Project

General

Profile

Bug #744

Remove obsolete Buster packages

Added by Pierre-Louis Bonicoli 10 months ago. Updated 3 months ago.

Status:
In Progress
Priority:
Normal
Category:
System :: Base
Start date:
2021-11-24
Due date:
% Done:

0%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
Help Needed:
No

Description

From a security status mail received today:

Security report based on the bullseye release

*** Available security updates

CVE-2021-25219 In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21,...
  <https://security-tracker.debian.org/tracker/CVE-2021-25219>
  - libdns-export1104, libisc-export1100

root@orthos:~# apt policy libdns-export1104
libdns-export1104:
  Installed: 1:9.11.5.P4+dfsg-5.1+deb10u3
  Candidate: 1:9.11.5.P4+dfsg-5.1+deb10u3
  Version table:
 *** 1:9.11.5.P4+dfsg-5.1+deb10u3 100
        100 /var/lib/dpkg/status

According to the [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2021-25219) 1:9.11.5.P4+dfsg-5.1+deb10u5 is vulnerable. This package is buster only and should be removed.

I will remove every buster only (thanks to apt-forktracer).
  • ✅ Elwing
  • ❔ Jinta (libgcc1 gcc-8-base e2fslibs libcomerr2 multiarch-support linux-image-4.19.0-18-amd64)
  • ✅ Nicecity (libffi6 libnettle6 libgcc1 libapt-pkg5.0 libip4tc0 gcc-8-base libmpx2 e2fslibs libcomerr2 libreadline7 libapt-inst2.0 linux-headers-4.19.0-5-common cpp-8 libip6tc0 multiarch-support linux-image-4.19.0-18-amd64 libisl19 libhogweed4 linux-kbuild-4.19)
  • ✅ Orfeo (libgcc1 libgupnp-1.0-4 gcc-8-base e2fslibs libcomerr2 libreadline5 libgssdp-1.0-3 el-get linux-image-4.19.0-18-amd64)
  • ✅ Orthos (libapt-pkg5.0 libnettle6 libffi6 libprocps7 libjson-c3 libapt-inst2.0 gcc-8-base libip4tc0 libip6tc0 libhogweed4 perl-modules-5.28 libisc-export1100 libdns-export1104 linux-image-4.19.0-14-amd64
  • ✅ Thorfinn (libgcc1 libtexlua52 gcc-8-base e2fslibs libcomerr2 libbtparse1 el-get multiarch-support linux-image-4.19.0-18-amd64)
  • ✅ Toushirou (libgdbm3 libisc-export160 libhogweed4 echoping linux-image-4.19.0-18-amd64 multiarch-support libip6tc0 libprocps6 libapt-inst2.0 libreadline7 libcomerr2 e2fslibs gcc-8-base libip4tc0 liblogging-stdlog0 linux-image-4.9.0-6-amd64 ttf-dejavu-core libapt-pkg5.0 libgcc1 libunistring0 libnettle6 libffi6 libcryptsetup4)
There are some packages not upgraded to bullseyes:
  • molly-guard: ✅ 0.7.2.0 is now used instead of 0.7.2.0~buster on every host
  • rspamd: this package is upgraded manually, the upgrade requires to perform some manual checks
There are some used packages without any bullseyes version:
  • incron: ❔
Marc Dequènes on Jinta, could these packages be removed:
  • dict-freedict-all It looks like there isn't a dict meta package anymore ? Should we update a playbook in order to ensure all other dict packages are installed ?
  • dict-moby-thesaurus, dict-bouvier, dict-gazetteer2k

History

#1

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
  • Status changed from New to In Progress
#2

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#3

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#4

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#5

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#6

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
  • Status changed from In Progress to Rejected
#7

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
  • Status changed from Rejected to In Progress
#8

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#9

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#10

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#11

Updated by Pierre-Louis Bonicoli 10 months ago

  • Description updated (diff)
#12

Updated by Marc Dequènes 3 months ago

Quack,

I upgraded rspamd to bullseye but forgot to update this ticket.

incron is only used for handling package uploads in our Debian repository. I'm fine with replacing it but I have no idea what alternatives are out there.

As for dict-freedict-all it was removed, let's list deps we use most as you suggested. I'm fine with removing the other packages as they are most surely unmaintained upstream anyway.

Also available in: Atom PDF