Ubuntu
dotnet8 package

[SRU] New upstream microrelease .NET 8.0.4 and SDK 8.0.104

Bug #2060261 reported by Dominik Viererbe on 2024-04-05

This bug affects 1 person

	Status	Importance	Assigned to
dotnet8 (Ubuntu)	Fix Released	Undecided	Dominik Viererbe
Jammy	Fix Released	Undecided	Dominik Viererbe
Mantic	Fix Released	Undecided	Dominik Viererbe
Noble	Fix Released	Undecided	Dominik Viererbe

Bug Description

[Impact]

* This correspond to an upcoming upstream microrelease (Microsoft Patch Tuesday microrelease).

* It is beneficial for our latest LTS users to have access to the latest .NET stack.

* This update is bundled with minor fixes:
- updates Canonical support information
- fixes/adds version parsing edge cases

[Test Case]

* The package should build successfully in noble-proposed, mantic-proposed and jammy-proposed.

* The packages should be installable on noble, mantic and jammy
on amd64 and arm64 architectures.

* Autopackage tests should pass.

* The usual manual tests that have been seen in the previous microreleases
LP: #2057982 (see Test Case section there).

   Note: The need for manual testing is largely reduced since the last SRU,
         because the autopkgtests improvements far exceeds the coverage
         provided by the mentioned manual test plans.

[Regression Potential]

* Upstream tests are usually satisfactory, but there is always a risk of something breaking.

[Other]

* 8.0.4 is the version number of the .NET Runtime and 8.0.104 is the version
number of the .NET SDK. The package version only refers to the SDK version
number.

* We are only building the 8.0.1xx feature band, because this is the only
feature band that allows to be build from source. See explanation of feature
bands: https://learn.microsoft.com/en-us/dotnet/core/releases-and-support#feature-bands-sdk-only

* Overview of how dotnet is versioned: https://learn.microsoft.com/en-us/dotnet/core/versions/

Tags:

CVE References

Dominik Viererbe (dviererbe) on 2024-04-05

Changed in dotnet8 (Ubuntu Mantic):
status:	New → In Progress
Changed in dotnet8 (Ubuntu Jammy):
status:	New → In Progress
Changed in dotnet8 (Ubuntu Mantic):
assignee:	nobody → Dominik Viererbe (dviererbe)
Changed in dotnet8 (Ubuntu Jammy):
assignee:	nobody → Dominik Viererbe (dviererbe)

Revision history for this message

Dominik Viererbe (dviererbe) wrote on 2024-04-08:

I build and tested the April Update in this PPA: https://launchpad.net/~dviererbe/+archive/ubuntu/dotnet-april-ppa2

summary:

- New upstream microrelease .NET 8.0.4 and SDK 8.0.104
+ [SRU] New upstream microrelease .NET 8.0.4 and SDK 8.0.104

Revision history for this message

Dominik Viererbe (dviererbe) wrote on 2024-04-15:

I noticed that the binary packages aspnetcore-runtime-dbg-8.0, dotnet-runtime-dbg-8.0, dotnet-sdk-dbg-8.0 were not build on mantic and jammy.

I build and tested the .NET 8 April Update in a new PPA: https://launchpad.net/~dviererbe/+archive/ubuntu/dotnet-april-ppa5

The new PPA also contains a S390X build on noble.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-04-16:

This bug was fixed in the package dotnet8 - 8.0.104-8.0.4-0ubuntu1

---------------
dotnet8 (8.0.104-8.0.4-0ubuntu1) noble; urgency=medium

  * New upstream release (LP: #2060261).
  * debian/README.source: Update support information (LP: #2058746).
  * debian/eng/versionlib: Add support for '+really' and '~bootstrap+ARCH'
                           in version string.
  * debian/tests/versionlib-tests: Add versionlib unit tests
    - debian/tests/run-versionlib-tests.sh: script to run the tests

-- Dominik Viererbe <email address hidden> Fri, 05 Apr 2024 06:22:48 +0300

Changed in dotnet8 (Ubuntu Noble):
status:	In Progress → Fix Released

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2024-04-19: Please test proposed package

Hello Dominik, or anyone else affected,

Accepted dotnet8 into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dotnet8/8.0.104-8.0.4-0ubuntu1~23.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in dotnet8 (Ubuntu Mantic):
status:	In Progress → Fix Committed
tags:	added: verification-needed verification-needed-mantic
Changed in dotnet8 (Ubuntu Jammy):
status:	In Progress → Fix Committed
tags:	added: verification-needed-jammy

Revision history for this message

Timo Aaltonen (tjaalton) wrote on 2024-04-19:

Hello Dominik, or anyone else affected,

Accepted dotnet8 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dotnet8/8.0.104-8.0.4-0ubuntu1~22.04.1 in a few hours, and then in the -proposed repository.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-05-15:

This bug was fixed in the package dotnet8 - 8.0.105-8.0.5-0ubuntu1~23.10.1

---------------
dotnet8 (8.0.105-8.0.5-0ubuntu1~23.10.1) mantic-security; urgency=medium

  * New upstream release
  * SECURITY UPDATE: stack buffer overflow
    - CVE-2024-30045: a stack based buffer overflow in the .NET Double Parse
      routine allows for remote code execution.
  * SECURITY UPDATE: resource dead-lock
    - CVE-2024-30046: a dead-lock in Http2OutputProducer.Stop() results in a
      denial of service.

-- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:34 +0300

Changed in dotnet8 (Ubuntu Mantic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-05-15:

This bug was fixed in the package dotnet8 - 8.0.105-8.0.5-0ubuntu1~22.04.1

---------------
dotnet8 (8.0.105-8.0.5-0ubuntu1~22.04.1) jammy-security; urgency=medium

-- Ian Constantin <email address hidden> Thu, 09 May 2024 17:16:36 +0300

Changed in dotnet8 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudotnet8 package

[SRU] New upstream microrelease .NET 8.0.4 and SDK 8.0.104

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
dotnet8 package