[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#964588: stretch-pu: package fwupd/0.7.4-2

On Thu, Jul 09, 2020 at 11:03:22AM +0100, Adam Barratt wrote:
>Hi Steve,
>
>On Thu, 2020-07-09 at 10:20 +0100, Steve McIntyre wrote:
>> We'd like to push an update into the last stretch point release for
>> fwupd. The last version in stretch (0.7.4-2) is now considered so old
>> that it's (a) not really functional any more, and (b) no longer
>> supported by upstream. There are also security worries
>> (CVE-2020-10759) with this version. We've discussed this with the
>> security team (in CC) and they're keen to see this addressed, but
>> maybe via the PU process before it hits LTS.
>> 
>> To fix all this, we'd like to switch to a supported stable release
>> branch as supported by upstream (0.8.x); Mario, the primary
>> maintainer in Debian, is also part of the upstream development team
>> and has been working to maintain that. Apparently Ubuntu and other
>> distros have switched to this already.
>
>ACK.
>
>> This *does* mean that the debdiff is *way* too large to fit in mail,
>> sorry. :-( I've put a copy up at
>> 
>>  https://www.einval.com/~steve/debian/fwupd_0.8.3-1_amd64.debdiff.gz
>> 
>> for reference.
>
>Could we have a binary debdiff, please? That's potentially more
>interesting to look at right now, particularly with the packaging
>changes.

Sure, no worries. That's much smaller, so attached here.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I've only once written 'SQL is my bitch' in a comment. But that code 
 is in use on a military site..." -- Simon Booth

debdiff --from /scratch/mirror/debian/pool/main/f/fwupd/*0.7.4-2*amd64*deb --to *0.8.3-1*amd64*.deb
[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files in second set of .debs but not in first
---------------------------------------------
-rw-r--r--  root/root   /etc/pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata
-rw-r--r--  root/root   /etc/pki/fwupd/GPG-KEY-Linux-Foundation-Firmware
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_altos.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_colorhug.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_dell.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_dfu.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_ebitdo.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_raspberrypi.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_steelseries.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_synapticsmst.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_test.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_udev.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_uefi.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_unifying.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_upower.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-2/libfu_plugin_usb.so
-rw-r--r--  root/root   /usr/share/locale/hi/LC_MESSAGES/fwupd.mo
-rw-r--r--  root/root   /usr/share/locale/nl/LC_MESSAGES/fwupd.mo
-rw-r--r--  root/root   /usr/share/locale/tr/LC_MESSAGES/fwupd.mo

Files in first set of .debs but not in second
---------------------------------------------
-rw-r--r--  root/root   /usr/include/ebitdo.h
-rw-r--r--  root/root   /usr/include/libebitdo/ebitdo-device.h
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-1/libfu_plugin_steelseries.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/fwupd-plugins-1/libfu_plugin_test.so
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/libebitdo.so.1.0.1
-rw-r--r--  root/root   /usr/lib/x86_64-linux-gnu/pkgconfig/ebitdo.pc
-rw-r--r--  root/root   /usr/share/doc/libebitdo-dev/changelog.Debian.gz
-rw-r--r--  root/root   /usr/share/doc/libebitdo-dev/copyright
-rw-r--r--  root/root   /usr/share/doc/libebitdo1/changelog.Debian.gz
-rw-r--r--  root/root   /usr/share/doc/libebitdo1/copyright
-rw-r--r--  root/root   /usr/share/locale/hi_IN/LC_MESSAGES/fwupd.mo
-rw-r--r--  root/root   /usr/share/locale/nl_NL/LC_MESSAGES/fwupd.mo
-rw-r--r--  root/root   /usr/share/locale/tr_TR/LC_MESSAGES/fwupd.mo
lrwxrwxrwx  root/root   /usr/lib/x86_64-linux-gnu/libebitdo.so -> libebitdo.so.1.0.1
lrwxrwxrwx  root/root   /usr/lib/x86_64-linux-gnu/libebitdo.so.1 -> libebitdo.so.1.0.1

Control files of package fwupd: lines which differ (wdiff format)
-----------------------------------------------------------------
Depends: libappstream-glib8 (>= [-0.6.1),-] {+0.6.7),+} libarchive13 (>= [-3.0.4),-] {+3.0),+} libassuan0 (>= 2.0.1), libc6 (>= [-2.4),-] {+2.17),+} libcolord2 (>= 0.1.29), libcolorhug2 (>= 1.2.12), libdfu1 (>= [-0.7.3), libebitdo1 (>= 0.7.3),-] {+0.8.3),+} libefivar1 (>= 30), libelf1 (>= 0.131), libfwup1, libfwupd1 (>= [-0.7.3),-] {+0.8.3),+} libgcab-1.0-0 (>= 0.4), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.45.8), libgpg-error0 (>= 1.14), libgpgme11 (>= 1.2.0), libgudev-1.0-0 (>= 146), libgusb2 (>= 0.2.9), libpolkit-gobject-1-0 (>= 0.99), libsmbios2, libsoup2.4-1 (>= 2.41.90), libsqlite3-0 (>= 3.5.9), libusb-1.0-0 (>= 2:1.0.8)
Installed-Size: [-598-] {+808+}
Version: [-0.7.4-2-] {+0.8.3-1+}

Control files of package gir1.2-fwupd-1.0: lines which differ (wdiff format)
----------------------------------------------------------------------------
Depends: gir1.2-glib-2.0, libfwupd1 (>= [-0.7.3),-] {+0.8.3),+} libgirepository-1.0-1 (>= 1.41.4-1)
Installed-Size: [-39-] {+40+}
Version: [-0.7.4-2-] {+0.8.3-1+}

Control files of package libdfu-dev: lines which differ (wdiff format)
----------------------------------------------------------------------
Depends: libdfu1 (= [-0.7.4-2)-] {+0.8.3-1)+}
Installed-Size: [-231-] {+240+}
Version: [-0.7.4-2-] {+0.8.3-1+}

Control files of package libdfu1: lines which differ (wdiff format)
-------------------------------------------------------------------
Depends: gir1.2-appstreamglib-1.0, gir1.2-glib-2.0, gir1.2-gusb-1.0, {+libelf1 (>= 0.142),+} libgirepository-1.0-1 (>= 1.41.4-1), libappstream-glib8 (>= 0.5.4), libc6 (>= 2.14), [-libelf1 (>= 0.142),-] libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.45.8), libgusb2 (>= 0.2.8), libusb-1.0-0 (>= 2:1.0.8)
Installed-Size: [-161-] {+164+}
Version: [-0.7.4-2-] {+0.8.3-1+}

Control files of package libfwupd-dev: lines which differ (wdiff format)
------------------------------------------------------------------------
Depends: libfwupd1 (= [-0.7.4-2),-] {+0.8.3-1),+} gir1.2-fwupd-1.0 (= [-0.7.4-2)-] {+0.8.3-1)+}
Installed-Size: [-159-] {+163+}
Version: [-0.7.4-2-] {+0.8.3-1+}

Control files of package libfwupd1: lines which differ (wdiff format)
---------------------------------------------------------------------
Installed-Size: [-99-] {+102+}
Version: [-0.7.4-2-] {+0.8.3-1+}
Reply to: