[ubuntu/precise] devscripts 2.11.4ubuntu1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Thu Feb 16 03:10:21 UTC 2012 

devscripts (2.11.4ubuntu1) precise; urgency=low

  * Merge from Debian unstable (LP: #933148), remaining changes:
    - Demote Recommends to Suggests:
      + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
        download sites), wasn't installed by default in previous releases
        either, and seems quite dead upstream; universe only.
      + debian-keyring: not useful enough in Ubuntu; universe only.
      + equivs: too much of a hack to install by default; universe only.
      + libsoap-lite-perl: only needed for one less common command ("select")
        for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
        other universe Perl libraries; universe only.
    - scripts/debchange.{pl,1}:
      + Adjust --security template for Ubuntu.
      + Add -U/--upstream flag that forces original "just increment
        the end" behaviour; Ubuntu is upstream for some pieces of software.
      + Add --distributor= and DEBCHANGE_DISTRIBUTOR to override lsb_release
        output.
      + Default to "precise" as distribution.
      + Add "ubuntu1" to version string for new versions, with tweaks for
        special cases.
      + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
      + Don't use the last distribution in debian/changelog when doing
        "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
        doesn't mean that's the right thing to do now."
    - Add test/debchange.pl, test/Makefile: debchange test suite.
    - Rename XS-Vcs-* to XS-Debian-Vcs-*.

devscripts (2.11.4) unstable; urgency=high

  * Urgency "high" for security fixes.

  [ James McCoy ]
  * bts: Revert usertags' handling of more than one +/-/=.  Only the first one
    is relevant.

  [ Ryan Niebur ]
  * dget: when finding the sources.list entry for the repository to
    download a package from, match any port with the correct hostname
    because apt-cache policy does not output port numbers in URLs
    (Closes: #601951)

  [ Adam D. Barratt ]
  * debdiff:
    + Fix a regression in the handling of embedded tarballs (a side
      effect of the changes introduced to resolve #571528).
    + Extend the changes from #571528 to cover more situations where
      user or file input is passed to an external program.  Fixes
      CVE-2012-2012 (and any instance of CVE-2012-2011 not already
      covered by #571528).

  [ Paul Wise ]
  * suspicious-source: Also ignore mercurial and darcs VCS directories
    (Closes: #659966).

  [ Benjamin Drung ]
  * suspicious-source: Add inode/x-empty to whitelist of MIME types
    (Closes: #659946).

  [ Raphael Geissert ]
  * debdiff:
    + Remove undocumented feature treating extensionless files as if
      they were packages (Closes: #659559)
    + Add missing chdir for dpkg-source and remove extraneous quoting
      of --exclude parameters.
    + Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
      and .changes files).

Date: Wed, 15 Feb 2012 16:40:33 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Micah Gersten <launchpad at micahscomputing.com>
https://launchpad.net/ubuntu/precise/+source/devscripts/2.11.4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Feb 2012 16:40:33 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.11.4ubuntu1
Distribution: precise
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 601951 659559 659946 659966
Launchpad-Bugs-Fixed: 933148
Changes: 
 devscripts (2.11.4ubuntu1) precise; urgency=low
 .
   * Merge from Debian unstable (LP: #933148), remaining changes:
     - Demote Recommends to Suggests:
       + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
         download sites), wasn't installed by default in previous releases
         either, and seems quite dead upstream; universe only.
       + debian-keyring: not useful enough in Ubuntu; universe only.
       + equivs: too much of a hack to install by default; universe only.
       + libsoap-lite-perl: only needed for one less common command ("select")
         for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
         other universe Perl libraries; universe only.
     - scripts/debchange.{pl,1}:
       + Adjust --security template for Ubuntu.
       + Add -U/--upstream flag that forces original "just increment
         the end" behaviour; Ubuntu is upstream for some pieces of software.
       + Add --distributor= and DEBCHANGE_DISTRIBUTOR to override lsb_release
         output.
       + Default to "precise" as distribution.
       + Add "ubuntu1" to version string for new versions, with tweaks for
         special cases.
       + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
       + Don't use the last distribution in debian/changelog when doing
         "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
         doesn't mean that's the right thing to do now."
     - Add test/debchange.pl, test/Makefile: debchange test suite.
     - Rename XS-Vcs-* to XS-Debian-Vcs-*.
 .
 devscripts (2.11.4) unstable; urgency=high
 .
   * Urgency "high" for security fixes.
 .
   [ James McCoy ]
   * bts: Revert usertags' handling of more than one +/-/=.  Only the first one
     is relevant.
 .
   [ Ryan Niebur ]
   * dget: when finding the sources.list entry for the repository to
     download a package from, match any port with the correct hostname
     because apt-cache policy does not output port numbers in URLs
     (Closes: #601951)
 .
   [ Adam D. Barratt ]
   * debdiff:
     + Fix a regression in the handling of embedded tarballs (a side
       effect of the changes introduced to resolve #571528).
     + Extend the changes from #571528 to cover more situations where
       user or file input is passed to an external program.  Fixes
       CVE-2012-2012 (and any instance of CVE-2012-2011 not already
       covered by #571528).
 .
   [ Paul Wise ]
   * suspicious-source: Also ignore mercurial and darcs VCS directories
     (Closes: #659966).
 .
   [ Benjamin Drung ]
   * suspicious-source: Add inode/x-empty to whitelist of MIME types
     (Closes: #659946).
 .
   [ Raphael Geissert ]
   * debdiff:
     + Remove undocumented feature treating extensionless files as if
       they were packages (Closes: #659559)
     + Add missing chdir for dpkg-source and remove extraneous quoting
       of --exclude parameters.
     + Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
       and .changes files).
Checksums-Sha1: 
 5c6b344aab9767a6cca515ec15119c4e0d5da8a0 1747 devscripts_2.11.4ubuntu1.dsc
 08c95de0c8c7096e873c1feba47ab45a3d16aae6 782938 devscripts_2.11.4ubuntu1.tar.gz
Checksums-Sha256: 
 a2f9216871c5474cd003de414c322c8a268c11ed6c45133cd33b8e45adf5e115 1747 devscripts_2.11.4ubuntu1.dsc
 d620b43342125f68c049dd802b931fbcb2b43c3a6cade4632677a3ec8ba7eed1 782938 devscripts_2.11.4ubuntu1.tar.gz
Files: 
 98f6fdab62c9f0a2b259a0f052451358 1747 devel optional devscripts_2.11.4ubuntu1.dsc
 ac406b8d00ce33d1392aea71546a8d9a 782938 devel optional devscripts_2.11.4ubuntu1.tar.gz
Original-Maintainer: Devscripts Devel Team <pkg-devscripts at teams.debian.net>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk88cqAACgkQTniv4aqX/VmvvACeM0rC1lTyWSAZgo1IRg0oRb/l
bFAAn0iPjEQ1umPiPJ6vbiLITB64b9sB
=B9LK
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list