Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1
Hi Adam,
first, thanks for the review
>
>With apologies for not getting a proper response to this sooner, some
>queries...
no problem :)
>+ * Tried to fix CVE-2013-2298 and CVE-2013-2018.
>I'm not hugely keen on "tried to fix". :-( Are they fixed or not?
I tried to fix them (meaning I backported the patches and rebased on top of the version)
however we removed the build of the server packages, so the CVE is fixed, because we don't ship the code anymore.
if you ask me why we keep the patches, I answer "because users might download the source and build manually their server"
>+ * link_with_gold.patch: patched configure.ac to add -lX11 for linking client
>+ with ld.gold.
>Hmmm, gold isn't the default linker in wheezy afair? I guess this isn't
>crazy based on the Build-Depends change.
don't know, I didn't change this :) if it is a problem I can put Guo in the loop (if he doesn't already monitor the bug)
+Subject: [PATCH] - client: don't show cache size in startup messages.
yes, but again it is dead code :)
>May well be taken from upstream, but appears to have nothing to do with
>the content of the patch.
>+workaround-objcxx.patch
>What's the intent of this patch? It doesn't appear to be mentioned in
>the changelog and only appears to touch code that's never going to be
>used on Debian to begin with.
seems an useless patch to me :)
>+wrapper.patch
>This also isn't mentioned in the changelog.
safe patch, just adding some headers to avoid build failures with certain gcc versions...
should I make another upload?
really the debdiff can be so much reduced, I bringed up a wheezy branch and added the fixed on top of it...
cheers,
Gianfranco
Reply to: