Your message dated Sat, 11 Jan 2025 11:03:09 +0000
with message-id <e1twzgn-009jcb...@coccia.debian.org>
and subject line Close 1083004
has caused the Debian Bug report #1083004,
regarding bookworm-pu: package xsane/0.999-12.1~deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1083004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083004
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Control: affects -1 + src:xsane
X-Debbugs-Cc: xs...@packages.debian.org czc...@debian.org ajq...@debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: bookworm
Severity: normal
Dear Debian Stable Release Managers,
I am looking for a stable-pu upload to fix Debian bug
https://bugs.debian.org/1076101 .
[ Reason ]
As discussed in https://bugs.debian.org/1076101 , package
xsane has a Recommends: firefox | www-browser relationship for
its binary package. As package firefox does not appear in
Debian Stable or Debian Testing, installing xsane will introduce
other packages that provides www-browser virtual package, causing
unexpected consequences. The known side effect is that the default
Debian Bookworm LXQt installation introduces package hv3 as
www-browser provider, which is an unmaintained web browser that
is dangerous if provided as default internet browser. Further details
are discussed in the Debian bug report 1076101.
To avoid further surprises for Debian LXQt users, modifying the
recommendation to Recommends: firefox-esr | firefox | www-browser
is a reasonable mitigation. This change is now present in Debian
Unstable as xsane/0.999-12.1.
[ Impact ]
Debian Stable (Debian 12) LXQt users will have the insecure hv3 web
browser installed by default, rather than the supported firefox-esr.
[ Tests ]
Manually tested.
[ Risks ]
Minimal risk. Only an optional recommendation relationship is modified.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
See the attached full debdiff.
[ Other info ]
Please let me know if you have any comments.
Thanks,
Boyuan Yang
diff -Nru xsane-0.999/debian/changelog xsane-0.999/debian/changelog
--- xsane-0.999/debian/changelog 2021-08-19 13:32:40.000000000 -0400
+++ xsane-0.999/debian/changelog 2024-09-29 15:05:41.000000000 -0400
@@ -1,3 +1,12 @@
+xsane (0.999-12.1~deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * debian/control: Recommends firefox-esr | firefox | www-browser rather
+ than firefox | www-browser to avoid fallback to www-browser when
+ package firefox is not available. (Closes: #1076101)
+
+ -- Boyuan Yang <by...@debian.org> Sun, 29 Sep 2024 15:05:41 -0400
+
xsane (0.999-12) unstable; urgency=medium
* Upload to unstable.
diff -Nru xsane-0.999/debian/control xsane-0.999/debian/control
--- xsane-0.999/debian/control 2021-08-19 13:02:04.000000000 -0400
+++ xsane-0.999/debian/control 2024-09-29 15:04:50.000000000 -0400
@@ -28,7 +28,7 @@
xsane-common (= ${source:Version})
Recommends:
cups-client,
- firefox | www-browser
+ firefox-esr | firefox | www-browser
Suggests:
gimp,
gocr | cuneiform | tesseract-ocr | ocrad,
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
Version: 12.9
This update has been released as part of 12.9. Thank you for your contribution.
--- End Message ---
