security tracking bug for mariadb-10.1 in cosmic

Bug #1824979 reported by Dan Streetman on 2019-04-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-10.1 (Ubuntu)
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

This is a tracking bug to update mariadb-10.1 in cosmic. There are several security updates to the package that have been released for the version in bionic already, but not cosmic.

http://people.canonical.com/~ubuntu-security/cve/pkg/mariadb-10.1.html

See bug 1824335 also.

Dan Streetman (ddstreet) on 2019-04-16
description: updated
Dan Streetman (ddstreet) wrote :

For context, mariadb-10.1 in Bionic has seen regular updates, including for security issues, while mariadb-10.1 in Cosmic has not had any released updates at all.

One result of this is that mariadb-10.1 autopkgtests fail every time it is tested. Bug 1824335 is open to track updating the version of mariadb-10.1 to fix the autopkgtest failures. However, since Cosmic has not seen updates and thus missing many security updates, this bug is opened to track, from a security perspective, updating mariadb-10.1 in Cosmic up to the same version, currently, as Bionic, which includes the security updates already included in Bionic.

Changed in mariadb-10.1 (Ubuntu):
status: New → Fix Released
Marc Deslauriers (mdeslaur) wrote :

Since the package contains additional fixes and packaging changes, it is not appropriate to go directly to -security. Please go through the SRU process first. Thanks!

Hello Dan, or anyone else affected,

Accepted mariadb-10.1 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mariadb-10.1/1:10.1.38-0ubuntu0.18.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in mariadb-10.1 (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Dan Streetman (ddstreet) wrote :

autopkgtest regressions noted in the other bug for this upload, bug 1824335

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Łukasz Zemczak (sil2100) wrote :

Hello Dan, or anyone else affected,

Accepted mariadb-10.1 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mariadb-10.1/1:10.1.38-0ubuntu0.18.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-cosmic
removed: verification-done verification-done-cosmic
Dan Streetman (ddstreet) wrote :

autopkgtests now pass for all archs

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-10.1 - 1:10.1.38-0ubuntu0.18.10.2

---------------
mariadb-10.1 (1:10.1.38-0ubuntu0.18.10.2) cosmic; urgency=medium

  * This update is a port of the package from Bionic,
    which includes security updates, as shown in the previous
    changelog entries. (LP: #1824979)
  * Restore tests to stop autopkgtest failures, by adding commits
    from debian git (salsa) listed below (LP: #1824335)
  * Revert "Remove the mariadb-test-* packages"
    - debian commit 96d3f8abcbe51894d0a5f7c7cadd5219e0dc2823
  * Omit test plugins as they are not used by the tests and
    already deleted
    - debian commit 902dffe6683e43d5134b9c9b9057b42372cd47fc
  * Define autopkgtest with isolation-container to allow service
    - debian commit 596c2581176102b29751786e5d8fac05dde3a3e4
  * Utilize upstream unstable-tests list in tests/upstream
    mysql-test-run
    - debian commit 33d85312840a625c1d607601b77c45f138405cfe
  * Fix typo in commit 33d853128 so skip list is not reset when
    adding lines
    - debian commit 18480afc86838a28cd9ba89e942330c2038011e2
  * Mark selected tests as unstable so they don't stop the whole
    upload in vain
    - debian commit d44ece56d7e54c7940bebe6a4614a03c1c8621f2
  * Disable test unit.pcre_test on s390x that was failing in
    stretch-security
    - debian commit d44ece56d7e54c7940bebe6a4614a03c1c8621f2
  * d/unstable-tests.ppc64el: add main.sp, which always fails on cosmic
  * d/mariadb-test-data.install: install per-arch unstable-tests files
  * d/tests/upstream: skip per-arch unstable-tests
  * d/control, d/rules:
    - Do not build with jemalloc on arm64; it hangs when installing
      mariadb-server-10.1 (and autopkgtests fail).
      (LP: #1827022)

 -- Dan Streetman <email address hidden> Tue, 30 Apr 2019 05:21:53 -0400

Changed in mariadb-10.1 (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for mariadb-10.1 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers