Jay Berkenbilt <[email protected]> wrote: > Grant McLean <[email protected]> wrote: > >> On Sun, 2011-06-19 at 20:45 -0400, Jay Berkenbilt wrote: >>> Do you know whether the problem occurred after the most recent security >>> update? There was a security fix to some of the code that affects G4. >> >> I'm almost certain the problem is related to the security release. >> >> We have automated regression testing which was working up until June >> 10th. On June 11th our logs show a dist-upgrade updated libtiff4 to >> libtiff4_3.9.4-5+squeeze2_amd64.deb and the tests have been failing ever >> since. > > Do you know whether the problem was present in squeeze1? Did you go > straight from 3.9.4-5 to 3.9.4-5+squeeze2, or did you run squeeze1 in > the interim? squeeze1 contained the change to Fax4Decode, so I'm > guessing it must be there. Anyway, I'll rebuild intermediate versions > and test. I'm sorry this is taking some time. Real life sometimes > takes precedence over debian work, of course, but I try to stay on top > of more serious problems. I don't think the security issues that were > fixed are super-critical or have easily usable exploits, so downgrading > is a workaround, as I'm sure you know. I'm trying to squeeze this in a > little at a time.
Looking at this a little closer, I see there's a fix to the problematic file that was committed to upstream CVS that made it into 3.9.5 but not into 3.9.4-5+squeeze2. Both changes are to the same block of code. I probably got a fix too soon. I'll see if that's the culprit, and if it is, I'll upload a fix. I have to coordinate with security. That's all for now...I'll send additional messages when I have something to report. -- Jay Berkenbilt <[email protected]> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

