Ubuntu
cups package

no change rebuild to get security update out on riscv64

Bug #1973733 reported by Dimitri John Ledkov
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Invalid
Undecided
Unassigned

Bug Description

no change rebuild to get riscv64 build out

[Impact]

 * riscv64 build of cups security update failed, and then succeeded in groovy. See https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.1
 * it means that focal-updates & focal-security are lacking a security update of cups on riscv64
 * do a no change rebuild of cups as an SRU to get updated cups package out on focal

[Test Plan]

 * autopkgtests pass
 * riscv64 build is successful

[Where problems could occur]

 * As usual, no change rebuilds of packages may introduce miss builds.

[Other Info]

 * currently snap review tooling reports that cups has CVEs on riscv64 when one builds base:core20 snaps for riscv64.

See original description
Dimitri John Ledkov (xnox)
summary: - no change rebuild to get riscv64 build out
+ no change rebuild to get security update out on riscv64
Changed in cups (Ubuntu):
status: New → Fix Released
description: updated
Changed in cups (Ubuntu Focal):
status: New → In Progress
Revision history for this message
Robie Basak (racb) wrote :

I'm not sure I follow. I see a retry button for the failed riscv64 build. Can't we just hit that?

If there's some reason that won't work, then why is this not going through the security sponsorship queue? If we do it as an SRU, then it'll hit focal-updates only, and focal-security will be left behind. What's the plan for that?

Revision history for this message
Robie Basak (racb) wrote :

Ah - is it that the same version is now built and published in Groovy and we can't safely copy the binary backwards? If so, then my second question of why this isn't going in via focal-security still stands.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Ah - is it that the same version is now built and published in Groovy and we can't safely copy the binary backwards? => correct.

I didn't check if we can or cannot safely copy the binary backwards, but imho we should not.

This is not going via focal-security, because the security issue has already been fixed on all other arches, and riscv64 currently has best effort security support. I don't want to trigger cups security upgrade for $everyone, just because of the fix missing on riscv64 only.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

There was another security upload on 27th of may which is built on all arches, thus this rebuild is no longer needed.

please reject cups from focal unapproved.

Changed in cups (Ubuntu Focal):
status: In Progress → Fix Released
status: Fix Released → Invalid
Revision history for this message
Robie Basak (racb) wrote : Proposed package upload rejected

An upload of cups to focal-proposed has been rejected from the upload queue for the following reason: "As requested in https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1973733/comments/4".

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.