Bug 45179 - wget: minor issues (4.2)
wget: minor issues (4.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Philipp Hahn
Arvid Requate
:
Depends on: 41662
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-10 14:58 CEST by Arvid Requate
Modified: 2017-08-23 14:35 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-08-10 14:58:19 CEST
Package has been copied from the jessie Repos.

Advisory: ucs-4.2-1/doc/errata/staging/wget.yaml
Comment 1 Arvid Requate univentionstaff 2017-08-10 16:27:32 CEST
I've moved the advisory to ucs-4.2-0/doc/errata/staging, because the package has been imported to ucs-4.2-0.


The following patch should be merged too and applied during build:

~/svn/patches/wget/4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/39940_fix_memory_hog.patch
Comment 2 Philipp Hahn univentionstaff 2017-08-10 18:15:42 CEST
(In reply to Arvid Requate from comment #1)
> I've moved the advisory to ucs-4.2-0/doc/errata/staging, because the package
> has been imported to ucs-4.2-0.

4.2-0 is out-of-maintenance!
<http://updates.software-univention.de/download/ucs-maintenance/4.2-0.yaml>: maintained: false

So please revert r82011 to move back all those .yaml files to 4.2-1 and add
  ignore: [version.scope]
as announce_errata can pick any scope directory as source.

> The following patch should be merged too and applied during build:
> 
> ~/svn/patches/wget/4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/
> 39940_fix_memory_hog.patch

No need:
$ grep debian.org 4.1-0-0-ucs/1.13.4-3+deb7u4-errata4.1-4/39940_fix_memory_hog.patch 
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642563>

$ curl -s http://metadata.ftp-master.debian.org/changelogs/main/w/wget/wget_1.16-1+deb8u2_changelog | grep 642563
    - Fix a memory leak problem in the GNU TLS backend. closes: #642563

$ curl -s https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642563 | grep Fixed
<p>Fixed in version wget/1.14-1</p>

$ repo_get_version.py -r 4.2 -s errata4.2-0 -p wget | grep version
Current version: 1.16-1+deb8u2

$ dpkg --compare-versions 1.14-1 le 1.16-1+deb8u2 ; echo $?
0
Comment 3 Arvid Requate univentionstaff 2017-08-10 20:45:02 CEST
Ok, right 1.16-1 has the patch.

> 4.2-0 is out-of-maintenance!

Correct, that's why the advisory says

 version: [1]

That's the destination side. As far as Jenek told me, the svn branch where the advisory is stored needs to correspond to the scope where the new packages are to be taken from, which seems to be errata4.2-0 in this case. At least I had to include that scope for the QA.


> So please revert r82011 to move back all those .yaml files to 4.2-1 and add
>   ignore: [version.scope]
> as announce_errata can pick any scope directory as source.

How? If that's required then please document in the wiki under which condition that is applicable.
Comment 4 Arvid Requate univentionstaff 2017-08-16 18:50:57 CEST
Ok, I've moved the advisory back as recommended by you. The announce tool relies of the "scope: " field in the advisory, which is correct.

I've added this bug number to the advisory.
Comment 5 Arvid Requate univentionstaff 2017-08-23 14:35:30 CEST
<http://errata.software-univention.de/ucs/4.2/144.html>