[Bug 1920724] Re: Upgrade focal/libjcat to version 0.1.3-2 and MIR it

Ɓukasz Zemczak 1920724 at bugs.launchpad.net
Tue Jul 20 14:47:30 UTC 2021 

Ok, when I started writing this comment I actually changed my mind. So
orignally I thought we should just cherry-pick the fix, but seeing that
we now ACTUALLY have jcat in main (probably because of fwupd?), maybe we
should just backport 0.1.3-2 and get it promoted.

That being said, I think the security team needs to chip in here. Since
this is a security fix, I think they are the ones deciding in the end.
Could we get someone from security for this one?

That being said, how is actually libjcat used by fwupd? I tried running
reverse depends on both impish and focal for jcat and saw no dependency.
Will we need to have it in main? If yes, if we backport the 0.1.3
version, we could just promote it into main as-is probably (after a
quick dependency check etc.).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libjcat in Ubuntu.
https://bugs.launchpad.net/bugs/1920724

Title:
  Upgrade focal/libjcat to version 0.1.3-2 and MIR it

Status in OEM Priority Project:
  In Progress
Status in libjcat package in Ubuntu:
  Fix Released
Status in libjcat source package in Focal:
  New

Bug description:
  [Impact]
  Needed for fwupd 1.5.11

  [Test plan]
  It has a test suite and fwupd uses it, so testing fwupd tests it to some extend

  [Where problems could occur]
  fwupd could break on regressions. Then again, this is a straight backport and it's fairly small.

  [Original report]

  per lp:1920723, we need to upgrade focal/lib cat to version 0.1.3-2
  (as in groovy/hirsute/impish) from version 0.1.0-2.

  libjcat in focal is in universe, we need to MIR it.

  ppa for upgrade libjcat in focal: https://launchpad.net/~ycheng-
  twn/+archive/ubuntu/fwupd1511

  [Availability]
  yes, it's in ubuntu universe.

  [Rationale]
  Given lp:1920723, we need to MIR it in focal.

  [Quality assurance]
  [Security]
  [Standards compliance]
  [Maintenance]

  Given it's in main in hirsute / groovy already, it's fine.

  [Dependencies]

  Per check, the dependency in groovy is exactly the same as in focal.

  [Background information]

  See details in lp:1934209

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1920724/+subscriptions

More information about the foundations-bugs mailing list