(Note wide crossposting - please trim followups.) Alexander O. Yuriev writes: ... > Until the official fix-kits are available for those > systems, it is advised that system administrators > obtain the source code of fixed mount program used > in Debian/GNU Linux 1.1, compile it and replace the > vulnerable binaries. ...
Debian is now phasing in a new source packaging format, which has some advantages for internal uses, notably automatic building. The procedure for unpacking the source without using our own tools will change - I'm afraid it's a little more complicated, though fairly obvious. I've placed a description of what to do in /debian/doc/source-unpack.txt in the Debian FTP archive, and made links called README.source-unpack in /debian/unstable/source, /debian/contrib and /debian/non-free. A copy of the file is below. Ian. HOW TO UNPACK A DEBIAN SOURCE PACKAGE There are two kinds of Debian source packages: old ones and new ones. A. Old ones look like this: hello-1.3-4.tar.gz hello-1.3-4.diff.gz You unpack them by untarring the .tar.gz. There is NO need to apply the diff. B. New ones look like this: hello_1.3-11.dsc hello_1.3-11.diff.gz hello_1.3-11.orig.tar.gz - note the `.orig' part Here you MUST use dpkg-source or apply the diff manually - see below. If you have `dpkg-source' you should put the files in the same directory and type `dpkg-source -x <whatever>.dsc'. If you do not you can extract the Debian source as follows: 1. untar P_V.orig.tar.gz. 2. rename the resulting P-V.orig directory to P-V. 3. mkdir P-V/debian. 4. apply the diff with patch -p0. (where P is the package name and V the version.) C. There are some packages where the Debian source is the upstream source. In this case there will be no .diff.gz and you can just use the .tar.gz. If a .dsc is provided you can use `dpkg-source -x'. -- Ian Jackson <[EMAIL PROTECTED]> Sat, 31 Aug 1996