retitile 863519: unblock blockdiag/1.5.3+dfsg-5
Hi, Niels
2017-06-04 0:30 GMT+09:00 Niels Thykier :
> I am not confident that the "install -d" variant used in the -4 upload
> is entirely safe from this symlink attack. Furthermore, it still causes
> issues by:
>
> * It would (still?) cause issue
Kouhei Maeda:
> 2017-05-31 5:38 GMT+09:00 Jonathan Wiltshire :
>> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
>>> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
>>> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
>>
>> Apologies for not spotting it sooner, b
retitile 863519: unblock blockdiag/1.5.3+dfsg-4
I have fixed and uploaded.
Attached is the source debdiff.
Regards,
diff -Nru blockdiag-1.5.3+dfsg/debian/changelog
blockdiag-1.5.3+dfsg/debian/changelog
--- blockdiag-1.5.3+dfsg/debian/changelog 2017-05-29
20:44:19.0 +0900
+++ blockdiag-1.5.3+dfsg/debian/changelog 2017-05-31
2017-05-31 5:38 GMT+09:00 Jonathan Wiltshire :
> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
>> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
>> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
>
> Apologies for not spotting it sooner, but there's a symlink
Control: tag -1 moreinfo
On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
> +export PYBUILD_BEFORE_BUILD=cp -a $(CURDIR)/src/blockdiag.egg-info
> {build_dir};cp -f $(CURDIR)/debian/circle.* /tmp/
Apologies for not spotting it sooner, but there's a symlink vulnerability
here (imagine
retitile 863519: unblock blockdiag/1.5.3+dfsg-3
Hi,
2017-05-29 22:02 GMT+09:00 Jonathan Wiltshire :
> On 2017-05-29 05:26, Kouhei Maeda wrote:
>>
>> Hi,
>>
>> 2017-05-28 21:50 GMT+09:00 Jonathan Wiltshire :
>>>
>>> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
+ * Bumps
On 2017-05-29 05:26, Kouhei Maeda wrote:
Hi,
2017-05-28 21:50 GMT+09:00 Jonathan Wiltshire :
On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
+ * Bumps version debian/compat to 9.
+- Fixes package-uses-deprecated-debhelper-compat-version.
This isn't OK, please remove it.
Hi,
2017-05-28 21:50 GMT+09:00 Jonathan Wiltshire :
> On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
>> + * Bumps version debian/compat to 9.
>> +- Fixes package-uses-deprecated-debhelper-compat-version.
>
> This isn't OK, please remove it.
This means that reverting debian/com
Control: tag -1 moreinfo
Hi,
On Sun, May 28, 2017 at 08:51:27AM +0900, Kouhei Maeda wrote:
> + * Bumps version debian/compat to 9.
> +- Fixes package-uses-deprecated-debhelper-compat-version.
This isn't OK, please remove it.
Thanks,
--
Jonathan Wiltshire
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Dear release team,
Please unblock blockdiag/1.5.3+dfsg-2.
This would fixes #860689, #847930 in stretch and sid,
which are some test failures on FTBFS.
Attached is the source debdiff.
Reg
11 matches
Mail list logo