On Donnerstag, 7. August 2008, Luk Claes wrote: > Christoph Haas wrote: > > On Donnerstag, 7. August 2008, Luk Claes wrote: > >> Christoph Haas wrote: > >>> please allow pdns 2.9.21.1-1 into Lenny. It's fixing a > >>> security-related problem registered as CVE-2008-3337 (see the > >>> upstream's notification attached). The security team has been > >>> informed and we are currently preparing a security update for Etch's > >>> 2.9.20-8 version, too. > >>> > >>> Please contact me if you have questions. > >> > >> It looks like the source is not clean: many (generated?) files are > >> added, can you have a look into it? > > > > Sure. But I can't find much. You are right that two files in the > > upstream tarball have accidentally been altered: > > > > - codedocs/Makefile > > - debian-pdns/changelog > > > > That's what I found out by comparing the upstream tarball to the > > tarball I uploaded to Debian yesterday. > > > > But what are the many files you found? I had just switched from > > hg-buildpackage to git-buildpackage so it's not out of the question > > that I might have made a mistake. I could use a hint though. > > Most of them are in debian-pdns. Now the original tarball from [0] and my orig.tar.gz are identical (modulo different gzip compression levels - but the tars are identical). And my diff.gz is sane, too, now. [0] http://downloads.powerdns.com/releases/pdns-2.9.21.1.tar.gz Unfortunately the existing pdns_2.9.21.1.orig.tar.gz tarball in Debian is now incorrect. Although it's a minor issue. Do I have any other chance than introducing an epoch? Can someone be bribed to remove the -1 upload? I should have triple checked the files before uploading. Help. :( Cheers Christoph
Attachment:
signature.asc
Description: This is a digitally signed message part.