2018 10:54:26 +0200
fdroidserver (1.0.4-2) unstable; urgency=medium
* run upstream testsuite using autopkgtest
-- Hans-Christoph Steiner <email address hidden> Thu, 17 May 2018 12:17:12 +0200
fdroidserver (1.0.4-1) unstable; urgency=medium
* New upstream version 1.0.4
* Standards-Version: 4.1.4 no changes
* support all the Java 10 and 11 packages
* works with only androguard, removed optional deps
* add debian/
* Depends: androguard only on arches where it works
-- Hans-Christoph Steiner <email address hidden> Tue, 15 May 2018 14:04:05 +0200
fdroidserver (1.0.3-2) unstable; urgency=medium
* only depend on aapt/androguard
-- Hans-Christoph Steiner <email address hidden> Fri, 23 Mar 2018 13:01:27 +0100
fdroidserver (1.0.3-1) unstable; urgency=medium
* New upstream version
* tighten up Depends to install fewer packages
-- Hans-Christoph Steiner <email address hidden> Thu, 22 Mar 2018 23:25:49 +0100
summary: |
- Sync fdroidserver 1.0.3-1 (universe) from Debian unstable (main) + Sync fdroidserver 1.0.6-1 (universe) from Debian/testing (main) |
summary: |
- Sync fdroidserver 1.0.6-1 (universe) from Debian/testing (main) + Sync fdroidserver 1.0.8-3 (universe) from Debian/testing (main) |
summary: |
- Sync fdroidserver 1.0.8-3 (universe) from Debian/testing (main) + SRU fdroidserver 1.0.8-3 (universe) to bionic from cosmic or + Debian/testing (main) |
summary: |
- SRU fdroidserver 1.0.8-3 (universe) to bionic from cosmic or - Debian/testing (main) + SRU backport fdroidserver 1.0.8-3 from cosmic to bionic |
Changed in fdroidserver (Ubuntu): | |
status: | Confirmed → Fix Released |
Thank you for driving this!
I'm concerned about the dependency changes and the Debian tracker suggesting that syncing this will result in installability problems. Separately though, following our IRC discussion I believe this is blocked on bug 1758199.