I now used the process outlined by Seth above to produce yet another Ubuntu security backport of 5.5.37. Instead of attaching the 21 MB debdiff file, I have now attached a diff that only has the debian/* contents.
Steps for you to apply this patch: - apt-get source mariadb-server - on Trusty will download and unpack 5.5.36-1 - download ftp://ftp.osuosl.org/pub/mariadb/mariadb-5.5.37/source/mariadb-5.5.37.tar.gz, rename it to .orig.tar.gz and check that the sha256sum matches a0faf492b3595d938684ed701812a4bd5aaab395b8402efe3322338a80fb3c9c - unpack mariadb-5.5_5.5.37.orig.tar.gz as a new upstream directory - unpack mariadb-5.5_5.5.36-1.debian.tar.xz and use contents to replace the new upstream debian/* At this point you should have the equivalent of a pure orig.tar.gz upgrade. Then continue with - review attached patch mariadb-5.5_5.5.36-1_5.5.37-0ubuntu0.14.04.1-debian-dirs.diff - use attached patch to patch debian/* - apply patches from debian/patches/* with 'quilt push -a' - build and ship Please notify me where you build the final packages and where the build log are viewable, so that I can check them just to make sure everything went OK. If you want to test the trusty amd64 binaries directly, add these lines to your sources.list: deb http://labs.seravo.fi/~otto/mariadb-repo/ 5.5.37-0ubuntu0.14.04.1/ deb-src http://labs.seravo.fi/~otto/mariadb-repo/ 5.5.37-0ubuntu0.14.04.1/ The complete debdiff and other files are available for download from the file listing at http://labs.seravo.fi/~otto/mariadb- repo/5.5.37-0ubuntu0.14.04.1/ Regarding upstream signatures - I just filed https://mariadb.atlassian.net/browse/MDEV-6205 where I request them to publish .asc files next to their tar.gz source releases. I hope this fulfills all your requirements so that you can land this security update. Please let me know if you need something more. ** Patch added: "mariadb-5.5_5.5.36-1_5.5.37-0ubuntu0.14.04.1-debian-dirs.diff" https://bugs.launchpad.net/ubuntu/+source/mariadb-5.5/+bug/1313187/+attachment/4103684/+files/mariadb-5.5_5.5.36-1_5.5.37-0ubuntu0.14.04.1-debian-dirs.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1313187 Title: USN-2170-1: MySQL vulnerabilities also applies to MariaDB To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mariadb-5.5/+bug/1313187/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
