From ftpmaster at ftp-master.debian.org Fri Jul 1 16:32:10 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Fri, 01 Jul 2022 15:32:10 +0000 Subject: libsdl2_2.0.14+dfsg2-3+deb11u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 20 Jun 2022 22:05:21 +0100 Source: libsdl2 Architecture: source Version: 2.0.14+dfsg2-3+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2 (2.0.14+dfsg2-3+deb11u1) bullseye; urgency=medium . * d/gbp.conf: Set branch for Debian 11 updates * d/p/Always-create-a-full-256-entry-map-in-case-color-values-a.patch: Avoid out-of-bounds read while loading malformed BMP file. libsdl-org/SDL#5042 upstream, CVE-2021-33657. * d/p/Fixed-potential-buffer-overflow-in-YUV-conversion.patch: Avoid out-of-bounds read during YUV to RGB conversion. libsdl-org/SDL#5043 upstream, no known CVE ID. Checksums-Sha1: acee1de27069bd461c6ed0f1fce71a304c20aab4 3064 libsdl2_2.0.14+dfsg2-3+deb11u1.dsc 377f22f11990f9d09b309e443ef40d399279629e 30492 libsdl2_2.0.14+dfsg2-3+deb11u1.debian.tar.xz ce44233cf379b4e02228f7dff8ff50f0e4a33983 10835 libsdl2_2.0.14+dfsg2-3+deb11u1_source.buildinfo Checksums-Sha256: bb8f27b879dccc10dd9b13a4b03907d76063ed1a581a26805093e9ad524c37a6 3064 libsdl2_2.0.14+dfsg2-3+deb11u1.dsc 86d0a729705a95f834a9a13f62ef4c3bc06b8c22fd7c40c0a40889afcaba2003 30492 libsdl2_2.0.14+dfsg2-3+deb11u1.debian.tar.xz 8f4b813bc14d6f3d40c59554bb403c314ef0a9490cf3a01bd6e31ecfdcc1a9ee 10835 libsdl2_2.0.14+dfsg2-3+deb11u1_source.buildinfo Files: 78006d3dcc418c419b7290fda110929e 3064 libs optional libsdl2_2.0.14+dfsg2-3+deb11u1.dsc 515b653a89da7ace20f82e24086536ab 30492 libs optional libsdl2_2.0.14+dfsg2-3+deb11u1.debian.tar.xz 1acd4b6f330eb41e577b2d801d0525cd 10835 libs optional libsdl2_2.0.14+dfsg2-3+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmK8FwQACgkQ4FrhR4+B TE9svA//RGPiVannYhME3VTXsjXNGOOrrTdqVMoJR2a50JbEFGxcVrgGKIdY4+oD tQP0Ctx7IJldBWq8YwbORHpbAWkZmVzg8lLIwVcR6PbTpmnW+oLbrZPScE//yGlW CflWd9kngpIJ3zzkbQ1tfvnDKUnLn7vYCsEDL/YUS53Dp0BuS7bf1Zn9/qUx/xuS W6T4BOSf8s2JS40Uf30RgG2qTYhGeyGrK5q9ChAJPON/ueP1a7qGswKkC0y7w1HX 46QK23IAMFXnS6VLVqaNZwZea/3jTHcSB8GTxTiPBSEG3R0o2tY/iV+POZEnGjUk uqVRMNGMxrnNOaDGUyy15MRkErlBD2kQuUdGONsUxASjPJ2595pXxxgw/jYIxp/j XiAwux7tl/OombKbyWs1zoehSwdsctw0hKvgEB6H+cH3as2oWNxD0/3sBdlJEnuF PYfszoq8S8VbWkRRk1EWu6yf6XlsjzKBdF4fq365CqWIhpEpvFJCMPs9gqr0DJuY zORX/pISxWoTr2oR+hivcRNPPXNADLiuhrkS5SxSOhuTv21+srR89LustMFtlp8t 8ozst8TSNUO5MUXKosx7ME4z6M091YmZ0K4fUdXgNe0MF7Vz/NcAmO6jBm8hx4z3 ThACI/P7mZNc1cEqca+vy2VLM8bEz3A+rgq+VaAul6yMyHJpbiE= =Fggu -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From jmm at inutil.org Fri Jul 8 08:17:59 2022 From: jmm at inutil.org (Moritz =?UTF-8?Q?M=C3=BChlenhoff?=) Date: Fri, 8 Jul 2022 09:17:59 +0200 Subject: Bug#1014577: libsdl1.2: CVE-2021-33657 Message-ID: Source: libsdl1.2 X-Debbugs-CC: team at security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libsdl1.2. CVE-2021-33657[0]: | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple | DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious | .BMP file, an attacker can cause the application using this library to | crash, denial of service or Code execution. This fixed in SDL2 in https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33657 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33657 Please adjust the affected versions in the BTS as needed. From owner at bugs.debian.org Fri Jul 8 19:42:11 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Fri, 08 Jul 2022 18:42:11 +0000 Subject: Processed: tagging 1014527, tagging 1014529, tagging 1014528, tagging 1014531, tagging 1014530, tagging 1014533 ... References: <1657305575-142-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > tags 1014527 + upstream Bug #1014527 [src:libsixel] libsixel: CVE-2022-29978 Added tag(s) upstream. > tags 1014529 + upstream Bug #1014529 [src:u-boot] u-boot: CVE-2022-34835 Added tag(s) upstream. > tags 1014528 + upstream Bug #1014528 [src:u-boot] u-boot: CVE-2022-33103 Added tag(s) upstream. > tags 1014531 + upstream Bug #1014531 [src:libstb] libstb: CVE-2022-28041 CVE-2022-28042 Added tag(s) upstream. > tags 1014530 + upstream Bug #1014530 [src:libstb] libstb: CVE-2021-28021 Added tag(s) upstream. > tags 1014533 + upstream Bug #1014533 {Done: Ond?ej Sur? } [src:php8.1] php8.1: CVE-2022-31625 CVE-2022-31626 Added tag(s) upstream. > tags 1014532 + upstream Bug #1014532 [src:libstb] libstb: CVE-2021-42715 CVE-2021-42716 Added tag(s) upstream. > tags 1014534 + upstream Bug #1014534 [src:dlt-daemon] dlt-daemon: CVE-2022-31291 Added tag(s) upstream. > tags 1014538 + upstream Bug #1014538 [src:fuse-exfat] fuse-exfat: CVE-2022-29973 Added tag(s) upstream. > tags 1014539 + upstream Bug #1014539 [src:squirrel3] squirrel3: CVE-2022-30292 Added tag(s) upstream. > tags 1014540 + upstream Bug #1014540 [src:node-mermaid] node-mermaid: CVE-2022-31108 Added tag(s) upstream. > tags 1014577 + upstream Bug #1014577 [src:libsdl1.2] libsdl1.2: CVE-2021-33657 Added tag(s) upstream. > tags 1014586 + upstream Bug #1014586 [src:giflib] giflib: CVE-2021-40633 Added tag(s) upstream. > tags 1014589 + upstream Bug #1014589 [src:qemu] qemu: CVE-2022-1050 Added tag(s) upstream. > tags 1014590 + upstream Bug #1014590 [src:qemu] qemu: CVE-2022-0216 Added tag(s) upstream. > tags 1014599 + upstream Bug #1014599 [src:svgpp] svgpp: CVE-2021-44960 Added tag(s) upstream. > tags 1014600 + upstream Bug #1014600 [src:gdk-pixbuf] gdk-pixbuf: CVE-2021-44648 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014527: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014527 1014528: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014528 1014529: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014529 1014530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014530 1014531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014531 1014532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014532 1014533: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014533 1014534: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014534 1014538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014538 1014539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014539 1014540: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014540 1014577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014577 1014586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014586 1014589: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014589 1014590: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014590 1014599: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014599 1014600: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014600 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From ftpmaster at ftp-master.debian.org Sat Jul 9 16:38:36 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:38:36 +0000 Subject: Processing of libsdl2-mixer_2.6.0+dfsg-1_source.changes Message-ID: libsdl2-mixer_2.6.0+dfsg-1_source.changes uploaded successfully to localhost along with the files: libsdl2-mixer_2.6.0+dfsg-1.dsc libsdl2-mixer_2.6.0+dfsg.orig.tar.xz libsdl2-mixer_2.6.0+dfsg-1.debian.tar.xz libsdl2-mixer_2.6.0+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Sat Jul 9 16:38:36 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:38:36 +0000 Subject: Processing of libsdl2-ttf_2.20.0+dfsg-1_source.changes Message-ID: libsdl2-ttf_2.20.0+dfsg-1_source.changes uploaded successfully to localhost along with the files: libsdl2-ttf_2.20.0+dfsg-1.dsc libsdl2-ttf_2.20.0+dfsg.orig.tar.xz libsdl2-ttf_2.20.0+dfsg-1.debian.tar.xz libsdl2-ttf_2.20.0+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Sat Jul 9 16:38:36 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:38:36 +0000 Subject: Processing of libsdl2-image_2.6.0+dfsg-1_source.changes Message-ID: libsdl2-image_2.6.0+dfsg-1_source.changes uploaded successfully to localhost along with the files: libsdl2-image_2.6.0+dfsg-1.dsc libsdl2-image_2.6.0+dfsg.orig.tar.xz libsdl2-image_2.6.0+dfsg-1.debian.tar.xz libsdl2-image_2.6.0+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Sat Jul 9 16:49:04 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:49:04 +0000 Subject: libsdl2-image_2.6.0+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 Jul 2022 14:55:05 +0100 Source: libsdl2-image Architecture: source Version: 2.6.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2-image (2.6.0+dfsg-1) unstable; urgency=medium . * New upstream release * d/libsdl2-image-2.0-0.symbols: Use stable release for new symbols. We don't need to keep track of which specific prerelease introduced each symbol, now that we have a new stable release. * d/watch: Only look for stable releases * d/rules: Enable full compiler hardening * Switch branch for upload to unstable . libsdl2-image (2.5.2+dfsg-1) experimental; urgency=medium . * New upstream prerelease * d/watch: Don't download Windows binaries, etc. * d/watch: Download prereleases for experimental * Add myself to Uploaders * Drop all patches, included in the new release * d/libsdl2-image-dev.install: Install the new CMake metadata * d/tests: Exercise a CMake build . libsdl2-image (2.5.1+dfsg-2) experimental; urgency=medium . * Team upload * Standards-Version: 4.6.1 (no changes required) * d/patches: Add nanosvg fixes from upstream git * d/rules, d/tests/installed-tests: Assert that we support all the expected formats (everything supported upstream except AVIF and JXL) . libsdl2-image (2.5.1+dfsg-1+newqueue) experimental; urgency=medium . * Team upload * Move automated test into a new libsdl2-image-tests package. This means it can be moved back to the paths canonically used by installed-tests without breaking multiarch co-installability, and ginsttest-runner does not need to be told to search a non-default directory. * Install showanim and showimage sample programs as manual tests. Their names are too namespace-polluting to be on $PATH, so put them in /usr/libexec/installed-tests/SDL2_image alongside the automated tests. . libsdl2-image (2.5.1+dfsg-1) experimental; urgency=medium . * Team upload * New upstream prerelease - Fix loading PCX files that need alignment between rows * Revert addition of libsdl2-image-tests to avoid getting stuck in NEW * d/watch: Download releases from Github * d/copyright: Remove exclusion patterns that are no longer needed * d/watch: Don't download prereleases by default . libsdl2-image (2.5.0~git20220525+g2b8e888+dfsg-2) experimental; urgency=medium . * Team upload * Move automated test into a new libsdl2-image-tests package. This means it can be moved back to the paths canonically used by installed-tests without breaking multiarch co-installability, and ginsttest-runner does not need to be told to search a non-default directory. * Install showanim and showimage sample programs as manual tests. Their names are too namespace-polluting to be on $PATH, so put them in /usr/libexec/installed-tests/SDL2_image alongside the automated tests. . libsdl2-image (2.5.0~git20220525+g2b8e888+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot - Fix test failure on s390x and other big-endian architectures * Bump required libsdl2-dev to 2.0.9 * d/.gitignore: Add * d/copyright: Update . libsdl2-image (2.5.0~git20220524+g7eb9ae3+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot * d/copyright: Update * Build and install tests * Run installed tests using autopkgtest * Move installed-tests to libsdl2-image-dev for now. Adding libsdl2-image-tests will require passing the NEW queue. . libsdl2-image (2.5.0~git20220517.gcec4127+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot * Update symbols file . libsdl2-image (2.5.0~git20220516.g99e0e81+dfsg-1-1) experimental; urgency=medium . * Team upload * New upstream git snapshot * d/gbp.conf, d/copyright: Stop removing IMG_UIImage.m. It was deleted upstream. . libsdl2-image (2.5.0~git20220512.g686ad26+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot - d/copyright: Update - d/rules: Update dependency options - Update symbols * Disable AVIF support for now . libsdl2-image (2.5.0~git20220508.g406fd40+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot - Update symbols file with new ABI from development branch * Disable JPEG XL support for now. libjxl is only available in experimental and doesn't look as though it's necessarily fully API-stable. . libsdl2-image (2.0.6~20220415.g915b794+dfsg-1) experimental; urgency=medium . * Team upload * New upstream snapshot . libsdl2-image (2.0.6~20220301.g3c8c09d3+dfsg-1) experimental; urgency=medium . * Team upload * New upstream snapshot * Add -dev dependencies that are listed in the .pc file . libsdl2-image (2.0.6~20220107.g656ef58+dfsg-1) experimental; urgency=medium . * Team upload * New upstream snapshot * d/copyright: Update * d/libsdl2-image-2.0-0.symbols: Add QOI decoder * d/libsdl2-image-2.0-0.symbols: Ignore removal of IMG_InitJPG, etc. These were never intended to be public, and are not in the header file. Upstream commit f0b3945 changed their visibility to hidden. . libsdl2-image (2.0.6~20211214.g704e516+dfsg-1) experimental; urgency=medium . * Team upload * Branch for experimental * New upstream snapshot - Drop patches, applied upstream - d/copyright: Update. The LGPL parts of IMG_png.c have been relicensed by their author. - d/libsdl2-image-2.0-0.symbols: Ignore removal of private nsvg symbols. This is deliberate, as per upstream commit 31ce11c5. * d/copyright, d/gbp.conf: Filter more generated/vendored files. If we're repacking the tarball *anyway*, we might as well exclude these too. They'll be restored by dh_autoreconf. Checksums-Sha1: d864edd23555b35f50d3f7e24fe117d504a37d72 2611 libsdl2-image_2.6.0+dfsg-1.dsc 4c4d44ee61c24b3ef4300062b97ab3504523b203 240080 libsdl2-image_2.6.0+dfsg.orig.tar.xz 82051966bd50bff54d21a95bb58919033db29cc7 10296 libsdl2-image_2.6.0+dfsg-1.debian.tar.xz 8275d6a3337ccba9303b96c2ccfdc0e41916c8b1 10819 libsdl2-image_2.6.0+dfsg-1_source.buildinfo Checksums-Sha256: d4941ac9007201951e3db81c993430825314a4a5c1044d7e8c1578ab5e79fcaa 2611 libsdl2-image_2.6.0+dfsg-1.dsc 9e534865a9aa20214fdeae96f3c7d07e34cb8cb7c5ef43a2a994465eeabf6030 240080 libsdl2-image_2.6.0+dfsg.orig.tar.xz 0a2905fc4f95e1e96411afdf2ef55b712e3c506230596a89e2f65669065db9ed 10296 libsdl2-image_2.6.0+dfsg-1.debian.tar.xz b4a1635468a8aa9c3d0ac2aac20d772b0b2e16fa6d382d33a5ba809a7d373d6a 10819 libsdl2-image_2.6.0+dfsg-1_source.buildinfo Files: bc6a2fe6eb8d16644a86f5dafb64c41c 2611 libs optional libsdl2-image_2.6.0+dfsg-1.dsc f9e3723ac950f9439116194e02d5f322 240080 libs optional libsdl2-image_2.6.0+dfsg.orig.tar.xz 129754ec74133c11afae3f6e1f930376 10296 libs optional libsdl2-image_2.6.0+dfsg-1.debian.tar.xz cff1f4fc895244906782878d60deebf7 10819 libs optional libsdl2-image_2.6.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLJoLsACgkQ4FrhR4+B TE8XuA/+Oeq2bExQ2+QI1dsncGa0mN/oxIvKnmXHzXpjpNqlygknipTMusbUowYl AysbgmG8u2s2HTxedsqE5aTCQuWq4nYrkoJ3Iv5WmXRCekg9IfzakS06v12EiJqW 2TeWe+ZCQ535TjghOkY1XcEqCm/P7w9cTkzIWxiHzr5YR4C7iro/mDOKwg8JVMY7 B8dbqQ77Dg8IOC1sxXVG299DJglM6qUaOmvzLCnyi9/C5wH6RBzfhqOfWNclZyyP wRBce8TvSjjxpaqQNjAmqmwmWz1mghJdpL3NmDzkyoV8VVd6Mrs6dSmn0eAk+IAd wJeRHSmUzAAMANhX2mNN4r7LEAg+ybBD2m7LaYcg3gsx0O6FXaCbtcQEpQzvLXGf Rc5s+7GY1j9iyYsuc4wHSadY4g9g830to3r6fp2hrdcLW2GSHpIvaymb/l9yOxTy WYJpxBlcAyHfpI32Cc1TePSWsvAf49bogY2M3Glm+ctqGn0oNlK1SKqGOheABsT7 K1DdbvJSxn91uKfuZGfc/FG7siGqea1QO9FVVg9eoN0DYrEmOh7vHKNsXU1o0g/E /+bhGZdG1wido83e7u6FP+dEsOKuBm7DOUBia9r69He6CM5Lz49u8K8YRnXaK7T7 hd0WNLwd5K5o6lT4kbM8W89r3JE5TNBgfIKJC4OEoO5+1gY+Dec= =SbV7 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Sat Jul 9 16:49:12 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:49:12 +0000 Subject: libsdl2-mixer_2.6.0+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 Jul 2022 14:55:01 +0100 Source: libsdl2-mixer Architecture: source Version: 2.6.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2-mixer (2.6.0+dfsg-1) unstable; urgency=medium . * New upstream release * d/libsdl2-mixer-2.0-0.symbols: Update * d/libsdl2-mixer-2.0-0.symbols: Use stable release for new symbols. We don't need to keep track of which specific prerelease introduced each symbol now that there's a stable release. * d/watch: Only look for stable releases * d/rules: Enable full compiler hardening * Switch branch for upload to unstable . libsdl2-mixer (2.5.2+dfsg-1) experimental; urgency=medium . * New upstream prerelease * d/watch: Don't download Windows binaries, etc. * d/watch: Accept prereleases for experimental branch * Add myself to Uploaders * Drop all patches, included in the new upstream prerelease * d/libsdl2-mixer-dev.install: Install the new CMake metadata * d/tests: Exercise a CMake build . libsdl2-mixer (2.5.1+dfsg-2) experimental; urgency=medium . * d/patches: Add post-release-candidate fixes from upstream * Standards-Version: 4.6.1 (no changes required) * d/.gitignore: Add . libsdl2-mixer (2.5.1+dfsg-1) experimental; urgency=medium . * Team upload * New upstream prerelease * d/watch: Download new releases from Github * d/watch: Don't download prereleases by default * d/copyright: Remove exclusion patterns that are no longer needed . libsdl2-mixer (2.5.0~git20220523+g8805ff3+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot * d/copyright: Update * d/rules: Update configure options * d/libsdl2-mixer-2.0-0.symbols: Update . libsdl2-mixer (2.5.0~git20220512.g4366e74+dfsg-1-1) experimental; urgency=medium . * Team upload * New upstream git snapshot . libsdl2-mixer (2.5.0~git20220509.g5c43733+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot . libsdl2-mixer (2.0.5~20220126.g6845d9f+dfsg-1) experimental; urgency=medium . * Team upload * New upstream snapshot * Add -dev dependencies mentioned in .pc file . libsdl2-mixer (2.0.5~20220103.g3f5a050+dfsg-1) experimental; urgency=medium . * Team upload * New upstream snapshot * d/copyright: Update * d/rules: Don't explicitly specify SHLIBVER. Specifying a version for dh_makeshlibs, and remembering to increment it every time new ABI is added, is error-prone. In debhelper compat level 12 and up, the default is to generate a conservative dependency using dh_makeshlibs -VUpstream-Version. The symbols file (which is more precise) also takes precedence over the shlibs version. . libsdl2-mixer (2.0.5~20211214.gffd0589+dfsg-1) experimental; urgency=medium . * Team upload * Branch for experimental * New upstream snapshot - Drop patches, applied upstream - d/copyright: Update * Add a .symbols file * d/copyright, d/gbp.conf: Filter more generated/vendored files. If we're repacking the tarball *anyway*, we might as well exclude these too. They'll be restored by dh_autoreconf. * Escape CPPFLAGS properly, so -fvisibility=hidden gets enabled. We had the wrong number of layers of escaping here, resulting in a compiler warning which indirectly disabled detection of -fvisibility=hidden. * Bump debhelper compat level from 12 to 13 + debian/rules: Drop --fail-missing argument to dh_missing, which is now the default. * Re-export upstream signing key without extra signatures. * Drop transition for old debug package migration. The legacy -dbg package was replaced by -dbgsym in Debian 10, and we don't support skipping a release when upgrading. * Standards-Version: 4.6.0 (no changes required) Checksums-Sha1: 2325478092f49c35b64102e3bbc9d3c71b69e778 2593 libsdl2-mixer_2.6.0+dfsg-1.dsc ba4333ff811ec8f0ab6c3122317c6487b9ae7b8c 286840 libsdl2-mixer_2.6.0+dfsg.orig.tar.xz 61aa9a0ef3e75fe545f1fbf4b52d2700990c56fe 10636 libsdl2-mixer_2.6.0+dfsg-1.debian.tar.xz 0ff075440edc2f95b7a516017b8fedbb01672110 11030 libsdl2-mixer_2.6.0+dfsg-1_source.buildinfo Checksums-Sha256: 33d178ec14848dea72235c5de102a56570c5b66e4c4792e76b55c2e5e1e59763 2593 libsdl2-mixer_2.6.0+dfsg-1.dsc 2464c84ffb47a46e5fdf91686bf915b9d20407c5621f94ceaf5ca5510203e2e1 286840 libsdl2-mixer_2.6.0+dfsg.orig.tar.xz c69230afd9be0c9a4f9e84dae37348137e37a585c6b74201cb3d6b0256b0ece4 10636 libsdl2-mixer_2.6.0+dfsg-1.debian.tar.xz 26ea3b74ae8830192bd0adde78bb98519b627ddeadd81f0927a580e593f21efc 11030 libsdl2-mixer_2.6.0+dfsg-1_source.buildinfo Files: 792747dc276e3430b4e55a0e1a678bd7 2593 libs optional libsdl2-mixer_2.6.0+dfsg-1.dsc 9bee19845485ebfe3328b6a148eba53b 286840 libs optional libsdl2-mixer_2.6.0+dfsg.orig.tar.xz 1d635896461ff773f08dd6a128e5e325 10636 libs optional libsdl2-mixer_2.6.0+dfsg-1.debian.tar.xz 2f4bb265e7174243268799aa30f2830a 11030 libs optional libsdl2-mixer_2.6.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLJoJ4ACgkQ4FrhR4+B TE/j5hAAoaetfbfOJdI5csi9YnnsZGa1lvJ92CT67t6RwH1C8nTzAJr77mn2ewWV VyEbYerR+ROZF9f8vRed7vNTYUow58dGIUOMoS2rZqa6Lhsi+TK1JkmuSZuURdVL mipUxrGx+fReu9BV99IFvGcec5TLBsjjUHfoTrBrXfqcV4s5uCI0s5jqViSRG15Q rL8InX7iVyhrMJlkk7b0p81ffVTiSAgj9oJMD03I9CUdcca3Wj2sdmxDPDOZ0IFK T9Zb+s4Vg64xjwP9l739aRJY9EngHFA+tABosjIVgQnDPA2Pd4xX4V2vlbji/6YT bhlBr5CmxgUw2Na586NjpouTHEfHQlIL6CjsUPBkA17UviHKghdEmNiIKEcME4jt 61IBkcUtBSLH7QWbUFYTr6JgUvXFzZKQSRb7ThjYMpL/jex3uh+mI4Q6giqC46vH mhLNGcRtF6Xun0sQsZpBQhJ/3Lxuxoqzv6LAR++P38KrthEbHiB7XByyTOf+vkJv 4JK5Mz+2Bh6UFqyBe0+ciuBeQNGg33dEZ3+BmSEUw618Uzy1vBz+OTwTh1Pkqpsi JnCH23RicjOMztmIldKj+hoGtGXTVuum91qaSiZQg4hvKRU7Sgn6+JPPK4wtym0k XQWFHzg2Ep+ShoH9ui2+w1htJZRuVkpnp01Ph8IuVHIr/LfjBiQ= =dmXG -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From ftpmaster at ftp-master.debian.org Sat Jul 9 16:49:19 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Sat, 09 Jul 2022 15:49:19 +0000 Subject: libsdl2-ttf_2.20.0+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 09 Jul 2022 14:55:03 +0100 Source: libsdl2-ttf Architecture: source Version: 2.20.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2-ttf (2.20.0+dfsg-1) unstable; urgency=medium . * New upstream release * d/libsdl2-ttf-2.0-0.symbols: Use stable release for recent symbols. We don't need to keep track of which specific prerelease introduced each symbol now that they're in a stable release. * d/watch: Only look for stable releases * Standards-Version: 4.6.1 (no changes required) * d/rules: Enable full compiler hardening * Switch branch for upload to unstable . libsdl2-ttf (2.19.2+dfsg-1) experimental; urgency=medium . * New upstream prerelease * d/watch: Don't download Windows binaries, etc. * d/watch: Accept development prereleases for experimental branch * Add myself to Uploaders * Drop all patches, applied upstream * d/libsdl2-ttf-dev.install: Install the new CMake metadata * d/tests: Exercise a CMake build . libsdl2-ttf (2.19.1+dfsg-2) experimental; urgency=medium . * Team upload * d/patches: Add post-release-candidate fixes from upstream. In particular this fixes an autopkgtest regression for src:pysdl2. * d/watch: Automatically add +dfsg suffix * d/.gitignore: Add . libsdl2-ttf (2.19.1+dfsg-1) experimental; urgency=medium . * Team upload * New upstream prerelease * d/watch: Download releases from Github * d/copyright: Remove exclusion patterns that are no longer needed * d/watch: Don't download prereleases (by default) . libsdl2-ttf (2.0.18+git20220512.g21ae4c6+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot * Update symbols file. Ignore removal of TTF_SetFontScript, which only existed in experimental. . libsdl2-ttf (2.0.18+git20220508.gaa0659b+dfsg-1) experimental; urgency=medium . * Team upload * New upstream git snapshot - Drop patches, applied upstream - Update symbols file with new ABI from development branch Checksums-Sha1: 2f5e86b058d593900ac6d81147362f8e39e1eb87 2449 libsdl2-ttf_2.20.0+dfsg-1.dsc 7dc97abd965cce48a1d906265abf2774f0622abb 64872 libsdl2-ttf_2.20.0+dfsg.orig.tar.xz 5157d53c1e06432b2486cbb4f04d6faf1b36b171 7864 libsdl2-ttf_2.20.0+dfsg-1.debian.tar.xz fb1ddf88be0b05df6f9d1875921826acc7197a49 10753 libsdl2-ttf_2.20.0+dfsg-1_source.buildinfo Checksums-Sha256: 8db03f1cf789d2da9084856399a4f34841469a3d92818beb1696e5e9111f8744 2449 libsdl2-ttf_2.20.0+dfsg-1.dsc ea287ef8561111cdf0e865c8658ce624427aed2083f15ea6c2fcf5408dd1105f 64872 libsdl2-ttf_2.20.0+dfsg.orig.tar.xz 738ebfb2961704d79aa6f66edc58fa7d247728776c6997f194196e29e38b9cd5 7864 libsdl2-ttf_2.20.0+dfsg-1.debian.tar.xz f0079b7ff3433df1768bf43038bd552d3df182b8835b49bf5521d453a689a826 10753 libsdl2-ttf_2.20.0+dfsg-1_source.buildinfo Files: 5ee25bf6f38d8d0ab72ca18f3dbf125d 2449 libs optional libsdl2-ttf_2.20.0+dfsg-1.dsc f623caa672b4050a679287a2237987f1 64872 libs optional libsdl2-ttf_2.20.0+dfsg.orig.tar.xz 72e9f6a190f20864db445465b3e48517 7864 libs optional libsdl2-ttf_2.20.0+dfsg-1.debian.tar.xz c857b6f9d02a30d3aeb189ecbedff160 10753 libs optional libsdl2-ttf_2.20.0+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLJoL4ACgkQ4FrhR4+B TE8tfg/+IsDL71NbZuagbwbPBIUyA84igVNJZzzB4aVAHAYO65Hp7cS6TRulfWpo zyzCDTrQ3mMgLA5wGWHVq7cr1mf367E0oUR+wL5Gk3J1YzCWcByhcOMEMrUJ850x ZHCISGAD7SkH188DO1F0pkT7kw01M1hMN7/Ao9iDCs78aOQ8lDbfg81iCwacFhSY 3UDa/w4sCnUuJTa90NTukK1xYZzokxndRr3mxf0egXiEl9SHjaeoiXoTf1oO9AW2 pvJjKxG45b0aupFD6pgMfZ4HHF+S+VbCsCD+JcKqAba+pzkAL6qIgryc1BFlaMJx eL4F/SjuV8DKkKRUBrMX68b8c2uR16qr4XELrfqGT0vC9c8iR45/tMCIIva7YoPm y70uJXLERUhMZrJw6QOXfksBEnV2IUUszEFsy3G4kdl15wKz7XzB3LQgyDt3YgUg RyyO4i3Ekyq5gqVV0Ohb8ESuTtj7RZr/DBzLfty4Xkp3LrU1INl/ehA4/azOCJEk tXZSAehY7Dym2rByweJ0VHadr87jLV2AgDTZzhEbbRHXqFcEACbIZS6JcdATw1In +ki7sQ4lqCKdXrNscTu6XC3cSs0Dxr04ZFOclWtYD+aV0tA2uL+i9JqwZKFOZ+Y3 pA0LkbWw6kfw1gMpkD/KCNOLNFyWlTxsrp2xiIO5SgQJZ8WEhCo= =Zhx1 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From owner at bugs.debian.org Mon Jul 11 09:45:05 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 08:45:05 +0000 Subject: Processed: libcaca-dev: please make it multi-arch co-installable References: Message-ID: Processing control commands: > block 932372 by -1 Bug #932372 [libsdl1.2-dev] libsdl1.2-dev is not multiarch-compatible? Bug #939666 [libsdl1.2-dev] include files conflict with i386 version: split dev packages 932372 was blocked by: 909740 932372 was not blocking any bugs. Added blocking bug(s) of 932372: 1014744 939666 was blocked by: 909740 939666 was not blocking any bugs. Added blocking bug(s) of 939666: 1014744 -- 1014744: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014744 932372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932372 939666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939666 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From smcv at debian.org Mon Jul 11 10:03:42 2022 From: smcv at debian.org (Simon McVittie) Date: Mon, 11 Jul 2022 10:03:42 +0100 Subject: Bug#932372: libsdl1.2-dev is not multiarch-compatible In-Reply-To: <156345895619.13363.8113692230035346604.reportbug@thinkpad998> References: <156345895619.13363.8113692230035346604.reportbug@thinkpad998> <156345895619.13363.8113692230035346604.reportbug@thinkpad998> Message-ID: Control: retitle -1 libsdl1.2-dev is not multiarch-compatible Control: tags -1 + confirmed On Thu, 18 Jul 2019 at 17:09:16 +0300, johan wrote: > I tried to install libsdl1.2-dev:i386 on a 64-bit system in order to compile > 32-bit versions of some software, but it would require removing these packages > > libcaca-dev libsdl-image1.2-dev libsdl-mixer1.2-dev libsdl-net1.2-dev libsdl- > sound1.2-dev libsdl1.2-dev > > and this is obviously not desirable. So unless I'm doing something wrong, > libsdl1.2-dev seems to be multiarch-incompatible. Correct. libsdl1.2-dev contains /usr/bin/sdl-config and /usr/include/SDL/SDL_config.h, which vary between architectures, preventing libsdl1.2-dev from being marked as Multi-Arch: same. It is possible to get round this with some tricks involving compiler defaults (and Debian's SDL maintainers have successfully done that for SDL 2), but it's fairly complicated to get right, particularly in situations where dependent packages make wrong assumptions about how various packages fit together (it took us several attempts to get this right in SDL 2), so the risk/result ratio for doing this in the legacy SDL 1.2 library is not very favourable. Even if we made libsdl1.2-dev Multi-Arch: same, it would still not be practically multi-arch co-installable until libcaca-dev is fixed (#1014744, which is considerably simpler to solve). Workaround: port dependent software from SDL 1.2 to SDL 2 (preferred), or use libsdl1.2-compat-dev, or use a container or chroot to compile 32-bit software. The long-term solution for this will be for Debian to switch from libsdl1.2-dev and libsdl1.2debian to libsdl1.2-compat-dev and libsdl1.2-compat-shim as its implementation of the legacy SDL 1.2 ABI, but I think we'll need at least one more upstream release of sdl12-compat before we can do that without causing regressions. smcv From owner at bugs.debian.org Mon Jul 11 10:06:04 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 09:06:04 +0000 Subject: Processed: Re: Bug#932372: libsdl1.2-dev is not multiarch-compatible References: <156345895619.13363.8113692230035346604.reportbug@thinkpad998> Message-ID: Processing control commands: > retitle -1 libsdl1.2-dev is not multiarch-compatible Bug #932372 [libsdl1.2-dev] libsdl1.2-dev is not multiarch-compatible? Bug #939666 [libsdl1.2-dev] include files conflict with i386 version: split dev packages Changed Bug title to 'libsdl1.2-dev is not multiarch-compatible' from 'libsdl1.2-dev is not multiarch-compatible?'. Changed Bug title to 'libsdl1.2-dev is not multiarch-compatible' from 'include files conflict with i386 version: split dev packages'. > tags -1 + confirmed Bug #932372 [libsdl1.2-dev] libsdl1.2-dev is not multiarch-compatible Bug #939666 [libsdl1.2-dev] libsdl1.2-dev is not multiarch-compatible Added tag(s) confirmed. Added tag(s) confirmed. -- 932372: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932372 939666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939666 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From ftpmaster at ftp-master.debian.org Mon Jul 11 10:50:24 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 11 Jul 2022 09:50:24 +0000 Subject: Processing of libsdl1.2_1.2.15+dfsg2-7_source.changes Message-ID: libsdl1.2_1.2.15+dfsg2-7_source.changes uploaded successfully to localhost along with the files: libsdl1.2_1.2.15+dfsg2-7.dsc libsdl1.2_1.2.15+dfsg2-7.debian.tar.xz libsdl1.2_1.2.15+dfsg2-7_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Mon Jul 11 11:04:11 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 11 Jul 2022 10:04:11 +0000 Subject: libsdl1.2_1.2.15+dfsg2-7_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 11 Jul 2022 10:09:56 +0100 Source: libsdl1.2 Architecture: source Version: 1.2.15+dfsg2-7 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Closes: 981204 1014577 Changes: libsdl1.2 (1.2.15+dfsg2-7) unstable; urgency=medium . * Team upload . [ Simon McVittie ] * Add a .symbols file. This will be useful when comparing the ABI of this legacy library with the ABI of its SDL2-based replacement, sdl12-compat. * Generate dependencies without error-prone hard-coding. We have had SDL 1.2.15 since at least Debian 9, so there is no benefit in generating dependencies older than that. Not hard-coding SHLIBVER avoids mistakes if a new symbol is added. * Finish migration from -dbg to -dbgsym packages. We no longer need this migration path, since the required version is in stable (and oldstable and oldoldstable) and we don't support skipping a release during upgrades. * Add a Lintian override for libSDLmain.a being intentionally empty * Add patch to make pkg-config check cross-compilation-friendly * Add patch to ensure 8-bit paletted images don't overflow the palette (Closes: #1014577, CVE-2021-33657) * Normalize order of lists of installed files (wrap-and-sort -abst) * Normalize dependency and maintainer lists (wrap-and-sort -ast) * d/control: Normalize order of binary packages (wrap-and-sort -abst) * Build-depend on libgl-dev instead of transitional libgl1-mesa-dev * Use recommended debhelper compat level 13 - No need for explicit dh_makeshlibs -V, it is now the default * d/rules: Explicitly delete unwanted .la files instead of ignoring them . [ Helmut Grohne ] * Drop unused Build-Depends: libxt-dev and libxv-dev (Closes: #981204) Checksums-Sha1: 0aa07ad4cc71bf9dd530e08e7407cbd0b9bcd710 2387 libsdl1.2_1.2.15+dfsg2-7.dsc d94a72b541e7ae89ff44e8c1cbbe2afddd59d8e8 53336 libsdl1.2_1.2.15+dfsg2-7.debian.tar.xz e94b9c7a2fa351ac96c4974fcb44ca90847b0af7 8662 libsdl1.2_1.2.15+dfsg2-7_source.buildinfo Checksums-Sha256: 4b4c31e1b8827fe31880b3c2ccbbf49075bc92ced76daac6d8b97cba39731ddb 2387 libsdl1.2_1.2.15+dfsg2-7.dsc 8a573865f3ac68a5c935b7750f7c935812170adde91c60999413e00ab3d757b7 53336 libsdl1.2_1.2.15+dfsg2-7.debian.tar.xz f444ed2d4f7a23bb966c62dcca816cc4de24d527593f0de23d4151db3b8bf225 8662 libsdl1.2_1.2.15+dfsg2-7_source.buildinfo Files: 8563c085a6d6faa2f5bc9af59dc3a8d0 2387 libs optional libsdl1.2_1.2.15+dfsg2-7.dsc 28593686692adaa36d6d95456312a003 53336 libs optional libsdl1.2_1.2.15+dfsg2-7.debian.tar.xz 73e09143dce24fb026d59c60dabaebf3 8662 libs optional libsdl1.2_1.2.15+dfsg2-7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLL8aUACgkQ4FrhR4+B TE/CWA/8DdIno9QqnlwkalS70uQp7AaCvweTbqFH8/OYnBN2k9i19wMd6mk+8Z4x ggFvCu7AFwwcTR3vbcsHsKslSybsClRPf8iwFLeUL5MKnNyCwyn9mrU054FkTlJl pg7oQuKSLS+POTJv5aVTdgcndImOcjSqjvmUDl8YTdQFRW7lzvNxAoByhw/ZbZvq iwxyqN1tuD1wJwS3iNJ7AOJzeLdZWvmhGDdKJr895iRP2Wvn4/P8H55sYA/Sofmp yagYfP21416cSLU8QUkCo+QTJ4ZxPzg4BT00Ibmc+wT6TdoXL8Sb2zp8d8pPz5xS /rZKSqypLvxhEIt730gzZ8tnNTUVwIY1FuTbaNfAGNiKtQmLbdQZ3kKJ1KYl9q+6 wXF8k56WnFXR5yi7KoE/q/KbQjaJDJpZxI8NsgSloxZj9X2psUz+YcF9dS7MDtP1 sj5iOB7pXTt68DnApU8Or9bXG7Ku4mxKV8Q0U8id41zxU0fLzVrPcf0rs5/c0BjV VtgP5q6sp0vNtvHaz8r7vSXJixJW1BPU6FzUb2tfYU2VwQQgba34F6wMZNafEiNn gvkNl8VWY3GlsOZWEGoj2Q/IuGTYZe7f32vh6rD3+ydzQYkk0db63/z/+PUK/EZU DSO75aGXpkFor7+wornAEcPNITrFrIoU6QqZT9Gxf2fnTe7hEjE= =z0yg -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From owner at bugs.debian.org Mon Jul 11 11:09:03 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 10:09:03 +0000 Subject: Bug#1014577: marked as done (libsdl1.2: CVE-2021-33657) References: Message-ID: Your message dated Mon, 11 Jul 2022 10:04:11 +0000 with message-id and subject line Bug#1014577: fixed in libsdl1.2 1.2.15+dfsg2-7 has caused the Debian Bug report #1014577, regarding libsdl1.2: CVE-2021-33657 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 1014577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014577 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= Subject: libsdl1.2: CVE-2021-33657 Date: Fri, 8 Jul 2022 09:17:59 +0200 Size: 2833 URL: -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters Subject: Bug#1014577: fixed in libsdl1.2 1.2.15+dfsg2-7 Date: Mon, 11 Jul 2022 10:04:11 +0000 Size: 7608 URL: From owner at bugs.debian.org Mon Jul 11 11:09:05 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 10:09:05 +0000 Subject: Bug#981204: marked as done (libsdl1.2: drop unused Build-Depends: libxt-dev, libxv-dev) References: Message-ID: Your message dated Mon, 11 Jul 2022 10:04:11 +0000 with message-id and subject line Bug#981204: fixed in libsdl1.2 1.2.15+dfsg2-7 has caused the Debian Bug report #981204, regarding libsdl1.2: drop unused Build-Depends: libxt-dev, libxv-dev to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 981204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981204 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Helmut Grohne Subject: libsdl1.2: drop unused Build-Depends: libxt-dev, libxv-dev Date: Wed, 27 Jan 2021 14:11:18 +0100 Size: 3360 URL: -------------- next part -------------- An embedded message was scrubbed... From: Debian FTP Masters Subject: Bug#981204: fixed in libsdl1.2 1.2.15+dfsg2-7 Date: Mon, 11 Jul 2022 10:04:11 +0000 Size: 7527 URL: From owner at bugs.debian.org Mon Jul 11 19:54:03 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 18:54:03 +0000 Subject: Processed: found 1014577 in 1.2.15+dfsg2-6 References: <1657565378-3999-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > found 1014577 1.2.15+dfsg2-6 Bug #1014577 {Done: Simon McVittie } [src:libsdl1.2] libsdl1.2: CVE-2021-33657 Marked as found in versions libsdl1.2/1.2.15+dfsg2-6. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014577 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From owner at bugs.debian.org Mon Jul 11 19:54:04 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Mon, 11 Jul 2022 18:54:04 +0000 Subject: Processed: found 1014577 in 1.2.15+dfsg2-4 References: <1657565387-4098-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > found 1014577 1.2.15+dfsg2-4 Bug #1014577 {Done: Simon McVittie } [src:libsdl1.2] libsdl1.2: CVE-2021-33657 Marked as found in versions libsdl1.2/1.2.15+dfsg2-4. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014577: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014577 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From ftpmaster at ftp-master.debian.org Tue Jul 12 12:43:10 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 12 Jul 2022 11:43:10 +0000 Subject: Processing of libsdl2-mixer_2.6.0+dfsg-2_source.changes Message-ID: libsdl2-mixer_2.6.0+dfsg-2_source.changes uploaded successfully to localhost along with the files: libsdl2-mixer_2.6.0+dfsg-2.dsc libsdl2-mixer_2.6.0+dfsg-2.debian.tar.xz libsdl2-mixer_2.6.0+dfsg-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Tue Jul 12 12:48:46 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Tue, 12 Jul 2022 11:48:46 +0000 Subject: libsdl2-mixer_2.6.0+dfsg-2_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Jul 2022 12:29:17 +0100 Source: libsdl2-mixer Architecture: source Version: 2.6.0+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2-mixer (2.6.0+dfsg-2) unstable; urgency=medium . * d/p/configure.ac-Make-sure-to-set-VERSION.patch: Add patch to ensure that Version is set in the .pc file. This resolves FTBFS in dependent packages like wesnoth-1.16. * d/tests: Verify that the pkg-config metadata has a suitable version number Checksums-Sha1: e4e49c1fd69e8aa3111415088af5f2d48eb84360 2593 libsdl2-mixer_2.6.0+dfsg-2.dsc 4f1202648e3600e87e594bc078969ef55473039e 11584 libsdl2-mixer_2.6.0+dfsg-2.debian.tar.xz 224525dfab6199a626881f53a5e88f9f02f0e77d 11030 libsdl2-mixer_2.6.0+dfsg-2_source.buildinfo Checksums-Sha256: 452d5a4db22a8824b1a5c937ca4c6532bf3bf3c922e058d7c9110900eb629a82 2593 libsdl2-mixer_2.6.0+dfsg-2.dsc c03a82556dd95be3d22b0f4c9544e095adcdddb6e9fb8c8000c4c792c83cc169 11584 libsdl2-mixer_2.6.0+dfsg-2.debian.tar.xz c0cce68b2dcbf85261448ef301ab6e55347095c0a8cea51d6917f68356291b1e 11030 libsdl2-mixer_2.6.0+dfsg-2_source.buildinfo Files: d6da20591edb32cd468e39042efefeda 2593 libs optional libsdl2-mixer_2.6.0+dfsg-2.dsc cb99f5dc1d3f0c1378400b5f2322f338 11584 libs optional libsdl2-mixer_2.6.0+dfsg-2.debian.tar.xz 6dcfde93f32ac699db69c61ac08014f2 11030 libs optional libsdl2-mixer_2.6.0+dfsg-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLNXUIACgkQ4FrhR4+B TE/dmBAAiy2AnkjKu4Zu5xrWsQdtfcHKRpwIh66MjBGeeszH6siGSffoY7PBhLBQ 89KilXVcIw68luXS2XmgETm6l9eKJl3B6/8EwX4txHLqP3zgnMQhh+31xqnIY9aT AO0RRR5tLwjdUNlBQakm+CL6muxHrFKsoD8ZTagSuiFbG/hDZMi4upajwec3bfnq iFlzjEwgUgBrqg5TDYBmCxAQItUnHYU327DhBkESaWiz4evK86mXBRm7qSGM18+0 nnmHHUPQiihcQLBNbIsyK4zxm3AGxW5DJCYbExdpMv6nSva9oXeeUbOVLQlQWyj5 1O9a5f20cxAXvYSA6zScQvB1c4NvMUxPFduMca3jr/JEBvoGfP69OKGeFvTWeu8T T8oRudrWaSpfmaIcMvz9lY/w2wVGMMl8CGzDaXbTks7hEdTVXJDNHh157skLcr9s +0h/gsrG/np5TrChkpi9NIW3uKsSnTFQ0993/R1/o521B5NgG/ziDcpdgbz6jtj3 7gcd6Mim4JHDZ1oLsgyPAckACOX7EPXVtF/AbVSUPRFcuJ/QisD4HRv3nR1hBalR XdPk0zBOkLX2VtvmtBd+Hl4TSNIhLq7+Gi15+aGYh08EObIQNcGCz7jzhA6T+x2j qPyv2Jv9BuerxsEwPCgm9H1TiJ8HTsUtgatAub/0rqJ7BMfPOa0= =FmtM -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From noreply at release.debian.org Fri Jul 15 05:39:08 2022 From: noreply at release.debian.org (Debian testing watch) Date: Fri, 15 Jul 2022 04:39:08 +0000 Subject: libsdl2-image 2.6.0+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the libsdl2-image source package in Debian's testing distribution has changed. Previous version: 2.0.5+dfsg1-3 Current version: 2.6.0+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Fri Jul 15 05:39:08 2022 From: noreply at release.debian.org (Debian testing watch) Date: Fri, 15 Jul 2022 04:39:08 +0000 Subject: libsdl2-ttf 2.20.0+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the libsdl2-ttf source package in Debian's testing distribution has changed. Previous version: 2.0.18+dfsg-3 Current version: 2.20.0+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sat Jul 16 05:39:09 2022 From: noreply at release.debian.org (Debian testing watch) Date: Sat, 16 Jul 2022 04:39:09 +0000 Subject: libsdl1.2 1.2.15+dfsg2-7 MIGRATED to testing Message-ID: FYI: The status of the libsdl1.2 source package in Debian's testing distribution has changed. Previous version: 1.2.15+dfsg2-6 Current version: 1.2.15+dfsg2-7 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From noreply at release.debian.org Sun Jul 17 05:39:14 2022 From: noreply at release.debian.org (Debian testing watch) Date: Sun, 17 Jul 2022 04:39:14 +0000 Subject: libsdl2-mixer 2.6.0+dfsg-2 MIGRATED to testing Message-ID: FYI: The status of the libsdl2-mixer source package in Debian's testing distribution has changed. Previous version: 2.0.4+dfsg1-4 Current version: 2.6.0+dfsg-2 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From ftpmaster at ftp-master.debian.org Mon Jul 18 15:18:29 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 18 Jul 2022 14:18:29 +0000 Subject: Processing of libsdl2-mixer_2.6.1+dfsg-1_source.changes Message-ID: libsdl2-mixer_2.6.1+dfsg-1_source.changes uploaded successfully to localhost along with the files: libsdl2-mixer_2.6.1+dfsg-1.dsc libsdl2-mixer_2.6.1+dfsg.orig.tar.xz libsdl2-mixer_2.6.1+dfsg-1.debian.tar.xz libsdl2-mixer_2.6.1+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) From ftpmaster at ftp-master.debian.org Mon Jul 18 15:49:52 2022 From: ftpmaster at ftp-master.debian.org (Debian FTP Masters) Date: Mon, 18 Jul 2022 14:49:52 +0000 Subject: libsdl2-mixer_2.6.1+dfsg-1_source.changes ACCEPTED into unstable Message-ID: Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jul 2022 14:25:38 +0100 Source: libsdl2-mixer Architecture: source Version: 2.6.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Simon McVittie Changes: libsdl2-mixer (2.6.1+dfsg-1) unstable; urgency=medium . * New upstream release, functionally equivalent to 2.6.0+dfsg-2 - d/p/configure.ac-Make-sure-to-set-VERSION.patch: Drop, applied upstream Checksums-Sha1: 8b6afce8534871fa2e29fecb294d2f522b7415fe 2593 libsdl2-mixer_2.6.1+dfsg-1.dsc 417eb7af14a492546ad5d67865f4254b3bcab4d1 287028 libsdl2-mixer_2.6.1+dfsg.orig.tar.xz 767e22b2a084294c46f47b4e6d9be40460fd54fc 11100 libsdl2-mixer_2.6.1+dfsg-1.debian.tar.xz d246aa5a163d76854c8149ca99df4593b6bf7750 11069 libsdl2-mixer_2.6.1+dfsg-1_source.buildinfo Checksums-Sha256: a9e275d2a3d2afb2fc4149b71d98c35ca22de30e08cfebf396c52d0eee91d5c9 2593 libsdl2-mixer_2.6.1+dfsg-1.dsc 6b3683caaac88c597e7528726188ee6a03bb4889c7445e0a517b38a13f69f0a2 287028 libsdl2-mixer_2.6.1+dfsg.orig.tar.xz 9254ab2afe09e607da2f031683fcbe9c811837f30eb8103b96c997fa07350b88 11100 libsdl2-mixer_2.6.1+dfsg-1.debian.tar.xz 6a0d3ef472fc13845a1e6c36673bb9e1d4cb80b14765f1cd6a975a215c5b17f6 11069 libsdl2-mixer_2.6.1+dfsg-1_source.buildinfo Files: cc52b649e9a6e7282100fadb64147335 2593 libs optional libsdl2-mixer_2.6.1+dfsg-1.dsc e1ccce6e1eca932b21f9314bcdd53c0b 287028 libs optional libsdl2-mixer_2.6.1+dfsg.orig.tar.xz ea927da3bd3d22780b4084d0966d7c37 11100 libs optional libsdl2-mixer_2.6.1+dfsg-1.debian.tar.xz 9e7e233d5dcecb8ba5cc8c2bfc3262a8 11069 libs optional libsdl2-mixer_2.6.1+dfsg-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmLVa3wACgkQ4FrhR4+B TE8ywRAArKEop4OasYpUCxCsbmZqS5Om7tuNhn4+QmiguNDBLWxg4lnLCwUwjCBk J6eD7JP6mrNVyKtuLImofHF/UAGeH1spFzXcR3dWvYOrvZ9NrWn1crb3G7stOR4h UH7BQl+150dQRxJSiGJu9RJ6A+ru7cDM9v68tfmyWaxiwzbHETWMwunDa0INqCz1 TxTlX8IngTpi3B6X6M05gBwvWS837bkJSLVenhcZg4EoEATEFfeilCCDAm4ISdni bF9myev8OU+14lfqvsv16LRsejHwGDFo8Egz3ABkUzq1Y/XZ5jPAjLQkn5HLFxSm 18WAxYej2UArdDkgU0YXe+6U69gcZFRZdL+3hx/uynRyB5FgHpGA7VLdzUC7f0Xj nAvmWKY7vSO0OHP0fqhtSjKuaMYwEC8lG3X8Aqmam/UBa5eVQO/axCxRbF4kRgl2 mkK4npyaL4UuBnv/4EQB+Wyu4EEmZ9BGU7qSBrrOCoxvkxOoVuiU87Yb5ljypB5Q bwFWh/qItIEyaZ9ZCr9nhHSMvFmLrLwGVP4YqWQd5Vt8DRBW67Vf4DcZ2fHNLg3O ELlxwlQFUVAGVXMvDAw7+SPFOxh7tp4lY8q4RF5SbEkLUpIykpPaep9jpho5mFx7 fVlTAhKRAFJwCtoZCpVkhYW3xVjsM4VexI8FhwWYXOU9OfT3XYw= =BATL -----END PGP SIGNATURE----- Thank you for your contribution to Debian. From noreply at release.debian.org Mon Jul 25 05:39:09 2022 From: noreply at release.debian.org (Debian testing watch) Date: Mon, 25 Jul 2022 04:39:09 +0000 Subject: libsdl2-mixer 2.6.1+dfsg-1 MIGRATED to testing Message-ID: FYI: The status of the libsdl2-mixer source package in Debian's testing distribution has changed. Previous version: 2.6.0+dfsg-2 Current version: 2.6.1+dfsg-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See https://release.debian.org/testing-watch/ for more information. From jmm at inutil.org Fri Jul 29 22:22:24 2022 From: jmm at inutil.org (Moritz =?UTF-8?Q?M=C3=BChlenhoff?=) Date: Fri, 29 Jul 2022 23:22:24 +0200 Subject: Bug#1016352: libsdl1.2: CVE-2022-34568 Message-ID: Source: libsdl1.2 X-Debbugs-CC: team at security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for libsdl1.2. CVE-2022-34568[0]: | SDL v1.2 was discovered to contain a use-after-free via the XFree | function at /src/video/x11/SDL_x11yuv.c. https://github.com/libsdl-org/SDL-1.2/issues/863 https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-34568 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34568 Please adjust the affected versions in the BTS as needed. From owner at bugs.debian.org Sun Jul 31 15:30:09 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 31 Jul 2022 14:30:09 +0000 Subject: Processed: bug 1016352 is forwarded to https://github.com/libsdl-org/SDL-1.2/issues/863 References: <1659277640-4023-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > forwarded 1016352 https://github.com/libsdl-org/SDL-1.2/issues/863 Bug #1016352 [src:libsdl1.2] libsdl1.2: CVE-2022-34568 Set Bug forwarded-to-address to 'https://github.com/libsdl-org/SDL-1.2/issues/863'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016352 Debian Bug Tracking System Contact owner at bugs.debian.org with problems From owner at bugs.debian.org Sun Jul 31 15:30:07 2022 From: owner at bugs.debian.org (Debian Bug Tracking System) Date: Sun, 31 Jul 2022 14:30:07 +0000 Subject: Processed: tagging 1016352, tagging 1016351 References: <1659277618-1787-bts-carnil@debian.org> Message-ID: Processing commands for control at bugs.debian.org: > tags 1016352 + upstream Bug #1016352 [src:libsdl1.2] libsdl1.2: CVE-2022-34568 Added tag(s) upstream. > tags 1016351 + upstream Bug #1016351 [src:dovecot] dovecot: CVE-2022-30550 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1016351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016351 1016352: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016352 Debian Bug Tracking System Contact owner at bugs.debian.org with problems