| luis220413 | I am available now. | 05:08 |
|---|---|---|
| luis220413 | Please review my updates. | 05:08 |
| luis220413 | Please review the security update in bug 1970507. | 05:12 |
| ubottu | Bug 1970507 in xen (Ubuntu) "No security updates since release in all Ubuntu releases" [Medium, Fix Committed] https://launchpad.net/bugs/1970507 | 05:12 |
| luis220413 | Please review the SRUs in bug 1970779, bug 1978555 and bug 1978891. | 05:12 |
| ubottu | Bug 1970779 in wpewebkit (Ubuntu) "Upgrade to 2.36.4 for Focal, Impish and Jammy" [Medium, New] https://launchpad.net/bugs/1970779 | 05:12 |
| ubottu | Bug 1978555 in spip (Ubuntu) "New upstream maintenance and security releases for Focal and Jammy" [Medium, New] https://launchpad.net/bugs/1978555 | 05:12 |
| ubottu | Bug 1978891 in xen (Debian) "Upgrade to 4.16.1+32-g2e82446cb2 for Jammy" [Unknown, Confirmed] https://launchpad.net/bugs/1978891 | 05:12 |
| luis220413 | And bug 1980873 (not packaged by me) | 05:15 |
| ubottu | Bug 1980873 in chromium-browser (Ubuntu) "New release 103.0.5060.53 for Bionic" [High, Fix Committed] https://launchpad.net/bugs/1980873 | 05:15 |
| luis220413 | sbeattie: ^ | 05:18 |
| === luis220413_ is now known as luis220413 | ||
| luis220413 | I am unavailable until 11:00 UTC and may be so until 12:00 UTC. | 06:58 |
| luis220413 | amurray: Please review my updates. | 12:01 |
| luis220413 | I am available now. | 12:01 |
| luis220413 | georgiag: Please review my updates. | 12:11 |
| ebarretto | luis220413, I will be adding comments to your launchpad tickets today. Please note that SRUs are not the security team responsibility to review them or to notify the SRU team. | 12:52 |
| luis220413 | ebarretto: Specifically, I want you to review bug 1970507, bug 1970779, bug 1978555, bug 1978891 and bug 1980873. The updated package in the last one was not made by me. | 13:12 |
| ubottu | Bug 1970507 in xen (Ubuntu) "No security updates since release in all Ubuntu releases" [Medium, Fix Committed] https://launchpad.net/bugs/1970507 | 13:12 |
| ubottu | Bug 1970779 in wpewebkit (Ubuntu) "Upgrade to 2.36.4 for Focal, Impish and Jammy" [Medium, New] https://launchpad.net/bugs/1970779 | 13:12 |
| ubottu | Bug 1978555 in spip (Ubuntu) "New upstream maintenance and security releases for Focal and Jammy" [Medium, New] https://launchpad.net/bugs/1978555 | 13:12 |
| ubottu | Bug 1978891 in xen (Debian) "Upgrade to 4.16.1+32-g2e82446cb2 for Jammy" [Unknown, Confirmed] https://launchpad.net/bugs/1978891 | 13:12 |
| ubottu | Bug 1980873 in chromium-browser (Ubuntu) "New release 103.0.5060.53 for Bionic" [High, Fix Committed] https://launchpad.net/bugs/1980873 | 13:12 |
| ebarretto | luis220413, spip for focal and jammy is an SRU | 13:15 |
| ebarretto | I think we already discussed about this one | 13:15 |
| luis220413 | I know. Ignore all but 1970779 (that should be a security update) and 1980873 | 13:15 |
| luis220413 | And 1970507 | 13:15 |
| ebarretto | again, I will be adding comments, I won't be sponsoring those. I'm just reviewing everything so we assign people to it | 13:16 |
| luis220413 | I just converted 1970779 into a security update given comment #18 (by Marc Deslauriers) | 13:17 |
| ebarretto | luis220413, regarding #1970507 I can't see a debdiff there | 13:20 |
| ebarretto | not sure if LP is misbehaving | 13:21 |
| ebarretto | could you please attach the debdiff(s)? | 13:21 |
| luis220413 | ebarretto: I will upload one now. It includes the fixes from the version in the unapproved queue. | 13:22 |
| luis220413 | LP is not misbehaving. | 13:22 |
| luis220413 | The debdiff has been attached 1 minute ago. | 13:23 |
| ebarretto | luis220413, please add also information on how to test the package/cves | 13:23 |
| luis220413 | ebarretto: Done. I can perform the part of the testing that does not involve private exploits. | 13:26 |
| luis220413 | The Ubuntu Security Team may have access to private exploits. | 13:26 |
| ebarretto | luis220413, thanks! | 13:30 |
| ebarretto | luis220413, regarding https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779 could you also upload a debdiff? I checked your ppa and I see build failures, are you currently working on fixing those? | 13:39 |
| ubottu | Launchpad bug 1970779 in wpewebkit (Ubuntu Jammy) "Upgrade to 2.36.4 for Focal, Impish and Jammy" [Undecided, New] | 13:39 |
| luis220413 | ebarretto: Please download the source packages from https://launchpad.net/~luis220413/+archive/ubuntu/security-updates/+packages. I asked a question about Launchpad itself on Launchpad regarding the build failures because they do not have logs. | 13:40 |
| luis220413 | I tried to upload the debdiffs but they were too large (around 200 MB). | 13:41 |
| ebarretto | luis220413, 200mb debdiffs are really hard to sponsor and validate | 13:43 |
| luis220413 | When I completed the patched packages I tried to upload the debdiffs several times but encountered timeout errors due to the size of the debdiffs (around 100-200 MB), and filed a bug on Launchpad itself (that was marked as Won't Fix) as described in 1970779. | 13:43 |
| luis220413 | ebarretto: A debdiff only with the security fixes would not fix compatibility issues with current websites. Many current websites only support the latest versions of browsers. | 13:43 |
| ebarretto | luis220413, but still a large debdiff like that can introduce many regressions, ABI and API incompatiblity. Causing more issues than gains | 13:45 |
| luis220413 | ebarretto: See comment #18 in the bug. The wpewebkit 2.x series have stable ABI and API. | 13:47 |
| ebarretto | luis220413, we still need to validate that in the debdiff has every piece of code needed, and nothing is missing. And that's not trivial in a 200mb debdiff | 13:48 |
| ebarretto | luis220413, your build should at least pass in all architectures before we continue this sponsoring | 13:48 |
| ebarretto | could you please investigate it? | 13:48 |
| luis220413 | I believe that should be investigated by the Launchpad team. I will upload a new version now. From the times of the previous builds of this package, the builds will take 1 to 10 hours. | 13:51 |
| ebarretto | luis220413, if it fails again let me know and I can ask the launchpad team to take a look | 13:52 |
| luis220413 | ebarretto: I will skip Impish because it will reach end-of-life tomorrow. | 13:54 |
| ebarretto | luis220413, yes, please skip it | 13:54 |
| luis220413 | ebarretto: Regarding the debdiffs you can ignore the upstream changes and only consider the changes in the Debian packaging tarball. | 14:00 |
| luis220413 | ebarretto: The new packages are building in my PPA | 14:03 |
| luis220413 | ebarretto: Next is bug 1980873 | 14:09 |
| ubottu | Bug 1980873 in chromium-browser (Ubuntu) "New release 103.0.5060.53 for Bionic" [High, Fix Committed] https://launchpad.net/bugs/1980873 | 14:09 |
| ebarretto | luis220413, thanks, I will try to keep a look at it, but feel free to let me know if it fails again and there's no log, so I can ask launchpad team's help | 14:09 |
| ebarretto | luis220413, 1980873 is already assigned to one of our colleagues, it will get done in the next days/weeks | 14:18 |
| === stoned is now known as Hash | ||
| === wbrawner9 is now known as wbrawner | ||
| === luis220413_ is now known as luis220413 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!