Your message dated Sun, 15 Jun 2008 16:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482710: fixed in libtk-img 1:1.3-release-7
has caused the Debian Bug report #482710,
regarding libtk-img: FTBFS when converted to new source format 3.0 (quilt)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
482710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482710
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libtk-img
Version: 1:1.3-release-6
Severity: minor
Usertags: 3.0-quilt-by-default
To prepare a possible switch to the new source package format "3.0
(quilt)" [1], I converted all source packages and rebuilt the packages
afterwards to see what breaks, and libtk-img does break. To reproduce the
problem you can do this:
$ apt-get source libtk-img
$ sed -i -e '/^Source:/ aFormat: 3.0 (quilt)'
libtk-img-1.3-release/debian/control
$ dpkg-source -b libtk-img-1.3-release
$ dpkg-source -x libtk-img_1.3-release-6.dsc
$ cd libtk-img-1.3-release && debuild -us -uc
In this process, if the .diff.gz contains changes to upstream files,
dpkg-source will have created a corresponding patch in
debian/patches/debian-changes-1:1.3-release-6 and will have registered that
patch in a quilt series (debian/patches/series, it is created if needed).
All the patches listed in the "series" file are applied directly during
the extraction (dpkg-source -x). quilt itself is used if available (and
will thus lead to the creation of the .pc directory), otherwise
dpkg-source applies the patches by itself. For more information about the
new source package format see the manual page dpkg-source(1).
In the case of libtk-img, it already uses quilt but the package
fails to build because "quilt push -a" fails when the patch
are already applied (by dpkg-source -x). You should really
uses patch/unpatch rules like those in /usr/share/quilt/quilt.make (you
can directly use those by using "include /usr/share/quilt/quilt.make" in
your debian/rules file). The call to quilt is protected like this "quilt
push -a || test $? = 2" because 2 is the error code returned by quilt when
it has nothing to do.
Cheers,
[1] http://lists.debian.org/debian-devel-announce/2008/04/msg00004.html
--
Raphael Hertzog
--- End Message ---
--- Begin Message ---
Source: libtk-img
Source-Version: 1:1.3-release-7
We believe that the bug you reported is fixed in the latest version of
libtk-img, which is due to be installed in the Debian FTP archive:
libtk-img-dev_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img-dev_1.3-release-7_i386.deb
libtk-img-doc_1.3-release-7_all.deb
to pool/main/libt/libtk-img/libtk-img-doc_1.3-release-7_all.deb
libtk-img_1.3-release-7.diff.gz
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.diff.gz
libtk-img_1.3-release-7.dsc
to pool/main/libt/libtk-img/libtk-img_1.3-release-7.dsc
libtk-img_1.3-release-7_i386.deb
to pool/main/libt/libtk-img/libtk-img_1.3-release-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sergei Golovan <[EMAIL PROTECTED]> (supplier of updated libtk-img package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 15 Jun 2008 19:47:36 +0400
Source: libtk-img
Binary: libtk-img libtk-img-dev libtk-img-doc
Architecture: source all i386
Version: 1:1.3-release-7
Distribution: unstable
Urgency: high
Maintainer: Sergei Golovan <[EMAIL PROTECTED]>
Changed-By: Sergei Golovan <[EMAIL PROTECTED]>
Description:
libtk-img - Extended image format support for Tcl/Tk (runtime)
libtk-img-dev - Extended image format support for Tcl/Tk (development files)
libtk-img-doc - Extended image format support for Tcl/Tk (manual pages)
Closes: 482710 485785
Changes:
libtk-img (1:1.3-release-7) unstable; urgency=high
.
* Fixed CVE-2008-0553 vulnerability (Stack-based buffer overflow in the
ReadImage function in tkImgGIF.c allows remote attackers to execute
arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.)
Thanks Nico Golde for the patch. Closes: #485785.
* Set urgency to high as this upload fixes a security vulnerability.
* Protected quilt invocation in debian/rules to make it possible to convert
bwidget source package to 3.0 (quilt) format (closes: #482710).
* Bumped standards version to 3.8.0.
Files:
11e571379a64af8433324d435ff6bf34 1179 libs optional libtk-img_1.3-release-7.dsc
72b83f53330a3c234ad6403059560d41 30469 libs optional
libtk-img_1.3-release-7.diff.gz
5492eccd415fc26c4ad24437fdee7191 89068 doc optional
libtk-img-doc_1.3-release-7_all.deb
78d006d00c0aa7687bf01fc1c6c2490f 119812 libs optional
libtk-img_1.3-release-7_i386.deb
91a5f7eea9264d0ef2ed42e6d9308b9b 59644 libdevel optional
libtk-img-dev_1.3-release-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIVUIgIcdH02pGEFIRAobxAJoD8TxrBOOUV3NyGmfpidOnbKpnDwCePDxF
PWMFz5MKN9XxwYgdo04vanU=
=F339
-----END PGP SIGNATURE-----
--- End Message ---
