FFe: Sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)

Bug #1717216 reported by Jeremy Bícha
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libsoup2.4 (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)

Explanation of FeatureFreeze exception:

libsoup follows the GNOME release cycle and we're shipping the rest of GNOME 3.26.

Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes CVE-2017-2885). I think it's (slightly) easier for the Security Team to backport security fixes for newer releases.

https://git.gnome.org/browse/libsoup/tree/NEWS

https://git.gnome.org/browse/libsoup/log/

Changelog entries since current artful version 2.56.1-1:

libsoup2.4 (2.60.0-1) unstable; urgency=medium

  * New upstream translations release

 -- Jeremy Bicha <email address hidden> Tue, 12 Sep 2017 11:03:12 -0400

libsoup2.4 (2.59.90.1-1) unstable; urgency=medium

  * New upstream release
  * Drop all patches, applied in new release
  * debian/libsoup2.4-1.symbols: Add new symbols
  * debian/control.in:
    - Build-depend on apache2 and php-xmlrpc for build tests
  * Bump Standards-Version to 4.1.0

 -- Jeremy Bicha <email address hidden> Wed, 30 Aug 2017 20:59:56 -0400

CVE References

Jeremy Bícha (jbicha)
Changed in libsoup2.4 (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Iain Lane (laney) wrote : Re: [Bug 1717216] [NEW] FFe: Sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)

On Thu, Sep 14, 2017 at 08:53:02AM -0000, Launchpad Bug Tracker wrote:
> You have been subscribed to a public bug by Jeremy Bicha (jbicha):
>
> Please sync libsoup2.4 2.60.0-1 (main) from Debian unstable (main)
>
> Explanation of FeatureFreeze exception:
>
> libsoup follows the GNOME release cycle and we're shipping the rest of
> GNOME 3.26.
>
> Also, libsoup is a security sensitive package. (And 2.59.90.1 fixes
> CVE-2017-2885). I think it's (slightly) easier for the Security Team to
> backport security fixes for newer releases.
>
> https://git.gnome.org/browse/libsoup/tree/NEWS
>
> https://git.gnome.org/browse/libsoup/log/

I'm reasonably in favour of this - and it seems from NEWS that the new
feature you're requesting an exception for is new API which in itself is
not a risky new feature.

But, since you've asked... this is a fairly core package on the desktop;
how much have you tested it? Seems there's at least one regression
mentioned in the intermediate releases.

Cheers,

--
Iain Lane [ <email address hidden> ]
Debian Developer [ <email address hidden> ]
Ubuntu Developer [ <email address hidden> ]

Jeremy Bícha (jbicha)
tags: added: artful upgrade-software-version
Revision history for this message
Jeremy Bícha (jbicha) wrote :

libsoup2.4 has been in Debian Testing for 3 weeks without any reported issues.
The test suite is run during the build and failures would fail the build.
I built libsoup2.4 2.60.1-1 in my PPA and did a new install of today's daily ISO using the new version without problems.

I then set up my Google account with GNOME Online Accounts. I used Calendar, Ubuntu/GNOME Software, Evolution.

Adam Conrad (adconrad)
Changed in libsoup2.4 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.