Author: Steve Langasek
Revision Date: 2015-08-31 17:26:42 UTC

Selfishly pull proposed patch from Debian bug #794538 to add --host-arch
option to mk-build-deps so that it can be used for cross-builds.
Thanks to Johannes Schauer <josch@debian.org> for the patch.

Author: Steve Langasek
Revision Date: 2015-08-31 17:26:42 UTC

Selfishly pull proposed patch from Debian bug #794538 to add --host-arch
option to mk-build-deps so that it can be used for cross-builds.
Thanks to Johannes Schauer <josch@debian.org> for the patch.

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:13:17 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:13:17 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:15:10 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:15:10 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:15:39 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: Marc Deslauriers
Revision Date: 2015-06-15 13:15:39 UTC

* SECURITY UPDATE: directory traversal issue in uupdate
  - scripts/uupdate.sh: remove symlinks before applying patches, and
    restore them afterwards.
  - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
  - CVE-2014-1833

Author: James McCoy
Revision Date: 2015-01-01 09:50:36 UTC

[ Julien Cristau ]
* grep-excuses: update URLs to use https://release.debian.org/

[ David Prévot ]
* French translation update

Author: James McCoy
Revision Date: 2015-01-01 09:50:36 UTC

[ Julien Cristau ]
* grep-excuses: update URLs to use https://release.debian.org/

[ David Prévot ]
* French translation update

Author: James McCoy
Revision Date: 2014-08-04 22:34:17 UTC

[ Benjamin Drung ]
* suspicious-source: Add image/tiff, application/pgp-keys, and image/x-icon
  to whitelisted mime-types. Add .gmo to whitelisted file extensions.
* wrap-and-sort: Add --max-line-length option with a default of 79 characters
  (it was previously hard-coded to 80 characters). (Closes: #756067)

[ Guillem Jover ]
* nmudiff: Send control messages inline. (Closes: #752152)

[ Paul Wise ]
* rmadison: bpo madison is dead, remove it
* rmadison: add new to the defaults for Debian
* rmadison: document the defaults in the manual page

[ James McCoy ]
* namecheck: Remove berlios, since it no longer hosts code. (Closes:
  #752382)
* mk-build-deps:
  + Provide the package name, not file name, to “dpkg --remove” when package
    install fails.
  + Read all of the output from “apt-cache showsrc” to ensure mk-build-deps
    doesn't get stuck waiting for apt-cache to exit.
  + Pass the name of the .deb file out of build_equiv to ensure the correct
    .deb is installed. (Closes: #753657)

[ Christoph Berg ]
* Update all qa.debian.org URLs to https://.

[ Ron Lee ]
* cowpoke:
  + Allow more flexibility for specialised build chroots.
    It's now possible to specify arbitrary 'dist' names, with arbitrary
    special configurations on top of the real BASE_DIST suite. This means
    it's easy to have things like a chroot for wheezy-backports which will
    be able to pull other deps from the backports repo, while still having
    a pristine wheezy build chroot on the same build host. Or to have a
    staging chroot for unstable, with extra build deps pulled in from a
    local repository, or installed manually, while still having a pristine
    sid chroot for building other packages to upload. And it all works the
    same as normal, you just pass --dist=wheezy_bpo to select the chroot.
  + Allow SIGN_KEYID and UPLOAD_QUEUE to be overridden per arch/dist.
    This makes a lot more sense now that the above is easily possible.
    People can use that for private or work (in progress) builds too, and
    this can reduce the chance of accidentally uploading to the wrong place,
    or signing some package not intended for upload with a key that would
    would let it be accepted by dak.
  + Better handling of --debbuildopts. There were some corner cases for
    this where the required quoting of options could be rather weird in the
    intersection of all the layers it might get passed through. This should
    make it more forgiving and better able to always DTRT.

[ David Prévot ]
* uscan.1: Use +dfsg suffix in examples

Author: James McCoy
Revision Date: 2014-08-04 22:34:17 UTC

[ Benjamin Drung ]
* suspicious-source: Add image/tiff, application/pgp-keys, and image/x-icon
  to whitelisted mime-types. Add .gmo to whitelisted file extensions.
* wrap-and-sort: Add --max-line-length option with a default of 79 characters
  (it was previously hard-coded to 80 characters). (Closes: #756067)

[ Guillem Jover ]
* nmudiff: Send control messages inline. (Closes: #752152)

[ Paul Wise ]
* rmadison: bpo madison is dead, remove it
* rmadison: add new to the defaults for Debian
* rmadison: document the defaults in the manual page

[ James McCoy ]
* namecheck: Remove berlios, since it no longer hosts code. (Closes:
  #752382)
* mk-build-deps:
  + Provide the package name, not file name, to “dpkg --remove” when package
    install fails.
  + Read all of the output from “apt-cache showsrc” to ensure mk-build-deps
    doesn't get stuck waiting for apt-cache to exit.
  + Pass the name of the .deb file out of build_equiv to ensure the correct
    .deb is installed. (Closes: #753657)

[ Christoph Berg ]
* Update all qa.debian.org URLs to https://.

[ Ron Lee ]
* cowpoke:
  + Allow more flexibility for specialised build chroots.
    It's now possible to specify arbitrary 'dist' names, with arbitrary
    special configurations on top of the real BASE_DIST suite. This means
    it's easy to have things like a chroot for wheezy-backports which will
    be able to pull other deps from the backports repo, while still having
    a pristine wheezy build chroot on the same build host. Or to have a
    staging chroot for unstable, with extra build deps pulled in from a
    local repository, or installed manually, while still having a pristine
    sid chroot for building other packages to upload. And it all works the
    same as normal, you just pass --dist=wheezy_bpo to select the chroot.
  + Allow SIGN_KEYID and UPLOAD_QUEUE to be overridden per arch/dist.
    This makes a lot more sense now that the above is easily possible.
    People can use that for private or work (in progress) builds too, and
    this can reduce the chance of accidentally uploading to the wrong place,
    or signing some package not intended for upload with a key that would
    would let it be accepted by dak.
  + Better handling of --debbuildopts. There were some corner cases for
    this where the required quoting of options could be rather weird in the
    intersection of all the layers it might get passed through. This should
    make it more forgiving and better able to always DTRT.

[ David Prévot ]
* uscan.1: Use +dfsg suffix in examples

Author: James McCoy
Revision Date: 2014-01-25 22:15:46 UTC

Actually install sadt. (Closes: #736683)

Author: James McCoy
Revision Date: 2014-01-25 22:15:46 UTC

Actually install sadt. (Closes: #736683)

Author: Marc Deslauriers
Revision Date: 2014-01-10 11:29:57 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 12:46:09 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 13:00:40 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 11:29:57 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 12:46:09 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-10 13:00:40 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - 02c6850d973e3e1246fde72edab27f03d63acc52
  - 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-17 08:27:59 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - backport of 02c6850d973e3e1246fde72edab27f03d63acc52
  - backport of 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: Marc Deslauriers
Revision Date: 2014-01-17 08:27:59 UTC

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - backport of 02c6850d973e3e1246fde72edab27f03d63acc52
  - backport of 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

Author: James McCoy
Revision Date: 2013-09-19 18:53:57 UTC

[ James McCoy ]
* Document which scripts use libdistro-info-perl. (Closes: #708311)
* Make curl return a proper exit code for HTTP errors. (Closes: #720508)
* mk-build-deps: Define the deb's version when parsing a debian/control
  file. (Closes: #721939)
* checkbashisms: Sort the keys of the bashisms hashes to provide
  consistently ordered output. This avoids false positive failures in the
  test suite.

[ Charles Pigott ]
* Fix POD issues. (LP: #1226318, Closes: #719828)

[ Translation updates ]
* French, David Prévot.

Author: James McCoy
Revision Date: 2013-09-19 18:53:57 UTC

[ James McCoy ]
* Document which scripts use libdistro-info-perl. (Closes: #708311)
* Make curl return a proper exit code for HTTP errors. (Closes: #720508)
* mk-build-deps: Define the deb's version when parsing a debian/control
  file. (Closes: #721939)
* checkbashisms: Sort the keys of the bashisms hashes to provide
  consistently ordered output. This avoids false positive failures in the
  test suite.

[ Charles Pigott ]
* Fix POD issues. (LP: #1226318, Closes: #719828)

[ Translation updates ]
* French, David Prévot.

Author: Benjamin Drung
Revision Date: 2013-03-22 14:39:13 UTC

[ Laurent Rineau ]
* licensecheck:
  - Fix the detection of (L|A)GPL. (Closes: #700938)
  - Fix comments pattern detection. (Closes: #700944)

[ Benjamin Drung ]
* wnpp-check: Correct download links to fix regression from previous release.
* Switch to debhelper 9.
* Convert Python scripts to python3 (Closes: #680313).
* Move git repository to collab-maint.
* Remove Julian Gilbey, Mohammed Adnène Trojette, Christoph Berg,
  Stefano Zacchiroli, Adam D. Barratt, and Luk Claes from uploaders list.
  Thanks for your work.

[ James McCoy ]
* debdiff: Handle control files with odd permissions. Thanks to Julian
  Gilbey for the patch. (Closes: #702610)
* mk-build-deps: Skip malformed stanzas instead of outright failing.
  (Closes: #679631)

[ Dmitrijs Ledkovs ]
* wrap-and-sort: Add trailing comma option (Closes: #703323).

[ Markus Wanner ]
* uscan: more debug info to allow checking uversionmangle patterns.

Author: Benjamin Drung
Revision Date: 2013-03-22 14:39:13 UTC

[ Laurent Rineau ]
* licensecheck:
  - Fix the detection of (L|A)GPL. (Closes: #700938)
  - Fix comments pattern detection. (Closes: #700944)

[ Benjamin Drung ]
* wnpp-check: Correct download links to fix regression from previous release.
* Switch to debhelper 9.
* Convert Python scripts to python3 (Closes: #680313).
* Move git repository to collab-maint.
* Remove Julian Gilbey, Mohammed Adnène Trojette, Christoph Berg,
  Stefano Zacchiroli, Adam D. Barratt, and Luk Claes from uploaders list.
  Thanks for your work.

[ James McCoy ]
* debdiff: Handle control files with odd permissions. Thanks to Julian
  Gilbey for the patch. (Closes: #702610)
* mk-build-deps: Skip malformed stanzas instead of outright failing.
  (Closes: #679631)

[ Dmitrijs Ledkovs ]
* wrap-and-sort: Add trailing comma option (Closes: #703323).

[ Markus Wanner ]
* uscan: more debug info to allow checking uversionmangle patterns.

Author: Marc Deslauriers
Revision Date: 2012-09-26 15:00:20 UTC

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 22881936e53e6b585d3dc60f3161e9d704c5138d
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters.
  - 79d27778321f7bb778097cfb7a724ae976fb4fbd
  - CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
  escaping in dget
  - scripts/dget.pl: escape $file better, and call system() with proper
    arguments.
  - db49f493baaac2387a4dd76370c1018109e31dfc
  - CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 1bbe2163987c53064a4cd57712927f4b06c01032
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - 252a42d225f489e398f3c0402c1f7d1e9a4451c0

Author: Marc Deslauriers
Revision Date: 2012-09-26 15:00:20 UTC

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 22881936e53e6b585d3dc60f3161e9d704c5138d
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters.
  - 79d27778321f7bb778097cfb7a724ae976fb4fbd
  - CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
  escaping in dget
  - scripts/dget.pl: escape $file better, and call system() with proper
    arguments.
  - db49f493baaac2387a4dd76370c1018109e31dfc
  - CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 1bbe2163987c53064a4cd57712927f4b06c01032
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - 252a42d225f489e398f3c0402c1f7d1e9a4451c0

Author: Marc Deslauriers
Revision Date: 2012-09-26 14:58:20 UTC

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 9fba4788933475185df5e58b7fa557e5e3fb15e4
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters
  - 0fd15bdec07b085f9ef438dacd18e159ac60b810
  - CVE-2012-2241
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - f9a1a4c468671827d2650161cc33324fe0247a98

Author: Marc Deslauriers
Revision Date: 2012-09-26 14:58:20 UTC

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 9fba4788933475185df5e58b7fa557e5e3fb15e4
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters
  - 0fd15bdec07b085f9ef438dacd18e159ac60b810
  - CVE-2012-2241
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - f9a1a4c468671827d2650161cc33324fe0247a98

Author: James McCoy
Revision Date: 2012-09-24 18:51:12 UTC

[ James McCoy ]
* dget: Avoid an infinite loop when a .changes/.dsc file references itself.
  (Closes: #687670)
* debdiff:
  + Set $TMPDIR when running interdiff so its temp files get cleaned up on
    exit.
  + Fallback to manual diff of source package if interdiff fails. (Closes:
    #685202)
* dcmd: Don't add "--" to the command being executed. The user has to know
  where this should be used/if it can be used. (Closes: #687964)
* debcheckout: Fix collision in short options. Use -P for --package.
  (Closes: #688150)

[ Benjamin Drung ]
* licensecheck: Recognize licenses in (fixed-form) Fortran code. Thanks to
  Francesco Poli for the patch and the example. (Closes: #687452)

Author: Benjamin Drung
Revision Date: 2012-06-22 00:42:44 UTC

debchange: On Ubuntu always default to targeting the release that it's run
from, *notthe current devel release, since its primary use on stable
releases will be for preparing PPA uploads. (LP: #1001068)

Author: Benjamin Drung
Revision Date: 2012-03-30 16:38:45 UTC

* Merge from Debian unstable. Remaining changes:
  - Demote Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream; universe only.
    + debian-keyring: not useful enough in Ubuntu; universe only.
    + equivs: too much of a hack to install by default; universe only.
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries; universe only.
  - scripts/debchange.{pl,1}:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= and DEBCHANGE_DISTRIBUTOR to override lsb_release
      output.
    + Default to "precise" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now."
  - Add test/debchange.pl, test/Makefile: debchange test suite.
  - Rename XS-Vcs-* to XS-Debian-Vcs-*.

Author: Tyler Hicks
Revision Date: 2012-02-15 03:33:42 UTC

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

Author: Tyler Hicks
Revision Date: 2012-02-15 03:33:42 UTC

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

Author: Tyler Hicks
Revision Date: 2012-02-15 03:33:36 UTC

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

Author: Tyler Hicks
Revision Date: 2012-02-15 03:33:36 UTC

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

Author: Stéphane Graber
Revision Date: 2011-10-08 22:39:42 UTC

releasing version 2.11.1ubuntu3

Author: Scott Moser
Revision Date: 2011-06-16 15:51:36 UTC

uscan: support parsing s3 directory listings (LP: #798293)

Author: Loïc Minier
Revision Date: 2011-03-23 13:16:24 UTC

* Add oneiric to Ubuntu dists.
* Rename XS-Vcs-* to XS-Debian-Vcs-*.

Author: Benjamin Drung
Revision Date: 2010-08-20 03:39:01 UTC

* Merge from Debian unstable; remaining changes:
  - Demote Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream; universe only.
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries; universe only.
    + debian-{keyring,maintainers}: not useful enough in Ubuntu; universe
      only.
    + equivs: too much of a hack to install by default; universe only.
    + libyaml-syck-perl: transition-check is fairly Debian-specific.
  - scripts/debchange.{pl,1}:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= to override lsb_release output.
    + Default to "maverick" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now." Thanks to Colin
      Watson. (LP: #429288)
  - scripts/debcommit.pl: support commiting to bzr from debian/.
  - scripts/debsign.{sh,1}: Implement DEBSIGN_ALWAYS_RESIGN variable to skip
    the "Would you like to use the current signature?" question. (Debian
    #447955)
  - scripts/debuild.pl: Enforce Ubuntu merge policy.
  - scripts/dscverify.pl: Add Ubuntu keyrings.
  - scripts/rmadison.pl: Change default URL parameter to ubuntu.
  - Add test/debchange.pl, test/Makefile: debchange test suite; call it
    during build in debian/rules. Also add lsb-release build dependency for
    this, so that debchange uses Ubuntu mode.
* Add natty as an allowable distribution for Ubuntu (Closes: #593659).

Author: Benjamin Drung
Revision Date: 2010-04-16 00:20:34 UTC

Backport from 2.10.62: Add maverick as an allowable distribution for
Ubuntu (Closes: #576287).

Author: Thierry Carrez
Revision Date: 2010-01-19 10:11:41 UTC

Restore changes to scripts/debchange.pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441)

Author: Thierry Carrez
Revision Date: 2010-01-19 10:11:41 UTC

Restore changes to scripts/debchange.pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441)

Author: Thierry Carrez
Revision Date: 2010-01-19 10:11:41 UTC

Restore changes to scripts/debchange.pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441)

Author: Thierry Carrez
Revision Date: 2010-01-19 10:11:41 UTC

Restore changes to scripts/debchange.pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441)

Author: Steve Langasek
Revision Date: 2009-04-13 09:00:33 UTC

Drop libyaml-syck-perl from Recommends: to Suggests:, as this is in
universe and only used for one script which is fairly Debian-specific.

Author: Martin Pitt
Revision Date: 2008-10-17 13:36:57 UTC

* Drop libcrypt-ssleay-perl from Recommends to Suggests:. It is only needed
  for a corner case (uscan on SSL download sites), wasn't installed by
  default in previous releases either, and seems quite dead upstream.
* Drop libsoap-lite-perl from Recommends to Suggests:. It is only needed for
  one less common command ("select") for bts, which isn't useful for Ubuntu
  itself, and pulls in a lot of other universe Perl libraries.

Author: Scott Kitterman
Revision Date: 2008-04-16 09:47:57 UTC

* Backport from 2.10.25
  - debsign: Update to 2.10.25 version for correct Checksums-* updating
    needed for compatibility with dak in Debian - update man page too
  - debsign: Include previous Ubuntu difference to provide
    $DEBSIGN_ALWAYS_RESIGN support

Author: Steve Kowalik
Revision Date: 2007-09-12 10:44:00 UTC

* Remove requestsync, and its manual page. (They have moved to
  ubuntu-dev-tools)
* Remove the Python machinery in scripts/Makefile.

Author: Adrien Cunin
Revision Date: 2007-04-07 16:08:02 UTC

* requestsync:
   - "Debian unstable" instead of "unstable" in the subject of the email
   - "affects ubuntu/%s"; "affects distros/ubuntu/%s" doesn't work anymore
* debian/control: suggests bzr (LP: #90721)
* Freeze exception approved by Colin Watson

Author: Julian Gilbey
Revision Date: 2006-05-17 07:27:17 UTC

* debuild: set DEB_{BUILD,HOST}_* variables as dpkg-buildpackage does
  (Closes: #364256)
* debuild: improve missing .orig.tar.gz warning
* uscan: mention upgrading points in the manpage.
* uupdate: allow upstream version numbers to use A-Z (Closes:#367055)

Author: Julian Gilbey
Revision Date: 2005-12-03 20:24:38 UTC

* bts: handle 8-bit encodings in DEBFULLNAME for "From:" field of emails
  sent (Closes: #339657)
* bts: submitter and reassign accept multiple bug numbers (Closes:
  #237726)
* bts: document "it" for referring to previous bug number
* debchange: provide -m/--maintmaint switch to use the maintainer name
  from the most recent changelog entry rather than using the environment
  variables (Closes: #232000)
* debcommit: add support for bzr (Closes: #340301)
* debuild: improve examples in manpage (Closes: #326881)
* dpkg-depcheck: completely rewrite symlink handling code to fix bug
  where /usr was a symlink (Closes: #246006)

Author: Joey Hess
Revision Date: 2005-08-03 22:13:47 UTC

[ Julian Gilbey ]
* bts: fix forwarded command (Closes: #320703)
* debchange: un-html-ise bug titles when using --closes

[ Joey Hess ]
* bts: Support new block and unblock commands.

Author: Joshua Kwan
Revision Date: 2004-12-28 11:51:38 UTC

* Julian Gilbey
  - bts: download attachments when caching bug reports (closes: #254102)
  - debian/control: add Suggests: libwww-perl (closes: #277388)
  - debchange: switch from ldap to wget for searching BTS (for
    efficiency)
  - tagpending: switch from ldap to wget for searching BTS (for
    efficiency)
  - uupdate: apply patch from Matthew Palmer to fix overwriting upstream
    files (closes: #230090)

Author: Julian Gilbey
Revision Date: 2003-12-11 18:47:25 UTC

bts: fixed some major blunders in bts show command: now shows
something in offline mode, and multiple instances of bts show work
concurrently

Author: Rockwalrus
Revision Date: 2009-10-12 16:56:20 UTC

Search for .bzr in addition to .git in parent directory traversal.

Author: Jamie Strandboge
Revision Date: 2009-10-07 16:58:57 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-07 16:58:57 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-07 17:12:39 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-08 15:19:55 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-08 15:19:55 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-08 15:59:04 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Jamie Strandboge
Revision Date: 2009-10-07 17:12:39 UTC

* SECURITY UPDATE: fix handling of mangle rules in watch files to
  not execute them as Perl code
  - patch adapted from r1984, r1992 and r2006 of Debian svn
  - CVE-2009-2946

Author: Onkar Shinde
Revision Date: 2009-07-16 13:59:23 UTC

[ Marian Sigler ]
Update rmadison's Ubuntu URL to cope with people.ubuntu.com ->
people.canonical.com; invoke curl in such a way as to follow redirects
by default (LP: #399891).

Author: Scott Kitterman
Revision Date: 2009-05-04 10:38:59 UTC

Automated backport upload; no source changes.

Author: Martin Pitt
Revision Date: 2008-11-11 15:38:49 UTC

Automated backport upload; no source changes.

Author: Scott James Remnant (Canonical)
Revision Date: 2008-11-05 07:16:49 UTC

Add jaunty as a valid release name. LP: #292872.

Author: Martin Pitt
Revision Date: 2008-11-11 15:40:01 UTC

Automated backport upload; no source changes.