Package: release.debian.org Severity: serious Tags. bookworm User: release.debian.org@packages.debian.org Usertags: unblock Control: affects -1 src:mariadb This pre-unblock request is to get a decision from the Bookworm release team if you prefer to have this Bug#1035949 fix: a) in Bookworm in a stable update b) not at all (option c to have it in Bookworm I assume is too late) ## The new Debian revision reason: Bug#1035949 In Bug#1035949 it was discovered that in certain upgrade scenarios where a system has default-mysql-server indirectly installed (e.g. as a dependency of a consumer, such as zoph) running `apt-get install default-mysql-server` would trigger a sequence in apt which uninstalls mariadb-client-10.5 before mariadb-server-10.5 is stopped, causing dpkg to error as the MariaDB init file in mariadb-server-10.5 depends on mariadb-admin from mariadb-client-10.5. Running apt full-upgrade or apt dist-upgrade is not affected. Details in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035949, marked 'serious'. The issue was not visible in normal piuparts or in any of the custom Salsa-CI jobs testing upgrades in src:mariadb. Credits goes to Andreas Beckman for discovering the issue by meticulously testing various Bookworm upgrade scenarios semi-manually with piuparts! ## Fix: introduce transitional mariadb-server-10.5 Andreas also figured out the fix for this as none of the other attempted fixes were successful. The fix is to introduce a transitional mariadb-server-10.5 package: https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/47 Work on this particular issue has only been done around Bullseye to Bookworm upgrades. The same issue might also need a transitional mariadb-server-10.3 if we want to support flawless Buster to Bookworm upgrades. ## Testing and quality assurance Once Bug#1035949 was reported, a Salsa-CI job was added specifically for this type of upgrade scenarios: https://salsa.debian.org/mariadb-team/mariadb-server/-/commit/15cbf6e691827608636e6ff7f0a50432f50d0c4f The fix has been validated to work both by this Salsa-CI scenario and by Andrea's piuparts runs. To expedite the distribution of the fix it has already been uploaded to experimental. Full debdiff attached, and visual comparison with full commit metadata at https://salsa.debian.org/mariadb-team/mariadb-server/-/compare/00c0a8fc...93c08bcc. Since it introduces a new package (albeit that it already existed in Debian previously) the upload needs to also pass the NEW queue: https://ftp-master.debian.org/new/mariadb_1:10.11.3-2~exp1.html ## Risk quantification and analysis This is not a regression from any recent uploads of MariaDB 10.11, but has existed since the introduction of 10.11 into Debian on January 16th, 2023. This is the first time this specific issue was reported by people doing or testing upgrades from mariadb-10.5 (or mariadb-10.6, which was in testing/unstable before 10.11). This may have existed upstream since MariaDB 10.7 from 2022 (https://jira.mariadb.org/browse/MDEV-286409), but never got proper attention by me as I was busy maintaining the package in Debian, and 10.7/8/9/10 were never in Debian. While Bug#1035949 has participation only from one reporter it is reasonable to expect that there are and will be more users affected. There are no known drawbacks of having a transitional mariadb-server-10.5 in Bookworm. ## Mitigation For the time being as a mitigation was filed to mention this as a potential issue in the Bookworm release notes: https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/187 (Bug#1037103).
Attachment:
mariadb-1%10.11.3-2_exp1.debdiff.xz
Description: application/xz