With Lucid - Natty, there are a few problems though:
* Lucid and Maverick have the same version, which is not allowed for upgrade reasons. Lucid should have 0.9.6-0ubuntu2.1.10.04.1 and Maverick should have 0.9.6-0ubuntu2.1.10.10.1
* Lucid and Maverick use the dpatch patch system, but your patches are inline. These need to be converted to dpatch.
* Natty's patch is named 0004-Backported-unescaped-shell-command-fixes-from-master.patch but in the series file it comes after 0005-0007. It should be named 0008-Backported-unescaped-shell-command-fixes-from-master.patch
* Natty's changelog should reference this git commit: https://github.com/fabaff/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53
* The natty patch does not remove 'self.AddEntry(hostkey)' and 'self.AddEntry(".".join([hostkey.split('.')[0]]+['pub', "H_%s" % client]))', but upstream's does. This seems harmless just looking at the patch, but I wonder why you did that.
I verified the Lucid and Maverick patches against Debian's (ie and our Hardy version), but have not tested them.
In the interest of time due to the severity of this vulnerability, I have made these changes and uploaded to the security PPA.
Julian, thanks for the patches!
Hardy: ACK
With Lucid - Natty, there are a few problems though: 1.10.04. 1 and Maverick should have 0.9.6-0ubuntu2. 1.10.10. 1 -unescaped- shell-command- fixes-from- master. patch but in the series file it comes after 0005-0007. It should be named 0008-Backported -unescaped- shell-command- fixes-from- master. patch /github. com/fabaff/ bcfg2/commit/ 46795ae451ca6ed e55a0edeb726978 aef4684b53 hostkey) ' and 'self.AddEntry( ".".join( [hostkey. split(' .')[0]] +['pub' , "H_%s" % client]))', but upstream's does. This seems harmless just looking at the patch, but I wonder why you did that.
* Lucid and Maverick have the same version, which is not allowed for upgrade reasons. Lucid should have 0.9.6-0ubuntu2.
* Lucid and Maverick use the dpatch patch system, but your patches are inline. These need to be converted to dpatch.
* Natty's patch is named 0004-Backported
* Natty's changelog should reference this git commit: https:/
* The natty patch does not remove 'self.AddEntry(
I verified the Lucid and Maverick patches against Debian's (ie and our Hardy version), but have not tested them.
In the interest of time due to the severity of this vulnerability, I have made these changes and uploaded to the security PPA.