[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#773834: Preparing a release for stable and lts

On Mon, 18 May 2015, Vincent Fourmond wrote:
>   Attached is a diff from squeeze5 to the proposed squeeze6. It builds
> fine now (including upstream test suite), but at the moment, I am
> unable to check whether the security bugs supposedly fixed in the
> release are fixed, if only because there are no publicly available
> badly form input that would trigger the bug. I'll try to see what I
> can do about that.

It's not such a big deal if there are no files to trigger the various bugs.
It's obviously better to be able to ensure that the issues are fixed, but
what's even more important is to ensure that the tools still work as
expected.

Given the test suite and some basic testing, I suggest that you go ahead
and upload the package (and release the DLA).

>   You'll find that some of the patches currently in LTS have been
> renamed and slightly tweaked, but nothing has changed besides patch
> name and meta-data:

A small detail I noticed:

> --- imagemagick-6.6.0.4/debian/patches/0001-Description-Do-not-read-configure-files-in-the-curre.patch	2014-04-04 17:02:24.000000000 +0200
> +++ imagemagick-6.6.0.4/debian/patches/0001-Description-Do-not-read-configure-files-in-the-curre.patch	2015-05-16 02:00:33.000000000 +0200
> @@ -2,15 +2,13 @@
>  From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
>  Date: Wed, 25 Apr 2012 14:47:16 +0200
>  Subject: [PATCH] Description: Do not read configure files in the current
> - directory for  the "installed" version of ImageMagick. 
> - Patch pulled from upstream svn 
> - https://www.imagemagick.org/subversion/ImageMagick/trunk 
> - revision 3022. Author: Cristy  <quetzlzacatenango@image...>
> - Bug-Debian: http://bugs.debian.org/601824 Origin: upstream
> - Last-Update: 2010-11-06
> + directory for  the "installed" version of ImageMagick.  Patch pulled from
> + upstream svn  https://www.imagemagick.org/subversion/ImageMagick/trunk 
> + revision 3022. Author: Cristy  <quetzlzacatenango@image...> Bug-Debian:
> + http://bugs.debian.org/601824 Origin: upstream Last-Update: 2010-11-06

The DEP-3 meta-data is just scrambled here...

otherwise the rest looked good.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: