Re: Help with a debdiff for tigervnc

Mon, 22 Jan 2024 07:04:37 -0800 

On Sun, 21 Jan 2024, Aaron Rainbolt wrote:


On 1/21/24 05:41, Andrew C Aitchison wrote:


Debian have fixed a security bug in tigervnc which is in universe,
so someone needs to generate a debdiff for the security team to
 review it and publish the package:
https://bugs.launchpad.net/ubuntu/+source/tigervnc/+bug/2048442

Debian have fixed this by building tigervnc 1.13.1 with xorg-server-source

= 2:21.1.10, but Ubuntu 23.10 has tigervnc 1.12.0+dfsg-8 and
xorg-server-source

2:21.1.7-3ubuntu2.6

On a good day I can build a .deb from source, but I am not familiar with
debdiffs and it is not clear to me that changing the upstream version
(either for mantic or noble) is a casual thing to do.

What is the next step to get this fix published ?



If all that's necessary is to rebuild tigervnc against a properly patched 
xorg-xserver-source, this shouldn't be too tricky. The versions of 
xorg-xserver with the patch fixed can be seen at 
https://ubuntu.com/security/notices/USN-5986-1. All that would then be 
necessary is to bump the dependency to require a version of 
xorg-xserver-source greater than or equal to the corresponding version in 
each stable release, and bump the dependency to require the newest available 
version of xorg-server-source or greater in the development release.



The tricky part here is following the whole Stable Release Updates process 
(https://wiki.ubuntu.com/StableReleaseUpdates), which takes at least a week 
(probably more like a week and a couple of days) and requires lot of effort 
and testing to make work. If you're interested in helping to fix this 
hands-on, I'd be happy to assist, but stable release updates are one of the 
harder parts of Ubuntu development. If you'd prefer, I'd also be happy to 
just take this bug and work on getting it fixed.


Could you take it please ? I don't have any Ubuntu developer rights.

What is the best way to watch or see what you have done ?

Thanks,

--
Andrew C. Aitchison                      Kendal, UK
                   and...@aitchison.me.uk
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss






















					Reply via email to