[pkg-ggz-maintainers] sn?printf issue

Kees Cook kees at debian.org
Tue Jan 6 18:10:33 UTC 2009 

Hi Josef,

On Tue, Jan 06, 2009 at 10:06:41AM +0100, Josef Spillner wrote:
> Am Dienstag, 6. Januar 2009 00:01:28 schrieb Kees Cook:
> > You mean "ggz-server"?  Its hits[1] are listed with the others in the logs
> > directory:
> > ./ggz-server-0.0.14.1/game_servers/connectx/ai-velena.c:
> >    snprintf(board, sizeof(board), "%s%i", board, column);
> 
> Ok, r397 is supposed to fix this as well for ggz-server now. It also 
> integrates a former lenny-NMU of the package, which was a bit dull to 

Great!  I've updated my list.

> integrate, are there tools to automate this to make sure no bits are left out? 
> (The Ubuntu packages are also based on the NMU, which I'm not sure is the best 
> idea, although I might be wrong here.)

I (or anyone) can file a "sync request" since the 'Debian Import Freeze'
has passed in the current Ubuntu development cycle once it's in the Debian
archive.

> Regarding ggz-client-libs, there's a Ubuntu-specific issue: the sprintf 
> occurrence was already fixed by Steve Kowalik (CC'd) with a patch very similar 
> to mine, although neither upstream nor pkg-ggz was aware of that. In order to 

Do you mean this?
http://patches.ubuntu.com/g/ggz-client-libs/ggz-client-libs_0.0.14.1-1ubuntu1.patch

I see that it's linked from the Debian BTS, but that hasn't been the best
place for such things.

> keep the deviations between packages small, considering that we've got also 
> maemo packages based on pkg-ggz now, I'd like to encourage a process within 
> Ubuntu which ensures that such changes be always applied in the original 
> packages.

Normally, the Ubuntu process is to file bugs with Debian which include the
patch explicitly:
https://wiki.ubuntu.com/Debian/Usertagging

> My guess is that the patch went in for Intrepid during freeze, but that 
> shouldn't mean that Jaunty must carry the same deviations. I don't care which 
> of the two patches goes in as long as it's only one of them :)

Agreed -- once a new version is in the Debian archive, it will show up
here:
http://merges.ubuntu.com/main.html
at which point Steve would see it, and perform a merge (Ubuntu drops
Ubuntu-specific patches in favor of Debian or upstream patches).

Sorry for the glitch in communication!

-Kees

-- 
Kees Cook                                            @debian.org

More information about the pkg-ggz-maintainers mailing list