#1000055 mcstrans: depends on obsolete pcre3 library

Package:
src:mcstrans
Source:
mcstrans
Submitter:
Matthew Vernon
Date:
2022-06-04 12:54:03 UTC
Severity:
important
Tags:
#1000055#5
Date:
2021-11-18 11:49:05 UTC
From:
To:
Dear maintainer,

Your package still depends on the old, obsolete PCRE3[0] libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, I
would like to remove the pcre3 libraries from Debian, preferably in
time for the release of Bookworm.

The newer PCRE2 library was first released in 2015, and has been in
Debian since stretch. Upstream's documentation for PCRE2 is available
here: https://pcre.org/current/doc/html/

Many large projects that use PCRE have made the switch now (e.g. git,
php); it does involve some work, but we are now at the stage where
PCRE3 should not be used, particularly if it might ever be exposed to
untrusted input.

This mass bug filing was discussed on debian-devel@ in
https://lists.debian.org/debian-devel/2021/11/msg00176.html

Regards,

Matthew [0] Historical reasons mean that old PCRE is packaged as
pcre3 in Debian

#1000055#14
Date:
2022-06-04 12:49:22 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
mcstrans, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1000055@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurent Bigonville <bigon@debian.org> (supplier of updated mcstrans package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 04 Jun 2022 14:26:27 +0200
Source: mcstrans
Architecture: source
Version: 3.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Changed-By: Laurent Bigonville <bigon@debian.org>
Closes: 1000055
Changes:
 mcstrans (3.4-1) unstable; urgency=medium
 .
   [ Debian Janitor ]
   * Remove constraints unnecessary since buster:
     + mcstrans: Drop versioned constraint on lsb-base in Depends.
 .
   [ Laurent Bigonville ]
   * New upstream release
     - debian/control: Bump build-dependencies to match the new release
     - debian/control: Switch to libpcre2 (Closes: #1000055)
   * Enable GPG key validation of the upstream tarball
Checksums-Sha1:
 55dacdba95f60890098dfcf3c1230f76d16048f5 1951 mcstrans_3.4-1.dsc
 ac61c6dfcf7f2199f5a5a2291aeb75b743251b04 45125 mcstrans_3.4.orig.tar.gz
 6c746382b0bd88ed2577a2fafd32c1abdbd51e09 833 mcstrans_3.4.orig.tar.gz.asc
 25970ef2ed3379ee53f2095be778a2a3d65e7d9b 27976 mcstrans_3.4-1.debian.tar.xz
 5740656f03375b5131f323b2b5ad138b82e0b39e 5467 mcstrans_3.4-1_source.buildinfo
Checksums-Sha256:
 a29defd6f6fae86d4f0ff5a16b09a407521fe20626d8e7f0a991f09b6d44df5b 1951 mcstrans_3.4-1.dsc
 4fc497fae7b80901100b58528eb198fb243daf621a6f4dbc5f391e810dc8c384 45125 mcstrans_3.4.orig.tar.gz
 b1777e296be011ac1267bd6f55ab8108edb9547bd93a494e854e9c7275ea2262 833 mcstrans_3.4.orig.tar.gz.asc
 c9e0363a5e65fa44ac69cada677f568e05fb40bf569dec08c6feb204ec1169d6 27976 mcstrans_3.4-1.debian.tar.xz
 0aa21fd7c93ec5de281cfdd292e21d5b3090bfe90fd6e6a38e83e3db7c287c0e 5467 mcstrans_3.4-1_source.buildinfo
Files:
 d138e6d5f7e0f52e18570849f6141552 1951 utils optional mcstrans_3.4-1.dsc
 7355612854be68d287d8ae79507fc8b9 45125 utils optional mcstrans_3.4.orig.tar.gz
 3a70bac14c8a2d1e716e83dfa370293b 833 utils optional mcstrans_3.4.orig.tar.gz.asc
 06ffa7a1d39be244f64c563daee44d4d 27976 utils optional mcstrans_3.4-1.debian.tar.xz
 d17eec91403dcf397daada52c270a9c5 5467 utils optional mcstrans_3.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAmKbUAURHGJpZ29uQGRl
Ymlhbi5vcmcACgkQH8WJHrqwQ9WefQf/QbAUxESPfQhIbgWKBpGCCobmEKoSmNk9
EpBJyKeydmETD8Ln/nHnxHww9cPpJYPvxZ57YWUUG3blQA7bBmx7yJAtkkdF19vG
/6RQKCcMdS+lD6XwJ0367NeJ9QgNg3aoHS1NUFP6yn4dth0r8EOzLSmCC8l4+fTh
vJMQ/73kfOeLUJq3KHthGa7Nfi08Yp+luVqE4DCElyauepio46dXQOPA6WSQFvBy
PiX83bpESGuL3XiWOaiNajxz0uYJoDv49zOMV8P4r63gqxaOFslrqZXFJ/iHqgqc
Vd7birBETBK9J2Valer4NgsBvDNE1fLBJiuhiCGsdRjkve1H6iRoBw==
=07uY
-----END PGP SIGNATURE-----