Package: release.debian.org Control: affects -1 + src:xsane X-Debbugs-Cc: xs...@packages.debian.org czc...@debian.org ajq...@debian.org User: release.debian....@packages.debian.org Usertags: pu Tags: bookworm Severity: normal
Dear Debian Stable Release Managers, I am looking for a stable-pu upload to fix Debian bug https://bugs.debian.org/1076101 . [ Reason ] As discussed in https://bugs.debian.org/1076101 , package xsane has a Recommends: firefox | www-browser relationship for its binary package. As package firefox does not appear in Debian Stable or Debian Testing, installing xsane will introduce other packages that provides www-browser virtual package, causing unexpected consequences. The known side effect is that the default Debian Bookworm LXQt installation introduces package hv3 as www-browser provider, which is an unmaintained web browser that is dangerous if provided as default internet browser. Further details are discussed in the Debian bug report 1076101. To avoid further surprises for Debian LXQt users, modifying the recommendation to Recommends: firefox-esr | firefox | www-browser is a reasonable mitigation. This change is now present in Debian Unstable as xsane/0.999-12.1. [ Impact ] Debian Stable (Debian 12) LXQt users will have the insecure hv3 web browser installed by default, rather than the supported firefox-esr. [ Tests ] Manually tested. [ Risks ] Minimal risk. Only an optional recommendation relationship is modified. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] See the attached full debdiff. [ Other info ] Please let me know if you have any comments. Thanks, Boyuan Yang
diff -Nru xsane-0.999/debian/changelog xsane-0.999/debian/changelog
--- xsane-0.999/debian/changelog 2021-08-19 13:32:40.000000000 -0400
+++ xsane-0.999/debian/changelog 2024-09-29 15:05:41.000000000 -0400
@@ -1,3 +1,12 @@
+xsane (0.999-12.1~deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/control: Recommends firefox-esr | firefox | www-browser rather
+ than firefox | www-browser to avoid fallback to www-browser when
+ package firefox is not available. (Closes: #1076101)
+
+ -- Boyuan Yang <by...@debian.org> Sun, 29 Sep 2024 15:05:41 -0400
+
xsane (0.999-12) unstable; urgency=medium
* Upload to unstable.
diff -Nru xsane-0.999/debian/control xsane-0.999/debian/control
--- xsane-0.999/debian/control 2021-08-19 13:02:04.000000000 -0400
+++ xsane-0.999/debian/control 2024-09-29 15:04:50.000000000 -0400
@@ -28,7 +28,7 @@
xsane-common (= ${source:Version})
Recommends:
cups-client,
- firefox | www-browser
+ firefox-esr | firefox | www-browser
Suggests:
gimp,
gocr | cuneiform | tesseract-ocr | ocrad,
signature.asc
Description: This is a digitally signed message part
