On Thu, Mar 21, 2013 at 08:45:24 +0900, Hideki Yamane wrote: > On Wed, 20 Mar 2013 19:38:05 +0000 > "Adam D. Barratt" <a...@adam-barratt.org.uk> wrote: > > > 2.6.26-0.2+squeeze1 would be more conventional. > > > diff -Nru smarty-2.6.26/debian/source/format > > smarty-2.6.26/debian/source/format > > --- smarty-2.6.26/debian/source/format 1970-01-01 09:00:00.000000000 +0900 > > +++ smarty-2.6.26/debian/source/format 2013-03-10 22:31:20.000000000 +0900 > > @@ -0,0 +1 @@ > > +3.0 (quilt) > > > > Definitely not in a stable update. > > Okay, then as below. I'll upload it today if it's okay. > > > diff -u smarty-2.6.26/debian/changelog smarty-2.6.26/debian/changelog > --- smarty-2.6.26/debian/changelog > +++ smarty-2.6.26/debian/changelog > @@ -1,3 +1,12 @@ > +smarty (2.6.26-0.2+squeeze1) stable-proposed-updates; urgency=high > + > + * QA upload. > + * add debian/patches/avoid_possible_script_execution_from_2.6.27.patch > + - CVE-2012-4437: cherry picked from upstream, prevent XSS (Closes: > #702710) > + Thanks to Yoshinari Takaoka <mum...@mumumu.org> for the report. > + > + -- Hideki Yamane <henr...@debian.org> Mon, 11 Mar 2013 01:18:46 +0900 > + > smarty (2.6.26-0.2) unstable; urgency=low > > * QA upload: > diff -u smarty-2.6.26/debian/rules smarty-2.6.26/debian/rules > --- smarty-2.6.26/debian/rules > +++ smarty-2.6.26/debian/rules > @@ -9,6 +9,7 @@ > dh_clean > > build: > + patch -p1 < > debian/patches/avoid_possible_script_execution_from_2.6.27.patch > Where is this undone? What happens if you call build twice? If the package isn't already using a patch system, then apply the patch directly, not through debian/rules, please.
Cheers, Julien
signature.asc
Description: Digital signature
