Debian Bug report logs - #782505
libxrender1: dist-upgrade breaks on multiarch due to conflict on changelog.Debian.gz

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Matthew Toseland <matthew@toselandcs.co.uk>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libxrender1: dist-upgrade breaks on multiarch due to conflict on changelog.Debian.gz

Date: Mon, 13 Apr 2015 12:34:32 +0100

Package: libxrender1
Version: 1:0.9.7-1+deb7u1+b1
Severity: important

Dear Maintainer,

I attempted to upgrade a (wheezy) system on which both the i386 and amd64
versions of libxrender1 were installed. It failed, apparently the same shared
file (the changelog) has different contents in *the same version of* the 
package on the 2 archs.

Please fix this, as dist-upgrade should not fail on a stable install. Really it should have been picked up automatically...

# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libxrender1 libxrender1:i386
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 65.4 kB of archives.
After this operation, 31.7 kB disk space will be freed.
Do you want to continue [Y/n]? 
Get:1 http://security.debian.org/ wheezy/updates/main libxrender1 i386 1:0.9.7-1+deb7u1+b1 [32.6 kB]
Get:2 http://security.debian.org/ wheezy/updates/main libxrender1 amd64 1:0.9.7-1+deb7u1+b1 [32.8 kB]
Fetched 65.4 kB in 0s (160 kB/s)      
Reading changelogs... Done
(Reading database ... 213397 files and directories currently installed.)
Preparing to replace libxrender1:i386 1:0.9.7-1+deb7u1 (using .../libxrender1_1%3a0.9.7-1+deb7u1+b1_i386.deb) ...
De-configuring libxrender1:amd64 ...
Unpacking replacement libxrender1:i386 ...
Preparing to replace libxrender1:amd64 1:0.9.7-1+deb7u1 (using .../libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb) ...
Unpacking replacement libxrender1:amd64 ...
dpkg: error processing /var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb (--unpack):
 trying to overwrite shared '/usr/share/doc/libxrender1/changelog.Debian.gz', which is different from other instances of package libxrender1:amd64
Errors were encountered while processing:
 /var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Message #10 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Bas van der Vlies <bas.vandervlies@surfsara.nl>

To: 782505@bugs.debian.org

Subject: libxrender

Date: Mon, 13 Apr 2015 14:24:33 +0200

This is an serious bug. we just hit this on our clusters and receive a lot of errors. We rebuild the security package and delete the offending files and put it in our local debian repository. So we can update the package in our systems. This security fix for stable should not have been released.

regards
---
Bas van der Vlies
| Operations, Support & Development | SURFsara | Science Park 140 | 1098 XG  Amsterdam
| T +31 (0) 20 800 1300  | bas.vandervlies@surfsara.nl | www.surfsara.nl |

Message #17 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Carlos Rodrigues <cvrodrigues@gmail.com>

To: 782505@bugs.debian.org

Subject: Re: libxrender1: dist-upgrade breaks on multiarch due to conflict on changelog.Debian.gz

Date: Mon, 13 Apr 2015 15:24:07 +0100

[Message part 1 (text/plain, inline)]

To anyone who prefers to revert the packages to the previous version (
*1:0.9.7-1+deb7u1*) and wait until these issues are fixed, one may do the
following:


1. Identify which packages were marked for installation together with
*libxrender1:i386* and *libxrender1:amd64*. In my case these were:

dpkg -l libx11-6 libx11-data libx11-dev libx11-doc libx11-xcb-dev
libx11-xcb1 libxrender-dev libxrender1

||/ Name                    Version             Architecture
+++-=======================-===================-============
ii  libx11-6:amd64          2:1.5.0-1+deb7u2    amd64
ii  libx11-6:i386           2:1.5.0-1+deb7u2    i386
iU  libx11-data             2:1.5.0-1+deb7u2    all
ii  libx11-dev:amd64        2:1.5.0-1+deb7u2    amd64
ii  libx11-dev:i386         2:1.5.0-1+deb7u2    i386
iU  libx11-doc              2:1.5.0-1+deb7u2    all
iU  libx11-xcb-dev          2:1.5.0-1+deb7u2    amd64
ii  libx11-xcb1:amd64       2:1.5.0-1+deb7u2    amd64
ii  libx11-xcb1:i386        2:1.5.0-1+deb7u2    i386
iU  libxrender-dev:amd64    1:0.9.7-1+deb7u1+b1 amd64
ii  libxrender1:amd64       1:0.9.7-1+deb7u1+b1 amd64
iU  libxrender1:i386        1:0.9.7-1+deb7u1+b1 i386



2. Downgrade packages to previous version (*1:0.9.7-1+deb7u1* and
*2:1.5.0-1+deb7u1*).

apt-get install \
        libxrender1=1:0.9.7-1+deb7u1 \
        libxrender1:i386=1:0.9.7-1+deb7u1 \
        libxrender-dev=1:0.9.7-1+deb7u1 \
        libx11-xcb1=2:1.5.0-1+deb7u1 \
        libx11-xcb1:i386=2:1.5.0-1+deb7u1 \
        libx11-xcb-dev=2:1.5.0-1+deb7u1 \
        libx11-doc=2:1.5.0-1+deb7u1 \
        libx11-dev:i386=2:1.5.0-1+deb7u1 \
        libx11-dev=2:1.5.0-1+deb7u1 \
        libx11-data=2:1.5.0-1+deb7u1 \
        libx11-6:i386=2:1.5.0-1+deb7u1 \
        libx11-6=2:1.5.0-1+deb7u1



Eventually this will yield a similar error, e.g.:

Preparing to replace libxrender1:i386 1:0.9.7-1+deb7u1+b1 (using
.../libxrender1_1%3a0.9.7-1+deb7u1_i386.deb) ...
Unpacking replacement libxrender1:i386 ...
dpkg: error processing
/var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1_i386.deb (--unpack):
 trying to overwrite shared
'/usr/share/doc/libxrender1/changelog.Debian.gz', which is different from
other instances of package libxrender1:i386



3. Prevent the installation of file *changelog.Debian.gz* by excluding it.

sudo dpkg --path-exclude=/usr/share/doc/libxrender1/changelog.Debian.gz -i
/var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1_i386.deb



4. Repeat the downgrade command (point 2).

apt-get install \
        libxrender1=1:0.9.7-1+deb7u1 \
        libxrender1:i386=1:0.9.7-1+deb7u1 \
        libxrender-dev=1:0.9.7-1+deb7u1 \
        libx11-xcb1=2:1.5.0-1+deb7u1 \
        libx11-xcb1:i386=2:1.5.0-1+deb7u1 \
        libx11-xcb-dev=2:1.5.0-1+deb7u1 \
        libx11-doc=2:1.5.0-1+deb7u1 \
        libx11-dev:i386=2:1.5.0-1+deb7u1 \
        libx11-dev=2:1.5.0-1+deb7u1 \
        libx11-data=2:1.5.0-1+deb7u1 \
        libx11-6:i386=2:1.5.0-1+deb7u1 \
        libx11-6=2:1.5.0-1+deb7u1


Best regards


On Mon, 13 Apr 2015 12:34:32 +0100 Matthew Toseland <
matthew@toselandcs.co.uk> wrote:
> Package: libxrender1
> Version: 1:0.9.7-1+deb7u1+b1
> Severity: important
>
> Dear Maintainer,
>
> I attempted to upgrade a (wheezy) system on which both the i386 and amd64
> versions of libxrender1 were installed. It failed, apparently the same
shared
> file (the changelog) has different contents in *the same version of* the
> package on the 2 archs.
>
> Please fix this, as dist-upgrade should not fail on a stable install.
Really it should have been picked up automatically...
>
> # apt-get dist-upgrade
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... Done
> The following packages will be upgraded:
>   libxrender1 libxrender1:i386
> 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 65.4 kB of archives.
> After this operation, 31.7 kB disk space will be freed.
> Do you want to continue [Y/n]?
> Get:1 http://security.debian.org/ wheezy/updates/main libxrender1 i386
1:0.9.7-1+deb7u1+b1 [32.6 kB]
> Get:2 http://security.debian.org/ wheezy/updates/main libxrender1 amd64
1:0.9.7-1+deb7u1+b1 [32.8 kB]
> Fetched 65.4 kB in 0s (160 kB/s)
> Reading changelogs... Done
> (Reading database ... 213397 files and directories currently installed.)
> Preparing to replace libxrender1:i386 1:0.9.7-1+deb7u1 (using
.../libxrender1_1%3a0.9.7-1+deb7u1+b1_i386.deb) ...
> De-configuring libxrender1:amd64 ...
> Unpacking replacement libxrender1:i386 ...
> Preparing to replace libxrender1:amd64 1:0.9.7-1+deb7u1 (using
.../libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb) ...
> Unpacking replacement libxrender1:amd64 ...
> dpkg: error processing
/var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb
(--unpack):
>  trying to overwrite shared
'/usr/share/doc/libxrender1/changelog.Debian.gz', which is different from
other instances of package libxrender1:amd64
> Errors were encountered while processing:
>  /var/cache/apt/archives/libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb
> E: Sub-process /usr/bin/dpkg returned an error code (1)
>
> -- System Information:
> Debian Release: 7.8
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
>

[Message part 2 (text/html, inline)]

Message #22 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Peter Lebbing <peter@digitalbrains.com>

To: "Debian Bug Tracking System changelog.Debian.gz" <782505@bugs.debian.org>

Subject: Re: libxrender1: dist-upgrade breaks on multiarch due to conflict on

Date: Mon, 13 Apr 2015 16:57:32 +0200

Package: libxrender1
Version: 1:0.9.7-1+deb7u1+b1
Followup-For: Bug #782505

I reported the bug in parallel with this bug report, and the reports got
merged. In my bug report, I indicated a temporary measure to actually
install the new version with its security fix, but now that the bugs are
merged you don't see that anymore.

So here's my suggestion to get your system back in a good state, with
the update installed:

> For now, I've resolved the situation on my machine as follows:
> 
> # cd /var/cache/apt/archives
> # ls libxrender1_1%3a0.9.7-1+deb7u1+b1_*.deb
> libxrender1_1%3a0.9.7-1+deb7u1+b1_amd64.deb
> libxrender1_1%3a0.9.7-1+deb7u1+b1_i386.deb
> # dpkg --force-overwrite -i libxrender1_1%3a0.9.7-1+deb7u1+b1_*.deb
> 
> I'm including this information for other users looking at this bug report
> and wishing to have a quick solution. Do this only after the failed upgrade
> (which downloads the files to /var/cache/apt/archives and verifies the
> signature on the download) and checking that the '*' in the globbing pattern
> indeed only matches the two wanted files (I had already determined that, I 
> didn't actually do the 'ls' command).

HTH,

Peter.

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libxrender1 depends on:
ii  libc6              2.13-38+deb7u8
ii  libx11-6           2:1.5.0-1+deb7u2
ii  multiarch-support  2.13-38+deb7u8

libxrender1 recommends no packages.

libxrender1 suggests no packages.

-- no debconf information

Message #27 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Ingo <alf.debianfan@gmx.de>

To: 782505@bugs.debian.org

Subject: Workaround to prevent installation of the broken packages

Date: Mon, 13 Apr 2015 20:13:42 +0200

Just prevent installation by apt-pinning:

/etc/apt/preferences

Package: libxrender*
Pin: version 1:0.9.7-1+deb7u1+b1
Pin-Priority: -1

Hope it gets fixed soon.

Message #32 received at 782505@bugs.debian.org (full text, mbox, reply):

From: John Pinder <jpinder.ext@gmail.com>

To: 782505@bugs.debian.org

Subject: libxrender1: dist-upgrade breaks on multiarch due to conflict on changelog.Debian.gz

Date: Mon, 13 Apr 2015 12:32:45 -0700

I've encountered the same problem.  Wheezy AMD64 update fails with message:

"trying to overwrite shared
'/usr/share/doc/libxrender1/changelog.Debian.gz', which is different
from other instances of package libxrender1"

Message #47 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Anthony DeRobertis <aderobertis@metrics.net>

To: security@debian.org

Cc: 782505@bugs.debian.org

Subject: Also, was the libxrender update really built in 2013?

Date: Tue, 14 Apr 2015 14:32:24 -0400

The changelog entry, at least for i386, gives 14 May *2013* as the date. 
Weird a security update got delayed that long, but also concerning is 
that the libx11 changelog gives 11 Apr *2015*.

If those dates are correct, then it'd appear that xrender was /not/ 
built against the fixed libx11, meaning it doesn't really include the 
CVE-2013-7439 fix.

Message #52 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>

To: Anthony DeRobertis <aderobertis@metrics.net>

Cc: security@debian.org, 782505@bugs.debian.org

Subject: Re: Also, was the libxrender update really built in 2013?

Date: Tue, 14 Apr 2015 21:30:17 +0200

[Message part 1 (text/plain, inline)]

On mar., 2015-04-14 at 14:32 -0400, Anthony DeRobertis wrote:
> The changelog entry, at least for i386, gives 14 May *2013* as the date. 
> Weird a security update got delayed that long, but also concerning is 
> that the libx11 changelog gives 11 Apr *2015*.
> 
> If those dates are correct, then it'd appear that xrender was /not/ 
> built against the fixed libx11, meaning it doesn't really include the 
> CVE-2013-7439 fix.

If you take a torough look, the changelog entry date is *the exact same*
as the previous changelog entry. It does look weird, but it's the same
on other binNMus.

Regards,
-- 
Yves-Alexis

[signature.asc (application/pgp-signature, inline)]

Message #57 received at 782505-close@bugs.debian.org (full text, mbox, reply):

From: Sebastien Delafond <seb@debian.org>

To: 782505-close@bugs.debian.org

Subject: Bug#782505: fixed in libxrender 1:0.9.7-1+deb7u2

Date: Fri, 17 Apr 2015 19:17:05 +0000

Source: libxrender
Source-Version: 1:0.9.7-1+deb7u2

We believe that the bug you reported is fixed in the latest version of
libxrender, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 782505@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <seb@debian.org> (supplier of updated libxrender package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 13 Apr 2015 18:29:02 +0200
Source: libxrender
Binary: libxrender1 libxrender1-udeb libxrender1-dbg libxrender-dev
Architecture: source amd64
Version: 1:0.9.7-1+deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Sebastien Delafond <seb@debian.org>
Description: 
 libxrender-dev - X Rendering Extension client library (development files)
 libxrender1 - X Rendering Extension client library
 libxrender1-dbg - X Rendering Extension client library (unstripped)
 libxrender1-udeb - X Rendering Extension client library (udeb)
Closes: 782505
Changes: 
 libxrender (1:0.9.7-1+deb7u2) wheezy-security; urgency=medium
 .
   * Tighten build dependency on libx11-dev (Closes: #782505)
Checksums-Sha1: 
 554fadb43a94639eecef6adb1d73a4e76e094b75 1830 libxrender_0.9.7-1+deb7u2.dsc
 0fae83b3f470dd59f1b7dabe8f8bac117d867a72 20704 libxrender_0.9.7-1+deb7u2.diff.gz
 9cf9611c03529d3574cdf23ab6de68068b3e1a97 32946 libxrender1_0.9.7-1+deb7u2_amd64.deb
 15ccec2ebe11afb5c3ff6ecc50cfbcd775df232b 14868 libxrender1-udeb_0.9.7-1+deb7u2_amd64.udeb
 4ac0903a2a4f7744bd57eee04a0ceed63f013b85 137346 libxrender1-dbg_0.9.7-1+deb7u2_amd64.deb
 f39eec5eb60d3f511ded1b564c13ed8c190f0034 41712 libxrender-dev_0.9.7-1+deb7u2_amd64.deb
Checksums-Sha256: 
 0673e0fddca45aad9650c77f64de4d39e8298451b8ba149d2b5993f36f6cf88f 1830 libxrender_0.9.7-1+deb7u2.dsc
 05649c467b6b5e35b27adc17572586f6fc588e6a39f307b80b2d01273740c997 20704 libxrender_0.9.7-1+deb7u2.diff.gz
 e2ecbf1e42d0473fb9fae20b203ee21ffc00400ee9c83c27403a48f48b20580c 32946 libxrender1_0.9.7-1+deb7u2_amd64.deb
 7e3f4b0a67fee2340d63c25150c266d73d37d4354087360b9e90f0248b44dddf 14868 libxrender1-udeb_0.9.7-1+deb7u2_amd64.udeb
 7a62706e18ac21e560ce01c64331169da44bd62359203131bcf1ec813771917d 137346 libxrender1-dbg_0.9.7-1+deb7u2_amd64.deb
 66b094e5f973e45ae25b23af457dabaedd4dd78909a6a97e8268f965a199c7f2 41712 libxrender-dev_0.9.7-1+deb7u2_amd64.deb
Files: 
 acf1c487168f55a38065605eadfd91e7 1830 x11 optional libxrender_0.9.7-1+deb7u2.dsc
 6c52879810e4307fb8215d6a7972b49d 20704 x11 optional libxrender_0.9.7-1+deb7u2.diff.gz
 4b425e5a08d37a838093cd8c23010f3a 32946 libs optional libxrender1_0.9.7-1+deb7u2_amd64.deb
 b21dd5dd33282c1b981677c38476da12 14868 debian-installer optional libxrender1-udeb_0.9.7-1+deb7u2_amd64.udeb
 923749bf84859f9dcdb23b0acdf76c3c 137346 debug extra libxrender1-dbg_0.9.7-1+deb7u2_amd64.deb
 9e30efddbcc4d73afe0994d023eb0627 41712 libdevel optional libxrender-dev_0.9.7-1+deb7u2_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBCAAGBQJVLB5DAAoJEBC+iYPz1Z1kph0IAMUfzI5+KjQCLdLRRWruxnJa
eSLCgc65QTqAiR2W/91HSosfzC/idSrq4ATGC6aNXtdqVS0UBPYyiw9I+uSyD4kD
DM6iN956s7TTRNJhE2KGN97xh7RXEiAlmrrvrZgeVkv9uz7vAncmWYCs1a4dqBz8
xSWCRlnz6ocPXrDlqdLLF+0CG9Nsyb8KgMnxNqBdyP2JyPOWUAPm1wxNlwisIQhf
Di5jnpuMbjsY0Jejy4wxD8iTJIDDplvg/b+OpqiKVk+m9YVOm9AXmV6fSYnDop34
9WlZ7E6PtGX7xUlrzSSfdMYdH0UDljFghjj+/PUnTQpS7I5N14MFXQJfckIPXi4=
=Jv9j
-----END PGP SIGNATURE-----

Message #74 received at 782505@bugs.debian.org (full text, mbox, reply):

From: MAUBON Renaud NEURONES IT <renaud.maubon@cea.fr>

To: 782505@bugs.debian.org

Date: Mon, 20 Apr 2015 10:35:25 +0200

-- 

----
Renaud MAUBON
Service Infogérance
CEA Cadarache - Bat 205
13115 St Paul Lez Durance
Tel : 04.42.25.44.30
Mail : renaud.maubon@cea.fr

Message #79 received at 782505@bugs.debian.org (full text, mbox, reply):

From: MAUBON Renaud NEURONES IT <renaud.maubon@cea.fr>

To: 782505@bugs.debian.org

Date: Mon, 20 Apr 2015 13:08:39 +0200

-- 

----
Renaud MAUBON
Service Infogérance
CEA Cadarache - Bat 205
13115 St Paul Lez Durance
Tel : 04.42.25.44.30
Mail : renaud.maubon@cea.fr

Message #84 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Toomas Tamm <tt-deb@kky.ttu.ee>

To: 782505@bugs.debian.org

Subject: libxrender1 still blocks *all* security updates on affected systems

Date: Tue, 28 Apr 2015 18:11:30 +0300

As of 28-apr-2015 (11 days after the bug was claimed fixed), on systems
where both 32- and 64-bit libxrender1 is installed, all upgrades
remain blocked due to this bug. For example, the kernel security fix
of 27-apr-2015 does not get installed on affected systems.

---- Affected system: ----

# apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
You might want to run 'apt-get -f install' to correct these.
The following packages have unmet dependencies:
 libxrender1 : Breaks: libxrender1:i386 (!= 1:0.9.7-1+deb7u1) but 1:0.9.7-1+deb7u1+b1 is installed
 libxrender1:i386 : Breaks: libxrender1 (!= 1:0.9.7-1+deb7u1+b1) but 1:0.9.7-1+deb7u1 is installed
E: Unmet dependencies. Try using -f.

---- Unaffected system: ----

# apt-get upgrade
Reading package lists...
Building dependency tree...
Reading state information...
The following packages will be upgraded:
  linux-headers-3.2.0-4-amd64 linux-headers-3.2.0-4-common
  linux-image-3.2.0-4-amd64 linux-libc-dev
4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 28.5 MB of archives.
After this operation, 9,490 kB of additional disk space will be used.
[snip]

IMO this deserves "grave" classification and appropriate handling
because unrelated software is affected and security fixes do not get
installed.

If manual intervention is needed, please provide appropriate
instructions at bugs.debian.org.

Regards,

Toomas Tamm
Estonia

Message #89 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: Toomas Tamm <tt-deb@kky.ttu.ee>, 782505@bugs.debian.org

Subject: Re: Bug#782505: libxrender1 still blocks *all* security updates on affected systems

Date: Tue, 28 Apr 2015 18:38:24 +0200

[Message part 1 (text/plain, inline)]

On Tue, Apr 28, 2015 at 18:11:30 +0300, Toomas Tamm wrote:

> As of 28-apr-2015 (11 days after the bug was claimed fixed), on systems
> where both 32- and 64-bit libxrender1 is installed, all upgrades
> remain blocked due to this bug. For example, the kernel security fix
> of 27-apr-2015 does not get installed on affected systems.
> 
> ---- Affected system: ----
> 
> # apt-get upgrade
> Reading package lists... Done
> Building dependency tree       
> Reading state information... Done
> You might want to run 'apt-get -f install' to correct these.
> The following packages have unmet dependencies:
>  libxrender1 : Breaks: libxrender1:i386 (!= 1:0.9.7-1+deb7u1) but 1:0.9.7-1+deb7u1+b1 is installed
>  libxrender1:i386 : Breaks: libxrender1 (!= 1:0.9.7-1+deb7u1+b1) but 1:0.9.7-1+deb7u1 is installed
> E: Unmet dependencies. Try using -f.
> 
Did you read that error message?  "apt-get -f install" should fix it...

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #94 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Toomas Tamm <tt-deb@kky.ttu.ee>

To: Julien Cristau <jcristau@debian.org>

Cc: 782505@bugs.debian.org

Subject: Re: Bug#782505: libxrender1 still blocks *all* security updates on affected systems

Date: Wed, 29 Apr 2015 11:00:47 +0300

On Tue, Apr 28, 2015 at 06:38:24PM +0200, Julien Cristau wrote:

> Did you read that error message?  "apt-get -f install" should fix it...

If it were a single computer, it would be trivial indeed. However,
issuing "apt-get -f install" on a large number of remotely managed
systems (which is the case here) sounds like a risky proposition.
Looks like I need to take the risk...

Besides, has it been tested with various automated update methods? I
think even apt-get comes with some kind of crontab entry nowadays; we
are using locally written scripts here so I do not know the specifics.

Regards,

Toomas

Message #99 received at 782505@bugs.debian.org (full text, mbox, reply):

From: Marc Wilson <marc.s.wilson@gmail.com>

To: "782505@bugs.debian.org" <782505@bugs.debian.org>

Subject: Re: Bug#782505: libxrender1 still blocks *all* security updates on affected systems

Date: Sat, 2 May 2015 17:58:27 -0700

Unsubscribe

-- 
Marc Wilson



> On Apr 28, 2015, at 8:11 AM, Toomas Tamm <tt-deb@kky.ttu.ee> wrote:
> 
> As of 28-apr-2015 (11 days after the bug was claimed fixed), on systems
> where both 32- and 64-bit libxrender1 is installed, all upgrades
> remain blocked due to this bug. For example, the kernel security fix
> of 27-apr-2015 does not get installed on affected systems.
> 
> ---- Affected system: ----
> 
> # apt-get upgrade
> Reading package lists... Done
> Building dependency tree       
> Reading state information... Done
> You might want to run 'apt-get -f install' to correct these.
> The following packages have unmet dependencies:
> libxrender1 : Breaks: libxrender1:i386 (!= 1:0.9.7-1+deb7u1) but 1:0.9.7-1+deb7u1+b1 is installed
> libxrender1:i386 : Breaks: libxrender1 (!= 1:0.9.7-1+deb7u1+b1) but 1:0.9.7-1+deb7u1 is installed
> E: Unmet dependencies. Try using -f.
> 
> ---- Unaffected system: ----
> 
> # apt-get upgrade
> Reading package lists...
> Building dependency tree...
> Reading state information...
> The following packages will be upgraded:
>  linux-headers-3.2.0-4-amd64 linux-headers-3.2.0-4-common
>  linux-image-3.2.0-4-amd64 linux-libc-dev
> 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 28.5 MB of archives.
> After this operation, 9,490 kB of additional disk space will be used.
> [snip]
> 
> IMO this deserves "grave" classification and appropriate handling
> because unrelated software is affected and security fixes do not get
> installed.
> 
> If manual intervention is needed, please provide appropriate
> instructions at bugs.debian.org.
> 
> Regards,
> 
> Toomas Tamm
> Estonia
> 

Send a report that this bug log contains spam.