> Since this is a bug against the fileserver, I would say that our primary
> focus should be on getting a fix for dapper. Also Gutsy is of some
> importance since i do belevie that there is some people out there
> running gutsy servers.
> Considering that i have never done any .deb packaging, it would take me
> a long time to find the relevant security patch from 1.4.5 to 1.4.6,
> apply it to 1.4.1-2 (dapper) and repackage. Perhaps with some help from
> Russ to find the actual patch i will give it a go.
Sorry, I should have been more specific when I said the upstream delta
between the versions was all you need. I mentioned that because we
publish it as a diff file.
> Another option:
> What about debian stable? Is 1.4.2-6 (etch) going to be patched, if so,
> can we draw from the effort there?
kcr was working on Debian stable updates. I don't know what his current
status is for those. I haven't had time to look at them personally,
unfortunately.
Johan Christiansen <email address hidden> writes:
> About repackaging:
> Since this is a bug against the fileserver, I would say that our primary
> focus should be on getting a fix for dapper. Also Gutsy is of some
> importance since i do belevie that there is some people out there
> running gutsy servers.
> Considering that i have never done any .deb packaging, it would take me
> a long time to find the relevant security patch from 1.4.5 to 1.4.6,
> apply it to 1.4.1-2 (dapper) and repackage. Perhaps with some help from
> Russ to find the actual patch i will give it a go.
Sorry, I should have been more specific when I said the upstream delta
between the versions was all you need. I mentioned that because we
publish it as a diff file.
http:// dl.openafs. org/dl/ openafs/ 1.4.6/openafs- 1.4.6-src. diff.gz is the
patch that you want. The changes to viced/viced.c and vol/partition.c are
unimportant and can be omitted, as (of course) can the RCSID changes.
> Another option:
> What about debian stable? Is 1.4.2-6 (etch) going to be patched, if so,
> can we draw from the effort there?
kcr was working on Debian stable updates. I don't know what his current
status is for those. I haven't had time to look at them personally,
unfortunately.
-- www.eyrie. org/~eagle/>
Russ Allbery (<email address hidden>) <http://