[Bug 1249847] Re: Sync libimobiledevice 1.1.5-2 (main) from Debian unstable (main)
Daniel Holbach
daniel.holbach at ubuntu.com
Tue Nov 12 05:18:44 UTC 2013
This bug was fixed in the package libimobiledevice - 1.1.5-2
Sponsored for Artur Rona (ari-tczew)
---------------
libimobiledevice (1.1.5-2) unstable; urgency=low
* [0052e46] Drop hal fdi file.
That stuff doesn't work anymore. (Closes: #728151)
-- Chow Loong Jin <hyperair at debian.org> Wed, 30 Oct 2013 01:42:21
+0800
libimobiledevice (1.1.5-1) experimental; urgency=low
* Team upload.
* Ack NMU from Andreas Metzler
* [1282e33] Imported Upstream version 1.1.5 (Closes: #709369):
- Adapt to libusbmuxd API changes (Closes: #682275)
* [27231df] Refresh or drop patches
- 00git_ios5_support.patch: Drop, applied upstream
- 01-libs.private.patch: Refresh
- 02-add-missing-linking.patch: Drop, applied upstream
- 03_ac_pkg_swig_m4_fixed.patch: Drop, no longer relevant
- 04_libplist_DSO_linking.patch: Drop, applied upstream
- 05_remove_gcry_need.patch: Drop, no longer relevant
* [0f497a0] Drop --host and --build arguments from configure.
This is already applied by dh_auto_configure automatically.
* [a370ab0] Reindent build-depends and drop trailing whitespace
* [a3fffe5] Bump dh compat to 9 for buildflags
* [40725ee] Enable multi-arch
* [65d74c4] Move dh --with parameter after $@
* [596a2b7] Update command for removing *.la for multiarch path
* [979998b] Update .manpages file for new utilities
* [3c37d78] Don't ship embedded jquery.js
-- Chow Loong Jin <hyperair at debian.org> Mon, 28 Oct 2013 23:01:08
+0800
libimobiledevice (1.1.5-0.2) experimental; urgency=low
* Non-maintainer upload.
* libimobiledevice4-dbg replaces/conflicts libimobiledevice2-dbg.
Closes: #726752
-- Andreas Metzler <ametzler at debian.org> Sat, 19 Oct 2013 14:42:15
+0200
libimobiledevice (1.1.5-0.1) experimental; urgency=low
* Non-maintainer upload.
* Sync from Ubuntu.
+ New upstream version. Closes: #709369
+ Includes fix for CVE-2013-2142: insecure /tmp usage. Closes: #710885
+ Compatible with newer libusbmuxd. Closes: #682275
+ New upstream version does not use gnutls_*_set_priority functions
anymore. Closes: #624066
+ Package builds. Closes: #713689
+ Does not depend on libusbmuxd1. Closes: #725637
* configure with --disable-silent-rules
* Delete ubuntu-revision on symbol string_concat at Base in
debian/libimobiledevice4.symbols.
* Update authors and download location in debian/copyright.
-- Andreas Metzler <ametzler at debian.org> Sat, 12 Oct 2013 18:49:30
+0200
libimobiledevice (1.1.5-0ubuntu2) saucy; urgency=low
* SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
- debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
of using /tmp in src/userpref.c. Added string_concat() function in
src/Makefile.am, src/utils.c, src/utils.h.
- added new symbol to debian/libimobiledevice4.symbols.
- CVE-2013-2142
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 14 Aug 2013
12:43:31 -0400
libimobiledevice (1.1.5-0ubuntu1) saucy; urgency=low
* New upstream release. (LP: #1207038)
- soname was bumped
* debian/control:
- Bump minimum cython dependency
- Don't have the -doc package depend on the library
* Dropped patches applied in new version:
- 06_cython_detection.patch
- 07_cython_0.16_check.patch
- 08_cython_0.16_fix.patch
- git_handle_unset_environment.patch
- git_utf8_devices_names.patch
* debian/patches/link_against_pthread.patch:
- Fix underlinking against pthread
* debian/patches/git_explicitly_cast_ssl_enabled.patch:
- Backport patch to fix build failure due to implicit conversion
-- Jeremy Bicha <jbicha at ubuntu.com> Wed, 31 Jul 2013 15:34:39 -0400
** Changed in: libimobiledevice (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2142
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1249847
Title:
Sync libimobiledevice 1.1.5-2 (main) from Debian unstable (main)
Status in “libimobiledevice” package in Ubuntu:
Fix Released
Bug description:
Please sync libimobiledevice 1.1.5-2 (main) from Debian unstable
(main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
- debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
of using /tmp in src/userpref.c. Added string_concat() function in
src/Makefile.am, src/utils.c, src/utils.h.
- added new symbol to debian/libimobiledevice4.symbols.
- CVE-2013-2142
* SECURITY UPDATE: insecure /tmp usage (LP: #1164263)
- debian/patches/CVE-2013-2142.patch: fall back to getpwuid_r instead
of using /tmp in src/userpref.c. Added string_concat() function in
src/Makefile.am, src/utils.c, src/utils.h.
- added new symbol to debian/libimobiledevice4.symbols.
- CVE-2013-2142
* New upstream release. (LP: #1207038)
- soname was bumped
* debian/control:
- Bump minimum cython dependency
- Don't have the -doc package depend on the library
* Dropped patches applied in new version:
- 06_cython_detection.patch
- 07_cython_0.16_check.patch
- 08_cython_0.16_fix.patch
- git_handle_unset_environment.patch
- git_utf8_devices_names.patch
* debian/patches/link_against_pthread.patch:
- Fix underlinking against pthread
* debian/patches/git_explicitly_cast_ssl_enabled.patch:
- Backport patch to fix build failure due to implicit conversion
* Added missing gcrypt lib to link, fixing FTBFS.
* Updated d/libimobiledevice3.symbols.
* Added missing gcrypt lib to link, fixing FTBFS.
* Updated d/libimobiledevice3.symbols.
* 08_cython_0.16_fix.patch: Follow-up cython fix from Michael Bienia:
- Mark BaseError as not inline in the .pxd file too, to match the
definition from the .pyx file and fix the FTBFS with cython 0.17.
* 09_use_python_config.patch: Use python-config to find the python
include paths, and fix the build failure with multi-arched python.
* debian/patches/git_handle_unset_environment.patch:
- don't segfault when the environment variable are unset (lp: #1034067)
* debian/patches/git_handle_unset_environment.patch:
- don't segfault when the environment variable are unset (lp: #1034067)
* debian/rules: use --disable-openssl, we use gnutls
* Upload Debian version (which is waiting for sponsoring) to quantal
[ Julien Lavergne ]
* New upstream release.
* debian/patches:
- 00git_ios5_support.patch: Merged upstream.
- 06_git_ios5_handle_error.patch: Merged upstream.
- 01-libs.private.patch: Refreshed.
- 02-add-missing-linking.patch & 03_ac_pkg_swig_m4_fixed.patch:
Removed, not necessary since swig is not used now.
- 04_libplist_DSO_linking.patch: Merged upstream.
- 05_remove_gcry_need.patch: Refreshed.
- 06_cython_detection.patch: From upstream, correctly check cython version.
- 07_cython_0.16_check.patch: From upstream, fix building with cython 0.16.
* debian/control, debian/rules, debian/libimobiledevice3.*
- Bump soname.
* debian/control:
- Build depends on libusbmuxd-dev (>= 1.0.8).
- Replace build depends on swig by cython.
- Build-depends on libplist-dev (>= 1.8-2~) for cython support.
* debian/libimobiledevice3.install:
- Drop hal file, it's deprecated.
* debian/libimobiledevice3.symbols:
- Update.
* debian/python-plist.install:
- Update files installed by cython.
* debian/rules:
- Update location of .a and .la files.
* debian/patch/07_git_libusbmuxd_api.patch:
- Fix FTBFS by adapting to libusbmuxd API changes.
Debian has merged Ubuntu changes (see debian/changelog).
Changelog entries since current trusty version 1.1.5-0ubuntu2:
libimobiledevice (1.1.5-2) unstable; urgency=low
* [0052e46] Drop hal fdi file.
That stuff doesn't work anymore. (Closes: #728151)
-- Chow Loong Jin <hyperair at debian.org> Wed, 30 Oct 2013 01:42:21
+0800
libimobiledevice (1.1.5-1) experimental; urgency=low
* Team upload.
* Ack NMU from Andreas Metzler
* [1282e33] Imported Upstream version 1.1.5 (Closes: #709369):
- Adapt to libusbmuxd API changes (Closes: #682275)
* [27231df] Refresh or drop patches
- 00git_ios5_support.patch: Drop, applied upstream
- 01-libs.private.patch: Refresh
- 02-add-missing-linking.patch: Drop, applied upstream
- 03_ac_pkg_swig_m4_fixed.patch: Drop, no longer relevant
- 04_libplist_DSO_linking.patch: Drop, applied upstream
- 05_remove_gcry_need.patch: Drop, no longer relevant
* [0f497a0] Drop --host and --build arguments from configure.
This is already applied by dh_auto_configure automatically.
* [a370ab0] Reindent build-depends and drop trailing whitespace
* [a3fffe5] Bump dh compat to 9 for buildflags
* [40725ee] Enable multi-arch
* [65d74c4] Move dh --with parameter after $@
* [596a2b7] Update command for removing *.la for multiarch path
* [979998b] Update .manpages file for new utilities
* [3c37d78] Don't ship embedded jquery.js
-- Chow Loong Jin <hyperair at debian.org> Mon, 28 Oct 2013 23:01:08
+0800
libimobiledevice (1.1.5-0.2) experimental; urgency=low
* Non-maintainer upload.
* libimobiledevice4-dbg replaces/conflicts libimobiledevice2-dbg.
Closes: #726752
-- Andreas Metzler <ametzler at debian.org> Sat, 19 Oct 2013 14:42:15
+0200
libimobiledevice (1.1.5-0.1) experimental; urgency=low
* Non-maintainer upload.
* Sync from Ubuntu.
+ New upstream version. Closes: #709369
+ Includes fix for CVE-2013-2142: insecure /tmp usage. Closes: #710885
+ Compatible with newer libusbmuxd. Closes: #682275
+ New upstream version does not use gnutls_*_set_priority functions
anymore. Closes: #624066
+ Package builds. Closes: #713689
+ Does not depend on libusbmuxd1. Closes: #725637
* configure with --disable-silent-rules
* Delete ubuntu-revision on symbol string_concat at Base in
debian/libimobiledevice4.symbols.
* Update authors and download location in debian/copyright.
-- Andreas Metzler <ametzler at debian.org> Sat, 12 Oct 2013 18:49:30
+0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimobiledevice/+bug/1249847/+subscriptions
More information about the Ubuntu-sponsors
mailing list