[pkg-boost-devel] [pkg-boost-commits] r14144 - in boost/trunk: boost/regex/v4 debian debian/patches libs/regex/test/regress

Steve M. Robbins steve at sumost.ca
Sun Jan 20 23:32:03 UTC 2008 

Hi all,

I wonder if we could come to an agreement about the contents of
debian/changelog.  I've always understood that file to be a record of
the *Debian* releases.

I do understand that derivative distributions such as Ubuntu do put
their own release entries in there.  I imagine the Ubuntu users
understand that and can differentiate the Ubuntu release from the
Debian one in some fashion.  However, I think that the "pure"
Debian changelog should include only entries for Debian releases.

It is right and proper to credit the Ubuntu maintainers and even to
take the text of their release entry.  But I would suggest that rather
than copy it, we fold it into the Debian release entry.  What are your
thoughts on that?  Domenico, would you mind terribly if we revert the
1.34.1-2.3 entry and fold that text into 1.34.1-5?

By the way, I notice that entry is targeted at experimental; what is
the plan here?  This fix looks fine for unstable, no?  Are you
planning some further not-for-unstable modifications?

Thanks,
-Steve

On Thu, Jan 17, 2008 at 06:01:46PM +0000, cavok at alioth.debian.org wrote:

> Modified: boost/trunk/debian/changelog
> ===================================================================
> --- boost/trunk/debian/changelog	2007-12-28 20:19:48 UTC (rev 14143)
> +++ boost/trunk/debian/changelog	2008-01-17 18:01:36 UTC (rev 14144)
> @@ -1,3 +1,10 @@
> +boost (1.34.1-5) experimental; urgency=low
> +
> +  * Re-synchronized with friends from Ubuntu. Thanks!
> +    - got fixes for CVE-2008-0171 and CVE-2008-0172.  Closes: #461236.
> +
> + -- Domenico Andreoli <cavok at debian.org>  Thu, 17 Jan 2008 19:00:27 +0100
> +
>  boost (1.34.1-4) unstable; urgency=low
>  
>    * Merged Steve Langasek's -2.1 and -2.2 changes into
> @@ -5,6 +12,19 @@
>  
>   -- Steve M. Robbins <smr at debian.org>  Sun, 23 Dec 2007 21:14:55 -0600
>  
> +boost (1.34.1-2.3) unstable; urgency=low
> +
> +  * debian/patches/05_regex_fixes.patch: fix for
> +    basic_regex_parser() in boost/regex/v4/basic_regex_parser.hpp to return
> +    error on invalid repetition of next state
> +  * References
> +    CVE-2008-0171
> +    CVE-2008-0172
> +    http://svn.boost.org/trac/boost/changeset/42674
> +    http://svn.boost.org/trac/boost/changeset/42745
> +
> + -- Jamie Strandboge <jamie at strandboge.com>  Tue, 15 Jan 2008 18:22:26 +0000
> +
>  boost (1.34.1-2.2) unstable; urgency=low
>  
>    * Non-maintainer upload.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20080120/23ad1277/attachment.pgp

More information about the pkg-boost-devel mailing list