Thanks for your patches! Unfortunately, I can't process them at this time due
to the following:
- the quantal debdiff patches the files inline which it is a source format v3
(quilt) package. When redoing this patch, be sure to include DEP-3 comments
(the information that would have been in these is missing from debian/changelog)
- the quantal debdiff does not use the correct version. It should be
1.6.1-2ubuntu2.1
- the quantal debdiff does not use the format as prescribed by
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
- the precise debdiff is based on a package in precise-proposed. This should be
based on what is currently in -security or -updates (see
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging)
- the precise debdiff patches debian/patches/debian-changes. This is a source
format v3 (quilt) package so the security updates should be in their own
patches. When redoing this patch, be sure to include DEP-3 comments (the
information that would have been in these is missing from debian/changelog)
- the precise debdiff has the wrong version-- it should have been
1.6.1-1ubuntu0.2 with precise-proposed as 1.6.1-1ubuntu0.1, but
precise-proposed' version of 1.6.1-1+ubuntu0.1 was mistakenly accepted.
Unfortunately, if we are basing on the precise-proposed package, we have to use
1.6.1-1+ubuntu0.2
- the precise debdiff does not use the format as prescribed by
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
- the precise debdiff is based on a package in precise-proposed. This should be
based on what is currently in -security or -updates (see
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging)
- the oneiric debdiff patches debian/patches/debian-changes. This is a source
format v3 (quilt) package so the security updates should be in their own
patches. When redoing this patch, be sure to include DEP-3 comments (the
information that would have been in these is missing from debian/changelog)
- the oneiric debdiff has the wrong version-- it should be 1.6.0-1ubuntu0.1
- the oneiric debdiff does not use the format as prescribed by
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
The Lucid package is patchless, so the inline patches are fine. The
debdiff didn't have the correct debian/changelog formatting, but I
adjusted it. It would have been nice to have commit URLs (ie, what would
have been in the DEP-3 comments), but I've uploaded it after verify the
commits against upstream.
Unsubscribing ubuntu-security-sponsors for now. Please resubscribe after
updating the oneiric-quantal debdiffs. Thanks!
** Changed in: openafs (Ubuntu Lucid)
Status: Confirmed => Fix Committed
** Changed in: openafs (Ubuntu Oneiric)
Status: Confirmed => In Progress
** Changed in: openafs (Ubuntu Oneiric)
Assignee: (unassigned) => Luke Faraone (lfaraone)
** Changed in: openafs (Ubuntu Precise)
Status: Confirmed => In Progress
** Changed in: openafs (Ubuntu Precise)
Assignee: (unassigned) => Luke Faraone (lfaraone)
** Changed in: openafs (Ubuntu Quantal)
Status: Confirmed => In Progress
** Changed in: openafs (Ubuntu Quantal)
Assignee: (unassigned) => Luke Faraone (lfaraone)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1145560
Title:
OpenAFS Security Advisories 2013-001 and 2013-002
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
