lp:ubuntu/lucid-updates/devscripts
- Get this branch:
- bzr branch lp:ubuntu/lucid-updates/devscripts
Branch merges
Branch information
Recent revisions
- 89. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
- scripts/uscan.pl: improve tarball handling.
- backport of 02c6850d973e3e1246fde72edab27f 03d63acc52
- backport of 4b7e58ee6000cdefac0682601cec6e cce0137467
- CVE-2013-6888 - 88. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via insufficient validation
in dscverify
- scripts/dscverify. pl: perform better validation.
- 22881936e53e6b585d3dc60f3161e9 d704c5138d
- CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
in dget
- scripts/dget.pl: strip invalid characters.
- 79d27778321f7bb778097cfb7a724a e976fb4fbd
- CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
escaping in dget
- scripts/dget.pl: escape $file better, and call system() with proper
arguments.
- db49f493baaac2387a4dd76370c101 8109e31dfc
- CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
- scripts/annotate- output. sh: prevent symlink attack.
- 1bbe2163987c53064a4cd57712927f 4b06c01032
- CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
- 252a42d225f489e398f3c0402c1f7d 1e9a4451c0 - 87. By Tyler Hicks
-
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
- http://anonscm. debian. org/gitweb/ ?p=devscripts/ devscripts. git;a=commitdif f;h=87f88232eb6 43f0c118c6ba38d b8e966915b450f
- http://anonscm. debian. org/gitweb/ ?p=devscripts/ devscripts. git;a=commitdif f;h=76227af1ee8 d68f4844f642325 eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian. org/cgi- bin/bugreport. cgi?bug= 659559 - 86. By Benjamin Drung
-
Backport from 2.10.62: Add maverick as an allowable distribution for
Ubuntu (Closes: #576287). - 85. By Benjamin Drung
-
Search for .bzr in addition to .git in parent directory traversal
(Closes: #545523, LP: #381456). - 83. By Max Bowsher
-
Restore changes to scripts/
debchange. pl erroneously dropped in the
2.10.55ubuntu1 merge, thereby fixing the --distributor option.
(LP: #509441) - 82. By أحمد المحمودي (Ahmed El-Mahmoudy)
-
[ ﺄﺤﻣﺩ ﺎﻠﻤﺤﻣﻭﺪﻳ (Ahmed El-Mahmoudy) ]
* Resynchronise with Debian (LP: #500968). Remaining changes:
- Drop universe packages from Recommends to Suggests:
+ libcrypt-ssleay- perl: only needed for a corner case (uscan on SSL
download sites), wasn't installed by default in previous releases
either, and seems quite dead upstream
+ libsoap-lite-perl: only needed for one less common command ("select")
for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
other universe Perl libraries
+ debian-{keyring, maintainers} : not useful enough in Ubuntu
+ equivs: too much of a hack to install by default
+ libyaml-syck-perl: transition-check is fairly Debian-specific
- scripts/debchange. pl:
+ Adjust --security template for Ubuntu.
+ Add -U/--upstream flag that forces original "just increment
the end" behaviour; Ubuntu is upstream for some pieces of software.
+ Add --distributor= to override lsb_release output.
+ Default to "lucid" as distribution.
+ Add "ubuntu1" to version string for new versions, with tweaks for
special cases.
+ Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
+ Don't use the last distribution in debian/changelog when doing
"dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
doesn't mean that's the right thing to do now." Thanks to Colin
Watson. (LP: #429288)
- scripts/debsign. {sh,1}: Implement DEBSIGN_ ALWAYS_ RESIGN variable to skip
the "Would you like to use the current signature?" question. (Debian
#447955)
- scripts/debuild.pl: Enforce Ubuntu merge policy.
- scripts/dscverify. pl: Add Ubuntu keyrings.
- scripts/rmadison. pl: Change default URL parameter to ubuntu.
- scripts/uupdate. {sh,1}: Use -0ubuntu1 default revision on Ubuntu.
- Add test/debchange.pl, test/Makefile: debchange test suite; call it
during build in debian/rules. Also add lsb-release build dependency for
this, so that debchange uses Ubuntu mode.[ Daniel Holbach ]
* Update merge to 2.10.61 instead of 2.10.59. - 81. By James Westby
-
Added lucid to the list of recognised distros printed out when the distro
is not recognised (LP: #498325).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/devscripts