Bug#930112: stretch-pu: package node-growl/1.7.0-1+deb9u1

2019-06-07 Thread Xavier Guimard
) stretch; urgency=medium + + * Sanitize input before passing it to exec. This embeds shell-escape little +module (Closes: #900868, CVE-2017-16042) + + -- Xavier Guimard Fri, 07 Jun 2019 12:14:09 +0200 + node-growl (1.7.0-1) unstable; urgency=low * Initial release (closes: #704930). diff --git

Bug#930107: unblock: cyrus-imapd/3.0.8-6

2019-06-06 Thread Xavier Guimard
dependency on cyrus-murder (Closes: #872238) + + [ Xavier Guimard ] + * Add patch to fix arbitrary code execution via CalDAV +(Closes: CVE-2019-11356) + + -- Xavier Guimard Fri, 07 Jun 2019 06:41:23 +0200 + cyrus-imapd (3.0.8-5) unstable; urgency=medium [ Xavier Guimard ] diff -Nru cyrus

Bug#929663: unblock: node-unicode-property-value-aliases/3.4.0+ds-1

2019-05-27 Thread Xavier Guimard
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package node-unicode-property-value-aliases Hi all, due to unicode changes, node-unicode-property-value-aliases should be updated in Buster or at least rebuilt using

Bug#929611: stretch-pu: package lemonldap-ng/1.9.7-3+deb9u2

2019-05-27 Thread Xavier Guimard
in 1.9.7-3+deb9u1 + + -- Xavier Guimard Mon, 27 May 2019 10:35:48 +0200 + lemonldap-ng (1.9.7-3+deb9u1) stretch-security; urgency=medium * Add patch to fix token security (Closes: #928944, CVE-2019-12046) diff --git a/debian/patches/CDA-regression.patch b/debian/patches/CDA-regression.patch

Bug#929452: release.debian.org: [pre-approval] testing-proposed-updates for unicode changes

2019-05-23 Thread Xavier Guimard
(Closes: #929447) + + -- Xavier Guimard Thu, 23 May 2019 20:28:45 +0200 + node-regenerate-unicode-properties (7.0.0+ds-1) unstable; urgency=medium * New upstream release. diff --git a/debian/control b/debian/control index 22119fe..ace86b4 100644 --- a/debian/control +++ b/debian/control

Bug#929449: unblock: acorn/5.5.3+ds3-3

2019-05-23 Thread Xavier Guimard
..d60dcee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +acorn (5.5.3+ds3-3) unstable; urgency=medium + + * Teamp upload + * Change unicode dependency to 12 (Closes: #929426) + + -- Xavier Guimard Thu, 23 May 2019 19:49:18 +0200 + acorn (5.5.3+ds3-2) unstable; urgency

Bug#929068: unblock: cyrus-imapd/3.0.8-5

2019-05-16 Thread Xavier Guimard
(3.0.8-5) unstable; urgency=medium + + [ Xavier Guimard ] + * Add upstream/metadata + + [ Anthony Prades ] + * sieve segfault (Closes: #927142) + + [ Xavier Guimard ] + * Fix Standards-Version to 4.3.0 + * Add patch headers + * Trailing whitespaces + * Add myself to uploaders + * Add

Bug#929027: [pre-approval] unblock: cyrus-imapd/3.0.9-1

2019-05-15 Thread Xavier Guimard
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package cyrus-imapd Hi all, Buster has currently cyrus-imapd 3.0.8. Upstram last version is 3.0.9. This version has one new little feature: "The new ``cyrus_group`` option

Bug#928954: unblock: lemonldap-ng/2.0.2+ds-7+deb10u1

2019-05-13 Thread Xavier Guimard
ngelog @@ -1,3 +1,9 @@ +lemonldap-ng (2.0.2+ds-7+deb10u1) unstable; urgency=high + + * Fix tokens security (Closes: #928944, CVE-2019-12046) + + -- Xavier Guimard Mon, 13 May 2019 21:22:34 +0200 + lemonldap-ng (2.0.2+ds-7) unstable; urgency=medium * Import upstream translations update diff --git a

Bug#928711: unblock: [pre-approval] cyrus-imapd/3.0.8-5

2019-05-09 Thread Xavier Guimard
4.14.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Description: Author: Xavier Guimard Forwarded: https://github.com

Bug#928677: unblock: node-mqtt-packet/6.0.0-2

2019-05-08 Thread Xavier Guimard
VE-2019-5432) + * Fix debian/copyright format url + * Enable upstream test during build + + -- Xavier Guimard Wed, 08 May 2019 19:27:08 +0200 + node-mqtt-packet (6.0.0-1) unstable; urgency=low * New upstream release diff --git a/debian/control b/debian/control index 48e32a0..079e795

Bug#928626: unblock: node-axios/0.17.1+dfsg-2

2019-05-07 Thread Xavier Guimard
h policy 4.3.0 + * Add upstream/metadata + * Add patch to destroy stream on exceeding maxContentLength +(Closes: #928624, CVE-2019-10742) + * Fix debian/copyright format URL + + -- Xavier Guimard Tue, 07 May 2019 22:59:58 +0200 + node-axios (0.17.1+dfsg-1) unstable; urgency=low * I

Bug#928623: unblock: node-regjsparser/0.6.0+ds-2

2019-05-07 Thread Xavier Guimard
upload + * Add upstream/metadata + * Build-depend on node-unicode-12.0.0 + * Declare compliance with policy 4.3.0 + + -- Xavier Guimard Tue, 07 May 2019 18:25:20 +0200 + node-regjsparser (0.6.0+ds-1) unstable; urgency=medium * New upstream release. @@ -22,9 +31,9 @@ node-regjsparser (0.4.0+ds-1)

Bug#928610: unblock: node-unicode-data/0~20190414+gitbf518e99-2

2019-05-07 Thread Xavier Guimard
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package node-unicode-data Hi all, Julien pushed a new version of node-unicode-data that fixes #927944 (FTBFS). Changes are only related to unicode-12 support. Cheers,

Bug#928281: unblock: lemonldap-ng/2.0.2+ds-7 (pre-approval)

2019-05-01 Thread Xavier Guimard
-translations.diff diff --git a/debian/patches/update-translations.diff b/debian/patches/update-translations.diff new file mode 100644 index 0..fdd33522f --- /dev/null +++ b/debian/patches/update-translations.diff @@ -0,0 +1,1220 @@ +Description: Import upstream translation updates +Author: Xavier

Bug#927959: unblock: node-fresh/0.2.0-2

2019-04-25 Thread Xavier Guimard
tadata + * Add patch to fix regexp ddos (Closes: #927715, CVE-2017-16119) + * Fix and enable upstream test using pkg-js-tools + * Fix VCS fields + * Fix copyright format URL + + -- Xavier Guimard Thu, 25 Apr 2019 12:23:28 +0200 + node-fresh (0.2.0-1) unstable; urgency=low * Initial release (

Bug#927871: unblock: node-js-beautify/1.7.5+dfsg-3

2019-04-24 Thread Xavier Guimard
ngelog @@ -1,3 +1,13 @@ +node-js-beautify (1.7.5+dfsg-3) unstable; urgency=medium + + * Team upload + * Add SHELL=/bin/bash in debian/rules to make build reproducible. Thanks to +Chris Lamb (Closes: #924458) + * Fix install (Closes: #927868) + * Add test on css-beautify and html-beautify + + --

Bug#927864: uscan: don't fail on first error when using multiple watch files

2019-04-24 Thread Xavier Guimard
Package: devscripts Version: 2.19.4 Severity: normal Tags: pending User: devscri...@package.debian.org Usertags: uscan When parsing multiple watch files, uscan stops after the first error. This is a regression since 2.18.5 Fix: https://salsa.debian.org/debian/devscripts/merge_requests/119

Bug#927807: unblock: node-jquery/2.2.4+dfsg-4

2019-04-23 Thread Xavier Guimard
s: #927466, CVE-2019-11358) + * Add patch to make the build reproducible. Thanks to Chris Lamb +(Closes: #886001) + + -- Xavier Guimard Tue, 23 Apr 2019 18:12:00 +0200 + node-jquery (2.2.4+dfsg-3) unstable; urgency=medium * Bump Standards-Version to 4.1.4 (no changes needed) diff --gi

Bug#927699: unblock: node-mixin-deep/1.1.3-3

2019-04-21 Thread Xavier Guimard
++ b/debian/changelog @@ -1,3 +1,23 @@ +node-mixin-deep (1.1.3-3) unstable; urgency=medium + + * Team upload + * Back to debhelper 9 (Buster freeze) + + -- Xavier Guimard Sun, 21 Apr 2019 14:34:56 +0200 + +node-mixin-deep (1.1.3-2) unstable; urgency=medium + + * Team upload + * Add upstream/meta

Bug#927683: unblock: node-ws/1.1.0+ds1.e6ddaae4-5

2019-04-21 Thread Xavier Guimard
d size to a sane value +(Closes: #927671, CVE-2016-10542) + + -- Xavier Guimard Sun, 21 Apr 2019 08:58:55 +0200 + node-ws (1.1.0+ds1.e6ddaae4-4) unstable; urgency=medium * Priority: optional diff --git a/debian/control b/debian/control index 9d70aba..52806c2 100644 --- a/debian/control +++

Bug#927422: stretch-pu: package jquery/3.1.1-2+deb9u1

2019-04-19 Thread Xavier Guimard
..a4f80b6a --- /dev/null +++ b/debian/patches/SNYK-JS-JQUERY-174006.diff @@ -0,0 +1,21 @@ +Description: Prevent Object.prototype pollution for $.extend( true, ... ) +Author: Xavier Guimard +Origin: upstream, https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b +Bug: https

Bug#927407: unblock: jquery/3.3.1~dfsg-3

2019-04-19 Thread Xavier Guimard
index 259a482a..ad742734 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +jquery (3.3.1~dfsg-3) unstable; urgency=medium + + * Team upload + * Disable check-against-upstream-build test (autopkgtest) since file is now +patched. Fixes debci + + -- Xavier Guimard Fri, 19 Apr

Bug#927391: unblock: jquery/3.3.1_dfsg-2

2019-04-18 Thread Xavier Guimard
on (Closes: #927385) + * Upgrade links to https + + -- Xavier Guimard Thu, 18 Apr 2019 22:34:14 +0200 + jquery (3.3.1~dfsg-1) unstable; urgency=medium * Team upload. diff --git a/debian/control b/debian/control index 9564aeff..126c17ca 100644 --- a/debian/control +++ b/debian/control @@ -13,7 +13,

Bug#927378: stretch-pu: package node-superagent/0.20.0+dfsg-1+deb9u1

2019-04-18 Thread Xavier Guimard
a/debian/changelog b/debian/changelog index 0df52d2..43d031a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +node-superagent (0.20.0+dfsg-1+deb9u1) stretch; urgency=medium + + * Add patch to fix ZIP bomb attacks (Closes: CVE-2017-16129) + + -- Xavier Guimard Thu, 18 Apr 2019

Bug#927361: unblock: node-superagent/0.20.0+dfsg-2

2019-04-18 Thread Xavier Guimard
+ * Fix debian/copyright format URL + * Add upstream/metadata + + -- Xavier Guimard Thu, 18 Apr 2019 14:22:09 +0200 + node-superagent (0.20.0+dfsg-1) unstable; urgency=medium * Imported Upstream version 0.20.0+dfsg diff --git a/debian/control b/debian/control index 8a9adb8..4207e63 100644 ---

Bug#927202: unblock: node-url-parse/1.2.0-2

2019-04-16 Thread Xavier Guimard
6058, CVE-2018-3774) + * Enable upstream tests using pkg-js-tools. This adds node-deep-eql, +node-object-inspect and node-pathval in build dependencies + * Fix VCS fields + * Fix debian/copyright format URL + * Fix description (trailing whitespaces) + * Add upstream/metadata + + -- Xavier Guim

Bug#927192: unblock: node-sshpk/1.13.1+dfsg-2

2019-04-15 Thread Xavier Guimard
n/changelog b/debian/changelog index edaed62..0cb77bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +node-sshpk (1.13.1+dfsg-2) unstable; urgency=medium + + * Team upload + + [ Pirate Praveen ] + * Enable nocheck build profile + + [ Xavier Guimard ] + * Declare complia

Bug#927098: unblock: node-serve-static/1.6.4-3

2019-04-14 Thread Xavier Guimard
-tools + * Declare compliance with policy 4.3.0 + * Change section to javascript + * Change priority to optional + * Fix VCS fields + * Fix debian/copyright format URL + * Add upstream/metadata + + -- Xavier Guimard Mon, 15 Apr 2019 07:05:03 +0200 + node-serve-static (1.6.4-2) unstable

Bug#927097: unblock: simile-timeline/2.3.0+dfsg1-4

2019-04-14 Thread Xavier Guimard
/changelog b/debian/changelog index a6a3f75..933bb5b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,24 @@ +simile-timeline (2.3.0+dfsg1-4) unstable; urgency=medium + + * Team upload + * Fix error in reiwa.diff patch + + -- Xavier Guimard Sun, 14 Apr 2019 23:02:19 +0200 + +simile

Bug#926821: unblock: feersum/1.406-2

2019-04-10 Thread Xavier Guimard
only 1 CPU is available (#909480) + + -- Xavier Guimard Wed, 10 Apr 2019 21:24:03 +0200 + feersum (1.406-1) unstable; urgency=medium * debian/rules: fix Perl path in example files diff --git a/debian/control b/debian/control index 081e2ba..e995ca7 100644 --- a/debian/control +++ b/debian/contro

Bug#926763: node-miller-rabin: Probably bad implementation of Miller-Rabin

2019-04-10 Thread Xavier Guimard
Package: node-miller-rabin Version: 4.0.1-4 Severity: normal Tags: upstream Forwarded: https://github.com/indutny/miller-rabin/issues/9 As reported in #926720, correctly implemented Miller-Rabin test should have false positives only with negligible probability. See https://bugs.debian.org/926720

Bug#926730: unblock: node-miller-rabin/4.0.1-5

2019-04-09 Thread Xavier Guimard
patch to fix FTBFS (Closes: #926720). Thanks to Santiago Vila + + -- Xavier Guimard Tue, 09 Apr 2019 18:54:43 +0200 + node-miller-rabin (4.0.1-4) unstable; urgency=medium * Team upload diff --git a/debian/patches/fix-randomly-ftbfs.diff b/debian/patches/fix-randomly-ftbfs.diff new file

Bug#926650: unblock: node-deep-extend/0.4.1-2

2019-04-08 Thread Xavier Guimard
elds + * Fix debian/copyright years + * Add upstream/metadata + * Change section to javascript + + -- Xavier Guimard Mon, 08 Apr 2019 14:52:06 +0200 + node-deep-extend (0.4.1-1) unstable; urgency=medium - * Initial release + * Initial release -- Thorsten Alteholz Mon, 22 Feb 2016 18:1

Bug#926303: release.debian.org: Upgrade strategy for apache2 in Buster

2019-04-03 Thread Xavier Guimard
Package: release.debian.org Severity: normal Hi all, New Apache 2.4.39 fixes many bugs (including 5 CVEs [1]) with only 2 minor new features. Do you think it is a good idea to upgrade Apache version in Buster or do you prefer a 2.4.38 with 2.4.39 fixes (means 2.4.39 without ~2 commits) or only

Bug#926166: lintian should not tag debian-watch-file-should-mangle-version when dversionmangle is set to "auto"

2019-04-01 Thread Xavier Guimard
Package: lintian Version: 2.11.0 Severity: normal Tags: patch Hi all, since devscripts 2.18.5, debian/watch dversionmangle can be set to "auto": this includes all common mangle version. A merge request is coming to fix this. Cheers, Xavier -- System Information: Debian Release: buster/sid

Bug#925907: unblock: lemonldap-ng/2.0.2+ds-6

2019-03-28 Thread Xavier Guimard
) + + -- Xavier Guimard Thu, 28 Mar 2019 10:41:14 +0100 + +lemonldap-ng (2.0.2+ds-5) unstable; urgency=medium + + * Fix bad build dependency: Authen::2F::Tester instead of Authen::2F + * Split autopkgtests to test each library separately + + -- Xavier Guimard Sat, 02 Mar 2019 13:47:29 +0100

Bug#925614: unblock: node-external-editor/2.0.4+dfsg-2

2019-03-27 Thread Xavier Guimard
Vcs fields for migration to https://salsa.debian.org/ + + [ Xavier Guimard ] + * Add upstream/metadata + * Update debian/copyright format URL + * Test: replace the use of deprecated "--compilers" by a test on generated +files (fixes debci) + * Use debian/clean instead of an override +

Bug#925583: unblock: node-opencv/6.0.0+git20180416.cfc96ba0-3

2019-03-27 Thread Xavier Guimard
t20180416.cfc96ba0-3) unstable; urgency=medium + + * Team upload + + [ Xavier Guimard ] + * Add dh_installexamples -Xtmp/ to make build reproductible. Thanks to +Chris Lamb (Closes: #924462) + + [ Utkarsh Gupta ] + * Add patch to fix CVE-2019-10061 (Closes: #925571) + + -- Utkarsh Gupta Wed, 27 M

Bug#925235: unblock: node-jschardet/1.6.0+dfsg-2

2019-03-21 Thread Xavier Guimard
+ * Update lintian-overrides + * Add Multi-Arch: foreign + + -- Xavier Guimard Thu, 21 Mar 2019 15:52:01 +0100 + node-jschardet (1.6.0+dfsg-1) unstable; urgency=low * Initial release (Closes: #886228) diff --git a/debian/clean b/debian/clean new file mode 100644 index 000..f5985ef

Bug#924876: debci: Unable to get network up when following documentation

2019-03-17 Thread Xavier Guimard
Package: debci Version: 2.0 Severity: normal Hi all, I followed exactly https://ci.debian.net/doc/file.MAINTAINERS.html#label-How+can+I+reproduce+the+test+run+locally-3F steps to get a LXC environment. Step "debci setup" fails because network isn't well configured. I got these errors: Cannot

Bug#924589: node-formidable: Unusable with Node.js >= 7

2019-03-14 Thread Xavier Guimard
Package: node-formidable Version: 1.0.13-1 Severity: grave Tags: upstream Justification: renders package unusable node-formidable is unusable with Node.js >=7: Error [ERR_NO_LONGER_SUPPORTED]: Buffer.write(string, encoding, offset[, length]) is no longer supported at Buffer.write

Bug#924537: unblock: node-log4js/4.0.2-2

2019-03-14 Thread Xavier Guimard
; urgency=medium + + * Remove useless link to index.js (Closes: #924200) + + -- Xavier Guimard Sun, 10 Mar 2019 10:51:41 +0100 + node-log4js (4.0.2-1) unstable; urgency=medium [ Mike Gabriel ] diff --git a/debian/links b/debian/links index 7d28891..78af5b4 100644 --- a/debian/links +++ b

Bug#924486: ITP: node-nodemailer -- Node.js library to send mails

2019-03-13 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: node-nodemailer Version : 5.1.1 Upstream Author : Andris Reinman * URL : https://nodemailer.com/ * License : Expat Programming Lang: Javascript Description : Node.js library to send

Bug#924317: unblock: node-istanbul/0.4.5+ds-5

2019-03-11 Thread Xavier Guimard
) + * Switch tests to pkg-js-tools + * Add libjs-prettify in dependencies (Closes: #919841) + * generate prettify.js links with dh_links + + -- Xavier Guimard Sun, 10 Mar 2019 10:27:57 +0100 + node-istanbul (0.4.5+ds-4) unstable; urgency=medium * Team upload diff --git a/debian/control b/debian

Bug#923696: lintian: Bad examples in Lintian::Tutorial::TestSuite

2019-03-03 Thread Xavier Guimard
Package: lintian Version: 2.9.1 Severity: minor Hi all, To launch part of the tests, Lintian::Tutorial::Testsuite proposes to use either: $ debian/rules runtests onlyrun=tag:$tag $ t/bin/runtests --dump-logs -k t debian/test-out tag:$tag None of these examples work (all test launched or

Bug#923331: lintian: Check for debian/tests/pkg-js/test if "dh --with nodejs" is used

2019-02-26 Thread Xavier Guimard
Package: lintian Version: 2.7.0 Severity: wishlist Hi all, pkg-js-tools provides tools to test nodejs packages. It search for 2 files: debian/tests/pkg-js/{test,files} It could be interesting to provide these 2 tags: * "W: pkg-js-tools-test-is-missing": - if "dh --with nodejs" is used and

Bug#923294: RM: ejs.js -- ROM; duplication of node-ejs

2019-02-25 Thread Xavier Guimard
Package: ftp.debian.org Severity: normal Hi all, 1. ejs.js provides libjs-ejs (used by nobody) and node-ejs which is also provided by src:node-ejs 2. src:node-ejs is up-to-date while src:ejs.js isn't (old github repo) 3. the only reverse dependency of node-ejs is node-nodeunit which

Bug#923265: libconfig-model-dpkg-perl: cme is unable to parse build dependencies built by npm2deb

2019-02-25 Thread Xavier Guimard
Package: libconfig-model-dpkg-perl Version: 2.122 Severity: normal Hi all, npm2deb build dependencies using this format: Build-Depends: debhelper (>= 11) , nodejs (>= 6) But cme is unable to parse it: $ LANG=C cme fix dpkg-control Reading package lists... Done Building

Bug#922918: stretch-pu: package twitter-bootstrap3/3.3.7+dfsg-2+deb9u1

2019-02-21 Thread Xavier Guimard
@@ +twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) UNRELEASED; urgency=medium + + * Add patch to fix CVE-2019-8331: XSS in tooltip or popover + + -- Xavier Guimard Thu, 21 Feb 2019 21:42:06 +0100 + twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high * Team upload. diff -Nru twitter

Bug#922668: tests-control: Missing restrictions superficial and skippable

2019-02-18 Thread Xavier Guimard
Package: libconfig-model-dpkg-perl Version: 2.121 Severity: minor Tags: patch Hello, 2 restrictions are missing in lib/Config/Model/models/Dpkg/Tests/Control.pl: - superficial - skippable I fixed that in salsa repo. Cheers, Xavier -- System Information: Debian Release: buster/sid APT

Bug#922264: pkg-perl-autopkgtest: use "skippable" and "superficial" restrictions

2019-02-13 Thread Xavier Guimard
Package: pkg-perl-autopkgtest Version: 0.50 Severity: wishlist Hi all, Some suggestions for pkg-js-autopkgtest based on pkg-js-autopkgtest discussion with autodep8 maintainers: - tests skipped should return a 77 exit code and all tests marked as "Restrictions: skippable". It avoids to

Bug#921638: RM: cleancss -- ROM; cleancss is no more provided by node-clean-css

2019-02-07 Thread Xavier Guimard
Package: ftp.debian.org Severity: normal Hi, node-clean-css provides no more cleancss package. Could you remove this binary package from testing/unstable ? It will probably block node-clean-css migration. Cheers, Xavier

Bug#920930: node-almond should install package.json

2019-01-30 Thread Xavier Guimard
Package: node-almond Severity: important Tags: patch, pending Hello, node-almond shoul install package.json else a simple "require('alond')" will fail. Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1 -- System Information: Debian Release: buster/sid APT prefers testing

Bug#920929: node-almond should install files in /usr/lib/nodejs/almond

2019-01-30 Thread Xavier Guimard
Package: node-almond Severity: important Tags: pending Hello, node-almond installs files in /usr/lib/nodejs/node-almond which is wrong: a simple `require('almond')` will fail. Patched in https://salsa.debian.org/georgesk/almond/merge_requests/1 -- System Information: Debian Release: buster/sid

Bug#920350: ITP: pkg-js-autopkgtest -- collection of autopktest scripts for nodejs packages

2019-01-24 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: pkg-js-autopkgtest Version : 0.1 Upstream Author : Xavier Guimard * URL : https://salsa.debian.org/js-team/pkg-js-autopkgtest * License : GPL2+ Programming Lang: Shell Description

Bug#920305: ITP: popper.js -- Javascript library to position poppers in web applications

2019-01-23 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: popper.js Version : 1.14.6 Upstream Author : Federico Zivolo * URL : https://popper.js.org/ * License : Expat Programming Lang: Javascript Description : Javascript library

Bug#920182: node-get-value: Circular dependency

2019-01-22 Thread Xavier Guimard
Package: node-get-value Version: 3.0.1+~3.0.1-1 Severity: serious Tags: upstream node-get-value build-depends on node-micromatch which depends on node-get-value via some packages -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (600, 'testing'), (50,

Bug#919635: RM: node-groove -- ROM; FTBFS + unmaintained upstream

2019-01-17 Thread Xavier Guimard
Package: ftp.debian.org Severity: normal Hi all, Please remove node-groove from unstable/testing: - node-groove isn't compatible with nodejs ≥ 10 - upstream seems abandoned (no response to bugs for more than one year) - reverse dependencies: - groovebasin is orphaned -

Bug#919575: RM: node-duplexer2 -- ROM; FTBFS + provided by node-duplexer3

2019-01-17 Thread Xavier Guimard
Package: ftp.debian.org Severity: normal Hello, please remove this package. Due to FTBFS with nodejs ≥ 10, I updated node-duplexer3 and add a "Provides: node-duplexer2" in it. There are no real differences between these packages. This removal request is only for testing/unstable of course.

Bug#918763: stretch-pu: package twitter-bootstrap3/3.3.7+dfsg-2

2019-01-08 Thread Xavier Guimard
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06 23:34:50.0 +0100 @@ -1,3 +1,11 @@ +twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high + + * Team upload. + * Fix multiples XSS vulnerabilities (Closes: #907414) + * Update debian/copyright + + -- Xavier Guimard Sun, 06

Bug#918762: stretch-pu: package twitter-bootstrap3/3.3.7+dfsg-2

2019-01-08 Thread Xavier Guimard
-bootstrap3-3.3.7+dfsg/debian/changelog 2019-01-06 23:34:50.0 +0100 @@ -1,3 +1,11 @@ +twitter-bootstrap3 (3.3.7+dfsg-3+deb9u1) stretch; urgency=high + + * Team upload. + * Fix multiples XSS vulnerabilities (Closes: #907414) + * Update debian/copyright + + -- Xavier Guimard Sun, 06

Bug#918649: coffeescript: Please upgrade to 2.x

2019-01-07 Thread Xavier Guimard
Package: coffeescript Version: 1.12.8~dfsg-2 Severity: wishlist Please upgrade to 2.x version and remove workaround-918491.patch Opened to remember to remove this workaround. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (500,

Bug#915384: lintian: check that debian/copyright has an entry for each component

2018-12-03 Thread Xavier Guimard
Package: lintian Version: 2.5.114 Severity: wishlist Hi all, uscan allows DD to embed components in their packages. Initially this feature was written for split upstream. Some packages like vlc, node-mongodb, node-yarn,... use it to include some external components. It could be safe in this case

Bug#915181: dak shouldn't accept changes in components directly in upstream

2018-12-01 Thread Xavier Guimard
Package: dak Severity: wishlist Hi all, uscan allows Debian package to embed components. I think it could be safe to disallow such packages to enter directly in unstable on upgrade when a new component is added. Cheers, Xavier -- System Information: Debian Release: buster/sid APT prefers

Bug#913046: libjs-cryptojs: Please upgrade to 3.1.9

2018-11-06 Thread Xavier Guimard
Package: libjs-cryptojs Version: 3.1.2+dfsg-2 Severity: normal Hello, upstream project is archived and replaced by https://github.com/brix/crypto-js. Could you please update it. We can also take maintainance of this package under JS-Team umbrella if you want. Cheers, Xavier -- System

Bug#910864: uscan: bad symlinks when using components

2018-10-12 Thread Xavier Guimard
Package: devscripts Version: 2.18.6 Severity: normal when launching uscan with a debian/watch using components, all symlinks point to the last downloaded tarball -- Package-specific info: --- /etc/devscripts.conf --- --- ~/.devscripts --- Not present -- System Information: Debian Release:

Bug#910777: uscan: use upstream-repo in git mode if available

2018-10-10 Thread Xavier Guimard
Package: devscripts Version: 2.18.6 Severity: wishlist User: devscri...@packages.debian.org Usertags: uscan Hello, when upstream repo is set in debian/upstream/metadata and debian/watch uses mode=git and `git remote show` has a "upstream-repo" entry, uscan should update "upstream-repo" (git

Bug#910065: stretch-pu: package libmail-deliverystatus-bounceparser-perl/1.542-1

2018-10-02 Thread Xavier Guimard
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, libmail-deliverystatus-bounceparser-perl contains some viruses in its tests files (#864800). This update proposes to clean

Bug#909524: uscan: git mode broken

2018-09-24 Thread Xavier Guimard
Package: devscripts Version: 2.18.4 Severity: normal git mode uses --git-dit= but --git-dir must point to .git subdir. Replace --git-dir by -C to fix paths Simple example to reproduce this: version=4 opts=\ uversionmangle=s/%25/~/,\ dversionmangle=s/\+dfsg\d*$//,\ repacksuffix=+dfsg1,\

Bug#908521: fakeupstream.cgi: new service to group node modules

2018-09-10 Thread Xavier Guimard
Package: qa.debian.org Severity: wishlist Tags: patch Hi all, as explained in Thorsten mail (https://alioth-lists.debian.net/pipermail/pkg-javascript-devel/2018-September/027849.html), node modules may be embedded sometime. After a long discussion with other members (follow the thread), I built

Bug#907737: liblucy-perl: Project Lucy has retired

2018-09-01 Thread Xavier Guimard
Package: liblucy-perl Version: Project Lucy has retired Severity: important As announced in http://lucy.apache.org/, project Lucy has retired. I think we should remove it from buster -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing'), (500,

Bug#907023: libsisimai-perl: Sisimai doesn't handle time zones well

2018-08-23 Thread Xavier Guimard
Package: libsisimai-perl Version: 4.22.7-1 Severity: normal Tags: upstream Forwarded: https://github.com/sisimai/p5-Sisimai/issues/288 tests.reproducible-builds.org reveals that Sisimai fails when it is tested when the GMT date differs from the local date. Example with

Bug#906883: ITP: libdbd-mariadb-perl -- Perl5 database interface to the MariaDB/MySQL database

2018-08-21 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: libdbd-mariadb-perl Version : 1.00 Upstream Author : Pali Rohár * URL : https://metacpan.org/release/DBD-MariaDB * License : Artistic or GPL-1+ Programming Lang: Perl Description

Bug#905396: Version 2.5 is still vulnerable

2018-08-21 Thread Xavier Guimard
Looking at ocsinventory-server upstream changes, no commits deals with CVEs and at least CVE-2018-12483 is still in 2.5 (no change on this file) signature.asc Description: OpenPGP digital signature

Bug#905396: CVE-2018-12482 fixed upstream

2018-08-21 Thread Xavier Guimard
According to https://github.com/OCSInventory-NG/OCSInventory-Server/issues/129, CVE-2018-12482 has been fixed upstream (2.5) signature.asc Description: OpenPGP digital signature

Bug#906597: lintian: false positive unknown-runtime-tests-restriction allow-stderr

2018-08-18 Thread Xavier Guimard
Package: lintian Version: 2.5.96 Severity: normal Hi all, in debian/tests/control, "allow-stderr" can be used in "Restrictions" (see /usr/share/doc/autopkgtest/README.package-tests.html), but Lintian reports: source: unknown-runtime-tests-restriction allow-stderr paragraph starting at line

Bug#905725: opensaml2: End of life warning

2018-08-08 Thread Xavier Guimard
Package: opensaml2 Version: 3.0.0-1 Severity: normal Hello, according to https://wiki.shibboleth.net/confluence/display/OpenSAML/Home, OpenSAML2 has reached its End of Life and is no longer supported. I'm opening this bug to warn if you've not seen this. Close it if you already know this

Bug#905254: libphp-phpmailer: Please update to version 6.x

2018-08-02 Thread Xavier Guimard
Package: libphp-phpmailer Version: 5.2.14+dfsg-2.3 Severity: wishlist Hello, libphp-phpmailer seems out of date, current version is 6.0.5. Could you update it ? Cheers, Xavier -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (600, 'testing'), (50,

Bug#905128: ITP: libbson-xs-perl -- Perl XS implementation of MongoDB's BSON serialization

2018-07-31 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: libbson-xs-perl Version : 0.4.3 Upstream Author : David Golden * URL : https://metacpan.org/release/BSON-XS * License : Apache-2.0 Programming Lang: Perl Description : Perl XS

Bug#903427: ITP: libuuid-urandom-perl -- Perl module to provide UUIDs based on /dev/urandom

2018-07-09 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard * Package name: libuuid-urandom-perl Version : 0.001-1 Upstream Author : David Golden * URL : https://metacpan.org/release/UUID-URandom * License : Apache 2.0 Programming Lang: Perl Description

Bug#901411: liblasso-perl: SHA256 signature verification fails sometimes, please upgrade to 2.5.1

2018-06-12 Thread Xavier Guimard
Package: liblasso-perl Version: 2.5.0-5+b4 Severity: normal Tags: fixed-upstream Hi Frederic, when using SHA256, SLO fails (Redirect+ IdP initiated for example). It looks like this is fixed with 2.5.1 (verified with Ubuntu which uses this version). Could you update Debian Lasso version to ≥

Bug#901068: dpkg-checkbuilddeps: split Build-Depends into Build-Depends + Test-Depends

2018-06-08 Thread Xavier Guimard
Package: dpkg-dev Version: 1.19.0.5 Severity: wishlist Hi all, today when a build-dependency has a RC bug, it affects current package even if this dependency is used only for tests. I propose to add a "Test-Depends" field in debian/control. Packages mentionned in it will stay required but a RC

Bug#900670: lintian: false positive spelling-error-in-manpage "some system -> some systems"

2018-06-03 Thread Xavier Guimard
Package: lintian Version: 2.5.89 Severity: normal Hi all, I'm packaging libdate-manip-perl. Lintian reports a spelling error for this sentence: The preferred way is to locate the time zone in some system file, or using some system command... I've patched it to replace "some system file" by

Bug#900238: ITP: node-ldap-client -- LDAP client library for Node.js

2018-05-27 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-ldap-client Version : 3.1.3 Upstream Author : Jeremy Childs <jere...@ssimicro.com> * URL : https://github.com/jeremycx/node-LDAP * License : Expat Prog

Bug#900097: ITP: node-lemonldap-ng-handler -- Node.js handler for LemonLDAP::NG WebSSO system

2018-05-26 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-lemonldap-ng-handler Version : 0.2.7 Upstream Author : Xavier Guimard <x.guim...@free.fr> * URL : https://github.com/LemonLDAPNG/node-lemonldap-ng-handl

Bug#900029: yui-compressor: Change README.gz link to README.md

2018-05-24 Thread Xavier Guimard
Package: yui-compressor Version: 2.4.8-2 Severity: minor Hello, yui-compressor manpage has a SEE_ALSO parapraph that points to /usr/share/doc/yui-compressor/README.gz but this file no more exists. Please change this link to /usr/share/doc/yui-compressor/README.md Regards, Xavier -- System

Bug#899424: Cannot claim guest account

2018-05-23 Thread Xavier Guimard
Package: nm.debian.org Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, I'm DM for a long time (before alioth). I recently tried to associate my SSO account with my nm.debian.org identity: - find person returns only one entry - claim account says that this GPG key is

Bug#899385: ocsinventory-agent: alias network devices not reported

2018-05-23 Thread Xavier Guimard
Package: ocsinventory-agent Version: 2:2.4.1-1 Severity: normal Tags: patch Forwarded: https://github.com/OCSInventory-NG/UnixAgent/issues/124 After upgrade of agent to 2.4.0 alias devices like "ens32:service" are not part of the inventory anymore. Patch is provided by upstream:

Bug#898640: ocsinventory-reports: Bad paths in Debian "use_system_libraries" patch

2018-05-14 Thread Xavier Guimard
Package: ocsinventory-reports Version: 2.4.1+dfsg-1 Severity: normal Debian "use_system_libraries" patch set some images path to /javascript/jquery-datatables/media/images/ instead of /ocsreports/image/ Reported by upstream team. -- System Information: Debian Release: buster/sid APT prefers

Bug#898558: ITP: node-is-in-subnet -- Node.js library to check if an IP is in a subnet

2018-05-13 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-is-in-subnet Version : 1.5.0 Upstream Author : Nate Silva <n...@natesilva.com> * URL : https://github.com/natesilva/is-in-subnet * License : Expat Prog

Bug#898244: ITP: node-modern-syslog -- native syslog binding for Node.js

2018-05-08 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-modern-syslog Version : 1.1.4 Upstream Author : Sam Roberts <r...@ca.ibm.com> * URL : http://github.com/strongloop/modern-syslog * License : Expat Prog

Bug#898095: ITP: node-syslog-client -- pure JavaScript implementation of Syslog protocol

2018-05-06 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-syslog-client Version : 1.1.1 Upstream Author : Paul Grove <paul.a.gr...@gmail.com> * URL : https://github.com/paulgrove/node-syslog-client * License

Bug#897399: ITP: node-require-optional -- Node.js module to manage optional peer dependencies

2018-05-01 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-require-optional Version : 1.0.1 Upstream Author : Christian Kvalheim <http://christiankvalheim.com> * URL : https://github.com/christkv/require_option

Bug#897382: devscripts: [uscan] Support JSON format (for registry.npmjs.com for example)

2018-05-01 Thread Xavier Guimard
Package: devscripts Version: 2.18.2 Severity: wishlist Hi all, npmjs.com provides archive links is JSON format. Example: "versions":{ "1.0.0": { "dist":{ "shasum":"52a86137a849728eb60a55533617f8f914f59abf",

Bug#897377: qa.debian.org: Please add '_' in npmjs_project_char_re (fakeupstream.cgi)

2018-05-01 Thread Xavier Guimard
Package: qa.debian.org Severity: normal Tags: patch Hi all, npmjs.com authorizes project to have a '_' in their name. For example require-optional and require_optional are 2 different projects. Sadly a lot af npmjs projects don't have valid git tags in their GitHub repository. That's why

Bug#897361: ITP: node-mongodb-core -- low level part of the 2.0 or higher MongoDB driver

2018-05-01 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-mongodb-core Version : 3.0.7 Upstream Author : Christian Kvalheim <http://christiankvalheim.com> * URL : https://github.com/mongodb-js/mongodb-co

Bug#897282: ITP: bson.js -- JavaScript binary JSON implementation

2018-05-01 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: bson.js Version : 2.0.6 Upstream Author : Christian Amor Kvalheim <chris...@gmail.com> * URL : https://github.com/mongodb/js-bson * License : Apache-2.0

Bug#897158: ITP: node-nodedbi -- libdbi interface for Node.js

2018-04-29 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-nodedbi Version : 1.0.12 Upstream Author : Daniel O'Neill <done...@akielectronics.com> * URL : https://github.com/danieloneill/nodedbi * License

Bug#897084: ITP: node-fastcgi-stream -- Node.js module to read and write FastCGI records

2018-04-28 Thread Xavier Guimard
Package: wnpp Severity: wishlist Owner: Xavier Guimard <x.guim...@free.fr> * Package name: node-fastcgi-stream Version : 1.0.0 Upstream Author : Sam Day <sam.c@gmail.com> * URL : https://github.com/samcday/node-fastcgi-stream * License

  1   2   >