lp:ubuntu/utopic-security/devscripts
- Get this branch:
- bzr branch lp:ubuntu/utopic-security/devscripts
Branch merges
Related source package recipes
Branch information
Recent revisions
- 152. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal issue in uupdate
- scripts/uupdate.sh: remove symlinks before applying patches, and
restore them afterwards.
- http://anonscm. debian. org/cgit/ collab- maint/devscript s.git/commit/ ?id=0fef671
- CVE-2014-1833 - 151. By James McCoy
-
[ Benjamin Drung ]
* suspicious-source: Add image/tiff, application/pgp-keys, and image/x-icon
to whitelisted mime-types. Add .gmo to whitelisted file extensions.
* wrap-and-sort: Add --max-line-length option with a default of 79 characters
(it was previously hard-coded to 80 characters). (Closes: #756067)[ Guillem Jover ]
* nmudiff: Send control messages inline. (Closes: #752152)[ Paul Wise ]
* rmadison: bpo madison is dead, remove it
* rmadison: add new to the defaults for Debian
* rmadison: document the defaults in the manual page[ James McCoy ]
* namecheck: Remove berlios, since it no longer hosts code. (Closes:
#752382)
* mk-build-deps:
+ Provide the package name, not file name, to “dpkg --remove” when package
install fails.
+ Read all of the output from “apt-cache showsrc” to ensure mk-build-deps
doesn't get stuck waiting for apt-cache to exit.
+ Pass the name of the .deb file out of build_equiv to ensure the correct
.deb is installed. (Closes: #753657)[ Christoph Berg ]
* Update all qa.debian.org URLs to https://.[ Ron Lee ]
* cowpoke:
+ Allow more flexibility for specialised build chroots.
It's now possible to specify arbitrary 'dist' names, with arbitrary
special configurations on top of the real BASE_DIST suite. This means
it's easy to have things like a chroot for wheezy-backports which will
be able to pull other deps from the backports repo, while still having
a pristine wheezy build chroot on the same build host. Or to have a
staging chroot for unstable, with extra build deps pulled in from a
local repository, or installed manually, while still having a pristine
sid chroot for building other packages to upload. And it all works the
same as normal, you just pass --dist=wheezy_bpo to select the chroot.
+ Allow SIGN_KEYID and UPLOAD_QUEUE to be overridden per arch/dist.
This makes a lot more sense now that the above is easily possible.
People can use that for private or work (in progress) builds too, and
this can reduce the chance of accidentally uploading to the wrong place,
or signing some package not intended for upload with a key that would
would let it be accepted by dak.
+ Better handling of --debbuildopts. There were some corner cases for
this where the required quoting of options could be rather weird in the
intersection of all the layers it might get passed through. This should
make it more forgiving and better able to always DTRT.[ David Prévot ]
* uscan.1: Use +dfsg suffix in examples - 150. By James McCoy
-
* debchange:
+ Verify $opt_vendor is defined before trying to use it to avoid a warning
about an unitialized variable.
+ utf-8 decode the maintainer name when reading it from the changelog.
(Closes: #750855)
* uscan: Use HEAD instead of GET to check for possible GPG signature URLs.
(Closes: #750929)
* debcheckout: Handle more variations of Alioth URLs when attempting to
perform an authenticated checkout. (Closes: #750542) - 149. By James McCoy
-
* mk-origtargz: Fix DEP8 test failures due to differences in how the script
is named when it's run.
* debchange: Use Dpkg::Changelog::Parse to parse the changelog instead of
performing manual parsing in debchange. (Closes: #749980) - 148. By James McCoy
-
[ Benjamin Drung ]
* wrap-and-sort: Sanitize spaces between alternative package names.
(Closes: #747818)[ Martin Pitt ]
* Install recommends for the autopkgtest, otherwise a lot of necessary tools
like wdiff are missing.
* test_uscan: Add missing --compression in --installed mode, to fix the
autopkgtest.
* Add missing zip autopkgtest dependency (used by test_uscan).[ James McCoy ]
* uscan:
+ Specify file name instead of path in --dehs mode's target node.
(Closes: #747901)
+ Add target-path node to dehs output for those who care about the actual
path to the file.
+ Restore display of final file name after file is downloaded.
* mk-origtargz: Use file's mime detection to detect zip files. (Closes:
#748462)
* chdist: Finish reading output from child processes to avoid getting a
SIGPIPE when closing their read handle. (Closes: #749504)[ Christoph Berg ]
* uscan: Fix "upsteam" typo. (Closes: #749343)[ Paul Wise ]
* uscan: Also accept https for copyright-format URLs (Closes: #749498) - 147. By Martin Pitt
-
Upload current Debian packaging git to fix autopkgtest.
[ Benjamin Drung ]
* wrap-and-sort: Sanitize spaces between alternative package names.
(Closes: #747818)[ Martin Pitt ]
* Install recommends for the autopkgtest, otherwise a lot of necessary tools
like wdiff are missing.
* test_uscan: Add missing --compression in --installed mode, to fix the
autopkgtest.
* Add missing zip autopkgtest dependency (used by test_uscan). - 146. By James McCoy
-
[ Jakub Wilk ]
* sadt:
+ Add support for @builddeps@ in tests' Depends. (Closes: #736798)[ Benjamin Drung ]
* Bump Standard-Version to 3.9.5.
* Wrap long line in extended description.[ Paul Wise ]
* Use HTTPS for the buildd logs to avoid a redirect
* Fix scraping of the wnpp web pages due to https links[ Daniel Kahn Gillmor ]
* uscan: check for likely upstream signatures if none are known (Closes:
#732449)[ Cyril Brulebois ]
* deb-reversion: Add support for udebs. (Closes: #739437)[ Gunnar Wolf ]
* debcommit: Add switch+conf.setting allowing to specify Git to sign
every single commit (Closes: #741040)[ James McCoy ]
* debcommit: Add hg and bzr support to DEBCOMMIT_SIGN_COMMITS.
* mk-build-deps: Uninstall the build-dep packages if apt isn't able to
complete their install. (Closes: #743462)
* dpkg-depcheck: Convert relative paths to absolute before filtering, so
filters properly match the path. Thanks to William King for the patch.
(Closes: #744320)
* debchange:
+ Document the default urgency is medium. Thanks to Anders Kaseorg for
the patch. (Closes: #745565)
+ Add “binary-only=yes” to binNMU changelog stanzas. Thanks to Thorsten
Glaser for the patch. (Closes: #746612)[ Andreas Tille ]
* uscan: Allow a different compression scheme when repacking upstream
tarballs. (Closes: #730768)[ Antonio Terceiro ]
* debi/debc: always try ../build-area/ when the changes file is not found
under ../ (even when not using svn)[ Joachim Breitner ]
* mk-origtargz: New script to rename (or symlink or copy) a downloaded
upstream tarball to the correct name, possibly changing the compression
scheme and removing files listed in debian/copyright's Excluded-Files.
This is now also used by uscan, where most of the code comes from. - 145. By Dimitri John Ledkov
-
No change rebuild against new distro-info-data, to pick up utopic as
default. - 143. By James McCoy
-
[ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.[ James McCoy ]
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Use find's -exec to call rm directly instead of piping to xargs.
(Closes: #732006, CVE-2013-7085)
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
+ Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.[ Salvatore Bonaccorso ]
* uscan: Fix unitialized value warning when copyright is not in
copyright-format 1.0. (Closes: #732807)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/devscripts
