Description of problem: 'urpmi --auto-update' produces the following output: The following package has to be removed for others to be upgraded: mkvtoolnix-gui-49.0.0-3.mga8.x86_64 (due to missing libcmark.so.0.29.0()(64bit)) (y/N) Version-Release number of selected component (if applicable): mkvtoolnix-gui-49.0.0-3.mga8 cmark-0.30.3-1.mga8 How reproducible: Always Steps to Reproduce: 1. Try to install mkvtoolnix-gui 2. 3.
fallout of cmark security update MGASA-2023-0181 in bug 31885: - lib64cmark0:/usr/lib64/libcmark.so.0.29.0 + lib64cmark0:/usr/lib64/libcmark.so.0.30.3
Depends on: (none) => 31885
also neochat is affected: # urpmf --requires --literal 'libcmark.so.0.29.0' mkvtoolnix-gui:libcmark.so.0.29.0()(64bit) neochat:libcmark.so.0.29.0()(64bit)
Assigning to David Geiger as the registered maintainer of neochat. Adding all packages to cc list for mkvtoolnix
Assignee: bugsquad => geiger.david68210CC: (none) => davidwhodgins, mhrambo3501
Adding Mike Rambo to cc list as the packager of the cmark update.
CC: (none) => pkg-bugs
Raising priority as the cmark security update that's been released breaks both mkvtoolnix and neochat for users.
Priority: Normal => High
Thank you Oleg for the report; and tmb for diagnosing it. While libcmark* looks the culprit, maybe those other two packages need adjusting. Dave seems to have covered all cases. For cmark, perhaps Mike Rambo?
packages in 8/core/updates_testing: ====================== cmark-0.30.3-1.2.mga8 libcmark-devel-0.30.3-1.2.mga8 lib64cmark-devel-0.30.3-1.2.mga8 libcmark0.30.3-0.30.3-1.2.mga8 lib64cmark0.30.3-0.30.3-1.2.mga8 mkvtoolnix-gui-49.0.0-3.1.mga8 mkvtoolnix-49.0.0-3.1.mga8 neochat-1.0.1-2.1.mga8 From SRPMS: cmark-0.30.3-1.2.mga8.src.rpm mkvtoolnix-49.0.0-3.1.mga8.src.rpm neochat-1.0.1-2.1.mga8.src.rpm
You forgot to assign to qa. Done. $ rpm -q --requires mkvtoolnix-gui|grep cmark libcmark.so.0.30.3()(64bit) [dave@x3 m9]$ rpm -q --requires neochat|grep cmark libcmark.so.0.30.3()(64bit) Both tools appear to be working. Validating the update. Advisory committed to svn.
Keywords: (none) => advisory, validated_updateCC: (none) => geiger.david68210, sysadmin-bugsAssignee: geiger.david68210 => qa-bugsWhiteboard: (none) => MGA8-64-OK
Hi Dave and David It's OK for cmark that has been assigned to QA and validated But in the same bug you have : mkvtoolnix-gui-49.0.0-3.1.mga8 mkvtoolnix-49.0.0-3.1.mga8 that are still in updates_testing and never have been assigned to QA and neochat-1.0.1-2.1.mga8 which has just been added to updates_testing Regards
CC: (none) => philippedidier
As per comment 7, they are part of this bug report. As per comment 8, I tested the updated packages to make sure they start. I didn't do thorough testing as the change is such that they should either start or fail with a lib not found error. mkvtoolnix-gui comes from mkvtoolnix-49.0.0-3.1.mga8.src.rpm. When an update is pushed from updates testing to updates, the srpm name is used. The script that pushes updates will move the srpm package and all of the associated rpm packages. The advisory I committed to svn that will be used to push this update is ... $ cat 31945.adv type: bugfix subject: Updated cmark/mkvtoolnix/neochat packages fix dependencies src: 8: core: - cmark-0.30.3-1.2.mga8 - mkvtoolnix-49.0.0-3.1.mga8 - neochat-1.0.1-2.1.mga8 description: | Updated packages fix dependency errors caused by bug 31885 cmark security update. references: - https://bugs.mageia.org/show_bug.cgi?id=31945
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2023-0043.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Hi Dave Sorry for the noise I had seen that mkvtoolnix and neochat remained in updates-testing repo and as a consequence that CCM always complained that it needs to remove mkvtoolnix They have just been pushed to the updates repo :) my comment https://bugs.mageia.org/show_bug.cgi?id=31945#c9 is useless
*** Bug 31955 has been marked as a duplicate of this bug. ***
CC: (none) => leo_nard