New toolchain updates need to be rebuilt against -security only
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
binutils (Ubuntu) |
Fix Released
|
High
|
Steve Beattie | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
eclipse-titan (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-7 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-7-cross (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-7-cross-ports (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-8 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-8-cross (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-8-cross-ports (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-defaults (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
gcc-defaults-ports (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned | ||
ggcov (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
With LP: #1814369, the toolchain packages have been updated in both cosmic and bionic, but due to an error those packages were built in -proposed as any regular SRU. For toolchain updates there exists a policy that those should be always built against -security *only*, and then released to both -security and -updates.
Since this is not the case with the current toolchain update, we need to no-change rebuild all of the previously released toolchain packages in a -security enabled devirt PPA, sync them to -proposed with binaries and then release into the archives.
[Regression Potential]
As these are toolchain packages, there is always some regression potential. These will be no-change rebuilds so in theory the risk should be low, but the current versions of the packages have not been built against -security only before. It is hard to say how any regressions could manifest themselves.
[Test Case]
Making sure there are no reported regressions in the GCC and binutils test suites. Hopefully this will be sufficient.
Changed in binutils (Ubuntu): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in binutils (Ubuntu): | |
status: | New → Fix Released |
Changed in eclipse-titan (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-7 (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-7-cross (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-7-cross-ports (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-8 (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-8-cross (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-8-cross-ports (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-defaults (Ubuntu): | |
status: | New → Fix Released |
Changed in gcc-defaults-ports (Ubuntu): | |
status: | New → Fix Released |
Changed in ggcov (Ubuntu): | |
status: | New → Fix Released |
Hi Łukasz, I'll take this for the security team. Thanks.