Sounds good. I think my point is really that people mix up backports and
SRU, and justifying a request for a package backport by needing security
fixes is wrong, unless it turns out that it is too difficult to backport
those fixes. I don't see anyone requesting any of the new features here.
So I
I stripped out the documentation and comment changes in the Upgraded
PCRE to version 7.6 (Nuno) patch. The remaining changes in config.h and
pcre.h just bumps the version number. If this is not needed (by the
other patches) only the pcre_compile.c changes should be left for SRU.
diffstat
Here's a debdiff with the 5 stripped down security patches:
php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low
.
* Backport security fixes from 5.2.6: (LP: #227464)
- debian/patches/security526-fastcgi.patch:
+ Fixed possible stack buffer overflow in FastCGI SAPI
+ Fixed
Mathias, shouldn't all security fixes go as SRU in hardy-security (or
hardy-updates) and not in backports? Backports are for new features.
--
Please Backport PHP 5.2.6 -- fixes important security bugs
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a
On Wed, Jun 4, 2008 at 3:58 PM, Tormod Volden [EMAIL PROTECTED] wrote:
Mathias, shouldn't all security fixes go as SRU in hardy-security (or
hardy-updates) and not in backports? Backports are for new features.
A complete merge of 5.2.6 would constitute a backport, as the version
has been bumped