[Bug 1757107] Re: Security update 10.1.30-0ubuntu0.17.10.1 regresses smoke test, mariadb not started upon install

Wed, 20 Jun 2018 06:42:02 -0700 

There are many packaging changes that were introduced in the security
update, that regress security.

For example:

$ pull-lp-source -d mariadb-10.1 artful-release
$ pull-lp-source -d mariadb-10.1 artful-security
$ debdiff mariadb-10.1_10.1.25-1.dsc mariadb-10.1_10.1.30-0ubuntu0.17.10.1.dsc 
| filterdiff -i '*debian/rules' | head
gpgv: Signature made Tue 16 Jan 2018 05:38:44 PM GMT
gpgv:                using RSA key 45BCE75B840B1F69
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on 
/tmp/mariadb-10.1_10.1.30-0ubuntu0.17.10.1.dsc
diff -Nru mariadb-10.1-10.1.25/debian/rules mariadb-10.1-10.1.30/debian/rules
--- mariadb-10.1-10.1.25/debian/rules   2017-07-30 13:15:48.000000000 +0100
+++ mariadb-10.1-10.1.30/debian/rules   2018-01-02 11:51:23.000000000 +0000
@@ -4,7 +4,7 @@
 
 # enable Debian Hardening
 # see: https://wiki.debian.org/Hardening
-export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all,-pie
 DPKG_EXPORT_BUILDFLAGS = 1


See how the -security update, changes DEB_BUILD_MAIN_OPTIONS that remove pie. 
That makes all binaries compiled without pie, which is not the default/previous 
behaviour on Ubuntu.

Similarly systemd units changes were dropped in the security update -
but these are still required on artful. As seen in autopkgtest failures
/ regression in artful-

My debdiff mentioned in
https://launchpadlibrarian.net/361413400/lp1757107.diff reintroduced
back the changes to the artful-security update, that are present in
artful-release.

I'm not sure how I can make this any clearer. @otto Does above make
sense or no?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1757107

Title:
  Security update 10.1.30-0ubuntu0.17.10.1 regresses smoke test, mariadb
  not started upon install

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mariadb-10.1/+bug/1757107/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to