Thanks for your patches! Unfortunately, I can't process them at this time due to the following: - the quantal debdiff patches the files inline which it is a source format v3 (quilt) package. When redoing this patch, be sure to include DEP-3 comments (the information that would have been in these is missing from debian/changelog) - the quantal debdiff does not use the correct version. It should be 1.6.1-2ubuntu2.1 - the quantal debdiff does not use the format as prescribed by https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging - the precise debdiff is based on a package in precise-proposed. This should be based on what is currently in -security or -updates (see https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging) - the precise debdiff patches debian/patches/debian-changes. This is a source format v3 (quilt) package so the security updates should be in their own patches. When redoing this patch, be sure to include DEP-3 comments (the information that would have been in these is missing from debian/changelog) - the precise debdiff has the wrong version-- it should have been 1.6.1-1ubuntu0.2 with precise-proposed as 1.6.1-1ubuntu0.1, but precise-proposed' version of 1.6.1-1+ubuntu0.1 was mistakenly accepted. Unfortunately, if we are basing on the precise-proposed package, we have to use 1.6.1-1+ubuntu0.2 - the precise debdiff does not use the format as prescribed by https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging - the precise debdiff is based on a package in precise-proposed. This should be based on what is currently in -security or -updates (see https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging) - the oneiric debdiff patches debian/patches/debian-changes. This is a source format v3 (quilt) package so the security updates should be in their own patches. When redoing this patch, be sure to include DEP-3 comments (the information that would have been in these is missing from debian/changelog) - the oneiric debdiff has the wrong version-- it should be 1.6.0-1ubuntu0.1 - the oneiric debdiff does not use the format as prescribed by https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging
The Lucid package is patchless, so the inline patches are fine. The debdiff didn't have the correct debian/changelog formatting, but I adjusted it. It would have been nice to have commit URLs (ie, what would have been in the DEP-3 comments), but I've uploaded it after verify the commits against upstream. Unsubscribing ubuntu-security-sponsors for now. Please resubscribe after updating the oneiric-quantal debdiffs. Thanks! ** Changed in: openafs (Ubuntu Lucid) Status: Confirmed => Fix Committed ** Changed in: openafs (Ubuntu Oneiric) Status: Confirmed => In Progress ** Changed in: openafs (Ubuntu Oneiric) Assignee: (unassigned) => Luke Faraone (lfaraone) ** Changed in: openafs (Ubuntu Precise) Status: Confirmed => In Progress ** Changed in: openafs (Ubuntu Precise) Assignee: (unassigned) => Luke Faraone (lfaraone) ** Changed in: openafs (Ubuntu Quantal) Status: Confirmed => In Progress ** Changed in: openafs (Ubuntu Quantal) Assignee: (unassigned) => Luke Faraone (lfaraone) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1145560 Title: OpenAFS Security Advisories 2013-001 and 2013-002 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs