On Fri, Apr 22, 2016 at 03:17:19pm -0400, Antoine Beaupré wrote: > On 2016-04-16 18:46:50, Alessandro Ghedini wrote: > > On Tue, Apr 12, 2016 at 03:20:04PM -0400, Antoine Beaupré wrote: > >> (Fixed list address, sorry for the duplicate.) > >> > >> Hi, > >> > >> I have looked at porting the security fixes on the libidn package from > >> squeeze to wheezy. As usual, signed test packages are available here: > >> > >> https://people.debian.org/~anarcat/debian/wheezy-lts/ > >> > >> And a debdiff is available for review by the security team: > > > > FWIW I already prepared wheezy and jessie packages for this a while ago: > > https://people.debian.org/~ghedo/libidn_1.25-2+deb7u1.diff > > https://people.debian.org/~ghedo/libidn_1.29-1+deb8u1.diff > > > > But never uploaded them because I couldn't get the jessie one to build. > > > > This was sort of "documented" in the dsa-needed.txt file and IIRC Tianon > > Gravi > > was also interested in this a while ago. > > Interesting, it seems I missed that... > > Your patchset differs from mine significantly. It seems you have reran > gnulib in there? I have found that it was easier to just add the missing > check code through patches and rerun autoconf, as it makes the patch > more readable...
I simply imported the upstream commits and worked from there. Not many changes were required IIRC, and I certainly didn't re-run gnulib (but I did run autoconf since the upstream repo doesn't include the configure and Makefile.in files). > Did the wheezy version compile and work correctly? Yes, as far as I remmber. Cheers
signature.asc
Description: PGP signature
