Johan Christiansen <[EMAIL PROTECTED]> writes:

> About repackaging:

> Since this is a bug against the fileserver, I would say that our primary
> focus should be on getting a fix for dapper. Also Gutsy is of some
> importance since i do belevie that there is some people out there
> running gutsy servers.

> Considering that i have never done any .deb packaging, it would take me
> a long time to find the relevant security patch from 1.4.5 to 1.4.6,
> apply it to 1.4.1-2 (dapper) and repackage. Perhaps with some help from
> Russ to find the actual patch i will give it a go.

Sorry, I should have been more specific when I said the upstream delta
between the versions was all you need.  I mentioned that because we
publish it as a diff file.

http://dl.openafs.org/dl/openafs/1.4.6/openafs-1.4.6-src.diff.gz is the
patch that you want.  The changes to viced/viced.c and vol/partition.c are
unimportant and can be omitted, as (of course) can the RCSID changes.

> Another option:
> What about debian stable? Is 1.4.2-6 (etch) going to be patched, if so,
> can we draw from the effort there?

kcr was working on Debian stable updates.  I don't know what his current
status is for those.  I haven't had time to look at them personally,
unfortunately.

-- 
Russ Allbery ([EMAIL PROTECTED])               <http://www.eyrie.org/~eagle/>

-- 
SA 2007-003: Denial of service in OpenAFS fileserver
https://bugs.launchpad.net/bugs/180792
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to