2022-05-09 07:34:27 |
Didier Roche-Tolomelli |
bug |
|
|
added bug |
2022-05-09 08:25:48 |
Sebastien Bacher |
libsoup3 (Ubuntu): assignee |
Sebastien Bacher (seb128) |
Jeremy Bicha (jbicha) |
|
2022-05-10 14:41:34 |
Didier Roche-Tolomelli |
bug |
|
|
added subscriber MIR approval team |
2022-05-18 12:36:00 |
Jeremy Bícha |
bug |
|
|
added subscriber Jeremy Bicha |
2022-05-18 14:27:53 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): status |
Incomplete |
Fix Released |
|
2022-05-18 14:30:09 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): status |
Fix Released |
Incomplete |
|
2022-05-18 17:58:49 |
Jeremy Bícha |
description |
Needs to be MIR.
What doesn’t qualify for immediate promotion (soname bump) is the dep on sysprof which is in universe and needs to be checked (either get it promoted or downgrading the dep) |
[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures including i386
https://launchpad.net/ubuntu/+source/libsoup3
[Rationale]
GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44.
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support
libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25.
[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup
- https://ubuntu.com/security/cve?package=libsoup2.4
- https://security-tracker.debian.org/tracker/source-package/libsoup2.4
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- debian/rules builds with all standard hardening flags
This is a security-sensitive library that allows apps to access data over the Internet.
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4
- GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz
- Includes autopkgtests, both a basic superficial test and an installed-tests suite
[Quality assurance - packaging]
- debian/watch is present and works
- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present
- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies
- Does not ask debconf questions
- Packaging and build is easy:
https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules
[UI standards]
Skipping
[Dependencies]
- No dependencies not already in main
- libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10.
This is a big and complicated transition. Apps will crash if they are linked against both libraries.
Upstream progress tracker:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/218
Migration hints:
https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html
Estimated 29 affected source packages in main (some are libraries so true affected count is higher):
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html |
|
2022-05-18 17:58:51 |
Jeremy Bícha |
libsoup3 (Ubuntu): assignee |
Jeremy Bicha (jbicha) |
|
|
2022-05-18 19:12:39 |
Jeremy Bícha |
libsoup3 (Ubuntu): status |
Incomplete |
Confirmed |
|
2022-05-18 20:26:47 |
Jeremy Bícha |
description |
[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures including i386
https://launchpad.net/ubuntu/+source/libsoup3
[Rationale]
GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44.
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support
libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25.
[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup
- https://ubuntu.com/security/cve?package=libsoup2.4
- https://security-tracker.debian.org/tracker/source-package/libsoup2.4
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- debian/rules builds with all standard hardening flags
This is a security-sensitive library that allows apps to access data over the Internet.
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4
- GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz
- Includes autopkgtests, both a basic superficial test and an installed-tests suite
[Quality assurance - packaging]
- debian/watch is present and works
- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present
- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies
- Does not ask debconf questions
- Packaging and build is easy:
https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules
[UI standards]
Skipping
[Dependencies]
- No dependencies not already in main
- libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10.
This is a big and complicated transition. Apps will crash if they are linked against both libraries.
Upstream progress tracker:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/218
Migration hints:
https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html
Estimated 29 affected source packages in main (some are libraries so true affected count is higher):
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html |
[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures including i386
https://launchpad.net/ubuntu/+source/libsoup3
[Rationale]
GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44.
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support
libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25.
[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup
- https://ubuntu.com/security/cve?package=libsoup2.4
- https://security-tracker.debian.org/tracker/source-package/libsoup2.4
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- debian/rules builds with all standard hardening flags
This is a security-sensitive library that allows apps to access data over the Internet.
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4
- GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz
- Includes autopkgtests, both a basic superficial test and an installed-tests suite
[Quality assurance - packaging]
- debian/watch is present and works
- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present
- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies
- Does not ask debconf questions
- Packaging and build is easy:
https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules
[UI standards]
Skipping
[Dependencies]
- No dependencies not already in main
- libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10.
This is a big and complicated transition. Apps will crash if they are linked against both libraries.
Upstream progress tracker:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/218
Migration hints:
https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html
Estimated 30 affected source packages in main (some are libraries so true affected count is higher):
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html |
|
2022-05-19 07:18:30 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): status |
Confirmed |
New |
|
2022-05-23 22:06:32 |
Launchpad Janitor |
libsoup3 (Ubuntu): status |
New |
Confirmed |
|
2022-05-23 22:06:46 |
amano |
bug |
|
|
added subscriber amano |
2022-05-24 14:38:17 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): assignee |
|
Didier Roche (didrocks) |
|
2022-06-01 09:28:17 |
Sebastien Bacher |
bug |
|
|
added subscriber Sebastien Bacher |
2022-06-01 15:40:15 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): status |
Confirmed |
Fix Committed |
|
2022-06-01 15:40:18 |
Didier Roche-Tolomelli |
libsoup3 (Ubuntu): assignee |
Didier Roche (didrocks) |
|
|
2022-06-02 12:33:08 |
Jeremy Bícha |
description |
[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures including i386
https://launchpad.net/ubuntu/+source/libsoup3
[Rationale]
GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44.
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support
libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25.
[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup
- https://ubuntu.com/security/cve?package=libsoup2.4
- https://security-tracker.debian.org/tracker/source-package/libsoup2.4
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- debian/rules builds with all standard hardening flags
This is a security-sensitive library that allows apps to access data over the Internet.
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4
- GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz
- Includes autopkgtests, both a basic superficial test and an installed-tests suite
[Quality assurance - packaging]
- debian/watch is present and works
- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present
- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies
- Does not ask debconf questions
- Packaging and build is easy:
https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules
[UI standards]
Skipping
[Dependencies]
- No dependencies not already in main
- libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10.
This is a big and complicated transition. Apps will crash if they are linked against both libraries.
Upstream progress tracker:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/218
Migration hints:
https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html
Estimated 30 affected source packages in main (some are libraries so true affected count is higher):
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html |
[Availability]
Already in Ubuntu universe.
Builds and works for all supported architectures including i386
https://launchpad.net/ubuntu/+source/libsoup3
[Rationale]
GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44.
- gnome-bluetooth3 is a new runtime dependency of package gnome-shell that
we already support
libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25.
[Security]
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup
- https://ubuntu.com/security/cve?package=libsoup2.4
- https://security-tracker.debian.org/tracker/source-package/libsoup2.4
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- debian/rules builds with all standard hardening flags
This is a security-sensitive library that allows apps to access data over the Internet.
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3
- Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3
- Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4
- GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- Runs a test suite on build time, if it fails it makes the build fail, link to build log:
https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz
- Includes autopkgtests, both a basic superficial test and an installed-tests suite
[Quality assurance - packaging]
- debian/watch is present and works
- Does not yield massive lintian Warnings or Errors
- Lintian overrides are not present
- Des not rely on obsolete or about to be demoted packages.
- Has no python2 or GTK2 dependencies
- Does not ask debconf questions
- Packaging and build is easy:
https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules
[UI standards]
Skipping
[Dependencies]
- No dependencies not already in main
- libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.)
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10.
This is a big and complicated transition. Apps will crash if they are linked against both libraries.
Upstream progress tracker:
https://gitlab.gnome.org/GNOME/libsoup/-/issues/218
Migration hints:
https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html
Fedora announcement:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/JAQJ5WJQ6U6IZ3BZAZ5AM3VMMQCNOA7G/
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html
Estimated 30 affected source packages in main (some are libraries so true affected count is higher):
https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html |
|
2022-06-03 19:11:58 |
Sebastien Bacher |
libsoup3 (Ubuntu): status |
Fix Committed |
Fix Released |
|