Re: What to do with jbig2dec in wheezy and jessie

Tue, 21 Mar 2017 02:53:44 -0700 

Hello Moritz,

On Sun, 12 Mar 2017, Moritz Mühlenhoff wrote:
> > So as long as we ensure that we don't break Ghostscript and MuPDF I think
> > we are good enough.
> > 
> > Shall I go ahead and prepare some test packages?
> 
> Please do.

Please find packages for Jessie here:
https://people.debian.org/~hertzog/packages/jbig2dec_0.13-4~deb8u1_amd64.changes

And packages for Wheezy are here:
https://people.debian.org/~hertzog/packages/jbig2dec_0.13-4~deb7u1_amd64.changes

I disabled multi-arch to not introduce a new library location compared to
the actual jessie/wheezy packages.

I tested both packages with mupdf and the attached PDF file that should be
using JBIG2 because I generated it with https://github.com/agl/jbig2enc
and a black & white scan of a document of mine (note the resolution is
very poor).

I also rebuilt ghostscript against the updated library packages and it
built without troubles. I test ghostscript with a command line like this:
$ gs -sDEVICE=jpeg -sOutputFile=test.jpg pdf-jbig2-custom.pdf
And test.jpg contained a JPEG variant of the inital JBIG2 picture in PDF.

Can I upload the jessie packages to security-master?

I attach the debdiff between 0.13-4 and the packages I prepared for wheezy
and jessie. I don't think the debdiff between the current version in
wheezy/jessie are useful. They would be rather massive given the change of
upstream release.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Attachment: pdf-jbig2-custom.pdf
Description: Adobe PDF document

diff --git a/debian/changelog b/debian/changelog
index 47e9410..7cbaa28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+jbig2dec (0.13-4~deb8u1) jessie-security; urgency=medium
+
+  * Non-maintainer upload by the Debian Security Team.
+  * Backport latest upstream release to Jessie.
+  * Fixes CVE-2016-9601 and many other unreported issues.
+  * Drop licensecheck from build-depends as it was part of devscripts
+    in the past (and we don't need such a check in stable/oldstable).
+  * Disable multiarch support to not introduce unexpected regression.
+
+ -- Raphaël Hertzog <hert...@debian.org>  Fri, 17 Mar 2017 14:59:04 +0100
+
 jbig2dec (0.13-4) unstable; urgency=medium
 
   * Add patches cherry-picked upstream to squash signed/unsigned
diff --git a/debian/control b/debian/control
index ebe92db..6c0522d 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,6 @@ Priority: optional
 Maintainer: Debian Printing Team <debian-print...@lists.debian.org>
 Uploaders: Jonas Smedegaard <d...@jones.dk>
 Build-Depends: cdbs (>= 0.4.123~),
- licensecheck,
  libtool,
  automake,
  autoconf,
@@ -36,7 +35,6 @@ Section: libs
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Pre-Depends: ${misc:Pre-Depends}
 Architecture: any
-Multi-arch: same
 Description: JBIG2 decoder library - shared libraries
  jbig2dec is a decoder library and example utility implementing the JBIG2
  bi-level image compression spec. Also known as ITU T.88 and ISO IEC
diff --git a/debian/control.in b/debian/control.in
index 46a0279..ad899ab 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -27,7 +27,6 @@ Section: libs
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Pre-Depends: ${misc:Pre-Depends}
 Architecture: any
-Multi-arch: same
 Description: JBIG2 decoder library - shared libraries
  jbig2dec is a decoder library and example utility implementing the JBIG2
  bi-level image compression spec. Also known as ITU T.88 and ISO IEC
diff --git a/debian/rules b/debian/rules
index 75a5d55..365da43 100755
--- a/debian/rules
+++ b/debian/rules
@@ -37,9 +37,6 @@ CDBS_BUILD_DEPENDS +=, libpng-dev
 # Needed by upstream tests
 CDBS_BUILD_DEPENDS +=, python
 
-# Multiarch quirk (see also other uses of that variable in this file)
-DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
-
 # bootstrap autotools files (CDBS normally only updates them)
 DEB_MAKE_CLEAN_TARGET = distclean
 DEB_AUTOMAKE_ARGS = --add-missing --copy
@@ -65,9 +62,8 @@ debian/stamp-local-shlibs-$(lib): \
  binary-install/$(pkg-dev)
 	d-shlibmove --commit \
 		--exclude-la \
-		--multiarch \
 		--movedev "debian/tmp/usr/include/*" usr/include/ \
-		debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$(lib).so
+		debian/tmp/usr/lib/$(lib).so
 	touch $@
 clean::
 	rm -f debian/stamp-local-shlibs-$(lib)

diff --git a/debian/changelog b/debian/changelog
index 47e9410..e6b9513 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+jbig2dec (0.13-4~deb7u1) wheezy-security; urgency=medium
+
+  * Non-maintainer upload by the Debian LTS Team.
+  * Backport latest upstream release to Wheezy.
+  * Fixes CVE-2016-9601 and many other unreported issues.
+  * Drop licensecheck from build-depends as it was part of devscripts
+    in the past (and we don't need such a check in stable/oldstable).
+  * Disable multiarch support to not introduce unexpected regression.
+  * Drop minimal version required for CDBS as it's not satisfiable in
+    wheezy.
+
+ -- Raphaël Hertzog <hert...@debian.org>  Fri, 17 Mar 2017 14:59:04 +0100
+
 jbig2dec (0.13-4) unstable; urgency=medium
 
   * Add patches cherry-picked upstream to squash signed/unsigned
diff --git a/debian/control b/debian/control
index ebe92db..b57d7c4 100644
--- a/debian/control
+++ b/debian/control
@@ -3,8 +3,7 @@ Section: libs
 Priority: optional
 Maintainer: Debian Printing Team <debian-print...@lists.debian.org>
 Uploaders: Jonas Smedegaard <d...@jones.dk>
-Build-Depends: cdbs (>= 0.4.123~),
- licensecheck,
+Build-Depends: cdbs,
  libtool,
  automake,
  autoconf,
@@ -36,7 +35,6 @@ Section: libs
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Pre-Depends: ${misc:Pre-Depends}
 Architecture: any
-Multi-arch: same
 Description: JBIG2 decoder library - shared libraries
  jbig2dec is a decoder library and example utility implementing the JBIG2
  bi-level image compression spec. Also known as ITU T.88 and ISO IEC
diff --git a/debian/control.in b/debian/control.in
index 46a0279..ad899ab 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -27,7 +27,6 @@ Section: libs
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Pre-Depends: ${misc:Pre-Depends}
 Architecture: any
-Multi-arch: same
 Description: JBIG2 decoder library - shared libraries
  jbig2dec is a decoder library and example utility implementing the JBIG2
  bi-level image compression spec. Also known as ITU T.88 and ISO IEC
diff --git a/debian/rules b/debian/rules
index 75a5d55..e55fc44 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,10 +17,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 DEB_AUTO_UPDATE_LIBTOOL = pre
-DEB_AUTO_UPDATE_ACLOCAL = ,
-DEB_AUTO_UPDATE_AUTOCONF = ,
-DEB_AUTO_UPDATE_AUTOHEADER = ,
-DEB_AUTO_UPDATE_AUTOMAKE = ,
+DEB_AUTO_UPDATE_ACLOCAL = 1.11
+DEB_AUTO_UPDATE_AUTOCONF = 2.69
+DEB_AUTO_UPDATE_AUTOHEADER = 1.11
+DEB_AUTO_UPDATE_AUTOMAKE = 1.11
 include /usr/share/cdbs/1/rules/utils.mk
 include /usr/share/cdbs/1/class/autotools.mk
 include /usr/share/cdbs/1/rules/debhelper.mk
@@ -37,9 +37,6 @@ CDBS_BUILD_DEPENDS +=, libpng-dev
 # Needed by upstream tests
 CDBS_BUILD_DEPENDS +=, python
 
-# Multiarch quirk (see also other uses of that variable in this file)
-DEB_CONFIGURE_EXTRA_FLAGS += --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
-
 # bootstrap autotools files (CDBS normally only updates them)
 DEB_MAKE_CLEAN_TARGET = distclean
 DEB_AUTOMAKE_ARGS = --add-missing --copy
@@ -65,9 +62,8 @@ debian/stamp-local-shlibs-$(lib): \
  binary-install/$(pkg-dev)
 	d-shlibmove --commit \
 		--exclude-la \
-		--multiarch \
 		--movedev "debian/tmp/usr/include/*" usr/include/ \
-		debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/$(lib).so
+		debian/tmp/usr/lib/$(lib).so
 	touch $@
 clean::
 	rm -f debian/stamp-local-shlibs-$(lib)

Reply via email to