Re: freeze exception -- bugzilla3 3.6.3.0-1

To: Christian PERRIER <bubulle@debian.org>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, debian-release@lists.debian.org, 602420@bugs.debian.org
Subject: Re: freeze exception -- bugzilla3 3.6.3.0-1
From: Raphael Bossek <bossekr@debian.org>
Date: Wed, 8 Dec 2010 16:03:58 +0100
Message-id: <[🔎] AANLkTinPrwciFvMJkXpmUWynysDpGZOeZbdGES-rHMQz@mail.gmail.com>
In-reply-to: <[🔎] 20101206055950.GM1798@mykerinos.kheops.frmug.org>
References: <AANLkTin=h2EfSm7X8kAHZieTZ2974Q8iR3bYvGztFm+1@mail.gmail.com> <20101118204031.GA8782@galadriel.inutil.org> <AANLkTi=AhG1RBOoypf5S7UBA_4QYBxK157vLvtarSysO@mail.gmail.com> <1290719250.2914.655.camel@hathi.jungle.funky-badger.org> <1290722747.2914.918.camel@hathi.jungle.funky-badger.org> <[🔎] 20101205181044.GW5063@radis.liafa.jussieu.fr> <[🔎] 20101206055950.GM1798@mykerinos.kheops.frmug.org>

Dear Christian,

Debian uses a different directory structure then upstream since years.
The CVE-2010-3764 patch can not be applied as drop in because it's
affect the directory structure of Debian. You have to change Debian's
patches to achieve this too.

Instead of loosing time changing something that is done already accept
the 3.6.3.0 series. At the end it's more clear that Debian fixed those
vulnerability if package version is 3.6.3.0 anyway.

/Raphael

2010/12/6 Christian PERRIER <bubulle@debian.org>:
> Quoting Julien Cristau (jcristau@debian.org):
>> On Thu, Nov 25, 2010 at 22:05:47 +0000, Adam D. Barratt wrote:
>>
>> > On Thu, 2010-11-25 at 21:07 +0000, Adam D. Barratt wrote:
>> > > $ debdiff ftp/pool/main/b/bugzilla/bugzilla_3.6.{2.0-4,3.0-2}.dsc 2>/dev/null | diffstat | tail -n1
>> > >  1645 files changed, 80807 insertions(+), 94494 deletions(-)
>> > >
>> > > A lot of that is probably ignorable as it relates to changes in CVS
>> > > and .svn{,-base} files and directories (why are those even in the diff?)
>> > > but at this stage of the freeze we shouldn't be having to spend
>> > > significant amounts of time reviewing diffs where the patches for the
>> > > required fixes amount to less than two hundred lines of nett changes.
>> >
>> > As a follow-up note, if you can identify any significant parts of the
>> > above which are likely not to be relevant to the Debian package, that
>> > would be helpful in persuading us that the unstable package should be
>> > accepted, rather than requesting a t-p-u upload with the extracted
>> > fixes.
>> >
>> Ping.  Can this be addressed or the security and RC fixes uploaded to
>> tpu?
>
>
> I made an attempt yesterday after being pointed at this by Julien (I
> was trying to get debconf l10n fixed and uploaded a package to tpu
> with these fixes....sorry, I should have asked before).
>
> However, the build system of that package is not well known to me
> (upstream tarballs in the source package) and I don't know how to
> properly patch the sources with the two security fixes. Just naively
> dropping them to a newly-created debian/patches and creating
> debian/patches/series didn't work as expected.
>
> So, I gave up.
>
> If anyone is working on this, I would deeply appreciate if the two
> debconf translations that are fixed in unstable  would be fixed in the
> tpu upload.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBCAAGBQJM/HvVAAoJEIcvcCxNbiWo788P/iUZecyT1NCunOjIuBdk525Q
> vbsxBYnigr8RKGr4AuFuv6K6IegbQdIEfCHZJ7xmnwEHlqPSIUMH+GbPU9gIn0JP
> 7961KnHSOxZv8oDdhRFlFKs6a3vGvLtx6FqUx8Wo48LbUhC18DUPW5vmpUoCp9qz
> Ffvm9LwCR495oblhtL9KXMmmgEbD12Fd2CMRnL6oeOx5mdD/Uf+8YS6rZbAzh+RD
> dje9b8MFNs2UsUbIsTaV477DuKFEHC9gQ2Y2NtPDw/GTZ+YrwK1jezHSWo297pU6
> GzIRnLq4BX7vlkfXGgu5D73BSWlZdieWkR9Rw3M2NbQGaK9HYjslW1CsWJnsVJsP
> DKgt5OJPnGCmqdB9bE4iSIKjWtobhoP6qEaDVyg0EQ92DpQI+7KfF9CuUUHQSGdG
> xKizay+SdAibQ+6HCHyaNn0uhAFMdCFdmsZia+CW80mcLkIUaiKowYo6u6F6bvcO
> tFh9kgvPwO+ncxuuloEChjnhGX5Oe/GXdUTr8fvi7ZrOKozCe81wOec0/OTedmmX
> HOfJmyEsh/sCSzabaen/iZQGuWwG9ae5dfOV21qGRV4r3xpB138TdkwLsMZ16qz4
> uii7hD4hV10PD+eG/DRiZfaYWpsbuR68f94V4XedlkYRzmMds1j4vdYxaK7mL+AV
> wpDg0MYy6ABjh+2Gb/dw
> =BcvL
> -----END PGP SIGNATURE-----
>
>

Reply to:

Follow-Ups:
- Re: freeze exception -- bugzilla3 3.6.3.0-1
  - From: Christian PERRIER <bubulle@debian.org>
- Re: freeze exception -- bugzilla3 3.6.3.0-1
  - From: Julien Cristau <jcristau@debian.org>

References:
- Re: freeze exception -- bugzilla3 3.6.3.0-1
  - From: Julien Cristau <jcristau@debian.org>
- Re: freeze exception -- bugzilla3 3.6.3.0-1
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Re: Security bugfix #595248: please unblock libnusoap-php
Next by Date: Please, is it possible to give back qgis on ppc?
Previous by thread: Re: freeze exception -- bugzilla3 3.6.3.0-1
Next by thread: Re: freeze exception -- bugzilla3 3.6.3.0-1
Index(es):
- Date
- Thread