Help with a debdiff for tigervnc
Andrew C Aitchison
andrew at aitchison.me.uk
Sun Jan 21 18:05:48 UTC 2024
On Sun, 21 Jan 2024, Aaron Rainbolt wrote:
> On 1/21/24 05:41, Andrew C Aitchison wrote:
>>
>> Debian have fixed a security bug in tigervnc which is in universe,
>> so someone needs to generate a debdiff for the security team to
>> review it and publish the package:
>> https://bugs.launchpad.net/ubuntu/+source/tigervnc/+bug/2048442
>>
>> Debian have fixed this by building tigervnc 1.13.1 with xorg-server-source
>>> = 2:21.1.10, but Ubuntu 23.10 has tigervnc 1.12.0+dfsg-8 and
>>> xorg-server-source
>> 2:21.1.7-3ubuntu2.6
>>
>> On a good day I can build a .deb from source, but I am not familiar with
>> debdiffs and it is not clear to me that changing the upstream version
>> (either for mantic or noble) is a casual thing to do.
>>
>> What is the next step to get this fix published ?
>
> If all that's necessary is to rebuild tigervnc against a properly patched
> xorg-xserver-source, this shouldn't be too tricky. The versions of
> xorg-xserver with the patch fixed can be seen at
> https://ubuntu.com/security/notices/USN-5986-1. All that would then be
> necessary is to bump the dependency to require a version of
> xorg-xserver-source greater than or equal to the corresponding version in
> each stable release, and bump the dependency to require the newest available
> version of xorg-server-source or greater in the development release.
>
> The tricky part here is following the whole Stable Release Updates process
> (https://wiki.ubuntu.com/StableReleaseUpdates), which takes at least a week
> (probably more like a week and a couple of days) and requires lot of effort
> and testing to make work. If you're interested in helping to fix this
> hands-on, I'd be happy to assist, but stable release updates are one of the
> harder parts of Ubuntu development. If you'd prefer, I'd also be happy to
> just take this bug and work on getting it fixed.
Could you take it please ? I don't have any Ubuntu developer rights.
What is the best way to watch or see what you have done ?
Thanks,
--
Andrew C. Aitchison Kendal, UK
andrew at aitchison.me.uk
More information about the Ubuntu-devel-discuss
mailing list