- Package:
- src:leafnode
- Source:
- leafnode
- Submitter:
- Matthew Vernon
- Date:
- 2022-06-05 21:51:04 UTC
- Severity:
- important
- Tags:
Dear maintainer, Your package still depends on the old, obsolete PCRE3[0] libraries (i.e. libpcre3-dev). This has been end of life for a while now, and upstream do not intend to fix any further bugs in it. Accordingly, I would like to remove the pcre3 libraries from Debian, preferably in time for the release of Bookworm. The newer PCRE2 library was first released in 2015, and has been in Debian since stretch. Upstream's documentation for PCRE2 is available here: https://pcre.org/current/doc/html/ Many large projects that use PCRE have made the switch now (e.g. git, php); it does involve some work, but we are now at the stage where PCRE3 should not be used, particularly if it might ever be exposed to untrusted input. This mass bug filing was discussed on debian-devel@ in https://lists.debian.org/debian-devel/2021/11/msg00176.html Regards, Matthew [0] Historical reasons mean that old PCRE is packaged as pcre3 in Debian
Please note that I have very recently released leafnode 1.12.0 which now uses PCRE2 instead of PCRE1. Also note that there is no longer a .bz2 package, only .xz and .gz. https://sourceforge.net/projects/leafnode/files/leafnode/1.12.0/ Changelog (high-level, edited): https://gitlab.com/leafnode-2/leafnode-1/-/raw/1.12.0/NEWS Changelog (low-level, semiautomated): https://gitlab.com/leafnode-2/leafnode-1/-/raw/1.12.0/ChangeLog
We believe that the bug you reported is fixed in the latest version of leafnode, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1000110@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Moritz Muehlenhoff <jmm@debian.org> (supplier of updated leafnode package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Wed, 01 Jun 2022 21:09:07 +0200 Source: leafnode Architecture: source Version: 1.12.0-1 Distribution: unstable Urgency: medium Maintainer: Moritz Muehlenhoff <jmm@debian.org> Changed-By: Moritz Muehlenhoff <jmm@debian.org> Closes: 989086 1000110 Changes: leafnode (1.12.0-1) unstable; urgency=medium . * New upstream version 1.12.0, in a sense also (Closes: #989086) * Switch to PCRE2 (Closes: #1000110) * Use debhelper 13 Checksums-Sha1: 66b7a8d5bde4781eb07160515b8f96227fe91c72 1848 leafnode_1.12.0-1.dsc 048bb68b757e87a7b1a905f258d9d409a06995cf 464572 leafnode_1.12.0.orig.tar.xz e9bb61db81f89084c5675f532533692a979ddfff 48088 leafnode_1.12.0-1.debian.tar.xz 43505a814b543dab3711cfe77b6e98095e74bd87 6513 leafnode_1.12.0-1_amd64.buildinfo Checksums-Sha256: 59d46deec75ec14332f90eacec0a5e4483c14b1ab5075128f1f2137e9733a880 1848 leafnode_1.12.0-1.dsc 8310b78006a2088b82dcf9a6b18504ec4f7279bd1047af58d3dac5aaf607ce58 464572 leafnode_1.12.0.orig.tar.xz 9136bb290b3303f96b916b6a35069c652ebf31cb8a574c2a5460a71c0fec27e8 48088 leafnode_1.12.0-1.debian.tar.xz c753f6c33400b425c4fef967cb7e21bec0ea1d7783babac285c2674eacdb25fd 6513 leafnode_1.12.0-1_amd64.buildinfo Files: 8850b137a94f1cf04f40e6c92131a773 1848 news optional leafnode_1.12.0-1.dsc 0fe11436e77158b0cc03cd1808366d3c 464572 news optional leafnode_1.12.0.orig.tar.xz ebb85c74d0c57480455404748ba1080f 48088 news optional leafnode_1.12.0-1.debian.tar.xz c28263ed6c25dde159d05c4527daa37a 6513 news optional leafnode_1.12.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKdIboACgkQEMKTtsN8 TjYLAQ//dJp5OwFY+lW0pwOb2C8mZNWiNcS0Uht7cn9gnGBSyPw2NTns0l0B/T5w 0UT8bm1qkmmtI15TzNALqvcORj5ND00KR/4BV3roXlnL9KrhljRgGKEyQ5bQ07ga 7aBlRv86Uw3aEy5unlJthhpfvK+TMhAPBCe7rj9A34rlbyZhpx2Dfz28sARXnlAy w9/4KJDP5lftDkh8zwoolO6GRSgFg1UN4Ih9SwPJGqQBBGswT9adfmkAEPxP3Xlq 3YLMnn9D1mi+ph24TfUrd4p/BO0l6kPu4bB/4eS72f3SWIGkc8IlFG/zGfGGOaAZ EaGSNEz43eOLick8zrFjyNqxtR/ISHdhU94VfCAHAruxGii/367qJovuGmsLQWcA Br7JWYKkrvSfk9lZyDB8QO+5+SRq85Bq2KvDDjVBQ2maneO5+BrpLUSWzUo96Ywl LzjbFbCU05/AThG0Aj3mfxWO5pU53ArZRi24lCLecc45aiVzwhW+lltwR6xH4FuO i8vs/WWyd6nHcPMOMi38crT740d3yofIpTiAthzxmlx0sG1nGDIZXcD3ArIuB5jC arWZVt8ugt3dbKlcMcM+JMpdcwDEF0qYclNaM4ymLZYmqxOJs0FQyrWIQHCLpwY8 2MzV1b22Cfv0FWy3+v0/xAJ+R1IMungg9NL8L7a6APGZ4YbTk3Q= =h8pG -----END PGP SIGNATURE-----