Univention Bugzilla – Bug 57370
Package versions for orcania, ulfius and yder are lower in UCS 5.2 beta than 5.0-7
Last modified: 2024-06-03 17:58:37 CEST
The Debian source packages orcania, ulfius and yder are imported into UCS 5.0-x with a higher version than what is in UCS 5.1/5.2 (Debian-Bookworm): arequate@omar:~$ repo_stat.py yder Version 1.4.4-4 Rev 150997 Date 2019-12-15 10:06:27 Release 5.0-0-0 Version 1.4.19-1 Rev 171286 Date 2024-01-24 20:13:56 Release 5.1-0-0 Version 1.4.20-1 Rev 171057 Date 2023-11-11 22:00:32 Release 5.0-0-0 Scope errata5.0-6 Release 5.0-0-0 Scope fbest-oidc arequate@omar:~$ repo_stat.py ulfius Version 2.5.2-4 Rev 150157 Date 2019-12-15 07:52:58 Release 5.0-0-0 Version 2.5.2-4+deb10u1 Rev 158851 Date 2021-12-09 13:58:48 Release 5.0-0-0 Scope ucs5.0-1 Version 2.7.13-1 Rev 171287 Date 2024-01-24 20:17:52 Release 5.1-0-0 Version 2.7.14-1 Rev 171054 Date 2023-11-11 19:11:47 Release 5.0-0-0 Scope errata5.0-6 Release 5.0-0-0 Scope fbest-oidc arequate@omar:~$ repo_stat.py orcania Version 1.2.9-5 Rev 143731 Date 2019-12-14 17:05:27 Release 5.0-0-0 Version 2.3.2-1 Rev 171285 Date 2024-01-24 20:04:36 Release 5.1-0-0 Version 2.3.3-1 Rev 171055 Date 2023-11-11 19:12:05 Release 5.0-0-0 Scope errata5.0-6 We should check if we can switch to the Debian-Bookworm packages (possibly with a few required patches on top) to get them covered by Debian security updates.
https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/yder/ https://tracker.debian.org/pkg/yder stable: 1.4.19-1 testing: 1.4.20-1.1 https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/ulfius/ https://tracker.debian.org/pkg/ulfius stable: 2.7.13-1 testing: 2.7.15-2.2 https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/orcania/ https://tracker.debian.org/pkg/orcania stable: 2.3.2-1 testing: 2.3.3-1 <https://forge.univention.org/bugzilla/show_bug.cgi?id=49006#c11> lies as the package were not taken from "stable Debian 12 Bookworm", but from "testing Debian 12 Trixie"
Maybe we can use apt pinning for this like we did for runc in commit 50165ebd9ec5f8c98ed109d89863259097f6f917
* https://github.com/babelouest/orcania/commits/master/ shows this patch included in UCS but not yet in Bookworm: * https://github.com/babelouest/orcania/commit/313b81740babc54779e52df1444c8c29b89af0dc * Likewise ulfius has https://github.com/babelouest/ulfius/commit/d4647aa09ec762599f39c586ed5f92a6175e16e2 and 3-4 additional commits sine 2.7.13 I propose picking up these patches to not go backwards with regards to fixed bugs. But we should be based on the Bookworm packages to get notified in case something security related is discovered by Debian.