Bug#768850: marked as done (ruby-activemodel, ruby-activesupport: needs Breaks for the packages it Replaces)

[Debian Bug Tracking System]

Your message dated Wed, 03 Dec 2014 16:00:09 +0000
with message-id <e1xwclz-0002kp...@franck.debian.org>
and subject line Bug#768850: fixed in rails 2:4.1.8-1
has caused the Debian Bug report #768850,
regarding ruby-activemodel, ruby-activesupport: needs Breaks for the packages 
it Replaces
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
768850: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768850
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: ruby-activemodel,ruby-activesupport
Version: 2:4.1.6-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts replaces-without-breaks

Hi,

during a test with piuparts and DOSE tools I noticed your package causes
removal of files that also belong to another package, leaving the other
package installed but crippled.
This is caused by using Replaces without corresponding Breaks.

This is a serious bug violating policy 7.6, see
http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces
and also see the footnote that describes this incorrect behavior
http://www.debian.org/doc/debian-policy/footnotes.html#f53

The ruby-activemodel package has the following relevant relationships:

  Conflicts: N/A
  Breaks:    N/A
  Replaces:  ruby-activemodel-3.2, ruby-activemodel-4.0

Since you intend to completely replace these packages, I suggest to add

  Breaks: ruby-activemodel-3.2, ruby-activemodel-4.0

(lintian may warn about a missing (<< $VER) clause - you can either ignore
that or make something up like (<< 2:4.1) - which should go to the Replaces
as well)

The same applies to the ruby-activesupport package which

  Replaces: ruby-activesupport-2.3, ruby-activesupport-3.2, 
ruby-activesupport-4.0

The other packages built from src:rails may have similar problems, I didn't
check in deep. They should be adjusted for consistency anyway.

But I could create test setups with crippled ruby-activemodel-3.2 and
ruby-activemodel-3.2 after installation and removal of the above two packages.
This may be an issue on wheezy -> jessie upgrades.


cheers,

Andreas

--- End Message ---

--- Begin Message ---

Source: rails
Source-Version: 2:4.1.8-1

We believe that the bug you reported is fixed in the latest version of
rails, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 768...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antonio Terceiro <terce...@debian.org> (supplier of updated rails package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 25 Nov 2014 16:51:50 -0200
Source: rails
Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord 
ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer 
ruby-railties ruby-rails rails
Architecture: source all
Version: 2:4.1.8-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers 
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Antonio Terceiro <terce...@debian.org>
Description:
 rails      - MVC ruby based framework geared for web application development (
 ruby-actionmailer - email composition, delivery, and receiving framework (part 
of Rai
 ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part 
of R
 ruby-actionview - framework for handling view template lookup and rendering 
(part o
 ruby-activemodel - toolkit for building modeling frameworks (part of Rails)
 ruby-activerecord - object-relational mapper framework (part of Rails)
 ruby-activesupport - Support and utility classes used by the Rails 4.1 
framework
 ruby-activesupport-2.3 - transitional dummy package
 ruby-rails - MVC ruby based framework geared for web application development
 ruby-railties - tools for creating, working with, and running Rails 
applications
Closes: 768850 770934
Changes:
 rails (2:4.1.8-1) unstable; urgency=medium
 .
   * New upstream release
     - Includes only bug fixes and no behavior changes. In special, includes
       fix for [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence
       disclosure in Action Pack) (Closes: #770934)
   * Add new transitional binary package ruby-activesupport-2.3 plus
     appropriate Breaks:/Replaces: fieds in all binary packages to ensure
     upgrades from wheezy work (Closes: #768850)
     - Many thanks to Andreas Beckmann for helping debug the upgrade issue.
Checksums-Sha1:
 e7284380df1e5cfff26778319c9bd7bc1413ee39 2543 rails_4.1.8-1.dsc
 b9b860ebcc29bc0e208c1eec50842db9bb92765b 3711426 rails_4.1.8.orig.tar.gz
 31ab8acccc861d93c9c116c6fbff81d04bc3978b 88364 rails_4.1.8-1.debian.tar.xz
 47cf441ed80aca2636a7715e0d850ca54dead12c 206486 
ruby-activesupport_4.1.8-1_all.deb
 b34ac0ba573eade8ed52dd55598a9178e07c2ba6 10948 
ruby-activesupport-2.3_4.1.8-1_all.deb
 7401d5a85f903a88ffdc4ad98ca8a092901e0942 267976 
ruby-activerecord_4.1.8-1_all.deb
 6a7d6813bcbd1f1c6741bef03b069b18a0227550 48214 ruby-activemodel_4.1.8-1_all.deb
 053895f8c77863b7897586b6528d6faefedb06e0 140734 ruby-actionview_4.1.8-1_all.deb
 6ea7a7767504f53afa763fa95a3f515651d6d2ed 169342 ruby-actionpack_4.1.8-1_all.deb
 2aaacca6419b8da9d2cc71560723b3ca4e0cc611 31094 
ruby-actionmailer_4.1.8-1_all.deb
 08e53d6e7bfe00200b96b9d681111bbf19e99981 118782 ruby-railties_4.1.8-1_all.deb
 bfd4243c4c210e4eec6e3576b6462582c2933b6c 15998 ruby-rails_4.1.8-1_all.deb
 747c3243da3f45640a36eba797af634d9e170dbe 11234 rails_4.1.8-1_all.deb
Checksums-Sha256:
 eed319ca0572fbc0e74a5f1165f29b2c918c62be1e70c209f5666806dd8e2e2e 2543 
rails_4.1.8-1.dsc
 419e7cdd8e7fd2b2d45d3a37fb37f01b70ada51db77ca116f83636711d845814 3711426 
rails_4.1.8.orig.tar.gz
 5a02a079f660f6c3bdb53489bbb6b7551e64eaaef86ea1cbdde764e73cd67cc5 88364 
rails_4.1.8-1.debian.tar.xz
 b56b43b6d8bfa3ae4f12a648008c87f961d333988c47cd829aee69189a12fe06 206486 
ruby-activesupport_4.1.8-1_all.deb
 ce20feab97343e47664a385e747d4cf6f11cec9ed3d081565378985239f89182 10948 
ruby-activesupport-2.3_4.1.8-1_all.deb
 308d8acb503d3571d95be0ddedb5a9524e3f8d73a589a6fcd810c158c2cf7a54 267976 
ruby-activerecord_4.1.8-1_all.deb
 f835579fcc1247270b8ead34d47cb63ba0702ceafbb2f827dfaca463fdc8b9fd 48214 
ruby-activemodel_4.1.8-1_all.deb
 527c36bdd614e1a4e6106ac9967defcad00049db6dfd65d09b2861215a253e79 140734 
ruby-actionview_4.1.8-1_all.deb
 efdc6428832a92d2425e77a214328bc1caa12fcbce2559bea209b809e4755ba0 169342 
ruby-actionpack_4.1.8-1_all.deb
 cdae6284c0e57f7f7d1d7709599862c3cee7c1acb904ae18723e64f9069a77f1 31094 
ruby-actionmailer_4.1.8-1_all.deb
 b7dd6d1f975e594f39ff60e1780b4e38dc9bfc22c4c209c17a9a73c9845ab1e0 118782 
ruby-railties_4.1.8-1_all.deb
 49e09b09524e9d6ac4d3d6a008972fb0406678cdb3a47b8371629400bdac848f 15998 
ruby-rails_4.1.8-1_all.deb
 304b8af3be7a70fc928878858a15fc28429a79d60c94d5ffd5d7d0f5c4c0f261 11234 
rails_4.1.8-1_all.deb
Files:
 8d3361c762f7183b2c57a6e3ecb3b1b8 2543 ruby optional rails_4.1.8-1.dsc
 0b118bca039a4beddbdafa128b7d85e6 3711426 ruby optional rails_4.1.8.orig.tar.gz
 6cd490d34d53e7b49e8393e1459a0780 88364 ruby optional 
rails_4.1.8-1.debian.tar.xz
 5b259edd2d2208d7199735a688bad3ee 206486 ruby optional 
ruby-activesupport_4.1.8-1_all.deb
 ef41932b17961fe493ae52f9664d245b 10948 ruby optional 
ruby-activesupport-2.3_4.1.8-1_all.deb
 d29a56ae1858694cdbf2da8c95d5ead4 267976 ruby optional 
ruby-activerecord_4.1.8-1_all.deb
 f98d728c5c672de27a782397a2b3b88b 48214 ruby optional 
ruby-activemodel_4.1.8-1_all.deb
 93ffb476c8faab0527a9d9b017f330cb 140734 ruby optional 
ruby-actionview_4.1.8-1_all.deb
 3036d5e30324d276503a57afca70c1af 169342 ruby optional 
ruby-actionpack_4.1.8-1_all.deb
 3d96a0fc2d897ef7d0bfdbb3a232d8f7 31094 ruby optional 
ruby-actionmailer_4.1.8-1_all.deb
 2521e494b5b3c37034e22b8846f08027 118782 ruby optional 
ruby-railties_4.1.8-1_all.deb
 1bd48cfb6c572c70e18addfd4194c3aa 15998 ruby optional ruby-rails_4.1.8-1_all.deb
 bb22ad850da8bdb806d02561cf1af745 11234 ruby optional rails_4.1.8-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUdNCzAAoJEPwNsbvNRgveW4cQANM0boCWTenMQgPtIctjDgvc
M8tFysuwCUHsN9jMRofQRRknPaoDsIaZ+NbAcXsOPSxHwvRasf5+C58zSFakGdMM
ROfJntDpdQIftSBaoFtuZHIVhNxn7G+Ukj4/p786qpDx2FL/MVtrKrr8ScON9OhZ
+FUvUfBFe4OXKGqreIvs1ZSzNEFCLLG18sTC1GyvW9rwZbM7B3EzR/u/l6Y/czkB
nmjyLQMjrQeo4KRHH5Jjd+NnoZuQbI0jK9fzMiBW5MuxmrztqfW0O5p1mqPsdWkz
N4tHwC1NDVQUT1LocESyp+9vfR/JdvqJ0tY7+sGLrSg0Arvl/QCtZ3Vveel6qYMN
2Orlj1rvMA76xKBPSZBRiExzTKmPGhHcAIwBxi2C4iOWRd2Oisa8wUnVq6QuVAtY
wYbqHxWbOUQBdd6MS/0WLp8HbqoEUGBP8D4kZ0dQrB4DAjMubBmNA41YXq30S7l7
Pwt78GGfchWbSfD+Mr0s0VcAX0SmUo3O1DZs17VH5/4Y6lD+vB2pKU0/X0XbtqMO
FAdSaEM8PfKbKdazLT6YifMG18FxRQL0km4SXGFSOJyiipKyNAQ6t+4eJDdmcM3/
Svn3JTYiVfzCkAFEj807sl8zDkTvAnKFihBXmWJztFaQTLybI1J2XWiCfRSgPONa
ZkKt2zoDGgEMLgfFd4yF
=ws9R
-----END PGP SIGNATURE-----

--- End Message ---