lp:ubuntu/lucid-updates/devscripts

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

89. By Marc Deslauriers on 2014-01-17

* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
  - scripts/uscan.pl: improve tarball handling.
  - backport of 02c6850d973e3e1246fde72edab27f03d63acc52
  - backport of 4b7e58ee6000cdefac0682601cec6ecce0137467
  - CVE-2013-6888

88. By Marc Deslauriers on 2012-09-26

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 22881936e53e6b585d3dc60f3161e9d704c5138d
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters.
  - 79d27778321f7bb778097cfb7a724ae976fb4fbd
  - CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
  escaping in dget
  - scripts/dget.pl: escape $file better, and call system() with proper
    arguments.
  - db49f493baaac2387a4dd76370c1018109e31dfc
  - CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 1bbe2163987c53064a4cd57712927f4b06c01032
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - 252a42d225f489e398f3c0402c1f7d1e9a4451c0

87. By Tyler Hicks on 2012-02-15

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

86. By Benjamin Drung on 2010-04-16

Backport from 2.10.62: Add maverick as an allowable distribution for
Ubuntu (Closes: #576287).

85. By Benjamin Drung on 2010-04-03

Search for .bzr in addition to .git in parent directory traversal
(Closes: #545523, LP: #381456).

84. By James Westby on 2010-03-31

Fix "dch -l fails due to ubuntu patching."

83. By Max Bowsher on 2010-01-19

Restore changes to scripts/debchange.pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441)

82. By أحمد المحمودي (Ahmed El-Mahmoudy) on 2010-01-06

[ ﺄﺤﻣﺩ ﺎﻠﻤﺤﻣﻭﺪﻳ (Ahmed El-Mahmoudy) ]
* Resynchronise with Debian (LP: #500968). Remaining changes:
  - Drop universe packages from Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries
    + debian-{keyring,maintainers}: not useful enough in Ubuntu
    + equivs: too much of a hack to install by default
    + libyaml-syck-perl: transition-check is fairly Debian-specific
  - scripts/debchange.pl:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= to override lsb_release output.
    + Default to "lucid" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now." Thanks to Colin
      Watson. (LP: #429288)
  - scripts/debsign.{sh,1}: Implement DEBSIGN_ALWAYS_RESIGN variable to skip
    the "Would you like to use the current signature?" question. (Debian
    #447955)
  - scripts/debuild.pl: Enforce Ubuntu merge policy.
  - scripts/dscverify.pl: Add Ubuntu keyrings.
  - scripts/rmadison.pl: Change default URL parameter to ubuntu.
  - scripts/uupdate.{sh,1}: Use -0ubuntu1 default revision on Ubuntu.
  - Add test/debchange.pl, test/Makefile: debchange test suite; call it
    during build in debian/rules. Also add lsb-release build dependency for
    this, so that debchange uses Ubuntu mode.

[ Daniel Holbach ]
* Update merge to 2.10.61 instead of 2.10.59.

81. By James Westby on 2009-12-19

Added lucid to the list of recognised distros printed out when the distro
is not recognised (LP: #498325).

80. By Steve Langasek on 2009-11-09

Make lucid the default target.