[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (PRSC) dokuwiki update for stable and oldstable



On Wed, 2011-03-16 at 21:23 +0100, Tanguy Ortolo wrote:
> I have an update for the package dokuwiki in stable and oldstable, to
> apply an upstream security fix for an ACL bypass.

Apologies for managing to miss this when you originally posted it.
fwiw, that's generally less likely to happen if the request is filed in
the BTS; reportbug will guide you through submitting a bug with the
relevant usertags set.

> The packages are here:
> http://tanguy.ortolo.eu/deb/dokuwiki/dokuwiki_0.0.20080505-4+lenny2.dsc
> http://tanguy.ortolo.eu/deb/dokuwiki/dokuwiki_0.0.20091225c-10+squeeze1.dsc
> 
> I attach to this message the corresponding diffs with the versions
> currently in the archive. As the modification consists in introducing a
> patch, I also attach this patch as it may be more readable than a
> “square-patch”.

How did you generate the diffs?  Are they the result of something like
"diff -Nru" on the unpacked source packages?  The reason I ask is that
they contain files in ".pc", including an entire copy of the XMLRPC file
affected by the patch, which isn't something I'd expect to find in a
package diff.

However, running debdiff on the source packages in the archive and those
at the URLs you mentioned above looks clean and okay, so if the above is
indeed the reason for the noise in the diffs then please feel free to go
ahead with the uploads.

Regards,

Adam


Reply to: