Changes in Makefile/dependencies between Tine 1.0.16 and 1.0.21?

Guus Sliepen guus at tinc-vpn.org
Sat May 11 18:01:21 CEST 2013


On Sat, May 11, 2013 at 05:08:43PM +0200, Rene Bartsch wrote:

> currently there is a bug report about CVE-2013-1428 in Ubuntu (
> https://bugs.launchpad.net/ubuntu/+source/tinc/+bug/1174763). Are there any
> changes in Makefile or dependencies which make it necessary to adjust a
> packaging system or does it suffice to adjust version numbers and
> source-code url?

I don't know how Ubuntu handles their LTS releases, but normally you would only
backport the fix for a vulnerability, you don't package a newer upstream
version. In that case, the debdiff posted by Malte S. Stretz in that thread is
what you want to apply to the Ubuntu LTS packages as well:

http://launchpadlibrarian.net/138627199/tinc_1.0.19-2_1.0.19-3.diff.gz

If it's not LTS then just package the latest version of tinc as you would do
any new upstream release.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130511/c18f4b97/attachment.pgp>


More information about the tinc mailing list