On Tue, Dec 19, 2006 at 07:40:46PM +1100, Aníbal Monsalve Salazar wrote:
> >JFTR, I also don't seem to have this mail now.
> I'm attaching the email I sent.
Ok, thanks. There doesn't seem to be anything in there that needs RM
comment at this point, 1.2.13 is in testing and we're going with 1.2.1
On Tue, Dec 19, 2006 at 10:58:13AM +0100, Andreas Barth wrote:
> Checking testing
> found in pool/main/a/amsn/amsn_0.95+dfsg2-0.1_i386.deb:
> /usr/lib/amsn/utils/TkCximage/TkCximage.so
> found in pool/main/d/drscheme/drscheme_352-6_i386.deb:
> /usr/lib/plt/collects/plot/compiled/native/i386-linux
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > 125 X+
>
> I would say these aren't a problem either, at least to such an extent that
> we would want to revert them; they've been gone from unstable since
> September 2005 wi
On Tue, Dec 19, 2006 at 10:10:29AM +0100, Andreas Barth wrote:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >7 X+ ++
> > These may or may not be a problem depending on whether the ABI has changed
> > between
* Aníbal Monsalve Salazar ([EMAIL PROTECTED]) [061219 10:40]:
> Should I prepare a 1.2.15 debian package with the shlibs and the
> png.h changes?
Please wait a few more moments, I think we also need to massively create
conflicts with sarge packages. I'm running a check currently.
Cheers,
Andi
--
* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >7 X+ ++
> >
> > These may or may not be a problem depending on whether the ABI has changed
> > between the ve
On Tue, Dec 19, 2006 at 10:16:11AM +0100, Andreas Barth wrote:
>* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
>>* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
>>>On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
2 X+
>>>
>>>These are the only two symbols tha
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> >1 X++
>
> There are an issue for shlibs only. (Assuming they're meant to be exported
> and shouldn't be suppressed to keep people from using them!)
This is png_set
* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >2 X+
> >
> > These are the only two symbols that would potentially be a reason to prefer
> > .13 over .15.
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> >7 X+ ++
>
> These may or may not be a problem depending on whether the ABI has changed
> between the versions exported in 1.2.8 and 1.2.13/15. We should probably
> lo
On Tue, Dec 19, 2006 at 08:57:12AM +0100, Andreas Barth wrote:
>* Steve Langasek ([EMAIL PROTECTED]) [061219 08:27]:
>>On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
>>>Just for the record. The libpng security issues were communicated
>>>to the security team twice on Nov 9
On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> * Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> > I'll update this as soon as we have more information (and I would also
> > like to check the symbol lists before an upload - I'm working on this
> > right now).
> Ok, more updat
* Steve Langasek ([EMAIL PROTECTED]) [061219 08:27]:
> On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
> > Just for the record. The libpng security issues were communicated
> > to the security team twice on Nov 9 and 15 2006. On Nov 15 2006
> > both vorlon and aba were made
On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
> Just for the record. The libpng security issues were communicated
> to the security team twice on Nov 9 and 15 2006. On Nov 15 2006
> both vorlon and aba were made aware of the security problems.
Well no, I'm not aware of t
* Nelson A. de Oliveira ([EMAIL PROTECTED]) [061218 19:27]:
> Do you have a better idea than statically linking against libpng?
We will need to work out what is best overall - whatever that is. We
will keep optipng's situation in mind on that, thanks for your mail.
Cheers,
Andi
--
http://home
Le lundi 18 décembre 2006 à 17:12 -0200, Nelson A. de Oliveira a écrit :
> Hi!
>
> On 12/18/06, Mike Hommey <[EMAIL PROTECTED]> wrote:
> > > Do you have a better idea than statically linking against libpng?
> >
> > Add png_get_uint_32 and png_save_uint_32 to optipng and link against
> > libpng 1.2
Hi!
On 12/18/06, Mike Hommey <[EMAIL PROTECTED]> wrote:
> Do you have a better idea than statically linking against libpng?
Add png_get_uint_32 and png_save_uint_32 to optipng and link against
libpng 1.2.8 ?
Actually they are present on libpng 1.2.8 (but they are exported only
if PNG_INTERNAL
On Mon, Dec 18, 2006 at 04:19:51PM -0200, Nelson A. de Oliveira <[EMAIL
PROTECTED]> wrote:
> Hi!
>
> It looks like that we will get libpng 1.2.8 back to Etch, right?
> But one of my packages (optipng) needs at least libpng 1.2.9 (it needs
> png_get_uint_32 and png_save_uint_32).
>
> When version
Hi!
It looks like that we will get libpng 1.2.8 back to Etch, right?
But one of my packages (optipng) needs at least libpng 1.2.9 (it needs
png_get_uint_32 and png_save_uint_32).
When version 1.2.8 gets uploaded, probably optipng will FTBFS and I will
upload a new version statically linked agains
Le lundi 18 décembre 2006 à 16:39 +0100, Andreas Barth a écrit :
> * Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> > I'll update this as soon as we have more information (and I would also
> > like to check the symbol lists before an upload - I'm working on this
> > right now).
>
> Ok, more u
* Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> I'll update this as soon as we have more information (and I would also
> like to check the symbol lists before an upload - I'm working on this
> right now).
Ok, more updates: The exported versions look way worse than I hoped. We
have (looking a
* Julien Cristau ([EMAIL PROTECTED]) [061216 21:45]:
> I've prepared a package based on 1.2.8rel-7, with a patch for
> CVE-2006-5793. No other security issues seem to be mentioned in the sid
> package's changelog, but let me know if I've missed something.
> Source package at
> http://liafa.jussieu.
Mike Hommey <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Sam Hocevar <[EMAIL PROTECTED]>
On Sat, Dec 16, 2006 at 09:45:05PM +0100, Julien Cristau wrote:
>On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote:
>>Anibal, do you want to upload the package, or should I NMU it?
I'll upload it. I'l
On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote:
> * Josselin Mouette ([EMAIL PROTECTED]) [061215 13:46]:
> > The only sane solution if you want to get quickly to a releaseable state
> > is to go back to the last 1.2.8 package and to backport security fixes.
> > I've also explained mor
* Josselin Mouette ([EMAIL PROTECTED]) [061215 13:46]:
> The only sane solution if you want to get quickly to a releaseable state
> is to go back to the last 1.2.8 package and to backport security fixes.
> I've also explained more long-term solutions for the libpng madness on
> my planet posting.
On Fri, Dec 15, 2006 at 10:23:11PM +0100, Mike Hommey wrote:
> On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL
> PROTECTED]> wrote:
> > Josselin Mouette wrote:
> > > The only sane solution if you want to get quickly to a releaseable state
> > > is to go back to the last 1.2.8
On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL
PROTECTED]> wrote:
> Josselin Mouette wrote:
> > The only sane solution if you want to get quickly to a releaseable state
> > is to go back to the last 1.2.8 package and to backport security fixes.
> > I've also explained more lo
Josselin Mouette wrote:
> The only sane solution if you want to get quickly to a releaseable state
> is to go back to the last 1.2.8 package and to backport security fixes.
> I've also explained more long-term solutions for the libpng madness on
> my planet posting.
I agree. Especially, as the sec
Le jeudi 14 décembre 2006 à 23:19 -0800, Steve Langasek a écrit :
> Unfortunately, 1.2.8 is not the version of libpng in testing today; 1.2.13
> is, and that version has *known* RC bugs.
>
> Moreover, there has now been a shlibs bump in this beta version (warranted
> or not, I don't know) that blo
On Tue, Dec 12, 2006 at 02:13:36PM +0100, Josselin Mouette wrote:
> As I'm no longer the maintainer, I don't have any say to what happens to
> this package, but my advice, based on my painful experience with libpng,
> would be to *not* unblock it now. Releasing with a beta version that
> hasn't be
Hi,
As I'm no longer the maintainer, I don't have any say to what happens to
this package, but my advice, based on my painful experience with libpng,
would be to *not* unblock it now. Releasing with a beta version that
hasn't been widely tested is a dead end. Even without the "beta" flag,
there ha
31 matches
Mail list logo
