New upstream version of in hardy-security

Bug #310359 reported by Emanuel Steen on 2008-12-22
Affects Status Importance Assigned to Milestone (Ubuntu)
Unassigned (Ubuntu)
Jamie Strandboge

Bug Description

Binary package hint:

The "" source package has three different versions in hardy:
 release, 1:2.4.0-3ubuntu6
 security, 1:2.4.1-1ubuntu2.1
 updates, 1:2.4.1-1ubuntu2.1

The "" source package has two versions in hardy:
 release, 1:2.4.0-3ubuntu1
 updates, 1:2.4.1-1ubuntu2

The "" packages doesn't seem to be compatible to 2.4.1, as an example the package "" has the following property.
Conflicts: (>= 1:, (<< 1:2.4.0), openoffice.org2-l10n-sv

This means that a hardy system that doesn't have hardy-updates enabled but only hardy-security can't upgrade without removing all language support for openoffice (the packages generated by ""). Version 2.4.1 of openoffice requires 2.4.1 version of the language support. An upgrade of openoffice from the security archive will then try to remove all of those packages.

The simple solution for this is to simply build "" with the same upstream version of as already included in hardy-security and also include this package in hardy-security. However, this doesn't feel like however the ideal solution as we want to keep security as small as possible and only change the packages that actually needs the security fix. In my opinion no upgrade in security should be incompatible with old packages in the system, i.e. should not change the ABI, but that is probably not possible in all situations. Actually, is seems rather strange to include a new upstream version of an application in a system that doesn't have updates enabled. Is the solution to have two separate security repositories, one for systems without updates enabled and one for system with updates enabled?

Anyway, a simple rebuild of "" should be ok for now so users can upgrade their systems. But for upcoming releases I think the architecture for security updates should be reviewed.

Changed in
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. I'll get the fix for this uploaded soon.

Changed in
assignee: nobody → jdstrand
status: New → In Progress
Changed in
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package - 1:2.4.1-1ubuntu2.1

--------------- (1:2.4.1-1ubuntu2.1) hardy-security; urgency=low

  * no change rebuild for hardy-security. This makes
    packages installable again for people with only -security enabled.
    (LP: #310359)

 -- Jamie Strandboge <email address hidden> Mon, 22 Dec 2008 07:17:48 -0600

Changed in
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers