package gnash tags 451348 + patch thanks (I'm a new maintainer doing RC bug squashing; Michael Koch, Cc'd, is my AM.)
I attach a proposed NMU interdiff for this bug, and for a FTBFS with recent
dpkg-shlibdeps which I discovered while fixing it. I haven't built the
patched packages cleanly yet - I've built and tested them successfully
using incremental builds with -nc, but I'm still waiting for a clean build
to finish - so it's possible that my patch isn't quite right, but it should
at least be close.
(Warning to potential sponsors: I recommend building gnash on a fast machine!
sbuild on my laptop is taking a while...)
Regards,
Simon
diff -u gnash-0.8.1~rc.070818/debian/changelog gnash-0.8.1~rc.070818/debian/changelog
--- gnash-0.8.1~rc.070818/debian/changelog
+++ gnash-0.8.1~rc.070818/debian/changelog
@@ -1,3 +1,17 @@
+gnash (0.8.1~rc.070818-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Add debian/shlibs.local so gnash-tools, gnash-cygnal automatically pick
+ up a dependency on gnash-common (= ${binary:Version}) due to use of
+ the private shared libraries (Closes: #451348); remove resulting duplicate
+ dependency from gnash, klash
+ * Set LD_LIBRARY_PATH while running dpkg-shlibdeps; this and the above
+ fix an unreported FTBFS with new dpkg-shlibdeps versions
+ * Amend changelog for version 0.7.2+cvs20070518.1557-1 to include missing
+ CVE ID CVE-2007-2500 for future reference
+
+ -- Simon McVittie <[EMAIL PROTECTED]> Tue, 11 Dec 2007 01:45:07 +0000
+
gnash (0.8.1~rc.070818-2) unstable; urgency=low
Upload prepared by by Cyril Brulebois to fix RC bugs:
@@ -182,7 +196,8 @@
* Depending on libcurl?-gnutls-dev instead of libcurl?-openssl-dev for
not depending on OpenSSL (incompatible with GPL license). Closes: #423884
* Closes: #423433 , memory corruption vulnerability in gnash, due to a out
- of bounds memory access ( http://savannah.gnu.org/bugs/?19774 )
+ of bounds memory access ( http://savannah.gnu.org/bugs/?19774,
+ CVE-2007-2500 )
* gstreamer0.10-audiosink is a virtual package, modifying control.
* Updated dependencies to use libcurl4 instead of libcurl3.
* Depending on swfmill for check (as well as from ming and mtasc)
diff -u gnash-0.8.1~rc.070818/debian/control gnash-0.8.1~rc.070818/debian/control
--- gnash-0.8.1~rc.070818/debian/control
+++ gnash-0.8.1~rc.070818/debian/control
@@ -32,7 +32,7 @@
Package: gnash
Section: utils
Architecture: any
-Depends: gnash-common (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: free Flash movie player
Gnash is a free Flash movie player, which works either standalone, or as
plugin for Firefox/Mozilla or Konqueror. Currently it is in a alpha state.
@@ -55,7 +55,7 @@
Package: klash
Section: utils
Architecture: any
-Depends: gnash-common (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: free Flash movie player - standalone player for KDE
Gnash is a free Flash movie player, which works either standalone, or as
plugin for Firefox/Mozilla or Konqueror. Currently it is in a alpha state.
diff -u gnash-0.8.1~rc.070818/debian/rules gnash-0.8.1~rc.070818/debian/rules
--- gnash-0.8.1~rc.070818/debian/rules
+++ gnash-0.8.1~rc.070818/debian/rules
@@ -163,7 +163,7 @@
dh_fixperms
#dh_makeshlibs
dh_installdeb
- dh_shlibdeps
+ dh_shlibdeps -l$(CURDIR)/debian/gnash-common/usr/lib/gnash
dh_gencontrol
dh_md5sums
dh_builddeb
only in patch2:
unchanged:
--- gnash-0.8.1~rc.070818.orig/debian/shlibs.local
+++ gnash-0.8.1~rc.070818/debian/shlibs.local
@@ -0,0 +1,5 @@
+libgnashserver 0.8.1 gnash-common (= ${binary:Version})
+libgnashgeo 0.8.1 gnash-common (= ${binary:Version})
+libgnashamf 0.8.1 gnash-common (= ${binary:Version})
+libgnashbase 0.8.1 gnash-common (= ${binary:Version})
+libgnashbackend 0.8.1 gnash-common (= ${binary:Version})
signature.asc
Description: Digital signature
