On Wed, Dec 09, 2009 at 10:46:00AM -0500, Michael Gilbert wrote:
> On Wed, 9 Dec 2009 10:21:04 -0500, Michael Gilbert wrote:
> > On Wed, 9 Dec 2009 08:50:38 +0100, Kurt Roeckx wrote:
> > > On Tue, Dec 08, 2009 at 11:42:59PM -0500, Michael Gilbert wrote:
> > > > Hi all,
> > > >
> > > > I have packaged the new version of libtool for unstable. This fixes
> > > > CVE-2009-3736. I am looking for a sponsor for the upload.
> > >
> > > Please do not upload this.
> >
> > I don't have upload rights since I'm not a DD. I was just trying to
> > help get things going.
It's mostly a message to people who would consider sponsoring it.
> Is there a transition going on that this would negatively impact? Would
> it be better to patch 2.2.6a? If so, the patch is fairly
> straightforward, and I can do that relatively quickly. Just let me
> know if you would like me to work on that.
I didn't have time this morning to send a proper reply.
I've been trying to upload a new version of libtool for some weeks
now. I have a whole bunch of changes ready. But there is a
regression test failure, which seems to be caused by a change in
gcj (#555801). That has stopped me from uploading a new version
so far.
Note that 2.2.6a-4 disabled failing to build in case of regression
failures. I've skipped the test suite errors that were broken at
the time of that upload, but 2 new regression tests failured
showed up in the mean time, and upstream now skips the other.
I think I'm going to upload a version that build-conflicts with
gcj for now.
Anyway, I think the following changes should never be part
of the NMU:
* Update to standards version 3.8.3.
* Update to debhelper 5.
This is also just wrong:
+Depends: install-info
It should be "dpkg (>= 1.15.4) | install-info", and you would
have gotten that if you used "Depends: ${misc:Depends}"
instead.
Anyway, there is a patch for libtool 1.5 available too. If you
want you can upload that to stable/oldstable security.
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
