New upstream microrelease available: 5.5.47

Bug #1524704 reported by Otto Kekäläinen on 2015-12-10
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-5.5 (Ubuntu)
Trusty
Medium
Steve Beattie

Bug Description

A new upstream microrelease is available.

MRE status for MariaDB was granted by the Ubuntu technical board on May 15th, 2014.

I am now submitting this release as a stable update. All previous microrelases have been submitted as security updates, so please advice me on the proper process of normal MRE uploads. I've read the documentation in the Ubuntu wiki, but most of the texts don't apply to the MariaDB/MySQL use case and some texts imply that the MRE policy is completely deprecated.

Source code is available at https://github.com/ottok/mariadb-5.5/tree/ubuntu-14.04

Public test builds at https://launchpad.net/~mysql-ubuntu/+archive/ubuntu/mariadb/+builds?build_text=&build_state=all

Attached is a debdiff created by running
  git diff ubuntu/5.5.46-1ubuntu0.14.04.2..HEAD debian/ > 5.5.46-1ubuntu0.14.04.2..5.5.47-1ubuntu0.14.04.2.diff

The attachment "5.5.46-1ubuntu0.14.04.2..5.5.47-1ubuntu0.14.04.2.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Otto Kekäläinen (otto) wrote :

Tip: use uscan to get the latest upstream release tarball, and use the attached debdiff to apply on the debian/ folder contents from the previous released package version in Ubuntu 14.04.

tags: added: trusty upgrade-software-version
Changed in mariadb-5.5 (Ubuntu):
importance: Undecided → Low
Seth Arnold (seth-arnold) wrote :

Just as an aside, the last time I tried to use uscan to download a new tarball from upstream MariaDB it performed a lot of non-obvious actions besides just downloading the tarball. How should uscan be called so that it performs its work with a minimum of surprise?

Thanks

2015-12-14 18:57 GMT+02:00 Seth Arnold <email address hidden>:
> Just as an aside, the last time I tried to use uscan to download a new
> tarball from upstream MariaDB it performed a lot of non-obvious actions
> besides just downloading the tarball. How should uscan be called so that
> it performs its work with a minimum of surprise?

I played around with uscan an uupdate and it seems there is no option
to make it run with download only. Personally I use uscan --verbose
nevertheless and just delete the extra symlink and directories it
creates.

Otto Kekäläinen (otto) wrote :

> 2015-12-14 18:57 GMT+02:00 Seth Arnold <email address hidden>:
>> Just as an aside, the last time I tried to use uscan to download a new
>> tarball from upstream MariaDB it performed a lot of non-obvious actions
>> besides just downloading the tarball. How should uscan be called so that
>> it performs its work with a minimum of surprise?

Starting from version 10.0.23 from Debian you can run:

uscan --verbose --no-symlink mariadb-10.0

Otto Kekäläinen (otto) wrote :

http://www.ubuntu.com/usn/usn-2881-1/ paritally applies for MariaDB too, and fixes are in this 5.5.47 release that has been waiting for sponsor to upload for about 1,5 months.

information type: Public → Public Security
Changed in mariadb-5.5 (Ubuntu):
importance: Low → Medium
Otto Kekäläinen (otto) wrote :

Note that http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/?h=ubuntu-15.04 is maintained with git-buildpackage and the repository includes the pristine-tar data, so you can also extract both the upstream and debian packaging from this one single repository if you want. It would be maybe less work and less error prone than doing the manual uscan+debdiff routine.

Changed in mariadb-5.5 (Ubuntu Trusty):
importance: Undecided → Medium
no longer affects: mariadb-5.5 (Ubuntu)
Steve Beattie (sbeattie) wrote :

Thanks, I'm working on this now. Sorry for the delay.

Changed in mariadb-5.5 (Ubuntu Trusty):
status: New → In Progress
assignee: nobody → Steve Beattie (sbeattie)
Otto Kekäläinen (otto) wrote :

Steve: I just noticed that my test build had a test suite failure, inherited out-of-the-box from upstream. Investigating.

Otto Kekäläinen (otto) wrote :

Steve: sorry, wrong alert, everything is fine. Proceed with upload.

Nore that you can use git-buildpackage with --prisitine-tar option and directly the git repo at https://github.com/ottok/mariadb-5.5/tree/ubuntu-14.04 to create everything without any manual uscan steps in between.

Steve Beattie (sbeattie) wrote :

Thanks for the tips, and making sure your builds were succeeding. I've uploaded your mariadb-5.5 package to the ubuntu-security-proposed ppa ( https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ) where it's currently building. Assuming all goes well, I will release it to trusty-security early next week. I did adjust the versioning slightly and added the CVE references to the changelog (I realize the CVEs weren't available when you originally prepared the update).

Thanks, and again, my apologies for the delay.

Steve Beattie (sbeattie) wrote :

Sorry, I missed that the changelog did not contain a reference to this bug report. The mariadb-5.5 packages have now been published to trusty-security and trusty-updates: https://launchpad.net/ubuntu/+source/mariadb-5.5/5.5.47-1ubuntu0.14.04.1 . Marking closed.

Thanks!

Changed in mariadb-5.5 (Ubuntu Trusty):
status: In Progress → Fix Released
Otto Kekäläinen (otto) wrote :

@sbeattie For the record: I imported your changes and tagged with version number: https://github.com/ottok/mariadb-5.5/commit/516ad142c7e09222e5e23b086656928f2879682b

Now the git repo branch ubuntu-14.04 matches what was released.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers