Package: darktable Version: 3.8.0-1 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
As of version 3.8.0, darkatable is again embedding libraw. I decided to open a new bug rather than reopen #682980, since the situation this time is somewhat different, and I'm not sure anyone getting up to speed on the bug is well served by reading the 100 or so previous messages. Previously (i.e. #682980), darktable was using a forked copy of libraw (although the change was textually small). Currently darktable is using a git submodule of upstream libraw, which means that it is at least possible in principle that upstream will release a sufficiently recent version that we can build against it. Or I guess we could package a git snapshot of libraw in Debian. As far as I understand, the snapshot of libraw is needed for Canon CR3 support. I guess the other thing that has changed since #682980 was closed is that libraw acquired a number of CVEs. Darktable already appears in the embedded copies list for libraw [1], but I'm not sure if "modified-embed" is still the right term. [1]: https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/embedded-code-copies - -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages darktable depends on: ii libc6 2.33-1 ii libcairo2 1.16.0-5 ii libcolord-gtk1 0.1.26-2+b1 ii libcolord2 1.4.5-3 ii libcups2 2.3.3op2-7 ii libcurl3-gnutls 7.79.1-2 ii libexiv2-27 0.27.3-3.1 ii libgcc-s1 11.2.0-13 ii libgdk-pixbuf-2.0-0 2.42.6+dfsg-2 ii libglib2.0-0 2.70.2-1 ii libgomp1 11.2.0-13 ii libgphoto2-6 2.5.27-1 ii libgphoto2-port12 2.5.27-1 ii libgraphicsmagick-q16-3 1.4+really1.3.37-1 ii libgtk-3-0 3.24.31-1 ii libicu67 67.1-7 ii libilmbase25 2.5.7-2 ii libjpeg62-turbo 1:2.1.2-1 ii libjson-glib-1.0-0 1.6.6-1 ii liblcms2-2 2.12~rc1-2 ii liblensfun1 0.3.2-6 ii libopenexr25 2.5.7-1 ii libopenjp2-7 2.4.0-3 ii libosmgpsmap-1.0-1 1.2.0-1 ii libpango-1.0-0 1.48.10+ds1-1 ii libpangocairo-1.0-0 1.48.10+ds1-1 ii libpng16-16 1.6.37-3 ii libpugixml1v5 1.11.4-1 ii librsvg2-2 2.50.7+dfsg-2 ii libsecret-1-0 0.20.4-2 ii libsoup2.4-1 2.74.2-3 ii libsqlite3-0 3.36.0-2 ii libstdc++6 11.2.0-13 ii libtiff5 4.3.0-2 ii libwebp6 0.6.1-2.1 ii libx11-6 2:1.7.2-2+b1 ii libxml2 2.9.12+dfsg-5+b1 ii libxrandr2 2:1.5.2-1 ii zlib1g 1:1.2.11.dfsg-2 darktable recommends no packages. darktable suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkiyHYXwaY0SiY6fqA0U5G1WqFSEFAmHN/VYACgkQA0U5G1Wq FSHOnw/+J+O8sR5k+UBBjLLf01STow0Sz8bX+yiSjLTf9p/XYHsFP0t0Ov7iFCco Po+2lprkIuotFo+9114yc5rDgE8MKLctTM98CN6YbM5tMRTtTqUdQFhnty8T+qLO tGlcozdHftzIT9nOKaAPWAVqS0uKNfFVGksHLQIDSJeIBSfn7sZiwYzHyNeXNIft aaEOtrCp8adWq6L2QhIYqSY1C2rfvE41hG/FTkBNkAUB36sdOiBpGy+MRPmxxd3E k/KIP70EBzY0SPdYEAPjE1uMpB8gnNBa8c5A1YDGUzwWfMxx9RYVkIkPvL/PS8uu OzkOc7sWnfZnzhdC6rhLEXxpwTB2GlNxXfrqRd++4c9pLT8rEEJHcmQsxl+NYIpK zV0gRI54TAbsAcLIltoJHDrERruBvgi4GkCQismRFQyvSCn1iECBbvYyiKcOMA+1 iEwPLWaEkJgNlO4ek2IruerSDcP7x2eFgFhWZliQPf+Rm+plbM79arJBVlpRonMf QaELwCsuCgOIXszLV4zg+POBO3hdwNQ1qnUDXyx8OxmWMXeuGDZQB/AlYyMbKv6x Nj8Mk1Tmh7lYE5luBJShw1rdXA5mPd1XFb+3UkNZIeM7WKwMGEeTafxIIyz/fBb0 ULDzzmAD13Uz/7Ufk0laGEAishuvIkZ+jXB0EqhkxkX0IisBj6Y= =zxHR -----END PGP SIGNATURE-----
