New upstream microrelease available: 5.5.47

The attachment "5.5.46-1ubuntu0.14.04.2..5.5.47-1ubuntu0.14.04.2.diff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Tip: use uscan to get the latest upstream release tarball, and use the attached debdiff to apply on the debian/ folder contents from the previous released package version in Ubuntu 14.04.

Just as an aside, the last time I tried to use uscan to download a new tarball from upstream MariaDB it performed a lot of non-obvious actions besides just downloading the tarball. How should uscan be called so that it performs its work with a minimum of surprise?

Thanks

2015-12-14 18:57 GMT+02:00 Seth Arnold <email address hidden>:
> Just as an aside, the last time I tried to use uscan to download a new
> tarball from upstream MariaDB it performed a lot of non-obvious actions
> besides just downloading the tarball. How should uscan be called so that
> it performs its work with a minimum of surprise?

I played around with uscan an uupdate and it seems there is no option
to make it run with download only. Personally I use uscan --verbose
nevertheless and just delete the extra symlink and directories it
creates.

> 2015-12-14 18:57 GMT+02:00 Seth Arnold <email address hidden>:
>> Just as an aside, the last time I tried to use uscan to download a new
>> tarball from upstream MariaDB it performed a lot of non-obvious actions
>> besides just downloading the tarball. How should uscan be called so that
>> it performs its work with a minimum of surprise?

Starting from version 10.0.23 from Debian you can run:

uscan --verbose --no-symlink mariadb-10.0

http://www.ubuntu.com/usn/usn-2881-1/ paritally applies for MariaDB too, and fixes are in this 5.5.47 release that has been waiting for sponsor to upload for about 1,5 months.

Also this CVE applies: http://www.openwall.com/lists/oss-security/2016/01/26/3

Note that http://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/?h=ubuntu-15.04 is maintained with git-buildpackage and the repository includes the pristine-tar data, so you can also extract both the upstream and debian packaging from this one single repository if you want. It would be maybe less work and less error prone than doing the manual uscan+debdiff routine.

Thanks, I'm working on this now. Sorry for the delay.

Steve: I just noticed that my test build had a test suite failure, inherited out-of-the-box from upstream. Investigating.

Steve: sorry, wrong alert, everything is fine. Proceed with upload.

Nore that you can use git-buildpackage with --prisitine-tar option and directly the git repo at https://github.com/ottok/mariadb-5.5/tree/ubuntu-14.04 to create everything without any manual uscan steps in between.

Thanks for the tips, and making sure your builds were succeeding. I've uploaded your mariadb-5.5 package to the ubuntu-security-proposed ppa ( https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ ) where it's currently building. Assuming all goes well, I will release it to trusty-security early next week. I did adjust the versioning slightly and added the CVE references to the changelog (I realize the CVEs weren't available when you originally prepared the update).

Thanks, and again, my apologies for the delay.

Sorry, I missed that the changelog did not contain a reference to this bug report. The mariadb-5.5 packages have now been published to trusty-security and trusty-updates: https://launchpad.net/ubuntu/+source/mariadb-5.5/5.5.47-1ubuntu0.14.04.1 . Marking closed.

Thanks!

@sbeattie For the record: I imported your changes and tagged with version number: https://github.com/ottok/mariadb-5.5/commit/516ad142c7e09222e5e23b086656928f2879682b

Now the git repo branch ubuntu-14.04 matches what was released.