Ubuntu
mono package

Please merge mono 1.9.1+dfsg-4 from Debian Unstable

Bug #282952 reported by Jo Shields on 2008-10-13

254

	Status	Importance	Assigned to
mono (Debian)	Fix Released	Unknown	debbugs #493478
mono (Ubuntu)	Fix Released	Undecided	Unassigned
Intrepid	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: mono

Mono has received a (hopefully) final bugfix-only release for Lenny, including two security holes amongst the 7 fixed bugs. Please merge it.

Related branches

lp:ubuntu/hardy-security/mono

CVE References

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-13:

Merge patch from latest Debian package Edit (7.2 KiB, text/plain)

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-13:

Diffstat for merge patch Edit (459 bytes, text/plain)

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-14:

mono_1.9.1+dfsg-4ubuntu1.buildlog Edit (1.7 MiB, text/plain)

Seems I can only link one Debian bug per Ubuntu bug.

The full list of closed Debian bugs is:

http://bugs.debian.org/493478
http://bugs.debian.org/494406
http://bugs.debian.org/495624
http://bugs.debian.org/498894
http://bugs.debian.org/500771
http://bugs.debian.org/501505

Bug Watch Updater (bug-watch-updater) on 2008-10-14

Changed in mono:
status:	Unknown → Fix Released

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-14:

Setting confirmed as this is a merge w/ attached debdiff

Changed in mono:
status:	New → Confirmed

Revision history for this message

Daniel Holbach (dholbach) wrote on 2008-10-15:

Could it be that debian/patches/check_prefix_on_proc_self_exe.dpatch was dropped?

Revision history for this message

Daniel Holbach (dholbach) wrote on 2008-10-15:

Diff seems to be so big because of a spurious .orig file

daniel@bert:~/mono-1.9.1+dfsg$ diffstat debian/patches/fix_Assembly.LoadFrom_deadlock.dpatch
assembly.c | 100 +-
assembly.c.orig | 2503 +++++++++++++++++++++++++++++++++++++++++++++++++++
class.c | 1
metadata-internals.h | 3
4 files changed, 2575 insertions(+), 32 deletions(-)
daniel@bert:~/mono-1.9.1+dfsg$

Revision history for this message

Daniel Holbach (dholbach) wrote on 2008-10-15:

FTBFS on amd64 intrepid:

make[8]: Entering directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
/bin/sh ../mkinstalldirs ../class/lib/default/
mkdir -p -- ../class/lib/default/
touch ../class/lib/default//.stamp
MONO_PATH="../class/lib/net_1_1_bootstrap:$MONO_PATH" /tmp/buildd/mono-1.9.1+dfsg/runtime/mono-wrapper ../class/lib/net_1_1_bootstrap/mcs.exe /codepage:65001 -d:NET_1_1 -d:ONLY_1_1 -debug -target:exe -out:mcs.exe cs-parser.cs @mcs.exe.sources
cs-parser.jay(3466,1): error CS8025: Parsing error
Compilation failed: 1 error(s), 0 warnings
make[8]: *** [../class/lib/default/mcs.exe] Error 1
make[8]: Leaving directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
make[7]: *** [do-all] Error 2
make[7]: Leaving directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
make[6]: *** [all-recursive] Error 1

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-15: Re: [Bug 282952] Re: Please merge mono 1.9.1+dfsg-4 from Debian Unstable

On Wed, 2008-10-15 at 06:59 +0000, Daniel Holbach wrote:
> Could it be that debian/patches/check_prefix_on_proc_self_exe.dpatch was
> dropped?

It was dropped in 3ubuntu2:

* Disable check_prefix_on_proc_self_exe.dpatch, it is not necessary on
the current live CDs any more (aufs has correct /proc/pid/exe paths).

-- Martin Pitt <email address hidden> Tue, 12 Aug 2008 08:26:18 +0200

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-15:

On Wed, 2008-10-15 at 07:01 +0000, Daniel Holbach wrote:
> Diff seems to be so big because of a spurious .orig file
>
> daniel@bert:~/mono-1.9.1+dfsg$ diffstat debian/patches/fix_Assembly.LoadFrom_deadlock.dpatch
> assembly.c | 100 +-
> assembly.c.orig | 2503 +++++++++++++++++++++++++++++++++++++++++++++++++++
> class.c | 1
> metadata-internals.h | 3
> 4 files changed, 2575 insertions(+), 32 deletions(-)
> daniel@bert:~/mono-1.9.1+dfsg$

Urgh. Removed from pkg-mono SVN. I don't know if it's enough to prompt a
-5 release in Sid, but the new dpatch is at
http://svn.debian.org/wsvn/pkg-mono/mono/trunk/debian/patches/fix_Assembly.LoadFrom_deadlock.dpatch?op=file&rev=0&sc=0

Revision history for this message

Jo Shields (directhex) wrote on 2008-10-15:

#10

On Wed, 2008-10-15 at 07:18 +0000, Daniel Holbach wrote:
> FTBFS on amd64 intrepid:
>
> make[8]: Entering directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
> /bin/sh ../mkinstalldirs ../class/lib/default/
> mkdir -p -- ../class/lib/default/
> touch ../class/lib/default//.stamp
> MONO_PATH="../class/lib/net_1_1_bootstrap:$MONO_PATH" /tmp/buildd/mono-1.9.1+dfsg/runtime/mono-wrapper ../class/lib/net_1_1_bootstrap/mcs.exe /codepage:65001 -d:NET_1_1 -d:ONLY_1_1 -debug -target:exe -out:mcs.exe cs-parser.cs @mcs.exe.sources
> cs-parser.jay(3466,1): error CS8025: Parsing error
> Compilation failed: 1 error(s), 0 warnings
> make[8]: *** [../class/lib/default/mcs.exe] Error 1
> make[8]: Leaving directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
> make[7]: *** [do-all] Error 2
> make[7]: Leaving directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
> make[6]: *** [all-recursive] Error 1

Unable to reproduce:
make[8]: Entering directory `/tmp/buildd/mono-1.9.1+dfsg/mcs/mcs'
/bin/sh ../mkinstalldirs ../class/lib/default/
mkdir -p -- ../class/lib/default/
touch ../class/lib/default//.stamp
MONO_PATH="../class/lib/net_1_1_bootstrap:
$MONO_PATH" /tmp/buildd/mono-1.9.1
+dfsg/runtime/mono-wrapper ../class/lib/net_1_1_bootstrap/mcs.exe /codepage:65001 -d:NET_1_1 -d:ONLY_1_1 -debug -target:exe -out:mcs.exe cs-parser.cs @mcs.exe.sources
expression.cs(894,59): warning CS0618:
`Mono.CSharp.UserOperatorCall.MakeSimpleCall(Mono.CSharp.EmitContext,
Mono.CSharp.MethodGroupExpr, Mono.CSharp.Expression,
Mono.CSharp.Location)' is obsolete: `It may not be compatible with
expression trees'
Compilation succeeded - 1 warning(s)
cp mcs.exe ../class/lib/default/mcs.exe

Revision history for this message

Daniel Holbach (dholbach) wrote on 2008-10-15:

#11

- Thanks for fixing the .orig thing in pkg-mono - that should be good enough. I just wanted to point it out in case anybody wondered.
- You're right about debian/patches/check_prefix_on_proc_self_exe.dpatch in -3ubuntu2 it was removed from debian/patches/00list but not the patch itself. Oversight on my part.
- Testing the build again right now.

Revision history for this message

Daniel Holbach (dholbach) wrote on 2008-10-15:

#12

Builds nicely on intrepid amd64 now.

Revision history for this message

Steve Langasek (vorlon) wrote on 2008-10-16:

#13

$ M -s intrepid mono
mono | 1.9.1+dfsg-4ubuntu1 | intrepid | source
$

Looks like this is done - thanks!

Changed in mono:
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Merge patch from latest Debian package Edit

Add patch

Bug attachments

Add attachment

Remote bug watches

debbugs #493478
[done normal] Edit
debbugs #494406
[done important patch security] Edit
debbugs #495624
[done minor patch] Edit
debbugs #498894
[done important security] Edit
debbugs #500771
[done normal] Edit
debbugs #501505
[done important confirmed fixed-upstream upstream patch] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntumono package

Please merge mono 1.9.1+dfsg-4 from Debian Unstable

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Bug attachments

Remote bug watches

Ubuntu
mono package