Your message dated Wed, 22 Jan 2014 09:52:32 +0000 with message-id <e1w5uu4-0004os...@franck.debian.org> and subject line Bug#735312: fixed in moodle 2.5.4-1 has caused the Debian Bug report #735312, regarding moodle: deletes files from packages libjs-yui-* to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 735312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735312 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: moodle Version: 2.5.3-3 Severity: serious Having libjs-yui-common and libjs-yui-common installed, an upgrade of moodle from 2.5.3-2 to -3 results in loss of a large number of files from these two packages. What I think happens here is that dpkg first sets the symlink of /usr/share/moodle/lib/yuilib/3.9.1/build to /usr/share/javascript/yui3, and then goes on to remove all the files from /u/s/m/lib/yuilib/3.9.1/build/ that are no longer contained in the new version of moodle. It *will* follow the symlink and this results in removal of these files from /usr/share/javascript/yui3 instead. This is perfectly reproducable for me: install -2, then upgrade to -3. dpkg -L libjs-yui3-common | while read f; do [ -e "$f" ] || echo "$f"; done will list a lot of missing files afterwards. Apart from being a policy violation this bug also cripples the functionality of moodle itself. My suggestion would be: 1. elide the dir removal from preinst 2. don't include the symlink in the package contents 3. remove the dir and create the symlink in the postinst When transplanting the dir removal code, remember that [ -d ... ] will return true for a symlink to a directory. br, -- Robert Bihlmeyer
--- End Message ---
--- Begin Message ---Source: moodle Source-Version: 2.5.4-1 We believe that the bug you reported is fixed in the latest version of moodle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 735...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated moodle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 21 Jan 2014 13:40:52 +0100 Source: moodle Binary: moodle Architecture: source all Version: 2.5.4-1 Distribution: unstable Urgency: medium Maintainer: Moodle Packaging Team <pkg-moodle-maintain...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: moodle - course management system for online learning Closes: 735312 Changes: moodle (2.5.4-1) unstable; urgency=medium . * New upstream release, fixing security issues: - MSA-14-0001 Config passwords visibility issue [CVE-2014-0008] - MSA-14-0002 Group constraints lacking in "login as" [CVE-2014-0009] - MSA-14-0003 CSRF vulnerability in profile fields [CVE-2014-0010] * Move /var/lib/moodle directory into package. * Revert back to bundled yui3. Unfortunately, version in Debian and of upstream are not compatible (closes: #735312). Checksums-Sha1: 018b67eb1ff59bf93e3d6c857c4de4386be05028 1679 moodle_2.5.4-1.dsc b0b23b88283782971df7948204fdcf73df743e74 32423521 moodle_2.5.4.orig.tar.gz 87c63a1f838dfdb7e4bc72752201366eff8cc080 23616 moodle_2.5.4-1.debian.tar.xz 881325d473a9c94fcde2aae78ee2ea7780126965 17230972 moodle_2.5.4-1_all.deb Checksums-Sha256: c75fcc78f771bb51b36063b28fac0a8ecb4dadcaca7d95efc4b88ebf3975ba08 1679 moodle_2.5.4-1.dsc dc40032aabe633d37466c1005e794363515bb207182f68255176642fe2018c66 32423521 moodle_2.5.4.orig.tar.gz 5ddded63e048d22db16a6d054027cac390704e55baa147b645fed8b8ee0271cc 23616 moodle_2.5.4-1.debian.tar.xz 1d48452eccf872dc3cb5fd465247a772957df1c1b042eb18767e665e62ecad3a 17230972 moodle_2.5.4-1_all.deb Files: 371eb937b3788c90507423c328f900bc 1679 web optional moodle_2.5.4-1.dsc af2bfef89792188a276a752084dacb01 32423521 web optional moodle_2.5.4.orig.tar.gz 83f5223d7e844753763dde6ff7f8ef5e 23616 web optional moodle_2.5.4-1.debian.tar.xz c52bb21f15b7381eaf9b318233906e42 17230972 web optional moodle_2.5.4-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJS35DmAAoJEFb2GnlAHawEMGMH/0NiR3dFwoBXSOvzuZ8ecrkY PQcG1iuvNG2OuQr2wns5QPEHSlUpih5jeRNcPhOpMa9i0vC4RipNaKAaqoVe88NM 9aQLxjFwrnvK46XYFjfMzBYG+JqKwP5yCTP8rIF/buGDf712XGUDISrsewDp5FIX ywI6JWKPgKeYXGVUL2HuhNjSm/wu5BQjgEUICXD9eb/iP9aBZ/enU34Kba8ag/YZ J0APtvdz0bJx5oJapmV/LFK5Qe/WfHVG/liJfX+SvG8hnVKIB4zPfTOZ2zwz18m9 Ghd4ntxHiJOKF1RPCGFm6egiTOIuqblro7CsNxecr31xjm256PJ9Ru/o7C1czKM= =+Otr -----END PGP SIGNATURE-----
--- End Message ---
