On 10/5/10 3:27 PM, Jesse Keating wrote: > As you might be aware, there was a period of roughly two weeks where a > gcc build (gcc-4.5.1-3.fc14) in the buildroots for both Fedora 14 and > Fedora 15. Items built with this could have undefined behavior, which > could lead to data corruption. > > Unfortunately I'm told that it is impossible to look at a generated > binary and detect whether or not the binary would be effected by this > bug. The only reliable way to tell would be to re-create the build > environment exactly, except replace GCC with one that will detect the > error scenario and print something. As this is a significant amount of > work, I decided instead to just rebuild the potential problem builds. > > I detected all the "latest" builds of packages that had gcc-4.5.1-3.fc14 > in the buildroot, and then further narrowed it down to things which > require rtld(GNU_HASH) to find the things that actually used gcc (since > gcc gets thrown in every buildroot anyway). > > For Fedora 15 this was a simple task. Just find the packages where the > latest build is "bad", bump it and rebuild it. End of story. This work > is already done (except that a few have failed, and I need to follow up > on those). > > For Fedora 14 the matter is much more complicated. Builds are spread > out across 3 main tags, dist-f14, dist-f14-updates-testing, and > dist-f14-updates-candidate. > > dist-f14 is things that have made it through bodhi as stable. > > dist-f14-updates-testing is for things which are currently in > updates-testing > > dist-f14-updates-candidate is for things which could potentially become > an update should the maintainer decide. > > To handle the F14 scene I've come up with this strategy: > * For things tagged in dist-f14 and no newer build elsewhere, do a bump, > build and tag directly into dist-f14. While there is some risk of > breakage, it is quite minimal and with discussion from QA we are willing > to take that chance. This work is ongoing. > > * For things tagged in dist-f14-updates-testing, do a bump, build and > then edit the bodhi ticket to add the new build, and re-push to > updates-testing. This work will begin soon. > > * for things tagged in dist-f14-updates-candidate, do a bump and build. > Then look for an open bodhi ticket for that package, adjusting as > needed. If no bodhi ticket is found, do not create a new one, just > leave the build as is. This work will begin soon. > > Using this strategy we should be able to replace potentially bad builds > with corrected ones wherever they might have been published (barring the > failed builds). This message is mostly a heads up as to what's happening. Now that F14 has shipped and other emergencies have been dealt with, I got back into this task. Unfortunately as time has gone on, there is now builds in dist-f14-updates to deal with as well as dist-f14, so I wanted to ping the list before I continue. I've identified a number of published builds that are still potentially broken in the F14 family, and have fixed builds for many of them. The real question is what to do with things in dist-f14 or dist-f14-updates that are potentially bad. What we did with the first round was to just tag the rebuilds on top of the previous build, if nothing else had changed. This was deemed safe enough to bypass updates-testing. That was pre-release though, we're not post-release, does this thought still stand? We could tag things directly into dist-f14-updates, bypassing bodhi or we could create new bodhi update requests for each item and either get karma or wait for the timeout. We're talking about 72 update requests that could be filed right now. There are also a few packages where a "fixed" build doesn't exist yet due to errors. Those need closer examination. Finally we have some builds that are in -testing that are potentially bad. I've replaced those with good builds and re-sent them back to -testing, the maintainer can choose to push them stable at will. Here is a list of the current known potentially bad builds and what action could be or has been taken: wireshark - Update pending wildmidi - my rebuild can be tagged usermode - my build can be tagged tigervnc - my build can be tagged tecnoballz - my build can be tagged tar - Update in testing syncevolution - update in testing spamass-milter - my build can be tagged shiboken - my build can be tagged rtpproxy - my build can be tagged raul - my build can be tagged python-storm - my build can be tagged python-crypto - my build can be tagged python - potential update in -candidate; pinged dmalcolm pycryptopp - my build can be tagged. pspp - my build can be tagged plee-the-bear - my build can be tagged perl-Text-Hunspell - my build can be tagged openchange - my build can be tagged nxtrc - my build can be tagged nasm - update in testing mutter-moblin - my build can be tagged (and tag into dist-f15) mutt - my build can be tagged moblin-panel-status - my build can be tagged moblin-panel-people - my build can be tagged moblin-panel-myzone - my build can be tagged moblin-panel-applications - my build can be tagged minicom - my build can be tagged midori - my build can be tagged meego-panel-datetime - update in testing matahari - my build can be tagged libvte-java - spots build can be tagged libunicapgtk - my build can be tagged libselinux - update in testing libpst - my build can be tagged libnxt - my build can be tagged libnfc - my build can be tagged libmutil - my build can be tagged liblastfm - my build can be tagged libgtk-java - no build libgnome-java - no build libglade-java - no build libclaw - my build can be tagged libass - my build can be tagged lensfun - my build can be tagged ledger - my build can be tagged koffice - my build can be tagged jana - my build can be tagged jack_capture - my build can be tagged gtk+extra - my build can be tagged gstreamer-plugins-bad-free - my build can be tagged gridsite - my build can be tagged gretl - update in testing gnustep-examples - my build can be tagged glib-java - my build can be tagged ghostscript - update in candidate, ping owner ghc-terminfo - my build can be tagged ghc-pango - my build can be tagged ghc-gio - no build ghc-Boolean - my build can be tagged generatorrunner - my build can be tagged gedit-vala - my build can be tagged gcc - update in -candidate, ping jakub gappa - my build can be tagged fuse-convmvfs - my build can be tagged frepple - my build can be tagged folks - my build can be tagged flowcanvas - my build can be tagged elfutils - my build can be tagged dssi - my build can be tagged dspam - my build can be tagged contacts - my build can be tagged clutter-gtk - fixed build in updates clutter - my build can be tagged chktex - my build can be tagged celt - my build can be tagged ccache - my build can be tagged calf - my build can be tagged bluefish - update in testing awn-extras-applets - my build can be tagged avr-gcc - my build can be tagged atanks - my build can be tagged apiextractor - my build can be tagged apcupsd - my build can be tagged R-ROC - my build can be tagged http-parser - my build can be tagged libeio - my build can be tagged setuptool - my build can be tagged mailman - update in testing ldc - removed from updates-testing igraph - update in testing busybox - update in testing -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
