On 30 January 2019 at 13:59, Adam D. Barratt wrote: | On 2019-01-30 13:39, Dirk Eddelbuettel wrote: | > On 30 January 2019 at 13:11, Adam D. Barratt wrote: | > | On 2019-01-29 11:53, Dirk Eddelbuettel wrote: | > ... | > | > Happy to upload once you give a green light. (System information | > | > remove as I | > | > type this on Ubuntu 18.10 ...) | > | | > | Apparently it was already uploaded. | > | | > | patches/updated-upstream-changes | 2699 | > | +++++++++++++++++++++++++++++++++++++++ | > | > To unstable, yes - as 1.2.9000-1. | | and to stable - the diffstat above is from our automated tooling | noticing the upload appearing in stable-new.
I see. I also (while commuting in) thought this may be the diff from April... | > But Moritz asked me to also upload to | > stretch. See https://packages.debian.org/search?keywords=r-cran-readxl | | I see. For reference, when a member of the Security Team says that, they | usually mean "talk to the Release Team about uploading". Moritz and then Salvatore pointed me to the manual and the recent d-d-a post which suggest filing a bug (I did) and upload (I am trying :). | > | Aside from being big enough to be non-trivial to review, the filename | > of | > | that patch isn't ideal. If there are other upstream changes that need | > | incorporating in future, are you simply planning on appending to that | > | patch, rather than having separate patches for specific purposes? | > | > This is Debian packaging of the CRAN package readxl. It's current | > upstream | > version is in better shape. | > | > I "have to" run this fix as CVE had been issued. As Moritz (now CCed) | > suggested that this doesn't need a full blown security upload (no DOS | > here, | > just plain segfaults in R when libxls loaded) we went this route. | | That explains the size, but the filename still isn't ideal. That isn't | reject-worthy in and of itself, it just has the potential to be more | annoying to review if there's an additional update for the package in | future. Let's see if any other issues pop up when someone finds | sufficient tuits to review the full changes, rather than my initial run | over the debdiff. The changelog is more detailed. In essence, and just like in April, I updated four files dealing with xls/ole/memory. Our tools then suggested 'dpkg-source --commit' which creates the one patch. Dirk | | Regards, | | Adam -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
