Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)

[Christophe Monniez]

Hi Salvatore,

the fix was just uploaded.
Do we need a release excpetion for this to be accepeted ?

-- 
Christophe Monniez christophe.monn...@fccu.be


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)

[Andreas Tille]

Hi,

I considered NMUing ssdeep to fix this bug.  When debcheckout-ing the
packaging repository I noticed that there is a changelog entry

* Adding the missing Breaks+Replaces (Closes: #694368).

for a not yet released version 2.9-1.

Could you please confirm that you understood that you can not upload a
new version but just need to apply the smallest possible change to the
package currently in testing?  Please tell me if you have some trouble
with uploading / sponsering - I'd volunteer to help fixing this RC bug.

Kind regards

  Andreas.

-- 
http://fam-tille.de


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)

[Salvatore Bonaccorso]

Source: ssdeep
Source-Version: 2.7-2

Hi Christophe

On Thu, Dec 06, 2012 at 03:08:03PM +0100, Christophe Monniez wrote:
 the fix was just uploaded.

Thanks!

 Do we need a release excpetion for this to be accepeted ?

Just fill a bug for pseudopackage release.debian.org for a unblock
request. Include the debdiff against the current version in testing.
Best is to create the bugreport with reportbug.

Does this helps?

Regards,
Salvatore


signature.asc
Description: Digital signature

Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)

[Salvatore Bonaccorso]

Hi Christophe

I was looking at current RC bugs for wheezy and noticed #694368. I saw
that you already commited the changes to git[1] however also including
a new upstream version afterwards.

 [1]: 
http://anonscm.debian.org/gitweb/?p=forensics/ssdeep.git;a=commitdiff;h=8c07aaab7fc19c5d5cbe3b9c8fa07b070051cc02

Could you prepare a fix only addressing the RC bug #694368 and only
upload this to unstable? Note that during the freeze now only
following freeze policy[2] applies to get unblocks.

 [2]: http://release.debian.org/wheezy/freeze_policy.html

Regards,
Salvatore


signature.asc
Description: Digital signature

Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)

[Andreas Beckmann]

Package: libfuzzy2,libfuzzy-dev
Version: 2.6-1
Severity: serious
User: trei...@debian.org
Usertags: edos-file-overwrite

Architecture: amd64
Distribution: squeeze-wheezy (partial) upgrade

Hi,

automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the following problem:

  Selecting previously deselected package ssdeep.
  (Reading database ... 6286 files and directories currently installed.)
  Unpacking ssdeep (from .../ssdeep_2.5-1_amd64.deb) ...
  Setting up ssdeep (2.5-1) ...

  Selecting previously deselected package libfuzzy2.
  (Reading database ... 6359 files and directories currently installed.)
  Unpacking libfuzzy2 (from .../libfuzzy2_2.7-1_amd64.deb) ...
  dpkg: error processing /var/cache/apt/archives/libfuzzy2_2.7-1_amd64.deb 
(--unpack):
   trying to overwrite '/usr/lib/libfuzzy.so.2.0.0', which is also in package 
ssdeep 2.5-1

  Selecting previously deselected package libfuzzy-dev.
  Unpacking libfuzzy-dev (from .../libfuzzy-dev_2.7-1_amd64.deb) ...
  dpkg: error processing /var/cache/apt/archives/libfuzzy-dev_2.7-1_amd64.deb 
(--unpack):
   trying to overwrite '/usr/include/fuzzy.h', which is also in package ssdeep 
2.5-1


This is a serious bug as it makes installation/upgrade fail, and
violates sections 7.6.1 and 10.1 of the policy.

As this problem can be demonstrated during partial upgrades from squeeze
to wheezy (but not within squeeze or wheezy itself), this indicates a
missing or insufficiently versioned Replaces+Breaks relationship.
But since this particular upgrade ordering is not forbidden by any
dependency relationship, it is possible that apt (or $PACKAGE_MANAGER)
will use this erroneus path on squeeze-wheezy upgrades.

Here is a list of files that are known to be shared by both packages
(according to the Contents files for squeeze and wheezy on amd64, which
may be slightly out of sync):

usr/lib/libfuzzy.so.2
usr/lib/libfuzzy.so.2.0.0

usr/include/fuzzy.h
usr/lib/libfuzzy.so

The library was moved to a separate package recently:

  ssdeep (2.6-1) unstable; urgency=low
   * Split the libfuzzy library from the ssdeep package.


The following relationships are currently defined:

  Package:   libfuzzy2, libfuzzy-dev
  Conflicts: n/a
  Breaks:n/a
  Replaces:  n/a

The following relationships should be added for a clean takeover of
these files
(http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces):

  Package:  libfuzzy2
  Breaks:   ssdeep ( 2.6)
  Replaces: ssdeep ( 2.6)

  Package:  libfuzzy-dev
  Breaks:   ssdeep ( 2.6)
  Replaces: ssdeep ( 2.6)


Cheers,

Andreas

PS: for more information about the detection of file overwrite errors
of this kind see http://edos.debian.net/file-overwrites/.


ssdeep=2.5-1_libfuzzy2=2.7-1.log.gz
Description: GNU Zip compressed data