Re: gpac_0.7.1+dfsg1-1_amd64.changes is NEW
On Tue, Apr 02, 2019 at 10:40:44PM -0400, Reinhard Tartler wrote:
> Ah, that's great news. I didn't realize that Moritz backported the
> security fixes to an earlier upstream version. I managed to locate the
> git commits but wasn't comfortable with backporting them to version 0.5.2,
> not all of them applied cleanly and I lacked the confidence to resolve
> the conflicts.
>
> Thanks Moritz for taking care of this!
Yeah, I sent a mail to debian-multimedia@ldo about this, but seems to have
fallen through the cracks:
https://lists.debian.org/debian-multimedia/2019/03/msg00081.html
BTW, I also prepared an MR on salsa for the remaining open security issues
in src:audiofile, it would be great if anyone in the debian multimedia
team could merge and upload:
https://salsa.debian.org/multimedia-team/audiofile/merge_requests/1
> > As for gpac/0.7.1+dfsg1-1, I cannot find a debdiff for it on the mailing
> > list nor the BTS. Therefore, I have no clue whether it is suitable for
> > buster.
>
> The debdiff is unreasonably large (several MiB), there are a *lot* of
> unrelated upstream changes included.
>
> I'll spare you to review it.
>
> Given we do have those RC bugs fixed with more targeted patches, I
> no longer see the urgency to get 0.7.1 into unstable. Would you agree
> with having 0.7.1 in experimental instead? If so, I'd upload it as
> 0.7.1-2 to experimental.
experimental should be fine, as it's totally to the freeze process.
Cheers,
Moritz
Reply to: