Hello everyone. Yesterday, 7th June, I uploaded firefox-esr_68.9.0esr-1~deb8u1 to jessie-security. The binary package I built and uploaded was for amd64. It is known that the armhf/armel built has been broken (I think because of a problem with the supporting toolchain), but the i386 build has been OK. However, my upload yesterday failed on i386. It had to do with how the system was detected for rust*.
After fixing the i386 build, which required a source change, I now have a new revision to upload: firefox-esr_68.9.0esr-1~deb8u2. However, I have not published a DLA for the first upload. This seems like it might fall into a grey area since the first upload is technically a regression of sorts, but without a published first advisory, it doesn't seem to make sense to publish a typical regression advisory. My intent is to upload firefox-esr_68.9.0esr-1~deb8u2 once the build is complete and then go through the normal DLA reservation/publication process with a version number of 68.9.0esr-1~deb8u2 (once the amd64 buildd completes its job successfully). I will use the advisory text from DSA 4695-1 (the corresponding DSA for firefox-esr in stable and oldstable) and add a note that 68.9.0esr-1~deb8u1 was the first version to actually contain the referenced fixes. Should I include in the note anything about the reason for the ~deb8u2 revision relating to the build? Any other suggestions on what I should include/not include? Regards, -Roberto * Details: Between FF 68.8.0 and 68.9.0, the generation/detection of the system triplet for the rust part of the build was "improved". The result was that for builds up to 68.8.0 the system was detected as i686-unknown-linux-gnu and after the change the system was detected as i586-unknown-linux-gnu. This caused the build to fail. A quick search confirmed that rust does not officially support i586-* targets and this was consistent with the error output of the build. According to debian/changelog, it was necessary to force the target of the rust build to i686-* as far back as when FF 51 was packaged for Debian. The mechanics are somewhat different, but I was able to figure out a straightforward way of transforming i586-* to i686-*. The i386 build is in progress on my development machine as I write this, but seems well on the way to completing successfully. -- Roberto C. Sánchez