[Pkg-roundcube-maintainers] Bug#508628: etch-backports still vulnerable

Holger Levsen holger at layer-acht.org
Fri Jan 16 17:38:49 UTC 2009


On Freitag, 16. Januar 2009, Florian Weimer wrote:
> "-/package.xml" looks rather like an unset make variable in
> debian/rules to me.

You're right, thanks for the hint. I then built the package in lenny and saw the problem.

debian/rules includes /usr/share/cdbs/1/class/pear.mk which contains the following code:

PEAR_PKG := $(shell /usr/share/dh-make-php/phppkginfo . package)
PEAR_PKG_VERSION := $(shell /usr/share/dh-make-php/phppkginfo . version)

On etch (using a straightforward dh-make-php backport from lenny) those commands return 
nothing, while they do in lenny. 

So I hacked debian/rules to rather include a modified version of pear.mk which sets


This builds (about to test if it really works) but is IMHO to ugly to upload to bpo.

Anybody an idea what the real cause for the problem is? php-pear in etch to old (and therefor 
has a bug which the lenny version doenst have)?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20090116/a699d541/attachment.pgp 

More information about the Pkg-roundcube-maintainers mailing list