lp:ubuntu/natty-security/devscripts

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

100. By Marc Deslauriers on 2012-09-26

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 22881936e53e6b585d3dc60f3161e9d704c5138d
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters.
  - 79d27778321f7bb778097cfb7a724ae976fb4fbd
  - CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
  escaping in dget
  - scripts/dget.pl: escape $file better, and call system() with proper
    arguments.
  - db49f493baaac2387a4dd76370c1018109e31dfc
  - CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 1bbe2163987c53064a4cd57712927f4b06c01032
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - 252a42d225f489e398f3c0402c1f7d1e9a4451c0

99. By Tyler Hicks on 2012-02-15

* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
  and .changes files
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Raphael Geissert for the original patch.
  - CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
  level directory of the original upstream source tarball
  - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
    Adam D. Barratt for the original patch.
  - CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
  arguments passed to debdiff
  - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
    upstream patches.
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
  - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
  - CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
  files with extentionless filenames as packages. Thanks to Adam D. Barratt
  for the original patch.
  - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559

98. By Loïc Minier on 2011-03-23

* Add oneiric to Ubuntu dists.
* Rename XS-Vcs-* to XS-Debian-Vcs-*.

97. By Matthias Klose on 2010-11-24

* Merge with Debian; remaining changes:
  - see 2.10.68ubuntu1.
  - Default to "natty" as distribution.

96. By Matthias Klose on 2010-10-21

Default to "natty" as distribution.

95. By Loïc Minier on 2010-10-18

* Merge from Debian unstable; remaining changes:
  - Demote Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream; universe only.
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries; universe only.
    + debian-{keyring,maintainers}: not useful enough in Ubuntu; universe
      only.
    + equivs: too much of a hack to install by default; universe only.
    + libyaml-syck-perl: transition-check is fairly Debian-specific.
  - scripts/debchange.{pl,1}:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= and DEBCHANGE_DISTRIBUTOR to override lsb_release
      output.
    + Default to "maverick" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now." Thanks to Colin
      Watson. (LP: #429288)
  - scripts/debcommit.pl: support commiting to bzr from debian/.
  - scripts/debsign.{sh,1}: Implement DEBSIGN_ALWAYS_RESIGN variable to skip
    the "Would you like to use the current signature?" question. (Debian
    #447955)
  - scripts/debuild.pl: Enforce Ubuntu merge policy.
  - scripts/dscverify.pl: Add Ubuntu keyrings.
  - scripts/rmadison.pl: Change default URL parameter to ubuntu.
  - Add test/debchange.pl, test/Makefile: debchange test suite; call it
    during build in debian/rules. Also add lsb-release build dependency for
    this, so that debchange uses Ubuntu mode.
* scripts/debchange.pl: Move declaration of $opt_distributor before
  .devscripts / environment parsing.

94. By Loïc Minier on 2010-10-03

* debchange: Add support for DEBCHANGE_DISTRIBUTOR config.
* debchange.1: document --distributor and DEBCHANGE_DISTRIBUTOR.

93. By Benjamin Drung on 2010-08-20

* Merge from Debian unstable; remaining changes:
  - Demote Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream; universe only.
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries; universe only.
    + debian-{keyring,maintainers}: not useful enough in Ubuntu; universe
      only.
    + equivs: too much of a hack to install by default; universe only.
    + libyaml-syck-perl: transition-check is fairly Debian-specific.
  - scripts/debchange.{pl,1}:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= to override lsb_release output.
    + Default to "maverick" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now." Thanks to Colin
      Watson. (LP: #429288)
  - scripts/debcommit.pl: support commiting to bzr from debian/.
  - scripts/debsign.{sh,1}: Implement DEBSIGN_ALWAYS_RESIGN variable to skip
    the "Would you like to use the current signature?" question. (Debian
    #447955)
  - scripts/debuild.pl: Enforce Ubuntu merge policy.
  - scripts/dscverify.pl: Add Ubuntu keyrings.
  - scripts/rmadison.pl: Change default URL parameter to ubuntu.
  - Add test/debchange.pl, test/Makefile: debchange test suite; call it
    during build in debian/rules. Also add lsb-release build dependency for
    this, so that debchange uses Ubuntu mode.
* Add natty as an allowable distribution for Ubuntu (Closes: #593659).

92. By أحمد المحمودي (Ahmed El-Mahmoudy) on 2010-08-07

* Merge from Debian unstable (LP: #614674); remaining changes:
  - Demote Recommends to Suggests:
    + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
      download sites), wasn't installed by default in previous releases
      either, and seems quite dead upstream; universe only.
    + libsoap-lite-perl: only needed for one less common command ("select")
      for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
      other universe Perl libraries; universe only.
    + debian-{keyring,maintainers}: not useful enough in Ubuntu; universe
      only.
    + equivs: too much of a hack to install by default; universe only.
    + libyaml-syck-perl: transition-check is fairly Debian-specific.
  - scripts/debchange.{pl,1}:
    + Adjust --security template for Ubuntu.
    + Add -U/--upstream flag that forces original "just increment
      the end" behaviour; Ubuntu is upstream for some pieces of software.
    + Add --distributor= to override lsb_release output.
    + Default to "maverick" as distribution.
    + Add "ubuntu1" to version string for new versions, with tweaks for
      special cases.
    + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
    + Don't use the last distribution in debian/changelog when doing
      "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
      doesn't mean that's the right thing to do now." Thanks to Colin
      Watson. (LP: #429288)
  - scripts/debcommit.pl: support commiting to bzr from debian/.
  - scripts/debsign.{sh,1}: Implement DEBSIGN_ALWAYS_RESIGN variable to skip
    the "Would you like to use the current signature?" question. (Debian
    #447955)
  - scripts/debuild.pl: Enforce Ubuntu merge policy.
  - scripts/dscverify.pl: Add Ubuntu keyrings.
  - scripts/rmadison.pl: Change default URL parameter to ubuntu.
  - Add test/debchange.pl, test/Makefile: debchange test suite; call it
    during build in debian/rules. Also add lsb-release build dependency for
    this, so that debchange uses Ubuntu mode.

91. By Steve Langasek on 2010-06-06

releasing version 2.10.64ubuntu1