This is an automated email from the git hooks/post-receive script. jamessan pushed a commit to branch jessie-backports in repository devscripts.
commit 1266e1f7e2fbdd3495be8df4decf4b1dc90e1d86 Merge: e027a0d cd4c34b Author: James McCoy <[email protected]> Date: Sat Aug 8 22:36:57 2015 -0400 Merge tag 'v2.15.8' into jessie-backports tagging package devscripts version 2.15.8 Makefile | 3 +- debian/changelog | 67 ++++++++++++++++++++++++++++++ debian/control | 3 +- scripts/checkbashisms.pl | 6 +-- scripts/cvs-debi.sh | 14 +++---- scripts/cvs-debrelease.sh | 14 +++---- scripts/debchange.bash_completion | 2 +- scripts/debchange.pl | 17 +++----- scripts/debcheckout.pl | 3 +- scripts/debclean.sh | 2 +- scripts/debi.pl | 2 +- scripts/debrelease.sh | 6 +-- scripts/debrsign.sh | 6 +-- scripts/debsign.sh | 6 +-- scripts/debuild.pl | 14 ++----- scripts/dget.pl | 66 ++++++++++++++++++++++-------- scripts/licensecheck.pl | 84 ++++++++++++++++++++++++++------------ scripts/nmudiff.sh | 8 ++-- scripts/tagpending.pl | 48 ++++++---------------- scripts/uscan.1 | 6 +-- scripts/uscan.pl | 23 ++++++----- scripts/uupdate.sh | 6 +-- scripts/what-patch.sh | 2 +- scripts/wnpp-check.1 | 5 ++- scripts/wnpp-check.sh | 45 +++++++++++++++----- test/bashisms/printf.sh | 2 + test/bashisms/printf.sh.out | 2 + test/licensecheck/bsd-1-clause-1.c | 24 +++++++++++ test/licensecheck/bsd-regents.c | 30 ++++++++++++++ test/licensecheck/lgpl-digia.c | 32 +++++++++++++++ test/licensecheck/texinfo.tex | 27 ++++++++++++ test/test_debchange | 4 +- test/test_licensecheck | 9 ++++ 33 files changed, 416 insertions(+), 172 deletions(-) diff --cc debian/changelog index bd69d08,c10f75d..0b1a130 --- a/debian/changelog +++ b/debian/changelog @@@ -1,9 -1,70 +1,76 @@@ + devscripts (2.15.8) unstable; urgency=high + + * licensecheck: + + Avoid argument injection which may cause file to overwrite a file + through symlink indirection. (Closes: #794365, CVE-2015-5705) + + -- James McCoy <[email protected]> Sun, 02 Aug 2015 09:06:05 -0400 + + devscripts (2.15.7) unstable; urgency=medium + + * licensecheck: + + Use Dpkg::IPC to run file to avoid shell injection. + (Closes: #794260, CVE-2015-5704) + + Change whitelist of mime types to greylist of encodings. Restores + ability to check files with mime types like text/x-c++ and + application/postscript. Thanks to Jonas Smedegaard for the patch. + (Closes: #794282) + + Fix an endless loop in parsing certain files. Thanks to Jonas + Smedegaard for the patch. (Closes: #794263) + + -- James McCoy <[email protected]> Fri, 31 Jul 2015 22:50:33 -0400 + + devscripts (2.15.6) unstable; urgency=medium + + [ Paul Wise ] + * Adjust wording of common suffixes passed to repacksuffix + + [ James McCoy ] + * debcheckout: + + Handle Launchpad Git URLs. Thanks to Colin Watson for the patch. + (Closes: #788777) + + Handle authenticated checkout when Vcs-Darcs is missing the root /darcs + directory. + * checkbashisms: + + Fix unescaped, literal curly brace in regex, causing FTBFS with Perl + 5.22. Thanks to Roderich Schupp for the patch. (Closes: #788707) + + Improve detection of %q/%b to include when it is at the start of the + string. Thanks to Eero Vuojolahti. (Closes: #793396) + * wnpp-check: + + Use getopt to handle argument parsing. + + Add --exact switch to match the exact package name instead of a + substring. Thanks to Balasankar C. (Closes: #791918) + * Replace manual parsing of dpkg-buildpackage's output with the use of its + -S switch or the Dpkg::Changelog::Parse Perl module. + + Bump minimum required version of dpkg-dev to 1.17.0 + * dget: Support arch-qualified package names. “dget foo:i386” will download + the foo binary package for Arch: i386. “dget --all srcfoo:i386” will + download all binary packages from the srcfoo source package that are + either Arch: all or Arch: any/i386. (Closes: #792917) + * uscan: Only check for presence of signing key when downloading a new + upstream archive. (Closes: #790047) + + [ Dominique Dumont ] + * licensecheck: + * extract © owner when © and owners are specified on 2 or more lines. + * fix digia © and license extraction (Closes: #789074) + * fix BSD-2-clause detection + * parse assembly files with suffix .S + * warn if scanned file is not a text file (Closes: #791756) + + [ Mattia Rizzolo ] + * uscan: Suggest the correct syntax in the manpage for the dversionmangle + option, escaping a '+'. Thanks to Martin Erik Werner for reporting. + (Closes: #789389) + + -- James McCoy <[email protected]> Mon, 27 Jul 2015 23:12:23 -0400 + +devscripts (2.15.5~bpo8+1) jessie-backports; urgency=medium + + * Rebuild for jessie-backports. + + -- James McCoy <[email protected]> Wed, 24 Jun 2015 21:59:43 -0400 + devscripts (2.15.5) unstable; urgency=low [ Cyril Brulebois ] -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
