Bug#1051373: libglib2.0-0: 2.77.3-1 breaks Midnight Commander extension file

2023-09-06 Thread Philip Withnall 
See upstream report
https://gitlab.gnome.org/GNOME/glib/-/issues/3095#note_1839091, which
will be fixed upstream for 2.78.0, which is due to be released in the
next couple of days.

Philip

On Wed, 2023-09-06 at 22:49 +, Michael Gold wrote:
> Package: libglib2.0-0
> Version: 2.77.3-1
> Severity: important
> 
> Dear Maintainer,
> 
> After upgrading libglib2.0-0 from 2.77.2-1 to 2.77.3-1, I'm no longer
> able to open files by selecting them in Midnight Commander and
> pressing
> Enter.  A change in the behaviour of g_key_file_get_string() appears
> to
> be the cause.  For example, one section of the mc.ext.ini file
> contains:
> [pdf]
> Regex=\.(pdf|PDF|ps|djvu)$
> Open=pdf %f &
> 
> With the new package, a call to g_key_file_get_string() for the
> "Regex"
> value returns NULL.  If I pre-load the old library version, it
> returns
> the string, and mc executes the specified command if I press Enter
> with
> a PDF file selected.
> 
> The package version of "mc" is "3:4.8.29-2".
> 
> - Michael
> 
> 
> -- System Information:
> Debian Release: trixie/sid
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
> 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 6.4.0-4-amd64 (SMP w/32 CPU threads; PREEMPT)
> Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_CA:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages libglib2.0-0 depends on:
> ii  libc6 2.37-7
> ii  libffi8   3.4.4-1
> ii  libmount1 2.39.2-1
> ii  libpcre2-8-0  10.42-4
> ii  libselinux1   3.5-1
> ii  zlib1g    1:1.2.13.dfsg-3
> 
> Versions of packages libglib2.0-0 recommends:
> ii  libglib2.0-data   2.77.3-1
> ii  shared-mime-info  2.2-1
> ii  xdg-user-dirs 0.18-1
> 
> Versions of packages libglib2.0-0 suggests:
> pn  low-memory-monitor  
> 
> -- no debconf information

Bug#1028475: Backport recent GVariant security fixes to Stable

2023-01-16 Thread Philip Withnall 
On Sat, 2023-01-14 at 21:15 +0100, Salvatore Bonaccorso wrote:
> Hi Simon,
> 
> Thank you for adding looping in.
> 
> On Thu, Jan 12, 2023 at 10:10:35AM +, Simon McVittie wrote:
> > Control: tags -1 + security
> > 
> > On Wed, 11 Jan 2023 at 16:37:01 +, Philip Withnall wrote:
> > > Are there plans to backport the recent GVariant security fixes to
> > > Debian Stable?
> > > 
> > > These are:
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2782
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2121
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2540
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2794
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2797
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2840
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2841
> > > 
> > > In addition, these two issues have highly related fixes (which
> > > it’s
> > > probably easiest to backport in the same tranche), but they are
> > > not
> > > security issues:
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2612
> > >  - https://gitlab.gnome.org/GNOME/glib/-/issues/2839
> > > 
> > > Apologies if a decision has been deliberately taken to not
> > > backport
> > > them, I don’t fully understand the criteria for what gets
> > > backported.
> > 
> > There are actually two sets of criteria for what gets backported to
> > stable. If the Debian security team (Cc'd) thinks an issue is
> > sufficiently
> > serious to need a security advisory and an immediate release, then
> > they
> > prepare a security update, either doing the work themselves or
> > coordinating
> > with the package's maintainer for the actual code changes.
> > 
> > If the security team are not interested in an issue, but the
> > package's
> > maintainer thinks the issue needs a stable update, then the
> > package's
> > maintainer coordinates with the release team to get the change into
> > the
> > next stable point release, which happens once per 1-2 months.
> > 
> > I think these issues are all denial-of-service, which the security
> > team
> > usually treats as not sufficiently important for an advisory and an
> > off-schedule fix. Security team: do you agree, based on the
> > information
> > quoted below? If yes, we can treat this as a low-priority security
> > fix
> > (I would personally rate its severity at somewhere between
> > important
> > and minor) and fix it in a point release later.
> 
> I do agree, a point release update seems enough (if feasible, in
> backport size and confidence).

Makes sense to me. Thanks both for considering this.

Philip

Bug#1028475: Backport recent GVariant security fixes to Stable

2023-01-11 Thread Philip Withnall 
Package: glib2.0
Version: 2.66.8-1
Tags: security

Are there plans to backport the recent GVariant security fixes to
Debian Stable?

These are:
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2782
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2121
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2540
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2794
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2797
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2840
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2841

In addition, these two issues have highly related fixes (which it’s
probably easiest to backport in the same tranche), but they are not
security issues:
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2612
 - https://gitlab.gnome.org/GNOME/glib/-/issues/2839

Apologies if a decision has been deliberately taken to not backport
them, I don’t fully understand the criteria for what gets backported.

---

There are two sets of risks in these issues:

1. Denial of service caused by handling a malicious serialised variant
which is structured to cause allocations or looping superlinear to its
serialised size. Applications are at risk if they accept untrusted
serialised variants by checking them with g_variant_get_normal_form()
(or don’t check them). Applications which reject variants with
g_variant_is_normal_form() first are not vulnerable. In order to be
exploitable, the variant must have a dynamically typed component in it
(i.e. a `v` type somewhere). This is typically as part of an `a{sv}`.

2. Denial of service caused by handling a malicious text-form variant
which is structured to cause looping superlinear to its text size.
Applications are at risk if they parse untrusted text-form variants.

Scenario 2 is much less likely than scenario 1, as the GVariant text-
form parser is not documented as suitable for use on untrusted input.
Scenario 1 is likely because g_variant_get_normal_form() *is*
documented as being safe to use on untrusted input.

Issue #2840 documents a heap buffer overflow, but this vulnerability
was introduced as part of the fixes for the above two scenarious, so
GLib is only vulnerable to the overflow if an incomplete set of patches
are backported.

---

I have a set of backport commits for this for GLib 2.70.4, which we are
using in Endless OS. At a quick glance, these commits should also be
most of the work needed for backporting to 2.66.8 in Debian Stable. I
am happy to help out with this if that’s useful.

Philip

Bug#997824: evolution-data-server: Backport patches to switch from Google Contacts API to CalDAV to stable

2021-10-25 Thread Philip Withnall 
Package: evolution-data-server
Version: 3.38.3-1
Severity: important

Dear Maintainer,

Please consider backporting patches from Debian testing/unstable to stable to 
switch Evolution and EDS to use CalDAV for accessing Google Contacts. The 
current method of accessing it, the Google Contacts API, is deprecated and will 
effectively be turned off in December 2021. This will make all requests (from 
existing and new users) for calendar data fail.

The necessary patches are here:
 * https://salsa.debian.org/gnome-team/evolution/-/merge_requests/3
 * https://salsa.debian.org/gnome-team/evolution-data-server/-/merge_requests/5

I am reporting this via reportbug as there appear to be several existing MRs 
(for unrelated issues) in salsa.debian.org for Evolution and EDS which have 
gone unanswered, so I’m guessing the Evo/EDS package maintainers don’t check 
salsa.


-- System Information:
Distributor ID: Endless
Description:Endless 5.0.0
Release:5.0.0
Codename:   n/a
Architecture: x86_64

Kernel: Linux 5.11.0-35-generic (SMP w/1 CPU thread)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages evolution-data-server depends on:
ii  evolution-data-server-common  3.38.3-1
ii  gnome-keyring 3.36.0-1
ii  libc6 2.31-13+deb11u2
ii  libcamel-1.2-62   3.38.3-1
ii  libcanberra-gtk3-00.30-7
ii  libcanberra0  0.30-7
ii  libdb5.3  5.3.28+dfsg1-0.8
ii  libebackend-1.2-103.38.3-1
ii  libebook-1.2-20   3.38.3-1
ii  libebook-contacts-1.2-3   3.38.3-1
ii  libecal-2.0-1 3.38.3-1
ii  libedata-book-1.2-26  3.38.3-1
ii  libedata-cal-2.0-13.38.3-1
ii  libedataserver-1.2-25 3.38.3-1
ii  libedataserverui-1.2-23.38.3-1
ii  libgcr-base-3-1   3.38.1-2
ii  libgcr-ui-3-1 3.38.1-2
ii  libgdata220.17.13-3
ii  libglib2.0-0  2.66.8-1
ii  libgoa-1.0-0b 3.38.1-2endless1bem1
ii  libgtk-3-03.24.24-4
ii  libgweather-3-16  3.36.1-3
ii  libical3  3.0.9-2
ii  libldap-2.4-2 2.4.57+dfsg-3
ii  libpango-1.0-01.46.2-3
ii  libsecret-1-0 0.20.4-2
ii  libsoup2.4-1  2.72.0-2
ii  libxml2   2.9.10+dfsg-6.7

evolution-data-server recommends no packages.

Versions of packages evolution-data-server suggests:
ii  evolution  3.38.3-1

-- no debconf information

Bug#983026: libglib2.0-0: After update GDM3 does not longer start

2021-02-18 Thread Philip Withnall 
This is https://gitlab.gnome.org/GNOME/glib/-/issues/2332

On Thu, 2021-02-18 at 10:57 +0100, Michael Ott wrote:
> Package: libglib2.0-0
> Version: 2.67.4-1
> Severity: important
> 
> Dear Maintainer,
> 
> After update to 2.67.4 I cannot start GDM
> 
> Output in syslog:
> Feb 18 05:14:25 k-c13 gnome-shell[2055]: invalid (NULL) pointer
> instance
> Feb 18 05:14:25 k-c13 gnome-shell[2055]: g_signal_connect_data:
> assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed
> 
> with 2.67.3+git20210214-1 it works
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (710, 'unstable'), (670, 'testing'), (660,
> 'experimental'), (600, 'stable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386, armhf, arm64
> 
> Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
> Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_GB:en
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages libglib2.0-0 depends on:
> ii  libc6    2.31-9
> ii  libffi7  3.3-5
> ii  libmount1    2.36.1-7
> ii  libpcre3 2:8.39-13
> ii  libselinux1  3.1-3
> ii  zlib1g   1:1.2.11.dfsg-2
> 
> Versions of packages libglib2.0-0 recommends:
> ii  libglib2.0-data   2.67.3+git20210214-1
> ii  shared-mime-info  2.0-1
> ii  xdg-user-dirs 0.17-2
> 
> libglib2.0-0 suggests no packages.
> 
> -- no debconf information
>

Bug#944188: /etc/msmtprc password disclosure

2021-02-03 Thread Philip Withnall 
On Wed, 3 Feb 2021 12:26:23 + Simon McVittie 
wrote:
> For now, GLib upstream has partially reverted that change, weakening
the
> security hardening in order to fix the regression, and I'm going to
do
> the same in Debian. This should stop msmtp from regressing in terms
of
> which features work, but I cannot guarantee that it does not make
msmtp
> exploitable. If I find a concrete attack, I will report it privately
to
> the security team.

From an upstream GLib point of view, we’re setting a timeline on when
we’re going to revert the reversion and re-harden GLib against this.
It’s being tracked in
https://gitlab.gnome.org/GNOME/glib/-/issues/2316, and the reversion
will be done in the 2.69/2.70 cycle. 2.70 is due to be released around
September 2021.

Debian can keep its partial reversion in the distro-specific patches
for GLib indefinitely, but after 2.70 you will be diverging from
upstream in that respect.

Philip


signature.asc
Description: This is a digitally signed message part

Bug#962912: glib2.0: g_file_copy_attributes() chokes on binary xattr values

2020-07-08 Thread Philip Withnall 
On Tue, 2020-06-16 at 02:44 +0200, Sergio Gelato wrote:
> control: tags -1 + patch
> 
> * Philip Withnall [2020-06-15 23:25:18 +0200]:
> > https://gitlab.gnome.org/GNOME/glib/-/issues/422
> > 
> > Nobody has yet found time to work on it; merge requests are
> > welcome!
> 
> Here is a patch that works for me.

Upstreamed as https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1568

Bug#962912: glib2.0: g_file_copy_attributes() chokes on binary xattr values

2020-06-17 Thread Philip Withnall 
On Tue, 2020-06-16 at 02:44 +0200, Sergio Gelato wrote:
> control: tags -1 + patch
> 
> * Philip Withnall [2020-06-15 23:25:18 +0200]:
> > https://gitlab.gnome.org/GNOME/glib/-/issues/422
> > 
> > Nobody has yet found time to work on it; merge requests are
> > welcome!
> 
> Here is a patch that works for me.

Thanks. In order for it to go through the GLib CI, review process, and
be properly attributed to you, could you please create a merge request
for it upstream?

https://gitlab.gnome.org/GNOME/glib/-/merge_requests/new

Thanks,
Philip

Bug#962912: glib2.0: g_file_copy_attributes() chokes on binary xattr values

2020-06-15 Thread Philip Withnall 
On Mon, 2020-06-15 at 23:17 +0200, Sergio Gelato wrote:
> Package: libglib2.0-0
> Version: 2.58.3-2+deb10u2
> Severity: important
> 
> g_file_copy_attributes(), when invoked with G_FILE_COPY_ALL_METADATA
> on
> files in NFS, is prone to truncating the value of extended attribute
> system.nfs4_acl. Here is an excerpt from strace output, showing the
> getxattr() and setxattr() calls:

It’s this issue upstream:
https://gitlab.gnome.org/GNOME/glib/-/issues/422

Nobody has yet found time to work on it; merge requests are welcome!

Philip

Bug#934655: libglib2.0-0: provide environment variable to suppress or redirect logging

2019-08-14 Thread Philip Withnall 
On Tue, 2019-08-13 at 23:16 +, brian m. carlson wrote:
> On 2019-08-13 at 06:12:30, Philip Withnall wrote:
> > Hi,
> > 
> > I can’t speak for the Debian project, but as an upstream GLib
> > developer
> > I can say such an environment variable would not be welcome
> > upstream.
> > 
> > Hiding such warnings makes them less likely to be fixed. It’s a way
> > of
> > sweeping bugs under the carpet which I don’t want to encourage.
> > Each
> > warning emitted by GTK or GLib indicates a non-trivial bug in the
> > code
> > which is calling it, which should be fixed.
> 
> Unfortunately, it's often impossible to write code which works on
> multiple versions of GTK+ without warnings. I took a version of GVim
> which worked fine on Debian unstable with GTK+3 but produced copious
> warnings on CentOS 7. This makes it difficult for folks who would
> like
> to upgrade one single component on a system without rebuilding the
> entire GTK+ stack. In addition, an upgrade of GTK+ can cause
> previously
> working programs to produce errors where they did not before, causing
> problems for users.

I can believe that might be true in some cases, but I doubt it is
*often* the case. Regardless, I encourage you to ask specific questions
about the warnings you are encountering on https://discourse.gnome.org/
, and the GTK developers should be able to advise appropriately for
each case.

> In addition, Unix programs typically produce output to standard error
> to
> reflect a user-relevant error: something that the user has done wrong
> or
> that prevents the program from functioning in the way the user
> requested. These warnings are not user relevant: they reflect a
> developer error, not a problem that reflects a user-visible failure.
> From the user perspective, everything is functioning as intended, so
> output to standard error is not appropriate.
> 
> And finally, overwhelmingly, developers take a long time to fix
> warnings
> like this, if they get fixed at all. Perhaps they don't see the use
> case
> of running graphical programs like PDF viewers from the command line.
> More likely, they are overwhelmed with other issues and consider this
> low priority.
> 
> I appreciate that these reflect a defect in the program that should
> be
> fixed, but it isn't fair to force users to either fix these defects
> for
> themselves or deal with terminal junk. As a Git developer, I can tell
> you people would be extremely unhappy if libpcre or libcurl produced
> errors on their terminals when they ran Git, even if those were bugs
> in
> Git itself. I'm not sure why GLib should be different in this regard.

Sorry, I think you’re conflating two different types of programs here.
Command line applications like git have very different output
requirements on stderr/stdout from graphical programs. Command line
programs don’t normally use GTK, so shouldn’t see any of the warnings
you mention above. I would be very surprised if command line programs
using GLib (not GTK) emitted different warnings with different versions
of GLib. If they do, can you please provide me with concrete examples
and I can advise you about how to eliminate them.

GTK and GLib are separate libraries.

> Ultimately, I think it's most appropriate to let users decide for
> themselves if they would like to see non-user-visible issues on their
> terminal. I'm not even asking for this to be the default, just an
> option
> users can turn on.

If it’s not on by default, almost all users will never find out about
it. If your argument is that seeing the warnings is only useful for
developers, then such an option should be on by default and developers
would have to explicitly turn it off.

In every situation where I’ve seen warnings (compile time, or run time)
hidden from developers, those warnings have very rarely been fixed.
Making them visible has increased the number of warnings which have
been fixed.

Filing bugs against applications, which point out specific warnings
which need fixing is, I feel, a much better use of people’s time than
inventing new and innovative ways to hide those warnings.

Philip

Bug#934655: libglib2.0-0: provide environment variable to suppress or redirect logging

2019-08-12 Thread Philip Withnall 
Hi,

I can’t speak for the Debian project, but as an upstream GLib developer
I can say such an environment variable would not be welcome upstream.

Hiding such warnings makes them less likely to be fixed. It’s a way of
sweeping bugs under the carpet which I don’t want to encourage. Each
warning emitted by GTK or GLib indicates a non-trivial bug in the code
which is calling it, which should be fixed.

Philip

On Mon, 2019-08-12 at 23:31 +, brian m. carlson wrote:
> Package: libglib2.0-0
> Version: 2.60.6-1
> Severity: normal
> 
> Currently, GLib and various other GTK+-related software provide
> logging,
> which goes to stdout or stderr. Much of this logging is developer
> focused and basically warns developers that they are doing
> questionable
> things that one or another toolkit is unhappy with.
> 
> While this is great for debugging and developer visibility, it's not
> great for end users who invoke GTK+-based programs from the terminal,
> where the messages obscure previous output, sometimes scrolling the
> screen significantly. In the past, GVim has been bitten by this
> prominently, but various other software, including atril (a PDF
> viewer)
> and other tools commonly run from the command line, have fallen
> victim
> to it as well. The most inconvenient part for users is that upgrading
> one of the shared libraries a piece of software uses can cause it to
> emit many more warnings than before, with little recourse.
> 
> Asking individual packages to fix these issues is not effective,
> because, as is the nature with open source, developers lack the time
> to
> effectively fix all issues, and these issues are seen as purely
> cosmetic. I've asked several packages to do so, and the turnaround
> time
> for fixing these issues is usually measured in years, if they are
> fixed
> at all.
> 
> GLib should learn an environment variable to either suppress non-
> fatal
> messages (i.e., those that do not cause the program to abort) or
> redirect them to a file (e.g., /dev/null). Even if upstream does not
> want this feature, Debian should provide it.
> 
> This is a common issue with multiple questions online, and would
> provide
> a large amount of value to users.
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable-debug
>   APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500,
> 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1,
> 'experimental')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages libglib2.0-0 depends on:
> ii  libc62.28-10
> ii  libffi6  3.2.1-9
> ii  libmount12.34-0.1
> ii  libpcre3 2:8.39-12+b1
> ii  libselinux1  2.9-2+b2
> ii  zlib1g   1:1.2.11.dfsg-1+b1
> 
> Versions of packages libglib2.0-0 recommends:
> ii  libglib2.0-data   2.60.6-1
> ii  shared-mime-info  1.10-1
> ii  xdg-user-dirs 0.17-2
> 
> libglib2.0-0 suggests no packages.
> 
> -- no debconf information
>

Bug#924344: glib2.0: CVE-2019-9633

2019-04-03 Thread Philip Withnall 
On Wed, 2019-04-03 at 13:00 +0100, Simon McVittie wrote:
> On Fri, 29 Mar 2019 at 20:13:17 +0100, Moritz Mühlenhoff wrote:
> > On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso
> > wrote:
> > > Version: 2.58.3-1
> 
> Do we know for sure that 2.58.x is vulnerable? I've tried the
> reproducer
> from the upstream bug and didn't see criticals or a crash.
> 
> > > Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649
> 
> This bug says "Another likely regression from Happy Eyeballs". GLib's
> implementation of RFC 8305 "Happy Eyeballs" is a new feature (or new
> optimization, depending how you look at it) in 2.59.x/2.60.x.

Yeah, this bug should be present in 2.59.x where (x < 2). It was fixed
by commit d553d92d6e9f53cbe5a34166fcb919ba652c6a8e, which is present in
2.59.2 onwards. The bug was not present in 2.58.x.

I’ve left a comment about it here:
https://gitlab.gnome.org/GNOME/glib/issues/1649#note_481826

Philip


signature.asc
Description: This is a digitally signed message part

Bug#908705: g_icon_to_string output includes some garbage prefix

2018-09-12 Thread Philip Withnall 
On Wed, 2018-09-12 at 22:32 +0200, Eduard Bloch wrote:
> Package: libglib2.0-0
> Version: 2.58.0-3
> Severity: important
> 
> Hi,
> 
> one of the last releases in the last couple of weeks has broken the
> g_icon_to_string function. Previously, it did exactly what
> https://developer.gnome.org/gio/stable/GIcon.html#g-icon-to-string
> said
> and returned a proper short name or absolute path.
> 
> Now, it returns some nonsense, after this pattern:
> . GThemedIcon mpv mpv-symbolic
> 
> That's crap. For the example above,
> /usr/share/applications/mpv.desktop
> contains:
> Icon=mpv
> 
> And mpv is what I expect (following documentation)
> 
> Repro:
> 
> Run icewm-menu-fdo (from icewm-common package) and see a lot of those
> strings there except of the plain icon name.

See https://gitlab.gnome.org/GNOME/glib/issues/1513.

Philip

signature.asc
Description: This is a digitally signed message part

Bug#901887: build-depend should not list xtem

2018-06-19 Thread Philip Withnall 
On Tue, 2018-06-19 at 16:20 -0400, Phillip Susi wrote:
> Package: glib2.0
> Version: 2.56.1-2
> 
> I noticed while trying to build glib that it claims to build-depend
> on
> xterm, which is insane; no package should require xterm to build.  I
> forced it to build anyway without xterm installed, and it built fine,
> so
> this dependency should be removed.

I suspect it was needed from before the following two upstream bugs
were fixed, and is now safe to remove:

https://bugzilla.gnome.org/show_bug.cgi?id=786580
https://bugzilla.gnome.org/show_bug.cgi?id=790914

Philip

signature.asc
Description: This is a digitally signed message part