Normally security fixes add patches to debian/patches/ directory, modify a debian/patches/series file, modifies the debian/changelog. It's very rare to modify files outside of this hierarchy (except for 'native packages', but those don't typically have version numbers this complex).
Could you double-check that you've prepared the patches that you thought you prepared?
Hello Luís, 4.5MB feels pretty unlikely for a security fix; the diffstat on that debdiff is all over the place:
$ diffstat spip_focal.debdiff 8/spip- 3.2.15/ plugins- dist/medias/ lib/mejs/ mediaelement- flash-audio- ogg.swf |binary 8/spip- 3.2.15/ plugins- dist/medias/ lib/mejs/ mediaelement- flash-audio. swf |binary 8/spip- 3.2.15/ plugins- dist/medias/ lib/mejs/ mediaelement- flash-video- hls.swf |binary 8/spip- 3.2.15/ plugins- dist/medias/ lib/mejs/ mediaelement- flash-video- mdash.swf |binary 8/spip- 3.2.15/ plugins- dist/medias/ lib/mejs/ mediaelement- flash-video. swf |binary 2.15/.gitignore | 129 2.15/CHANGELOG. TXT | 318 + 2.15/config/ ecran_securite. php | 23
/tmp/9oDFeUYni
/tmp/9oDFeUYni
/tmp/9oDFeUYni
/tmp/9oDFeUYni
/tmp/9oDFeUYni
spip-3.
spip-3.
spip-3.
...
Normally security fixes add patches to debian/patches/ directory, modify a debian/ patches/ series file, modifies the debian/changelog. It's very rare to modify files outside of this hierarchy (except for 'native packages', but those don't typically have version numbers this complex).
Could you double-check that you've prepared the patches that you thought you prepared?
Thanks