Bug 33836 - Migrate patches
Migrate patches
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 3.0
Other Linux
: P5 enhancement (vote)
: UCS 4.0
Assigned To: Arvid Requate
Stefan Gohmann
: interim-2
Depends on:
Blocks: 36054 36081 36746
  Show dependency treegraph
 
Reported: 2014-01-03 09:29 CET by Moritz Muehlenhoff
Modified: 2014-11-26 06:55 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
core-dhcpd-amd64 (3.29 MB, application/x-core)
2014-09-30 08:38 CEST, Stefan Gohmann
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-01-03 09:29:21 CET
Our patches made for UCS 3.x must to be checked whether they need to be merged in 4.0.
Comment 1 Stefan Gohmann univentionstaff 2014-07-15 08:35:57 CEST
I've created two separate bugs for heimdal and OpenLDAP:
 Bug 35359 - Migrate OpenLDAP patches to UCS 4.0
 Bug 35358 - Migrate heimdal patches to UCS 4.0

The Samba patches will be migrate with Bug #35319.
Comment 2 Stefan Gohmann univentionstaff 2014-07-15 08:49:23 CEST
The following patches should be checked:

apache2/3.2-0-0-ucs/2.2.16-6+squeeze12-ucs3.2-2

clamav/3.2-0-0-ucs/0.98.1+dfsg-1+deb7u3-errata3.2-2

consolekit/3.2-0-0-ucs/0.4.1-4

cups/3.2-0-0-ucs/1.4.4-7-errata3.2-1

curl/3.2-0-0-ucs/7.21.0-2.1+squeeze8-errata3.2-1

cyrus-imapd-2.2/3.2-0-0-ucs/2.2.13-19+squeeze1

cyrus-imapd-2.4/3.2-0-0-ucs/2.4.9-1

fetchmail/3.2-0-0-ucs/6.3.18-2

firmware-free/3.2-0-0-ucs/3.2

freeradius/3.2-0-0-ucs/2.1.10+dfsg-2-errata3.2-1

grub2/3.2-0-0-ucs/2.00-19

icu/3.2-0-0-ucs/4.4.1-8+squeeze2-ucs3.2-2

initramfs-tools/3.2-0-0-ucs/0.112~bpo70+1

kbuild/3.2-0-0-ucs/1:0.1.9998svn2577+dfsg-3

kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1

krb5/3.2-0-0-ucs/1.8.3+dfsg-4squeeze7

libmodplug/3.2-0-0-ucs/1:0.8.8.1-1+squeeze2+git20130828

libnss-ldap/3.2-0-0-ucs/264-2.2

libxres/3.2-0-0-ucs/2:1.0.4-1+squeeze

lighttpd/3.2-0-0-ucs/1.4.28-2+squeeze1.5-ucs3.2-2

linux-tools/3.2-0-0-ucs/3.10-2

mysql-5.1/3.2-0-0-ucs/5.1.73-1-ucs3.2-2

nfs-utils/3.2-0-0-ucs/1:1.2.2-4squeeze2-errata3.2-1

ocfs2-tools/3.2-0-0-ucs/1.6.4-2

openafs/3.2-0-0-ucs/1.6.5-1

openjdk-6/3.2-0-0-ucs/6b31-1.13.3-1~deb6u1-errata3.2-2

openssh/3.2-0-0-ucs/1:5.5p1-6+squeeze3

openssl/3.2-0-0-ucs/0.9.8o-4squeeze14-errata3.2-2

open-vm-tools/3.2-0-0-ucs/2:9.2.3-1031360-7

pcp/3.2-0-0-ucs/3.3.3-squeeze3

php5/3.2-0-0-ucs/5.3.3-7+squeeze18-errata3.2-0  
php5/3.2-0-0-ucs/5.4.4-14+deb7u9-php54

php-geoip/3.2-0-0-ucs/1.0.7-8-php54

php-imagick/3.2-0-0-ucs/3.1.0~rc1-1-php54

php-memcache/3.2-0-0-ucs/3.0.6-6-php54

procps/3.2-0-0-ucs/1:3.2.8-9squeeze1-errata3.2-1

pyrad/3.2-0-0-ucs/1.2-1+deb6u1

python2.6/3.2-0-0-ucs/2.6.6-8

python-django/3.2-0-0-ucs/1.2.3-3+squeeze8

qemu-kvm/3.2-0-0-ucs/1.1.2+dfsg-6-errata3.2-1

rsync/3.2-0-0-ucs/3.0.7-2-errata3.2-2

ruby1.8/3.2-0-0-ucs/1.8.7.302-2squeeze1-errata3.2-0

ruby1.9.1/3.2-0-0-ucs/1.9.2.0-2+deb6u1

spamassassin/3.2-0-0-ucs/3.3.1-1.1

squid3/3.2-0-0-ucs/3.1.6-1.2+squeeze3

srtp/3.2-0-0-ucs/1.4.4~dfsg-6+deb6u1-ucs3.2-2

strongswan/3.2-0-0-ucs/4.4.1-5.4-ucs3.2-2

sup-mail/3.2-0-0-ucs/0.11-2+nmu1+deb6u1-ucs3.2-2

virtualbox/3.2-0-0-ucs/4.2.10-dfsg-1

xtables-addons/3.2-0-0-ucs/2.3-1

zoneminder/3.2-0-0-ucs/1.24.2-8+squeeze1
Comment 3 Stefan Gohmann univentionstaff 2014-07-15 09:36:00 CEST
And the following UCS 3.1 patches:

apt/3.1-0-0-ucs/0.8.10.3+squeeze1

apt-mirror/3.1-0-0-ucs/0.4.8-3

bacula/3.1-0-0-ucs/5.0.2-2.2+squeeze1-ucs3.1-1

base-files/3.1-0-0-ucs/6.0squeeze6

bind9/3.1-0-0-ucs/1:9.8.0.P4-1-errata3.1-1

cairo/3.1-0-0-ucs/1.10.2-7~bpo60+1-errata3.1-1

checkgmail/3.1-0-0-ucs/1.13+svn43-2+squeeze0.1

dansguardian/3.1-0-0-ucs/2.10.1.1-3-ucs3.1-1

dbus/3.1-0-0-ucs/1.2.24-4+squeeze2-ucs3.1-1

dkms/3.1-0-0-ucs/2.2.0.3-1.1-ucs3.1-1

emesene/3.1-0-0-ucs/1.6.3-1.1

ghostscript/3.1-0-0-ucs/8.71~dfsg2-9+squeeze1-ucs3.1-1

grep/3.1-0-0-ucs/2.6.3-3-errata3.1-1

icedtea-web/3.1-0-0-ucs/1.4-3-errata3.1-1

iceweasel/3.1-0-0-ucs/17.0.8esr-1~deb7u1-errata3.1-1

isc-dhcp/3.1-0-0-ucs/4.1.1-P1-15+squeeze6

libnss-extrausers/3.1-0-0-ucs/0.3-1-ucs3.1-1

libssh/3.1-0-0-ucs/0.4.5-3+squeeze1-ucs3.1-1

libvirt/3.1-0-0-ucs/0.9.12-5-ucs3.1-1

libvpx/3.1-0-0-ucs/1.0.0-2~bpo60+1-errata3.1-1

mono/3.1-0-0-ucs/2.6.7-5.1

nagios3/3.1-0-0-ucs/3.2.1-2+squeeze1-ucs3.1-1

network-manager/3.1-0-0-ucs/0.8.1-6+squeeze2

nspr/3.1-0-0-ucs/2:4.9.2-1~bpo60+1-errata3.1-1

nss/3.1-0-0-ucs/2:3.14.3-1~bpo60+1-errata3.1-1

ntp/3.1-0-0-ucs/1:4.2.6.p3+dfsg-1ubuntu3.1-ucc

openoffice.org/3.1-0-0-ucs/1:3.2.1-11+squeeze8-ucs3.1-1

pam/3.1-0-0-ucs/1.1.1-6.1+squeeze1-ucs3.1-1

parted/3.1-0-0-ucs/2.3-5-ucs3.1-1  2.3-8ubuntu5.1-ucc

pcp/3.1-0-0-ucs/3.3.3-squeeze2

plymouth/3.1-0-0-ucs/0.8.3-9.2

postgresql-common/3.1-0-0-ucs/113+squeeze1

python-django/3.1-0-0-ucs/1.2.3-3+squeeze3

python-notifier/3.1-0-0-ucs/0.9.5-1-ucs3.1-1

qemu/3.1-0-0-ucs/1.1.2+dfsg-1

qemu-kvm/3.1-0-0-ucs/1.1.2+dfsg-2-ucs3.1-1

ruby1.8/3.1-0-0-ucs/1.8.7.302-2squeeze1-errata3.1-1

sqlite3/3.1-0-0-ucs/3.7.13-1~bpo60+1-errata3.1-1

sysvinit/3.1-0-0-ucs/2.88dsf-13.1+squeeze1

tomcat6/3.1-0-0-ucs/6.0.35-1+squeeze2-errata3.1-1

util-linux/3.1-0-0-ucs/2.17.2-9

xen-4.1/3.1-0-0-ucs/4.1.3-4-errata3.1-0



And for UCS 3.0:

acpid/3.0-0-0-ucs/1:2.0.7-1squeeze4-ucs3.0-2

amavisd-new/3.0-0-0-ucs/1:2.6.4-3

backuppc/3.0-0-0-ucs/3.1.0-9.1-ucs3.0-1

base-passwd/3.0-0-0-ucs/3.5.22

bochs/3.0-0-0-ucs/2.4.5-1

busybox/3.0-0-0-ucs/1:1.17.1-8

cherrypy3/3.0-0-0-ucs/3.1.2-1-umcrest

chntpw/3.0-0-0-ucs/0.99.6-2

cifs-utils/3.0-0-0-ucs/2:4.5-2-errata3.0-0

console-common/3.0-0-0-ucs/0.7.85

console-setup/3.0-0-0-ucs/1.68+squeeze2

cryptsetup/3.0-0-0-ucs/2:1.1.3-4squeeze2

cups-pdf/3.0-0-0-ucs/2.5.0-16-ucs3.0-1

db3/3.0-0-0-ucs/3.2.9+dfsg-0.1

db4.7/3.0-0-0-ucs/4.7.25-9

db4.8/3.0-0-0-ucs/4.8.30-2

dmidecode/3.0-0-0-ucs/2.9-1.2-ucs3.0-2

expat/3.0-0-0-ucs/2.0.1-7-errata3.0-2

fakechroot/3.0-0-0-ucs/2.9-1.1+squeeze1

firebird2.5/3.0-0-0-ucs/2.5.0.26054~ReleaseCandidate3.ds2-1

firmware-nonfree/3.0-0-0-ucs/0.28+squeeze1

freecell-solver/3.0-0-0-ucs/2.34.0-1

gcc-3.3/3.0-0-0-ucs/1:3.3.6ds1-20

gcc-4.1/3.0-0-0-ucs/4.1.2-29

gcc-4.3/3.0-0-0-ucs/4.3.5-4

gcc-4.4/3.0-0-0-ucs/4.4.5-8

gcj-4.4/3.0-0-0-ucs/4.4.5-2

gdc-4.3/3.0-0-0-ucs/1:1.060-4.3.5-2

gdm/3.0-0-0-ucs/2.20.11-4

ghc6/3.0-0-0-ucs/6.12.1-13

gnustep-gui/3.0-0-0-ucs/0.18.0-5

gnustep-make/3.0-0-0-ucs/2.4.0-3

gpc-4.1/3.0-0-0-ucs/2.1-4.1.2-28

gpsbabel/3.0-0-0-ucs/1.4.0-1

grub/3.0-0-0-ucs/0.97-64

hp-ppd/3.0-0-0-ucs/0.9-0.1

ia32-libs/3.0-0-0-ucs/20111018

ia32-libs-core/3.0-0-0-ucs/20110202

ifupdown-extra/3.0-0-0-ucs/0.14.2-ucs3.0-1

insserv/3.0-0-0-ucs/1.14.0-2

iptables-persistent/3.0-0-0-ucs/0.0.20100801

java-imaging-utilities/3.0-0-0-ucs/0.14.2+3-2

kde4libs/3.0-0-0-ucs/4:4.4.5-2+squeeze3

kdebase-workspace/3.0-0-0-ucs/4:4.4.5-7+squeeze1

ldapvi/3.0-0-0-ucs/1.7-7

libapache2-mod-auth-pam/3.0-0-0-ucs/1.1.1-8

libasyncns/3.0-0-0-ucs/0.3-1.1-ucs3.0-2

libbonobo/3.0-0-0-ucs/2.24.3-1

libbuffy/3.0-0-0-ucs/1.4-1

libdbi/3.0-0-0-ucs/0.8.2-3

libgearman-client-async-perl/3.0-0-0-ucs/0.94-3

libgnome-keyring/3.0-0-0-ucs/2.30.1-1

libofa/3.0-0-0-ucs/0.9.3-3.1-ucs3.0-2

libsigc++-1.2/3.0-0-0-ucs/1.2.7-2

libtest-checkmanifest-perl/3.0-0-0-ucs/1.22-1

libtunepimp/3.0-0-0-ucs/0.5.3-7.3-ucs3.0-2

libwmf/3.0-0-0-ucs/0.2.8.4-6.1-ucs3.0-2

lisaac/3.0-0-0-ucs/1:0.13.1-3

lsb/3.0-0-0-ucs/3.2-23.2squeeze1-ucs3.0-2

mbr/3.0-0-0-ucs/1.1.10-2

memtest86+/3.0-0-0-ucs/4.10-1.1

mercurial-buildpackage/3.0-0-0-ucs/0.9

monkeysphere/3.0-0-0-ucs/0.31-4

msttcorefonts/3.0-0-0-ucs/3.3

nagios-plugins/3.0-0-0-ucs/1.4.15-3squeeze1

oss-compat/3.0-0-0-ucs/0.0.4+nmu3-ucs3.0-2

pacparser/3.0-0-0-ucs/1.2.6-2

pbuilder/3.0-0-0-ucs/0.199+nmu1squeeze1-ucs3.0-1

phonon/3.0-0-0-ucs/4:4.6.0really4.4.2-1

php-horde-form/3.0-0-0-ucs/1.0.5-1-errata3.0-2

php-horde-imp/3.0-0-0-ucs/5.0.11-1-errata3.0-2

php-suhosin/3.0-0-0-ucs/0.9.32.1-1-errata3.0-2

pkg-php-tools/3.0-0-0-ucs/0.5

plymouth/3.0-0-0-ucs/0.8.3-9.1

poppler/3.0-0-0-ucs/0.12.4-1.2-errata3.0-0

posixtestsuite/3.0-0-0-ucs/1.5.2-3

postgresql-common/3.0-0-0-ucs/113

pperl/3.0-0-0-ucs/0.25-5

psqlodbc/3.0-0-0-ucs/1:08.03.0200-1.2

pycairo/3.0-0-0-ucs/1.8.8-1

pygtk/3.0-0-0-ucs/2.17.0-4

pykota/3.0-0-0-ucs/1.26+unofficial

python-apt/3.0-0-0-ucs/0.7.100.1+squeeze1

python-ipaddr/3.0-0-0-ucs/2.1.5-2

python-pam/3.0-0-0-ucs/0.4.2-12.2-errata3.0-1

rake/3.0-0-0-ucs/0.8.7-2

rdesktop/3.0-0-0-ucs/1.7.0-1

samba4wins/3.0-0-0-ucs/1.0.8-2

squid/3.0-0-0-ucs/2.7.STABLE9-2.1

sun-java6/3.0-0-0-ucs/6.26-0squeeze1

synaptic/3.0-0-0-ucs/0.70~pre1

texlive-base/3.0-0-0-ucs/2009-11+squeeze1-ucs3.0-2

tokyotyrant/3.0-0-0-ucs/1.1.40-4

tre/3.0-0-0-ucs/0.8.0-3-ucs3.0-2

wims/3.0-0-0-ucs/4.00-4

x2goclient-cli/3.0-0-0-ucs/3.0.1-1.2

x2goserver/3.0-0-0-ucs/3.0.1-6

xf86-input-wacom/3.0-0-0-ucs/0.10.5+20100416-1

xorg/3.0-0-0-ucs/1:7.5+8+squeeze1-ucs3.0-1
Comment 4 Stefan Gohmann univentionstaff 2014-08-20 21:06:02 CEST
(In reply to Stefan Gohmann from comment #3)
> And the following UCS 3.1 patches:
>
> bind9/3.1-0-0-ucs/1:9.8.0.P4-1-errata3.1-1

Split into "Bug #35668 - Migrate bind patches" because bind9 is needed for MS1.
Comment 5 Felix Botner univentionstaff 2014-08-26 17:42:26 CEST
added 3.0-0-0-ucs/1.1.1-8/01_add_pam_service.patch to 4.0-0-0-ucs/1.1.1-9
(needed by univention-nagios-server)
Comment 6 Felix Botner univentionstaff 2014-08-27 10:53:34 CEST
added 

nagios-plugins/3.0-0-0-ucs/1.4.15-3squeeze1/10-check-ldap-read-password-from-file.patch 

to nagios-plugins/4.0-0-0/1.4.16-1
(needed for LDAP authentication with password file UNIVENTION_LDAP_AUTH)
Comment 7 Stefan Gohmann univentionstaff 2014-09-15 15:09:23 CEST
(In reply to Stefan Gohmann from comment #3)
> And the following UCS 3.1 patches:
> base-files/3.1-0-0-ucs/6.0squeeze6

See Bug #35931
Comment 8 Arvid Requate univentionstaff 2014-09-29 13:30:34 CEST
* Packages rebuilt with migrated patches:
=========================================
plymouth 
bacula 
clamav 
python2.6 
amavisd-new 
hp-ppd 
synaptic 
apt-mirror 
consolekit 
dbus 
rsync 
krb5 
base-passwd 
cups-pdf 
squid 
console-common 
postgresql-common - dropped: 00-readline-wrapper.patch
memtest86+ 
pbuilder - disabled: 25_linux-any.patch.DISABLED
lsb 
chntpw 
xorg  (one patch: links /usb/bin to /usr/X11R6/bin -- still relevant?)
gnustep-make 
db4.7 
pycairo 
libbonobo 
cryptsetup 
freeradius 
squid3 
parted
grep 
libnss-extrausers 
grub 
php5 
pacparser 
apt 
dkms 
phonon 
apache2 
pperl 
gpsbabel 
spamassassin 
srtp 
lisaac 
procps 
gnustep-gui 
libnss-ldap 
ruby1.9.1 
=========================================


* Complicated patches: isc-dhcp, libnss-extrausers, procps


* Packages not rebuilt, all previous patches dropped:
=====================================================
rake - dropped: 00-disable-tests.patch
python-apt - dropped: 00-skip-testsuite.patch
python-ipaddr - dropped: 00-issue-77-wrong-output-of-exploded.patch
libssh - dropped: CVE-2013-0176.patch
libdbi - dropped: 00-lower-optimization.patch
cairo - dropped: backport.patch
tokyotyrant - dropped: 00-fix-build.patch
open-vm-tools - dropped: backport.patch, backport2.patch
sqlite3 - dropped: backport.patch
acpid - dropped: 00-fix-handling-of-input-devices.patch
mbr - dropped: 00-limit-testsuite.patch
java-imaging-utilities: dropped: 00_fix-build.patch
nagios3 - dropped: CVE-2011-1523.patch
openoffice.org - dropped: 10_rules.patch, 20_build_depends.patch 
libvpx - dropped: backport.patch
python-django - dropped: fix-build-with-sphinx108.patch
texlive-base - dropped: 001_breaks_old_ucs24_packages.patch
busybox - dropped: 00-fix-incorrect-quilt-usage.patch, 01-build-fix.patch
libbuffy - dropped: 00-build-fix.patch
xtables-addons - dropped: backport.patch
nfs-utils - dropped: 10-increment-the-stdio-file-buffer-size-for-procfs-files.patch 
ruby1.8 - dropped: CVE-2013-4164_CVE-2013-1821_CVE-2013-4073.patch
pam - dropped: 02_CVE-2011-3628.patch, 03_CVE-2010-3853.patch 
isc-dhcp - dropped: 10_fix_dependency.patch 
iptables-persistent - dropped: fix-src-format.patch
libtest-checkmanifest-perl - dropped: 00-fix-test.patch
ghostscript - dropped: 00-fix-build.patch
fakechroot - dropped: 00-fix-build.patch, 01-drop-testsuite-test.patch
cyrus-imapd-2.4 - dropped: 81_CVE-2011-3481.patch 
expat - dropped: 01_CVE-2012-0876-1.patch, 01_CVE-2012-0876-2.patch, 01_CVE-2012-0876-3.patch, 02_CVE-2012-1148.patch
cifs-utils - dropped: CVE-2011-1678.patch, CVE-2011-2724.patch
freecell-solver - dropped: 00-fix-build.patch
rdesktop - dropped: 20_enable-smartcard.patch
dansguardian - dropped: 02-fix-broken-postinst-preinst.patch 
icu - dropped: fix-build.patch
ia32-libs - dropped: 00-fix-build.patch
python-pam - dropped: CVE-2012-1502.patch
kbuild - dropped: backport.patch
pkg-php-tools - dropped: 0.8/10-control.patch  --- still required? Introduced for Bug 22151 - Horde4 für UCS 3.0
=====================================================

* Packages covered by other Bugs:
=================================
virtualbox - Bug #35875#c3
libvirt - Bug #35768
openafs - Bug #35875
=================================
Comment 9 Arvid Requate univentionstaff 2014-09-29 18:47:05 CEST
And some more:

* Packages rebuilt with migrated patches:
=========================================
util-linux
libgnome-keyring
xf86-input-wacom
nagios-plugins
libsigc++-1.2
network-manager
=========================================

* Packages not rebuilt, all previous patches dropped:
=====================================================
firmware-free - dropped: fix-build-dep.patch
bochs - dropped: 00_fix_build.patch
pygtk - dropped: relax-build-deps.patch
kde4libs - dropped: 00_backport_locale_handling_from_kde45.patch
=====================================================

* Packages covered by other Bugs:
=================================
qemu - Bug #35768
=================================
Comment 10 Stefan Gohmann univentionstaff 2014-09-30 08:37:42 CEST
I'm unable to start the dhcp server:
Sep 30 01:07:21 ucs-7038 kernel: [ 1518.292996] dhcpd[6253]: segfault at ffffffffb7439bd0 ip 00007f27b51da899 sp 00007fff60bceae0 error 5 in dhcpd[7f27b5181000+1cb000]

(gdb) r -f
Starting program: /usr/sbin/dhcpd -f
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Internet Systems Consortium DHCP Server 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Program received signal SIGSEGV, Segmentation fault.
0x00005555555ad899 in set_ldap_real_base_dn (ld=0x555555a280b0) at ldap.c:147
147                     for (vs=0; values != NULL && values[vs] != NULL; vs++)
(gdb)
(gdb) p values
$2 = (char **) 0x55a31230
(gdb) p values[0]
Cannot access memory at address 0x55a31230
(gdb)
(gdb) bt
#0  0x00005555555ad899 in set_ldap_real_base_dn (ld=0x555555a280b0) at ldap.c:147
#1  ldap_start () at ldap.c:1275
#2  0x00005555555b06a5 in ldap_read_config () at ldap.c:1776
#3  0x000055555556e44b in main (argc=<optimized out>, argv=<optimized out>) at dhcpd.c:687
(gdb)

I'll attach the core file.



(In reply to Arvid Requate from comment #8)
> * Packages rebuilt with migrated patches:
> =========================================
> plymouth 
OK

> bacula 
OK

> clamav 
OK, the following patch have been dropped:
 02-disable-rules-dh_reconf.patch

> python2.6 
OK, the following patches have been fixed upstream and dropped:
 01-debian_bug_628984.patch
 03_CVE-2011-4944_1015_1521_4940-CVE-2012-1150_0845.patch

> amavisd-new 
OK

> hp-ppd 
OK

> synaptic 
OK

> apt-mirror 
OK

> consolekit 
OK

> dbus 
OK

> rsync 
OK

> krb5 
OK

> base-passwd 
OK

> cups-pdf 
OK

> squid 
OK

> console-common 
OK

> postgresql-common - dropped: 00-readline-wrapper.patch
OK, 00-readline-wrapper.patch has been fixed upstream

> memtest86+ 
OK

> pbuilder - disabled: 25_linux-any.patch.DISABLED
OK

> lsb 
OK

> chntpw 
OK

> xorg  (one patch: links /usb/bin to /usr/X11R6/bin -- still relevant?)

I think there might be still software on old customer servers. Let's still use it.

> gnustep-make 
OK

> db4.7 
OK

> pycairo 
OK

> libbonobo 
OK

> cryptsetup 
OK

> freeradius 
OK, the following patches have been fixed upstream and merged:
 004_CVE-2012-3547.patch
 005_CVE-2011-4966.patch

> squid3 
OK

> parted
OK

> grep 
OK

> libnss-extrausers 
OK

> grub 
OK

> php5 
OK

> pacparser 
OK

> apt 
OK

> dkms 
OK

> phonon 
OK

> apache2 
OK

> pperl 
OK

> gpsbabel 
OK

> spamassassin 
OK (01-bump-version.patch has been dropped)

> srtp 
OK

> lisaac 
OK

> procps 
OK

> gnustep-gui 
OK

> libnss-ldap 
OK

> ruby1.9.1 
OK

> =========================================
> 
> 
> * Complicated patches: isc-dhcp, libnss-extrausers, procps
> 
> 
> * Packages not rebuilt, all previous patches dropped:
> =====================================================
> rake - dropped: 00-disable-tests.patch
OK

> python-apt - dropped: 00-skip-testsuite.patch
OK

> python-ipaddr - dropped: 00-issue-77-wrong-output-of-exploded.patch

OK, upstream fixed

> libssh - dropped: CVE-2013-0176.patch

OK:
root@ucs-7038:/usr/share/doc# zgrep CVE-2013-0176 libssh*/changelog.Debian.gz
libssh-4/changelog.Debian.gz:      (Closes: #698963, CVE-2013-0176

> libdbi - dropped: 00-lower-optimization.patch
OK

> cairo - dropped: backport.patch
OK

> tokyotyrant - dropped: 00-fix-build.patch
OK

> open-vm-tools - dropped: backport.patch, backport2.patch
OK

> sqlite3 - dropped: backport.patch
OK

> acpid - dropped: 00-fix-handling-of-input-devices.patch
OK, upstream fixed:
root@ucs-7038:/usr/share/doc# zgrep 616194 acpid/changelog.Debian.gz
    (Closes: #616194)
root@ucs-7038:/usr/share/doc# zgrep 522756 acpid/changelog.Debian.gz
    #522756)
root@ucs-7038:/usr/share/doc#

> mbr - dropped: 00-limit-testsuite.patch
OK

> java-imaging-utilities: dropped: 00_fix-build.patch
OK

> nagios3 - dropped: CVE-2011-1523.patch
OK, fixed upstream:
root@ucs-7038:/usr/share/doc# zgrep CVE-2011-1523 nagios3/changelog.Debian.gz
  * [785a4e8] Remove unneded patch 99_fix_XSS_CVE-2011-1523
  * [b5f30e1] Fix for CVE-2011-1523: XSS problem in statusmap.cgi (Closes: #629127)
root@ucs-7038:/usr/share/doc#

> openoffice.org - dropped: 10_rules.patch, 20_build_depends.patch 
OK

> libvpx - dropped: backport.patch
OK

> python-django - dropped: fix-build-with-sphinx108.patch
OK

> texlive-base - dropped: 001_breaks_old_ucs24_packages.patch
OK

> busybox - dropped: 00-fix-incorrect-quilt-usage.patch, 01-build-fix.patch
OK

> libbuffy - dropped: 00-build-fix.patch
OK

> xtables-addons - dropped: backport.patch
OK

> nfs-utils - dropped:
> 10-increment-the-stdio-file-buffer-size-for-procfs-files.patch 
OK, fixed upstream

> ruby1.8 - dropped: CVE-2013-4164_CVE-2013-1821_CVE-2013-4073.patch
OK, fixed upstream:
root@ucs-7038:/usr/share/doc# zgrep CVE-2013- ruby1.8/changelog.Debian.gz
  * debian/patches/CVE-2013-4164.patch: New patch to fix
  * debian/patches/CVE-2013-4073: fix regression that introduced syntax errors
  * Add CVE-2013-4073.patch patch.
    CVE-2013-4073: Fix hostname check bypassing vulnerability in SSL client.
  * Add CVE-2013-1821.patch patch.
    CVE-2013-1821: Fix entity expansion DoS vulnerability in REXML. When
root@ucs-7038:/usr/share/doc#

> pam - dropped: 02_CVE-2011-3628.patch, 03_CVE-2010-3853.patch 
OK, merged upstream

> isc-dhcp - dropped: 10_fix_dependency.patch 
OK

> iptables-persistent - dropped: fix-src-format.patch
OK

> libtest-checkmanifest-perl - dropped: 00-fix-test.patch
OK

> ghostscript - dropped: 00-fix-build.patch
OK

> fakechroot - dropped: 00-fix-build.patch, 01-drop-testsuite-test.patch
OK

> cyrus-imapd-2.4 - dropped: 81_CVE-2011-3481.patch 
OK, fixed upstream

> expat - dropped: 01_CVE-2012-0876-1.patch, 01_CVE-2012-0876-2.patch,
> 01_CVE-2012-0876-3.patch, 02_CVE-2012-1148.patch
OK, fixed upstream

> cifs-utils - dropped: CVE-2011-1678.patch, CVE-2011-2724.patch
OK, fixed upstream

> freecell-solver - dropped: 00-fix-build.patch
OK

> rdesktop - dropped: 20_enable-smartcard.patch
OK, fixed upstram

> dansguardian - dropped: 02-fix-broken-postinst-preinst.patch 
OK

> icu - dropped: fix-build.patch
OK

> ia32-libs - dropped: 00-fix-build.patch
OK

> python-pam - dropped: CVE-2012-1502.patch
OK, fixed upstream

> kbuild - dropped: backport.patch
OK

> pkg-php-tools - dropped: 0.8/10-control.patch  --- still required?
> Introduced for Bug 22151 - Horde4 für UCS 3.0
I don't think we need the patch. Horde was already build for UCS 4: Bug #35888


> =====================================================
> 
> * Packages covered by other Bugs:
> =================================
> virtualbox - Bug #35875#c3
> libvirt - Bug #35768
> openafs - Bug #35875
> =================================

OK


(In reply to Arvid Requate from comment #9)
> And some more:
> 
> * Packages rebuilt with migrated patches:
> =========================================
> util-linux
OK

> libgnome-keyring
OK

> xf86-input-wacom
OK

> nagios-plugins
OK

> libsigc++-1.2
Failed, there are now two patches:

# ls libsigc++-1.2/4.0-0-0-ucs/1.2.7-2/
001-fixed_priority_to_prevent_bootstrapping_errors.patch  00-fix-package-priority.patch

> network-manager
OK

> =========================================
> 
> * Packages not rebuilt, all previous patches dropped:
> =====================================================
> firmware-free - dropped: fix-build-dep.patch
OK

> bochs - dropped: 00_fix_build.patch
OK

> pygtk - dropped: relax-build-deps.patch
OK

> kde4libs - dropped: 00_backport_locale_handling_from_kde45.patch
OK

> =====================================================
> 
> * Packages covered by other Bugs:
> =================================
> qemu - Bug #35768
> =================================
OK

Changelog: OK

Summary:
* Please check the DHCP segfault
* Please check the libsigc++-1.2 patches

TODO for me: I have to check if every package was considered.
Comment 11 Stefan Gohmann univentionstaff 2014-09-30 08:38:40 CEST
Created attachment 6140 [details]
core-dhcpd-amd64
Comment 12 Stefan Gohmann univentionstaff 2014-09-30 09:40:19 CEST
(In reply to Stefan Gohmann from comment #2)
> kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1

This patch has not been migrated.
Comment 13 Arvid Requate univentionstaff 2014-09-30 19:01:57 CEST
> kdegraphics/3.2-0-0-ucs/4:4.4.5-2-ucs3.2-1

is now migrated to:

okular/4.0-0-0-ucs/4:4.8.4-3/01_bug_34125.patch

There are more patches which might need to be moved to a differently named source package, I'll check these again:
==============
cyrus-imapd-2.2
mysql-5.1            -> mysql-5.5
ocfs2-tools
pcp
qemu-kvm
xen-4.1
gcc-4.1
gcc-4.3
gcj-4.4
gdc-4.3
gdm
ghc6
gpc-4.1
ia32-libs-core
kdebase-workspace
libgearman-client-async-perl
libtunepimp
mercurial-buildpackage
msttcorefonts
php-horde-form
php-horde-imp
php-suhosin
posixtestsuite
pykota
sun-java6
wims
x2goclient-cli
x2goserver
==============


* The duplicate patch for libsigc++-1.2 has been removed now and the package is rebuilt.

* I fixed an obvious flaw in one of the patches for isc-dhcp but I'll have to check if this actually fixes the segv. The package is rebuilt.
Comment 14 Stefan Gohmann univentionstaff 2014-10-01 07:03:46 CEST
(In reply to Arvid Requate from comment #13)
> There are more patches which might need to be moved to a differently named
> source package, I'll check these again:
> ==============
> cyrus-imapd-2.2
We don't need it because we are using 2.4 for a long time.

> mysql-5.1            -> mysql-5.5
Yes, we need these patches.

> ocfs2-tools
I don't think we need them. That are backport / build patches

> pcp
The package is not part of wheezy. Since it is only a version patch we can ignore the patch.

> qemu-kvm
We are using the source package qemu and Philipp ported the patches.

> xen-4.1
We are using the default debian upstream package. We don't need a port.
 
> gcc-4.1
> gcc-4.3
gcc-4.7 is patched as well. We can ignore theses patches.

> gcj-4.4
gcj-4.7 is patched as well. We can ignore this patch.

> gdc-4.3
Yes, I think the patch should be ported to gdc-4.4 and gdc-4.6.

> gdm
We switched to kdm and don't need the patch any longer.

> ghc6
That was a patch for the UCS 3.0 rebuild. We don't need the patch for UCS 4.

> gpc-4.1
The package seems to be removed from wheezy.

> ia32-libs-core
The handling in Wheezy is different due to multiarch. We don't need these patches.

> kdebase-workspace
Yes, we should port these patches.

> libgearman-client-async-perl
Only a build fix. We don't need it.

> libtunepimp
Only a version fix. We don't need it.

> mercurial-buildpackage
Only a build fix. We don't need it.

> msttcorefonts
Yes, we should migrate theses patches.

> php-horde-form
I've checked our current Horde App. This patch is included.

> php-horde-imp
I've checked our current Horde App. This patch is included.

> php-suhosin
This package is not part of Wheezy.

> posixtestsuite
Only a build fix. We don't need it.

> pykota
Yes, I think we have to copy the package from UCS 3 if it isn't part of UCS 4 yet.
  
> sun-java6
This package is not part of Wheezy.

> wims
This package is not part of Wheezy.

> x2goclient-cli
Let's skip these patches and use the plain Debian version.

> x2goserver
This is not part of Wheezy. We should skip the patch.
Comment 15 Arvid Requate univentionstaff 2014-10-01 18:41:38 CEST
Ok, I fixed another string termination bug in isc-dhcp (reading the LDAP bind password). Now it works.

The follwing packages have been rebuilt with merged patches:
============================================================
mysql-5.5 
gdc-4.4 
gdc-4.6 
kde-workspace - dropped: 01-dont-run-kaboom-if-the-old-kde-dir-is-only-a-link.patch, 20_control.patch
pykota (cherrypicked from ucs_3.0-0)
msttcorefonts (cherrypicked from ucs_3.0-0)
============================================================
Comment 16 Arvid Requate univentionstaff 2014-10-02 14:31:08 CEST
Somehow the wheezy package for msttcorefonts had not been imported properly. I now downloaded it manually from http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/.
Comment 17 Moritz Muehlenhoff univentionstaff 2014-10-03 10:54:17 CEST
(In reply to Arvid Requate from comment #16)
> Somehow the wheezy package for msttcorefonts had not been imported properly.
> I now downloaded it manually from
> http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/.

Only the main section was imported from Wheezy. All further packages from contrib or non-free (such as the firmware) have always been imported selectively.
Comment 18 Stefan Gohmann univentionstaff 2014-10-06 11:56:10 CEST
(In reply to Moritz Muehlenhoff from comment #17)
> (In reply to Arvid Requate from comment #16)
> > Somehow the wheezy package for msttcorefonts had not been imported properly.
> > I now downloaded it manually from
> > http://ftp.de.debian.org/debian/pool/contrib/m/msttcorefonts/.
> 
> Only the main section was imported from Wheezy. All further packages from
> contrib or non-free (such as the firmware) have always been imported
> selectively.

OK, that should be re-checked: Bug #36051

(In reply to Arvid Requate from comment #15)
> pykota (cherrypicked from ucs_3.0-0)

It is not a maintained package in UCS 4, I've added a new report: Bug #36050

Everything else looks good.
Comment 19 Stefan Gohmann univentionstaff 2014-11-26 06:55:43 CET
UCS 4.0-0 has been released:
 http://docs.univention.de/release-notes-4.0-0-en.html
 http://docs.univention.de/release-notes-4.0-0-de.html

If this error occurs again, please use "Clone This Bug".