Acknowledgement sent
to "Chris Lamb" <lamby@debian.org>:
New Bug report received and forwarded. Copy sent to reproducible-bugs@lists.alioth.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>.
(Tue, 15 Sep 2020 10:51:06 GMT) (full text, mbox, link).
Source: evince
Version: 3.38.0-1
Severity: wishlist
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
evince could not be built reproducibly.
This is because it generates .h header files that contain the absolute
build path via the @filename@ placeholder.
Patch attached that uses @basename@ instead — these are comments,
after all.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
Control: tag -1 pending
Hello,
Bug #970383 in evince reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/gnome-team/evince/-/commit/533507b012e91bef76a9bf97152691a2dcfc5b5c
------------------------------------------------------------------------
Add patch from Chris Lamb to make the build reproducible
Closes: #970383
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/970383
Added tag(s) pending.
Request was from Simon McVittie <noreply@salsa.debian.org>
to 970383-submitter@bugs.debian.org.
(Tue, 13 Oct 2020 09:45:05 GMT) (full text, mbox, link).
Reply sent
to Simon McVittie <smcv@debian.org>:
You have taken responsibility.
(Tue, 13 Oct 2020 11:06:07 GMT) (full text, mbox, link).
Notification sent
to "Chris Lamb" <lamby@debian.org>:
Bug acknowledged by developer.
(Tue, 13 Oct 2020 11:06:07 GMT) (full text, mbox, link).
Source: evince
Source-Version: 3.38.0-2
Done: Simon McVittie <smcv@debian.org>
We believe that the bug you reported is fixed in the latest version of
evince, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 970383@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated evince package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 13 Oct 2020 10:49:10 +0100
Source: evince
Architecture: source
Version: 3.38.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 829976970383
Changes:
evince (3.38.0-2) unstable; urgency=medium
.
* Team upload
.
[ Jeremy Bicha ]
* debian/rules: Enable all auto features (except t1lib).
This allows simplifying our configure rules.
* Stop using -Wl,--as-needed, which is the bullseye toolchain's default
* Remove remnants of the Autotools build that are no longer necessary
.
[ Simon McVittie ]
* d/p/Remove-ability-to-launch-actions.patch:
Add security hardening from upstream gnome-3-38 branch.
The PDF specification defines "Launch Action", which allows documents
to launch arbitrary applications. It appears that in practice this is
only used by malware. Evince never *deliberately* allowed arbitrary
code execution like this (even though the spec said it should), only
opening documents in external MIME handlers, but some MIME handlers
result in arbitrary code execution anyway.
* Remove obsolete gnome-common build-dependency.
This has been unnecessary ever since evince moved to the Meson build
system. (Closes: #829976)
* d/p/Make-the-build-reproducible.patch:
Add patch from Chris Lamb to make the build reproducible
(Closes: #970383)
Checksums-Sha1:
632254d77ef718bb183366cfdcb911ed5058a696 3372 evince_3.38.0-2.dsc
d1408bf04bbdec073504088e60c400241b177a47 33572 evince_3.38.0-2.debian.tar.xz
b387e2d00ddd6c62777981bbdf1091523b420896 17048 evince_3.38.0-2_source.buildinfo
Checksums-Sha256:
c91031435b32bebe3df6268a8570fe0450e11fe8528c7ce4d8e0d8637b4206ed 3372 evince_3.38.0-2.dsc
1620b510f9413ec4a4bbb6f4b3db888739541a30bd4fc89efcde88ed78bd26bc 33572 evince_3.38.0-2.debian.tar.xz
c25a4220957234e08cc3fdcc67a663401ea6a7b4c31be4aebf197a1cfd05860c 17048 evince_3.38.0-2_source.buildinfo
Files:
910c261d7460ceb5e8d6eb0fd9fa30cc 3372 gnome optional evince_3.38.0-2.dsc
ca3543e098abc3388f1b8a69103666d4 33572 gnome optional evince_3.38.0-2.debian.tar.xz
30a56e9badd2243409763c5d6bf64c31 17048 gnome optional evince_3.38.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl+FhbMACgkQ4FrhR4+B
TE/7GA/+Nh8RjZfRl5atnDa76sP/ZR5ZQ5ggDRJUOdBLm6KLnIca6zCscq2xYKMx
+drAxqPXhIGJ4WaZ5m86lrLTc5ZBTj4ioWsKRS2zwg3njh5drlFkC1XTBPKjnHLT
26H239rkNFjvaq8QsnMF8ws5WwnowtQzzpBOhUAA6KWkJNTthlJSb2AG7Y2wE7K7
IM2xBlPQz0b26kjl5ggCan3azkC9dl5y3c/cYppsDcLTugLtyG3OMXhGNIFuhnA7
Jhsw8HTP6AQNrepYXalW5GJaqlnN38k5YEmzW3lgiFTvAcawSfUF/TzgH02WTgXn
NyvmDV1NjjYGQxofszqrPGuDroC34bH0nbDYnXCs+Ztcl8tLA6AkkCbo3sxyu04C
u/hYdX9i8Aw4MNywIWaLKweDnnqS55eeg/nYfG3t9QzGoZaQgg+xbj1MB2Kq6wBR
p2xBNDrqFgwOXgY6OwCa58GH3sKG/wf+mWcGJ6RkO2qepVmJwkqA5A4SOrQHMzvl
yyunm54R34mHr3JrJmt60W9sWiDoN9qv0wHUbMBoY3e7Mfxz/2VCfltG2pLskYn9
bcjxd6wIjV1vK+mMddceiAV0JsTfbeLSORZJIrsriyGSjaiwFYLzsaPFCTZ9kJae
30geh2XylwopV3eoMfcQevCroB559XYytpyGAHdQ/Xm2aJwSmxk=
=Ynre
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 11 Nov 2020 07:26:45 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.