Accepted libsoup2.4 2.68.2-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 09 Oct 2019 12:23:19 +0100
Source: libsoup2.4
Architecture: source
Version: 2.68.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 941912
Changes:
libsoup2.4 (2.68.2-1) unstable; urgency=medium
.
* Team upload
* d/gbp.conf: Switch branch to debian/unstable.
We should upload the fix for CVE-2019-17266 to unstable, but
the debian/master branch already has a version waiting for NEW
processing.
* New upstream release (CVE-2019-17266) (Closes: #941912)
* libsoup-gnome2.4-dev: Explicitly depend on gir1.2-soup-2.4.
According to the GIR mini-policy, this is required because
gir1.2-soup-2.4 contains SoupGNOME-2.4.typelib, corresponding to
SoupGNOME-2.4.gir in libsoup-gnome2.4-dev. This dependency is not in
fact strictly necessary, because libsoup-gnome2.4-dev depends on
libsoup2.4-dev which in turn depends on gir1.2-soup-2.4, but Lintian
doesn't look at recursive dependencies.
* libsoup2.4-doc.links: Create symlinks to documentation in /usr/share/doc.
The actual documentation files remain in /usr/share/gtk-doc/html,
because they are technically a programmatic interface: other libraries
that depend on libsoup2.4 and use gtk-doc will use that path to fix
cross-references in their own documentation.
There are symlinks in both /u/s/d/libsoup2.4-dev (the "main package"
in Policy ยง12.3), and /u/s/d/libsoup2.4-doc (the traditional location
for documentation).
* libsoup2.4-doc: Add Recommends: libglib2.0-doc, for the cross-references.
The libsoup2.4 documentation contains many cross-references to GLib,
GObject and GIO documentation. Add symlinks in /usr/share/doc so that
those cross-references can be followed, even in browsers that treat
symlinks like directories for the purposes of resolving relative paths.
* d/libsoup2.4-doc.doc-base: Use the symlinks in /usr/share/doc.
This is functionally equivalent to what we already had, but silences
a Lintian error.
* Standards-Version: 4.4.1 (no changes required)
* d/copyright: Update
* d/p/xmlrpc-tests-Cope-with-GLib-2.62-TAP-output.patch:
Add proposed patch to fix test failures with GLib 2.62
* Explicitly build-depend on libapache2-mod-php, PHP 7 and Python 3.
The script that checks for the required PHP version is written in
Python 3 and specifically looks for a php7* module. It seems that in
practice the dependency resolver used on unstable buildds will always
select libapache2-mod-php anyway, but the resolver used on
experimental buildds can select the -cgi or -fpm implementations,
which are not detected, resulting in the necessary files for some of
the installed-tests not being installed.
* Add lintian overrides for the binary package names not precisely
matching the SONAMEs.
They're close enough to achieve the goal of the mechanically-generated
naming convention, and changing them now (other than at the time of an
upstream SONAME bump) seems like more disruption than it's worth.
Checksums-Sha1:
abf53f57a81a7ede3147209fc434142be2befc1c 2954 libsoup2.4_2.68.2-1.dsc
38e489cf0d37a478a77d1bba278bfd2a47ac249a 1467072 libsoup2.4_2.68.2.orig.tar.xz
af2f2bc20571c05fc8c3eefe3560bd2be37276c8 21696 libsoup2.4_2.68.2-1.debian.tar.xz
Checksums-Sha256:
b4012179156c8a07e8aee3bb2410fa7df6865515d3cfcee6370e17a57fc02fc4 2954 libsoup2.4_2.68.2-1.dsc
51ad3001a946fe3bcf29b692dc9ffe05cdf702ea6ca0ee8c3099a99a2f4e3933 1467072 libsoup2.4_2.68.2.orig.tar.xz
e02332d4a2d323affe4644a97adbf5296a0f3b76390ec9b0b7fdda67ae6bafcb 21696 libsoup2.4_2.68.2-1.debian.tar.xz
Files:
c8edf5d0332ebc6cb8cdc85e3e5b3dd2 2954 devel optional libsoup2.4_2.68.2-1.dsc
8e3430458be72547d890d0bf914dd125 1467072 devel optional libsoup2.4_2.68.2.orig.tar.xz
049eb8da6ebcdb73fbf65c3fe2e806d0 21696 devel optional libsoup2.4_2.68.2-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl2d5OYACgkQ4FrhR4+B
TE91+xAAqL/Qf8EB+wIpTAJXGSMBe8MYbXV2AEAk2hMxaP59DPciheu7S/Y1Kcwh
8nBhlYVAksj7xZvMm3XJhbVRMjoMfiWZPc9qQhIaro/nNbD+X8QNXJ/GDaF62dKy
M2AbKkXdQ63DMUpFm2XEfryMvvbfQp7uW+aOY6XS6xFHAVIyfjQdQ3raI09ZAxAN
MI/7mmzsq2pZQXueAtb/VSl7qZxiB0B9YLcZ9exWgzvI14vO270cGhzm485LVaCK
jLFVyEooX+p8Jd5LUOSdG0K8eXpfKRWKkwo1kJeWSdjsPQtXxgDP7aW9Q5fyqSep
GrPKBNhVpGTNwHBwlsO0hhDzVYfK357vwbbeAb+LIjPY8M2Sac5MgxdQt7RZQmgK
9VPBPZCDUUGt+t3dGHmGZIfD6mo1bdnZeqt8IJi/u0m6nmscvLaH4huYwY1uX+ZW
aqXRklupN49txvZfknV/kCFROl+KHug6j6u7qpmn+IgeiY57/MajKXHHULKkp1GN
rQ3aVioRgFKmx6PggW1mHVykRcPUdJvRgnOocShMQQ30BXI+V9w7YMiUodPaP8cV
I/XfmZAHj2j8Nh4ZaWYDgNlOibTl0lZSiiGabJnufSLWi35w1vD6/FN88tYKAf1m
nCBxRXN2oA9H+JO+UPzPd7Jrh2EOFuZbqcb0Zn6RTYt9cB2XlVU=
=Ka2e
-----END PGP SIGNATURE-----