Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted evince 3.38.0-2 (source) into unstable
Date: Tue, 13 Oct 2020 11:03:51 +0000
Signed by: Simon McVittie <smcv@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 13 Oct 2020 10:49:10 +0100
Source: evince
Architecture: source
Version: 3.38.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 829976 970383
Changes:
 evince (3.38.0-2) unstable; urgency=medium
 .
   * Team upload
 .
   [ Jeremy Bicha ]
   * debian/rules: Enable all auto features (except t1lib).
     This allows simplifying our configure rules.
   * Stop using -Wl,--as-needed, which is the bullseye toolchain's default
   * Remove remnants of the Autotools build that are no longer necessary
 .
   [ Simon McVittie ]
   * d/p/Remove-ability-to-launch-actions.patch:
     Add security hardening from upstream gnome-3-38 branch.
     The PDF specification defines "Launch Action", which allows documents
     to launch arbitrary applications. It appears that in practice this is
     only used by malware. Evince never *deliberately* allowed arbitrary
     code execution like this (even though the spec said it should), only
     opening documents in external MIME handlers, but some MIME handlers
     result in arbitrary code execution anyway.
   * Remove obsolete gnome-common build-dependency.
     This has been unnecessary ever since evince moved to the Meson build
     system. (Closes: #829976)
   * d/p/Make-the-build-reproducible.patch:
     Add patch from Chris Lamb to make the build reproducible
     (Closes: #970383)
Checksums-Sha1:
 632254d77ef718bb183366cfdcb911ed5058a696 3372 evince_3.38.0-2.dsc
 d1408bf04bbdec073504088e60c400241b177a47 33572 evince_3.38.0-2.debian.tar.xz
 b387e2d00ddd6c62777981bbdf1091523b420896 17048 evince_3.38.0-2_source.buildinfo
Checksums-Sha256:
 c91031435b32bebe3df6268a8570fe0450e11fe8528c7ce4d8e0d5947b4206ed 3372 evince_3.38.0-2.dsc
 1620b510f9413ec4a4bbb6f4b3db888739541a30bd4fc89efcde88ed78bd26bc 33572 evince_3.38.0-2.debian.tar.xz
 c25a4220957234e08cc3fdcc67a663401ea6a7b4c31be4aebf197a1cfd05860c 17048 evince_3.38.0-2_source.buildinfo
Files:
 910c261d7460ceb5e8d6eb0fd9fa30cc 3372 gnome optional evince_3.38.0-2.dsc
 ca3543e098abc3388f1b8a69103666d4 33572 gnome optional evince_3.38.0-2.debian.tar.xz
 30a56e9badd2243409763c5d6bf64c31 17048 gnome optional evince_3.38.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl+FhbMACgkQ4FrhR4+B
TE/7GA/+Nh8RjZfRl5atnDa76sP/ZR5ZQ5ggDRJUOdBLm6KLnIca6zCscq2xYKMx
+drAxqPXhIGJ4WaZ5m86lrLTc5ZBTj4ioWsKRS2zwg3njh5drlFkC1XTBPKjnHLT
26H239rkNFjvaq8QsnMF8ws5WwnowtQzzpBOhUAA6KWkJNTthlJSb2AG7Y2wE7K7
IM2xBlPQz0b26kjl5ggCan3azkC9dl5y3c/cYppsDcLTugLtyG3OMXhGNIFuhnA7
Jhsw8HTP6AQNrepYXalW5GJaqlnN38k5YEmzW3lgiFTvAcawSfUF/TzgH02WTgXn
NyvmDV1NjjYGQxofszqrPGuDroC34bH0nbDYnXCs+Ztcl8tLA6AkkCbo3sxyu04C
u/hYdX9i8Aw4MNywIWaLKweDnnqS55eeg/nYfG3t9QzGoZaQgg+xbj1MB2Kq6wBR
p2xBNDrqFgwOXgY6OwCa58GH3sKG/wf+mWcGJ6RkO2qepVmJwkqA5A4SOrQHMzvl
yyunm54R34mHr3JrJmt60W9sWiDoN9qv0wHUbMBoY3e7Mfxz/2VCfltG2pLskYn9
bcjxd6wIjV1vK+mMddceiAV0JsTfbeLSORZJIrsriyGSjaiwFYLzsaPFCTZ9kJae
30geh2XylwopV3eoMfcQevCroB559XYytpyGAHdQ/Xm2aJwSmxk=
=Ynre
-----END PGP SIGNATURE-----
News for package evince
