Re: Preparation of the next stable Debian GNU/Linux update (I)
Hi Kevin,
On Fri, Aug 25, 2006 at 09:59:53AM -0700, Kevin B. McCarty <kmccarty@Princeton.EDU> wrote:
> Martin Zobel-Helas wrote:
> >
> > mozilla-thunderbird-dev stable 1.0.2-2.sarge1.0.7 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-dev updates 1.0.2-2.sarge1.0.8a alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-inspector stable 1.0.2-2.sarge1.0.7 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-inspector updates 1.0.2-2.sarge1.0.8a alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-offline stable 1.0.2-2.sarge1.0.7 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-offline updates 1.0.2-2.sarge1.0.8a alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-typeaheadfind stable 1.0.2-2.sarge1.0.7 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird-typeaheadfind updates 1.0.2-2.sarge1.0.8a alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc
> > mozilla-thunderbird stable 1.0.2-2.sarge1.0.7 alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> > mozilla-thunderbird updates 1.0.2-2.sarge1.0.8a alpha arm hppa i386 ia64 m68k mips mipsel powerpc s390 sparc source
> >
> > DSA 1051 mozilla-thunderbird - several vulnerabilities
>
> First of all, the above should also mention DSA 1134.
Yeah that is fixed. There where several DSAs missing, i found that while
digging for DSA 1134. My fault.
> Second, is it planned to include the next round of security updates to
> the Mozilla family by Alexander Sack? (cf. [0] [1]) For some reason
> these don't seem to have gone into security.d.o yet and it would be very
> nice to ship mozilla* packages that are up-to-date with security fixes.
Not for r3 anymore. I know that these packages are in preparation, but i
would like to publish r3 rather soon, and we usually let DSA packages wait
about one week in p-u-new before adding them to proposed-updates. This
way, we can catch up with debian-security or the BTS if a DSA is
seriously broken (like mozilla-thunderbird on i386 or libfreetype6).
Okay, that did not work this time, but mainly also my fault...
> Third, please note that even if those updates don't get into Sarge r3,
> the existing mozilla-thunderbird security update needs a bin-NMU on i386
> [2].
I have prepared a binNMU on i386 for mozilla-thunderbird, availible on
http://people.debian.org/~zobel/packages/3.1r3/
Could you please check, if these packages work for you?
The debdiff for the package is the following:
zobel@solar:~$ debdiff mozilla-thunderbird_1.0.2-2.sarge1.0.8a_i386.deb /org/solar.home.ftbfs.de/chroots/sarge/tmp/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.1_i386.deb
[The following lists of changes regard files as different if they have different names, permissions or owners.]
Files in first .deb but not in second
-------------------------------------
-rw-r--r-- root/root
/usr/lib/mozilla-thunderbird/components/libmozgnome.so
Control files: lines which differ (wdiff format)
------------------------------------------------
Version: [-1.0.2-2.sarge1.0.8a-] {+1.0.2-2.sarge1.0.8a.1+}
Depends: bash, libatk1.0-0 (>= 1.7.2), [-libbonobo2-0 (>= 2.8.0),-] libc6 (>= 2.3.2.ds1-21), libfontconfig1 (>= 2.3.0), libfreetype6 (>= 2.1.5-1), libgcc1 (>= 1:3.4.1-3), [-libgconf2-4 (>= 2.8.1),-] libglib2.0-0 (>= 2.6.0), [-libgnome2-0 (>= 2.8.0), libgnomevfs2-0 (>= 2.8.3-7),-] libgtk2.0-0 (>= 2.6.0), libjpeg62, [-liborbit2 (>= 1:2.10.0),-] libpango1.0-0 (>= 1.8.1), libpng12-0 (>= 1.2.8rel), [-libpopt0 (>= 1.7),-] libstdc++5 (>= 1:3.3.4-1), libx11-6 | xlibs (>> 4.1.0), libxext6 | xlibs (>> 4.1.0), libxft2 (>> 2.1.1), libxp6 | xlibs (>> 4.1.0), libxrender1, libxt6 | xlibs (>> 4.1.0), zlib1g (>= 1:1.2.1)
Installed-Size: [-33011-] {+33016+}
Greetings
Martin
Reply to: