-
devscripts (2.15.3+deb8u1) jessie-security; urgency=high
* Non-maintainer upload.
* Remove . from @INC when loading modules dynamically [CVE-2016-1238]
-- Dominic Hargreaves <email address hidden> Mon, 25 Jul 2016 10:06:38 +0100
-
devscripts (2.15.3) unstable; urgency=medium
* debchange: Use bpo8 instead of bpo80 for jessie-backports, per
https://lists.debian.org/debian-backports/2014/11/msg00031.html.
-- James McCoy <email address hidden> Fri, 03 Apr 2015 21:47:54 -0400
-
devscripts (2.15.1) unstable; urgency=medium
[ Julien Cristau ]
* grep-excuses: update URLs to use https://release.debian.org/
[ David Prévot ]
* French translation update
-- James McCoy <email address hidden> Thu, 01 Jan 2015 09:50:36 -0500
-
devscripts (2.14.11) unstable; urgency=medium
[ Paul Wise ]
* Suggest debbindiff for deep .deb comparisons
* Use mirror.ftp-master instead of specific hostnames
[ James McCoy ]
* debcommit: Correctly show --strip-message is the default in --help.
(Closes: #766885)
* mk-origtargz: Warn about unmatched Files-Excluded patterns. (Closes:
#766641)
* annotate-output: Fix handling of a date format that contains whitespace.
(Closes: #766180)
* Fix regression in dpkg-architecture using scripts when only -a or -t is
specified, rather than both or neither. (Closes: #768587)
[ Jakub Wilk ]
* sadt:
+ Fix handling of rw-build-tree restriction
+ Improve handling of non-executable test files. When rw-build-tree is in
effect, simply chmod the file. Otherwise, attempt to chmod the file
(skipping the test on failure) and restore the original permissions on
completion. (Closes: #749729)
[ Adam D. Barratt ]
* debchange:
+ Fix handling of changelogs where the most recent trailer line does not
include a maintainer name. (Closes: #766516)
+ Add jessie-backports to the version mapping for --bpo.
* bts: Support the "stretch", "buster", "stretch-ignore" and "buster-ignore"
tags.
[ Stefano Zacchiroli ]
* bts:
+ Support for the "newcomer" tag
+ Backward compatibility for the old "gift" usertag: drop
documentation for it, but do both gift and newcomer (user)tagging for
the time being
-- James McCoy <email address hidden> Wed, 03 Dec 2014 23:01:48 -0500
-
devscripts (2.14.10) unstable; urgency=medium
* Fix all the other calls to dpkg-architecture in devscripts.
(Closes: #764963 ... again)
-- James McCoy <email address hidden> Mon, 13 Oct 2014 22:35:31 -0400
-
devscripts (2.14.7) unstable; urgency=low
[ Cyril Brulebois ]
* deb-reversion: update change_version(), fixing the missing call_hook
statement in the udeb case. That was overlooked when the changelog
massaging was made conditional, and causes hooks to be ignored for
udebs. (Closes: #757425)
[ James McCoy ]
* debsign/debi/debc: Delay checking for the existence of the
--debs-dir/DEBRELEASE_DEBS_DIR directory until we get to code that
actually uses said directory. (Closes: #544366)
* mk-build-deps: Pass the file, not package, names to unlink when --remove
is given. (Closes: #757481)
* debcheckout: Always define $origtgz_name when a URL is specified on the
command line. (Closes: #757614)
* dcmd: Add --debtar option and restrict --tar/--orig to orig.tar.*. Thanks
to Osamu Aoki for the patch. (Closes: #622561)
* grep-excuses: Remove useless call to “hostname --fqdn”. (Closes: #758668)
* build-rdeps: Recognize arch-qualified package names. Thanks to Stuart
Prescott for the patch. (Closes: #757807)
* uscan:
+ Consistently pass the path to the downloaded (and possibly
renamed/symlinked/…) file as an argument to the watch file's action
command.
+ Add support for a repacksuffix option to the watch file. This is passed
through to mk-origtargz. (Closes: #753772)
+ Specify Referer header when traversing http(s) sites. Thanks to David
Prévot for the patch. (Closes: #739137)
* mk-origtargz: Add a --repack-suffix option to adjust the upstream version
when the upstream sources are modified (e.g., due to Files-Excluded).
* bts: Don't send the email when the user saves an empty body for the email.
(Closes: #762888)
[ Benjamin Drung ]
* Remove unused build-dependencies libjson-perl and libterm-size-perl
[ Joachim Breitner ]
* mk-origtargz: Treat jars like zip files (Closes: #754203)
[ Dominique Dumont ]
* licensecheck: Check javascript files. (Closes: #762070)
-- James McCoy <email address hidden> Thu, 25 Sep 2014 20:49:15 -0400
-
devscripts (2.14.6) unstable; urgency=medium
[ Benjamin Drung ]
* suspicious-source: Add image/tiff, application/pgp-keys, and image/x-icon
to whitelisted mime-types. Add .gmo to whitelisted file extensions.
* wrap-and-sort: Add --max-line-length option with a default of 79 characters
(it was previously hard-coded to 80 characters). (Closes: #756067)
[ Guillem Jover ]
* nmudiff: Send control messages inline. (Closes: #752152)
[ Paul Wise ]
* rmadison: bpo madison is dead, remove it
* rmadison: add new to the defaults for Debian
* rmadison: document the defaults in the manual page
[ James McCoy ]
* namecheck: Remove berlios, since it no longer hosts code. (Closes:
#752382)
* mk-build-deps:
+ Provide the package name, not file name, to “dpkg --remove” when package
install fails.
+ Read all of the output from “apt-cache showsrc” to ensure mk-build-deps
doesn't get stuck waiting for apt-cache to exit.
+ Pass the name of the .deb file out of build_equiv to ensure the correct
.deb is installed. (Closes: #753657)
[ Christoph Berg ]
* Update all qa.debian.org URLs to https://.
[ Ron Lee ]
* cowpoke:
+ Allow more flexibility for specialised build chroots.
It's now possible to specify arbitrary 'dist' names, with arbitrary
special configurations on top of the real BASE_DIST suite. This means
it's easy to have things like a chroot for wheezy-backports which will
be able to pull other deps from the backports repo, while still having
a pristine wheezy build chroot on the same build host. Or to have a
staging chroot for unstable, with extra build deps pulled in from a
local repository, or installed manually, while still having a pristine
sid chroot for building other packages to upload. And it all works the
same as normal, you just pass --dist=wheezy_bpo to select the chroot.
+ Allow SIGN_KEYID and UPLOAD_QUEUE to be overridden per arch/dist.
This makes a lot more sense now that the above is easily possible.
People can use that for private or work (in progress) builds too, and
this can reduce the chance of accidentally uploading to the wrong place,
or signing some package not intended for upload with a key that would
would let it be accepted by dak.
+ Better handling of --debbuildopts. There were some corner cases for
this where the required quoting of options could be rather weird in the
intersection of all the layers it might get passed through. This should
make it more forgiving and better able to always DTRT.
[ David Prévot ]
* uscan.1: Use +dfsg suffix in examples
-- James McCoy <email address hidden> Mon, 04 Aug 2014 22:34:17 -0400
-
devscripts (2.14.5) unstable; urgency=medium
* debchange:
+ Verify $opt_vendor is defined before trying to use it to avoid a warning
about an unitialized variable.
+ utf-8 decode the maintainer name when reading it from the changelog.
(Closes: #750855)
* uscan: Use HEAD instead of GET to check for possible GPG signature URLs.
(Closes: #750929)
* debcheckout: Handle more variations of Alioth URLs when attempting to
perform an authenticated checkout. (Closes: #750542)
-- James McCoy <email address hidden> Tue, 10 Jun 2014 21:16:02 -0400
-
devscripts (2.14.4) unstable; urgency=medium
* mk-origtargz: Fix DEP8 test failures due to differences in how the script
is named when it's run.
* debchange: Use Dpkg::Changelog::Parse to parse the changelog instead of
performing manual parsing in debchange. (Closes: #749980)
-- James McCoy <email address hidden> Sat, 31 May 2014 09:47:19 -0400
-
devscripts (2.14.2) unstable; urgency=medium
[ Jakub Wilk ]
* sadt:
+ Add support for @builddeps@ in tests' Depends. (Closes: #736798)
[ Benjamin Drung ]
* Bump Standard-Version to 3.9.5.
* Wrap long line in extended description.
[ Paul Wise ]
* Use HTTPS for the buildd logs to avoid a redirect
* Fix scraping of the wnpp web pages due to https links
[ Daniel Kahn Gillmor ]
* uscan: check for likely upstream signatures if none are known (Closes:
#732449)
[ Cyril Brulebois ]
* deb-reversion: Add support for udebs. (Closes: #739437)
[ Gunnar Wolf ]
* debcommit: Add switch+conf.setting allowing to specify Git to sign
every single commit (Closes: #741040)
[ James McCoy ]
* debcommit: Add hg and bzr support to DEBCOMMIT_SIGN_COMMITS.
* mk-build-deps: Uninstall the build-dep packages if apt isn't able to
complete their install. (Closes: #743462)
* dpkg-depcheck: Convert relative paths to absolute before filtering, so
filters properly match the path. Thanks to William King for the patch.
(Closes: #744320)
* debchange:
+ Document the default urgency is medium. Thanks to Anders Kaseorg for
the patch. (Closes: #745565)
+ Add “binary-only=yes” to binNMU changelog stanzas. Thanks to Thorsten
Glaser for the patch. (Closes: #746612)
[ Andreas Tille ]
* uscan: Allow a different compression scheme when repacking upstream
tarballs. (Closes: #730768)
[ Antonio Terceiro ]
* debi/debc: always try ../build-area/ when the changes file is not found
under ../ (even when not using svn)
[ Joachim Breitner ]
* mk-origtargz: New script to rename (or symlink or copy) a downloaded
upstream tarball to the correct name, possibly changing the compression
scheme and removing files listed in debian/copyright's Excluded-Files.
This is now also used by uscan, where most of the code comes from.
-- James McCoy <email address hidden> Sun, 11 May 2014 13:15:22 -0400
-
devscripts (2.14.1) unstable; urgency=medium
* Actually install sadt. (Closes: #736683)
-- James McCoy <email address hidden> Sat, 25 Jan 2014 22:15:46 -0500
-
devscripts (2.13.9) unstable; urgency=low
[ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
[ James McCoy ]
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Use find's -exec to call rm directly instead of piping to xargs.
(Closes: #732006, CVE-2013-7085)
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
+ Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.
[ Salvatore Bonaccorso ]
* uscan: Fix unitialized value warning when copyright is not in
copyright-format 1.0. (Closes: #732807)
-- James McCoy <email address hidden> Mon, 23 Dec 2013 15:28:45 -0500
-
devscripts (2.13.8) unstable; urgency=medium
[ James McCoy ]
* uscan: Fix arbitrary command execution when using USCAN_EXCLUSION.
(Closes: #731849)
[ Adam D. Barratt ]
* Honour USCAN_EXCLUSION. (Closes: #731885)
-- James McCoy <email address hidden> Tue, 10 Dec 2013 20:26:42 -0500
-
devscripts (2.13.5) unstable; urgency=low
[ James McCoy ]
* namecheck: Fix “406 Not Acceptable” error when querying Alioth. (Closes:
#725228)
* uscan:
+ Allow specifying file exclusion rules in d/copyright so uscan can
automatically repack upstream archives which contain non-DFSG content.
Thanks to Andreas Tille, gregor herrmann, and Rafael Laboissiere for the
patches. (Closes: #685787)
+ Require LWP::Protocol::https instead of Crypt::SSLeay to access https
sites. (Closes: #624317)
* test/*:
+ Pass --no-conf to commands which may be influenced by ~/.devscripts
+ Fix a test failure in test_uscan_online due to different version format.
* rc-alert: Be more flexible in the formatting of the HTML being parsed.
(Closes: #729779)
* who-uploads: Use long keyid format to avoid ambiguity. (Closes: #674579)
[ Evgeni Golov ]
* debcheckout: allow setting the user for auth mode in the config. (Closes:
#722171)
[ Joachim Breitner ]
* debcommit: Fix --release with darcs when the repository is clean. (Closes:
#728177)
[ Christoph Berg ]
* origtargz: Document pristine-tar support in the manpage.
* rmadison: Support -r (--regex) parameter. (This is still unsupported on
qa.debian.org, but possible on some 3rd-party repositories like
apt.postgresql.org.)
[ Benjamin Drung ]
* test/test_debchange: Strip distribution data outdated warnings. (Closes:
#726694)
[ Translation updates ]
* German, Chris Leick.
* French, David Prévot.
[ Julien Cristau ]
* debchange: the default setting for urgency is now 'medium' (Closes: #730343)
-- James McCoy <email address hidden> Wed, 04 Dec 2013 22:27:45 -0500
-
devscripts (2.13.4) unstable; urgency=low
[ James McCoy ]
* Document which scripts use libdistro-info-perl. (Closes: #708311)
* Make curl return a proper exit code for HTTP errors. (Closes: #720508)
* mk-build-deps: Define the deb's version when parsing a debian/control
file. (Closes: #721939)
* checkbashisms: Sort the keys of the bashisms hashes to provide
consistently ordered output. This avoids false positive failures in the
test suite.
[ Charles Pigott ]
* Fix POD issues. (LP: #1226318, Closes: #719828)
[ Translation updates ]
* French, David Prévot.
-- James McCoy <email address hidden> Thu, 19 Sep 2013 18:53:57 -0400
-
devscripts (2.13.3) unstable; urgency=low
[ gregor herrmann ]
* debcommit: Add the source package name to commit/tag messages. (Closes:
#704236)
[ Paul Wise ]
* In chdist bash completion, don't print warnings if ~/.chdist is missing
* Support 'new' in the rmadison URL list.
[ James McCoy ]
* dpkg-buildpackage: Use "dpkg-checkbuilddeps -A" for arch-indep builds.
Bump dpkg-dev Depends to 1.16.4 accordingly.
* Suppress "given/when is experimental" warnings when using Perl 5.18.
* mk-build-deps: Take Build-Conflicts(-Indep) into account. (Closes:
#712227)
* debcommit: Use "git status --porcelain" to check for a dirty working
directory. (Closes: #712166)
* uscan: Add "Accept: */*" header to fix downloading from Alioth. Thanks to
Dmitry Smirnov for the patch. (Closes: #712261)
* transition-check: Work around Pod::Simple change which causes Perl 5.18's
pod2man to fail. (Closes: #714599)
* licensecheck:
+ Check haskell files. Thanks to Jens Petersen for the patch.
+ Handle differing lengths of comment leaders when autodetecting comments.
(Closes: #714835)
* uscan/rc-alert: Fix roff errors in man pages. Thanks to Eric S. Raymond
for the patch. (Closes: #712701)
* dscverify: Use ~/.gnupg/trustedkeys.gpg, if available. (Closes: #600048)
[ Chris Boot ]
* bts: Fix no-mutt option. (Closes: #709999)
[ Daniel Kahn Gillmor ]
* Enable OpenPGP signature verification (Closes: #610712)
[ Yaroslav Halchenko ]
* licensecheck: Check .go (Go) files (Closes: #711467)
* wnpp-check: Add bug URL to output and reorder columns to ease reading.
(Closes: #715572)
[ Bernhard R. Link ]
* uscan: properly cope with colons and minus signs in upstream versions.
(Closes: #658999)
[ Phillip Hands ]
* licensecheck:
+ allow plural: copyright notices
+ ignore "copyright holders"
+ alternative BSD-3 wording "authors" and "_any_ contributors"
+ ignore #defines containing (c)
+ fix "copyright ownership"
+ ignore "copyright statement"
+ ignore "copyright string"
+ ignore coyright (claim|is|in), and fix test
+ ignore "copyright to"
-- James McCoy <email address hidden> Thu, 15 Aug 2013 20:00:57 -0400
-
devscripts (2.13.2) unstable; urgency=low
[ Julian Gilbey ]
* Correct git location in debian/copyright file (Closes: #703853)
[ James McCoy ]
* licensecheck: Regex-escape file contents that are used as part of a
pattern. (Closes: #704434, LP: #1164261)
* bts:
+ Accept the "jessie" and "jessie-ignore" tags. (Closes: #705817)
+ Email $<email address hidden> when reassigning a bug to src:$pkg.
(Closes: #707636)
* uscan: Define local replacements for die/warn instead of setting
$SIG{__DIE__}/$SIG{__WARN__} to prevent breaking die/warn in other
modules. (Closes: #669942)
* licensecheck: Fix invalid regular expression syntax. (Closes: #706232)
* debchange:
+ Set Wheezy as the default --bpo target. (Closes: #703633)
+ Recognize oldstable backports while oldstable is supported. (Closes:
#707616)
* rc-alert: Change description of I flag to reference wheezy instead of
lenny. (Closes: #683491)
* who-permits-upload:
+ Use consistent formatting in the "SEE ALSO" section of the POD.
+ Fix spelling mistakes.
+ Fix handling of encoding.
* Move debian/bug/* so dh_bugfiles handles installing them.
* Upload to unstable.
[ Christoph Berg ]
* dget: "--all pkg" will download all binaries for source package pkg.
[ Raphael Geissert ]
* checkbashisms: Fix false positives in $_ checks. (Closes: #691389)
[ Arno Töll ]
* New script who-permits-upload, which retrieves information about Debian
Maintainer access control lists. (Closes: #688830)
[ David Prévot ]
* Formating manpages review. (Closes: #707299)
[ Translation updates ]
* French, David Prévot.
* German, Chris Leick.
-- James McCoy <email address hidden> Sun, 12 May 2013 23:05:26 -0400
-
devscripts (2.12.6) unstable; urgency=low
* Actual install German translation.
-- Benjamin Drung <email address hidden> Sun, 25 Nov 2012 00:30:00 +0100