Page MenuHomePhabricator
Create Task
Maniphest T216384

Integrate Stretch 9.8 point update
Closed, ResolvedPublic
Actions

Description

The stretch 9.8 point release brings a number of bugfixes (including some security fixes):
https://lists.debian.org/debian-announce/2019/msg00001.html

Use this ticket to track the respective updates across the cluster. I've verified that all removed packages are not in use in our infrastructure.

  • base-files
  • c3p0
  • ca-certificates-java
  • cups
  • dnspython
  • erlang
  • glibc
  • gnupg2
  • intel-microcode -> T216802
  • libapache2-mod-perl2
  • libdatetime-timezone-perl
  • libemail-address-list-perl
  • libemail-address-perl
  • libssh
  • linux
  • pdns
  • pdns-recursor
  • postgresql-9.6
  • python-acme
  • python-josepy
  • ruby-rack
  • samba
  • twitter-bootstrap3
  • tzdata
  • uriparser

Details

SubjectRepoBranchLines +/-
docker: rebuild ci-stretch for debian/libc6 updateintegration/configmaster+22 -0
Customize query in gerrit

Related Objects

Event Timeline

MoritzMuehlenhoff created this task.Feb 18 2019, 8:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 18 2019, 8:28 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 9:21 AM

These packages are not used in our production infrastructure:

  • arc
  • astroml-addons
  • chkrootkit
  • compactheader
  • courier
  • debian-edu-config
  • debian-installer
  • debian-installer-netboot-images
  • debian-security-support
  • egg
  • espeakup
  • freerdp
  • ganeti-os-noop
  • gnulib
  • graphite-api
  • grokmirror
  • gvrng
  • ibus
  • icinga2
  • isort
  • jdupes
  • kmodpy
  • libb2
  • libgpod
  • linux-igd
  • lttng-modules
  • mistral
  • monkeysign
  • mpqc
  • nvidia-graphics-drivers
  • nvidia-modprobe
  • nvidia-persistenced
  • nvidia-settings
  • nvidia-xconfig
  • openni2
  • openvpn
  • parsedatetime
  • photocollage
  • postfix
  • postgrey
  • pylint-django
  • python-arpy
  • python-certbot
  • python-certbot-apache
  • python-certbot-nginx
  • python-hypothesis
  • pyzo
  • r-cran-readxl
  • rtkit
  • sl-modem
  • sogo-connector
  • sox
  • ssh-agent-filter
  • supercollider
  • sympa
  • uglifyjs
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 11:03 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 11:11 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 11:16 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 11:40 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 18 2019, 2:44 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 19 2019, 12:16 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 19 2019, 4:24 PM
Paladox subscribed.Feb 19 2019, 4:25 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 19 2019, 4:44 PM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 20 2019, 10:05 AM
MoritzMuehlenhoff updated the task description. (Show Details)Feb 22 2019, 9:13 AM
hashar subscribed.Feb 22 2019, 9:18 AM

May we update our base Docker container as well? Looking at docker-registry.wikimedia.org/wikimedia-stretch:latest (29397cdce9f7):

base-files/stable 9.9+deb9u8 amd64 [upgradable from: 9.9+deb9u6]
gpgv/stable 2.1.18-8~deb9u4 amd64 [upgradable from: 2.1.18-8~deb9u3]
libc-bin/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
libc6/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
libsystemd0/stable 232-25+deb9u9 amd64 [upgradable from: 232-25+deb9u8]
libudev1/stable 232-25+deb9u9 amd64 [upgradable from: 232-25+deb9u8]
multiarch-support/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
MoritzMuehlenhoff added a comment.Feb 22 2019, 2:20 PM
In T216384#4975063, @hashar wrote:

May we update our base Docker container as well? Looking at docker-registry.wikimedia.org/wikimedia-stretch:latest (29397cdce9f7):

Agreed, that makes sense, especially as glibc was updated in this point release.

MoritzMuehlenhoff updated the task description. (Show Details)Feb 25 2019, 2:38 PM
jbond updated the task description. (Show Details)Feb 25 2019, 4:05 PM
jbond updated the task description. (Show Details)
jbond updated the task description. (Show Details)Feb 27 2019, 11:24 AM
jbond updated the task description. (Show Details)Feb 27 2019, 11:30 AM
jbond triaged this task as Medium priority.Mar 4 2019, 7:47 PM
hashar added a comment.Mar 14 2019, 4:07 PM

Eventually we had HHVM segfault that started to be very problematic since last week at least (T216689). A stacktrace points at pthreads_create and the Debian changelog glibc_2.24-11+deb9u4 has:

  • Fix a use after free in pthread_create(). Closes: #916925.

So we would need a rebuild of docker-registry.wikimedia.org/wikimedia-stretch. After an apt update I get:

base-files/stable 9.9+deb9u8 amd64 [upgradable from: 9.9+deb9u6]
gpgv/stable 2.1.18-8~deb9u4 amd64 [upgradable from: 2.1.18-8~deb9u3]
libc-bin/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
libc6/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
libsystemd0/stable 232-25+deb9u9 amd64 [upgradable from: 232-25+deb9u8]
libudev1/stable 232-25+deb9u9 amd64 [upgradable from: 232-25+deb9u8]
multiarch-support/stable 2.24-11+deb9u4 amd64 [upgradable from: 2.24-11+deb9u3]
hashar mentioned this in T216689: Merge blocker: quibble-vendor-mysql-hhvm-docker in gate fails for most merges (exit status -11).Mar 14 2019, 4:13 PM
akosiaris subscribed.Mar 14 2019, 5:08 PM

Base images for jessie and stretch have been built and pushed to the docker registry.

gerritbot subscribed.Mar 14 2019, 8:29 PM

Change 496608 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] docker: rebuild ci-stretch for debian/libc6 update

https://gerrit.wikimedia.org/r/496608

gerritbot added a project: Patch-For-Review.Mar 14 2019, 8:29 PM
gerritbot added a comment.Mar 14 2019, 9:01 PM

Change 496608 merged by jenkins-bot:
[integration/config@master] docker: rebuild ci-stretch for debian/libc6 update

https://gerrit.wikimedia.org/r/496608

hashar unsubscribed.Mar 25 2019, 3:38 PM
MoritzMuehlenhoff updated the task description. (Show Details)Apr 16 2019, 10:49 AM
Maintenance_bot removed a project: Patch-For-Review.May 22 2019, 3:37 PM
MoritzMuehlenhoff updated the task description. (Show Details)Jun 19 2019, 10:25 AM
MoritzMuehlenhoff updated the task description. (Show Details)Jun 19 2019, 10:27 AM
MoritzMuehlenhoff updated the task description. (Show Details)Jul 11 2019, 10:14 AM
MoritzMuehlenhoff closed this task as Resolved.Jul 11 2019, 4:42 PM
MoritzMuehlenhoff claimed this task.
MoritzMuehlenhoff updated the task description. (Show Details)

All complete

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL