security tracking bug for mariadb-10.1 in cosmic

Bug #1824979 reported by Dan Streetman
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mariadb-10.1 (Ubuntu)
Fix Released
Undecided
Unassigned
Cosmic
Fix Released
Undecided
Unassigned

Bug Description

This is a tracking bug to update mariadb-10.1 in cosmic. There are several security updates to the package that have been released for the version in bionic already, but not cosmic.

http://people.canonical.com/~ubuntu-security/cve/pkg/mariadb-10.1.html

See bug 1824335 also.

Dan Streetman (ddstreet)
description: updated
Revision history for this message
Dan Streetman (ddstreet) wrote :

For context, mariadb-10.1 in Bionic has seen regular updates, including for security issues, while mariadb-10.1 in Cosmic has not had any released updates at all.

One result of this is that mariadb-10.1 autopkgtests fail every time it is tested. Bug 1824335 is open to track updating the version of mariadb-10.1 to fix the autopkgtest failures. However, since Cosmic has not seen updates and thus missing many security updates, this bug is opened to track, from a security perspective, updating mariadb-10.1 in Cosmic up to the same version, currently, as Bionic, which includes the security updates already included in Bionic.

Changed in mariadb-10.1 (Ubuntu):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Since the package contains additional fixes and packaging changes, it is not appropriate to go directly to -security. Please go through the SRU process first. Thanks!

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Dan, or anyone else affected,

Accepted mariadb-10.1 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mariadb-10.1/1:10.1.38-0ubuntu0.18.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in mariadb-10.1 (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Revision history for this message
Dan Streetman (ddstreet) wrote :

autopkgtest regressions noted in the other bug for this upload, bug 1824335

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Dan, or anyone else affected,

Accepted mariadb-10.1 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/mariadb-10.1/1:10.1.38-0ubuntu0.18.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-needed verification-needed-cosmic
removed: verification-done verification-done-cosmic
Revision history for this message
Dan Streetman (ddstreet) wrote :

autopkgtests now pass for all archs

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mariadb-10.1 - 1:10.1.38-0ubuntu0.18.10.2

---------------
mariadb-10.1 (1:10.1.38-0ubuntu0.18.10.2) cosmic; urgency=medium

  * This update is a port of the package from Bionic,
    which includes security updates, as shown in the previous
    changelog entries. (LP: #1824979)
  * Restore tests to stop autopkgtest failures, by adding commits
    from debian git (salsa) listed below (LP: #1824335)
  * Revert "Remove the mariadb-test-* packages"
    - debian commit 96d3f8abcbe51894d0a5f7c7cadd5219e0dc2823
  * Omit test plugins as they are not used by the tests and
    already deleted
    - debian commit 902dffe6683e43d5134b9c9b9057b42372cd47fc
  * Define autopkgtest with isolation-container to allow service
    - debian commit 596c2581176102b29751786e5d8fac05dde3a3e4
  * Utilize upstream unstable-tests list in tests/upstream
    mysql-test-run
    - debian commit 33d85312840a625c1d607601b77c45f138405cfe
  * Fix typo in commit 33d853128 so skip list is not reset when
    adding lines
    - debian commit 18480afc86838a28cd9ba89e942330c2038011e2
  * Mark selected tests as unstable so they don't stop the whole
    upload in vain
    - debian commit d44ece56d7e54c7940bebe6a4614a03c1c8621f2
  * Disable test unit.pcre_test on s390x that was failing in
    stretch-security
    - debian commit d44ece56d7e54c7940bebe6a4614a03c1c8621f2
  * d/unstable-tests.ppc64el: add main.sp, which always fails on cosmic
  * d/mariadb-test-data.install: install per-arch unstable-tests files
  * d/tests/upstream: skip per-arch unstable-tests
  * d/control, d/rules:
    - Do not build with jemalloc on arm64; it hangs when installing
      mariadb-server-10.1 (and autopkgtests fail).
      (LP: #1827022)

 -- Dan Streetman <email address hidden> Tue, 30 Apr 2019 05:21:53 -0400

Changed in mariadb-10.1 (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for mariadb-10.1 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.