On Tue, Dec 19, 2006 at 07:40:46PM +1100, Aníbal Monsalve Salazar wrote:
> >JFTR, I also don't seem to have this mail now.
> I'm attaching the email I sent.
Ok, thanks. There doesn't seem to be anything in there that needs RM
comment at this point, 1.2.13 is in testing and we're going with 1.2.1
* Aníbal Monsalve Salazar ([EMAIL PROTECTED]) [061220 00:51]:
> On Tue, Dec 19, 2006 at 12:21:32PM +0100, Andreas Barth wrote:
> >Because we "know" the unstable version doesn't fall to bad with the
> >versio in testing - but who has tested the stable version? The
> >underlaying policy is that one c
* Andreas Barth ([EMAIL PROTECTED]) [061219 14:11]:
> Hi Aníbal,
>
> I think we have now a common conclusion:
>
> * Andreas Barth ([EMAIL PROTECTED]) [061219 11:32]:
> > 1. Adding back png_read_destroy and png_write_destroy which were
> > accidentially removed between 1.2.13-4 and 1.2.15~beta5-0.
On Tue, Dec 19, 2006 at 12:21:32PM +0100, Andreas Barth wrote:
>* Steve Langasek ([EMAIL PROTECTED]) [061219 12:07]:
>>On Tue, Dec 19, 2006 at 11:32:06AM +0100, Andreas Barth wrote:
>>>I write down what I think we should do, and how this handles our issues.
>>>This is explicitly a request for comme
Hi Aníbal,
I think we have now a common conclusion:
* Andreas Barth ([EMAIL PROTECTED]) [061219 11:32]:
> 1. Adding back png_read_destroy and png_write_destroy which were
> accidentially removed between 1.2.13-4 and 1.2.15~beta5-0.
>
> 2. Conflict with the following packages (from sarge):
> mzsc
* Steve Langasek ([EMAIL PROTECTED]) [061219 12:07]:
> On Tue, Dec 19, 2006 at 11:32:06AM +0100, Andreas Barth wrote:
> > I write down what I think we should do, and how this handles our issues.
> > This is explicitly a request for comments, and I want to wait at least
> > until either Steve and Jo
On Tue, Dec 19, 2006 at 11:32:06AM +0100, Andreas Barth wrote:
> I write down what I think we should do, and how this handles our issues.
> This is explicitly a request for comments, and I want to wait at least
> until either Steve and Joss have both agreed to it, or 24 hours has
> passed, whatever
On Tue, Dec 19, 2006 at 11:43:40AM +0100, Josselin Mouette wrote:
> However this is not going to help with other upstream changes that
> haven't received any testing. I don't think using a release that has not
> been tested in Debian for at least several months is reasonable; I don't
> trust upstre
Le mardi 19 décembre 2006 à 11:32 +0100, Andreas Barth a écrit :
> 1. Adding back png_read_destroy and png_write_destroy which were
> accidentially removed between 1.2.13-4 and 1.2.15~beta5-0.
>
> 2. Conflict with the following packages (from sarge):
> libtk-img (<= 1.3-13)
> mzscheme (<= 209-5)
>
On Tue, Dec 19, 2006 at 10:58:13AM +0100, Andreas Barth wrote:
> Checking testing
> found in pool/main/a/amsn/amsn_0.95+dfsg2-0.1_i386.deb:
> /usr/lib/amsn/utils/TkCximage/TkCximage.so
> found in pool/main/d/drscheme/drscheme_352-6_i386.deb:
> /usr/lib/plt/collects/plot/compiled/native/i386-linux
Hi,
I write down what I think we should do, and how this handles our issues.
This is explicitly a request for comments, and I want to wait at least
until either Steve and Joss have both agreed to it, or 24 hours has
passed, whatever is earlier.
So, what needs to be done:
1. Adding back png_read_
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > 125 X+
>
> I would say these aren't a problem either, at least to such an extent that
> we would want to revert them; they've been gone from unstable since
> September 2005 wi
On Tue, Dec 19, 2006 at 10:10:29AM +0100, Andreas Barth wrote:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >7 X+ ++
> > These may or may not be a problem depending on whether the ABI has changed
> > between
* Aníbal Monsalve Salazar ([EMAIL PROTECTED]) [061219 10:40]:
> Should I prepare a 1.2.15 debian package with the shlibs and the
> png.h changes?
Please wait a few more moments, I think we also need to massively create
conflicts with sarge packages. I'm running a check currently.
Cheers,
Andi
--
* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >7 X+ ++
> >
> > These may or may not be a problem depending on whether the ABI has changed
> > between the ve
On Tue, Dec 19, 2006 at 10:16:11AM +0100, Andreas Barth wrote:
>* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
>>* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
>>>On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
2 X+
>>>
>>>These are the only two symbols tha
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> >1 X++
>
> There are an issue for shlibs only. (Assuming they're meant to be exported
> and shouldn't be suppressed to keep people from using them!)
This is png_set
* Andreas Barth ([EMAIL PROTECTED]) [061219 10:11]:
> * Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> > On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> > >2 X+
> >
> > These are the only two symbols that would potentially be a reason to prefer
> > .13 over .15.
* Steve Langasek ([EMAIL PROTECTED]) [061219 09:31]:
> On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> >7 X+ ++
>
> These may or may not be a problem depending on whether the ABI has changed
> between the versions exported in 1.2.8 and 1.2.13/15. We should probably
> lo
On Tue, Dec 19, 2006 at 08:57:12AM +0100, Andreas Barth wrote:
>* Steve Langasek ([EMAIL PROTECTED]) [061219 08:27]:
>>On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
>>>Just for the record. The libpng security issues were communicated
>>>to the security team twice on Nov 9
On Mon, Dec 18, 2006 at 04:39:49PM +0100, Andreas Barth wrote:
> * Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> > I'll update this as soon as we have more information (and I would also
> > like to check the symbol lists before an upload - I'm working on this
> > right now).
> Ok, more updat
* Steve Langasek ([EMAIL PROTECTED]) [061219 08:27]:
> On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
> > Just for the record. The libpng security issues were communicated
> > to the security team twice on Nov 9 and 15 2006. On Nov 15 2006
> > both vorlon and aba were made
On Sun, Dec 17, 2006 at 08:13:05AM +1100, Aníbal Monsalve Salazar wrote:
> Just for the record. The libpng security issues were communicated
> to the security team twice on Nov 9 and 15 2006. On Nov 15 2006
> both vorlon and aba were made aware of the security problems.
Well no, I'm not aware of t
* Nelson A. de Oliveira ([EMAIL PROTECTED]) [061218 19:27]:
> Do you have a better idea than statically linking against libpng?
We will need to work out what is best overall - whatever that is. We
will keep optipng's situation in mind on that, thanks for your mail.
Cheers,
Andi
--
http://home
Le lundi 18 décembre 2006 à 17:12 -0200, Nelson A. de Oliveira a écrit :
> Hi!
>
> On 12/18/06, Mike Hommey <[EMAIL PROTECTED]> wrote:
> > > Do you have a better idea than statically linking against libpng?
> >
> > Add png_get_uint_32 and png_save_uint_32 to optipng and link against
> > libpng 1.2
Hi!
On 12/18/06, Mike Hommey <[EMAIL PROTECTED]> wrote:
> Do you have a better idea than statically linking against libpng?
Add png_get_uint_32 and png_save_uint_32 to optipng and link against
libpng 1.2.8 ?
Actually they are present on libpng 1.2.8 (but they are exported only
if PNG_INTERNAL
On Mon, Dec 18, 2006 at 04:19:51PM -0200, Nelson A. de Oliveira <[EMAIL
PROTECTED]> wrote:
> Hi!
>
> It looks like that we will get libpng 1.2.8 back to Etch, right?
> But one of my packages (optipng) needs at least libpng 1.2.9 (it needs
> png_get_uint_32 and png_save_uint_32).
>
> When version
Hi!
It looks like that we will get libpng 1.2.8 back to Etch, right?
But one of my packages (optipng) needs at least libpng 1.2.9 (it needs
png_get_uint_32 and png_save_uint_32).
When version 1.2.8 gets uploaded, probably optipng will FTBFS and I will
upload a new version statically linked agains
Le lundi 18 décembre 2006 à 16:39 +0100, Andreas Barth a écrit :
> * Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> > I'll update this as soon as we have more information (and I would also
> > like to check the symbol lists before an upload - I'm working on this
> > right now).
>
> Ok, more u
* Andreas Barth ([EMAIL PROTECTED]) [061216 22:20]:
> I'll update this as soon as we have more information (and I would also
> like to check the symbol lists before an upload - I'm working on this
> right now).
Ok, more updates: The exported versions look way worse than I hoped. We
have (looking a
* Julien Cristau ([EMAIL PROTECTED]) [061216 21:45]:
> I've prepared a package based on 1.2.8rel-7, with a patch for
> CVE-2006-5793. No other security issues seem to be mentioned in the sid
> package's changelog, but let me know if I've missed something.
> Source package at
> http://liafa.jussieu.
Mike Hommey <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Sam Hocevar <[EMAIL PROTECTED]>
On Sat, Dec 16, 2006 at 09:45:05PM +0100, Julien Cristau wrote:
>On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote:
>>Anibal, do you want to upload the package, or should I NMU it?
I'll upload it. I'l
On Sat, Dec 16, 2006 at 14:57:19 +0100, Andreas Barth wrote:
> * Josselin Mouette ([EMAIL PROTECTED]) [061215 13:46]:
> > The only sane solution if you want to get quickly to a releaseable state
> > is to go back to the last 1.2.8 package and to backport security fixes.
> > I've also explained mor
* Josselin Mouette ([EMAIL PROTECTED]) [061215 13:46]:
> The only sane solution if you want to get quickly to a releaseable state
> is to go back to the last 1.2.8 package and to backport security fixes.
> I've also explained more long-term solutions for the libpng madness on
> my planet posting.
On Fri, Dec 15, 2006 at 10:23:11PM +0100, Mike Hommey wrote:
> On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL
> PROTECTED]> wrote:
> > Josselin Mouette wrote:
> > > The only sane solution if you want to get quickly to a releaseable state
> > > is to go back to the last 1.2.8
On Fri, Dec 15, 2006 at 07:01:20PM +0100, Moritz Muehlenhoff <[EMAIL
PROTECTED]> wrote:
> Josselin Mouette wrote:
> > The only sane solution if you want to get quickly to a releaseable state
> > is to go back to the last 1.2.8 package and to backport security fixes.
> > I've also explained more lo
Josselin Mouette wrote:
> The only sane solution if you want to get quickly to a releaseable state
> is to go back to the last 1.2.8 package and to backport security fixes.
> I've also explained more long-term solutions for the libpng madness on
> my planet posting.
I agree. Especially, as the sec
Le jeudi 14 décembre 2006 à 23:19 -0800, Steve Langasek a écrit :
> Unfortunately, 1.2.8 is not the version of libpng in testing today; 1.2.13
> is, and that version has *known* RC bugs.
>
> Moreover, there has now been a shlibs bump in this beta version (warranted
> or not, I don't know) that blo
On Tue, Dec 12, 2006 at 02:13:36PM +0100, Josselin Mouette wrote:
> As I'm no longer the maintainer, I don't have any say to what happens to
> this package, but my advice, based on my painful experience with libpng,
> would be to *not* unblock it now. Releasing with a beta version that
> hasn't be
Hi,
As I'm no longer the maintainer, I don't have any say to what happens to
this package, but my advice, based on my painful experience with libpng,
would be to *not* unblock it now. Releasing with a beta version that
hasn't been widely tested is a dead end. Even without the "beta" flag,
there ha
Hello RMs,
Please unblock libpng 1.2.15~beta5-0.
Upstream provided this beta version of libpng to fix RC bug #401044.
It also fixes two other RC bugs, #401423 and #401465.
Changes:
libpng (1.2.15~beta5-0) unstable; urgency=high
.
* New upstream release.
- Fixed asm API functions not
41 matches
Mail list logo
