[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: requesting permission for tiff upload with security patch

Luk Claes <luk@debian.org> wrote:

> Jay Berkenbilt wrote:
>> I've prepared new tiff packages for stable-security and
>> testing-security that include a patch to fix a recently discovered
>> security problem.  With the permission of the release team, I would
>> like to go ahead and upload to unstable as well.  The version would be
>> 3.8.2-11, and I would upload with urgency high because of the security
>> update.  The change is small and safe.
>> In the interest of full disclosure, I should mention that I also
>> switched my patch management from cdbs simple-patchsys to quilt.  I
>> have done thorough testing to make sure that the package is otherwise
>> the same, so I believe this is safe to upload to unstable even at this
>> late date.
>> I won't take any action without an okay from the release team.
> Please upload.
> One remark though: We rather not see the switch of the patch management
> system this close to release. If you do decide to go for the patch
> management change we'll have to review the result of that change which
> takes more time...

I've already done the patch change, and I was going to wait until
after the release.  I can revert my packaging and upload, but it seems
kinda silly at this point.  Here is a complete list of changes that I
made to switch to quilt:

diff -u tiff-3.8.2/debian/rules tiff-3.8.2/debian/rules
--- tiff-3.8.2/debian/rules
+++ tiff-3.8.2/debian/rules
@@ -9,7 +9,7 @@
 # Include cdbs rules files.
 include /usr/share/cdbs/1/rules/tarball.mk
-include /usr/share/cdbs/1/rules/simple-patchsys.mk
+include /usr/share/cdbs/1/rules/patchsys-quilt.mk
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/autotools.mk
diff -u tiff-3.8.2/debian/control tiff-3.8.2/debian/control
--- tiff-3.8.2/debian/control
+++ tiff-3.8.2/debian/control
@@ -3,8 +3,8 @@
 Priority: optional
 Maintainer: Jay Berkenbilt <qjb@debian.org>
 Uploaders: Josip Rodin <joy-packages@debian.org>
-Build-Depends: cdbs, debhelper (>= 4.1.0), zlib1g-dev, libjpeg62-dev, libxmu-dev, libglu1-mesa-dev, freeglut3-dev, libxi-dev
-Standards-Version: 3.7.3
+Build-Depends: cdbs, quilt, debhelper (>= 4.1.0), zlib1g-dev, libjpeg62-dev, libxmu-dev, libglu1-mesa-dev, freeglut3-dev, libxi-dev
+Standards-Version: 3.8.0
 Homepage: http://libtiff.maptools.org
 Package: libtiff4


In addition, I renamed a few of the patches, normalized everything to
-p1, and created a series file.  I also added a README.source.

To test this, I did an extract of the sources for the 3.8.2-10+lenny1
and 3.8.2-11 packages, ran ./debian/rules patch in each, and diffed
the resulting build-tree directories.  The only differences:

% diff -ur build-tree ../../3.8.2-10+lenny1/tiff-3.8.2/build-tree 
Only in build-tree/tiff-3.8.2: .pc

I'm hoping that, given this, you'll be okay with my going ahead and
uploading the quilt/standards 3.8.0 version.  If not, I can revert
this change and reapply it after the upload.  Alternatively, I can use
urgency=medium or urgency=low instead of urgency=high.


Reply to: