Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Paul Gevers

Hi Pirate,

On 19-03-2023 16:32, Pirate Praveen wrote:
On Sun, Mar 19 2023 at 02:31:02 PM +01:00:00 +01:00:00, Sebastian 
Ramacher  wrote:

This type of change is not acceptable during hard freeze. Please revert.


ok then we can just remove the version currently in testing.


Can you elaborate why bumping the debhelper compat level is a targeted fix?

I suggest to read our FAQ [1] which elaborates *why* it's not acceptable 
(unless substantiated why it's needed and what checks where done).


Paul

[1] https://release.debian.org/testing/FAQ.html (last paragraph)


OpenPGP_signature
Description: OpenPGP digital signature


Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Pirate Praveen




On Sun, Mar 19 2023 at 02:31:02 PM +01:00:00 +01:00:00, Sebastian 
Ramacher  wrote:
This type of change is not acceptable during hard freeze. Please 
revert.


ok then we can just remove the version currently in testing.



Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Sebastian Ramacher
Control: tags -1 moreinfo

On 2023-03-19 18:14:29 +0530, Pirate Praveen wrote:
> Control: tags -1 -moreinfo
> 
> 
> On Sun, Mar 19 2023 at 01:40:57 PM +01:00:00 +01:00:00, Sebastian Ramacher
>  wrote:
> > Control: tags -1 moreinfo
> > 
> > Please provide a debdiff
> 
> debdiff attached.
> 

> diff -Nru ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec 
> ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec
> --- ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec
> 2019-08-22 14:40:31.0 +0530
> +++ ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec
> 2022-05-06 12:42:42.0 +0530
> @@ -1,4 +1,4 @@
> -require File.expand_path('../lib/asciidoctor/include_ext/version', __FILE__)
> +require File.expand_path('lib/asciidoctor/include_ext/version', __dir__)
>  
>  Gem::Specification.new do |s|
>s.name= 'asciidoctor-include-ext'
> @@ -9,24 +9,22 @@
>s.license = 'MIT'
>  
>s.summary = "Asciidoctor's standard include::[] processor 
> reimplemented as an extension"
> -  s.description = < -This is a reimplementation of the Asciidoctor's built-in (pre)processor for 
> the
> -include::[] directive in extensible and more clean way. It provides the same
> -features, but you can easily adjust it or extend for your needs. For example,
> -you can change how it loads included files or add another ways how to select
> -portions of the document to include.
> -EOF
> +  s.description = <<~EOF
> +This is a reimplementation of the Asciidoctor's built-in (pre)processor 
> for the
> +include::[] directive in extensible and more clean way. It provides the 
> same
> +features, but you can easily adjust it or extend for your needs. For 
> example,
> +you can change how it loads included files or add another ways how to 
> select
> +portions of the document to include.
> +  EOF
>  
>s.files   = Dir['lib/**/*', '*.gemspec', 'LICENSE*', 'README*']
> -  s.has_rdoc= 'yard'
>  
> -  s.required_ruby_version = '>= 2.1'
> +  s.required_ruby_version = '>= 2.3'
>  
>s.add_runtime_dependency 'asciidoctor', '>= 1.5.6', '< 3.0.0'
>  
> -  s.add_development_dependency 'corefines', '~> 1.11'
> -  s.add_development_dependency 'kramdown', '~> 1.16'
> -  s.add_development_dependency 'rake', '~> 12.0'
> +  s.add_development_dependency 'kramdown', '~> 2.0'
> +  s.add_development_dependency 'rake', '~> 13.0'
>s.add_development_dependency 'rspec', '~> 3.7'
>s.add_development_dependency 'rubocop', '~> 0.51.0'
>s.add_development_dependency 'simplecov', '~> 0.15'
> diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/changelog 
> ruby-asciidoctor-include-ext-0.4.0/debian/changelog
> --- ruby-asciidoctor-include-ext-0.3.1/debian/changelog   2019-09-04 
> 13:58:01.0 +0530
> +++ ruby-asciidoctor-include-ext-0.4.0/debian/changelog   2023-03-19 
> 17:22:18.0 +0530
> @@ -1,3 +1,36 @@
> +ruby-asciidoctor-include-ext (0.4.0-2) unstable; urgency=medium
> +
> +  * Team Upload
> +  * Reupload to unstable (gitlab is only reverse dependency, which is not in
> +testing)
> +  * Bump Standards-Version to 4.6.2 (no changes needed)
> +  * Switch to ${ruby:Depends} for ruby dependencies
> +
> + -- Pirate Praveen   Sun, 19 Mar 2023 17:22:18 +0530
> +
> +ruby-asciidoctor-include-ext (0.4.0-1) experimental; urgency=medium
> +
> +  * Team upload
> +
> +  [ Debian Janitor ]
> +  * Bump debhelper from old 11 to 12.
> +  * Set debhelper-compat version in Build-Depends.
> +  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
> +Repository-Browse.
> +  * Update standards version to 4.5.0, no changes needed.
> +  * Update watch file format version to 4.
> +  * Remove constraints unnecessary since buster:
> ++ Build-Depends: Drop versioned constraint on ruby-asciidoctor.
> ++ ruby-asciidoctor-include-ext: Drop versioned constraint on
> +  ruby-asciidoctor in Depends.
> +
> +  [ Pirate Praveen ]
> +  * New upstream version 0.4.0
> +  * Bump Standards-Version to 4.6.1 (no changes needed)
> +  * Bump debhelper compatibility level to 13

This type of change is not acceptable during hard freeze. Please revert.

Cheers

> +
> + -- Pirate Praveen   Sun, 26 Jun 2022 22:48:20 +0530
> +
>  ruby-asciidoctor-include-ext (0.3.1-2) unstable; urgency=medium
>  
>* Team upload
> diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/compat 
> ruby-asciidoctor-include-ext-0.4.0/debian/compat
> --- ruby-asciidoctor-include-ext-0.3.1/debian/compat  2019-09-04 
> 13:58:01.0 +0530
> +++ ruby-asciidoctor-include-ext-0.4.0/debian/compat  1970-01-01 
> 05:30:00.0 +0530
> @@ -1 +0,0 @@
> -11
> diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/control 
> ruby-asciidoctor-include-ext-0.4.0/debian/control
> --- ruby-asciidoctor-include-ext-0.3.1/debian/control 2019-09-04 
> 13:58:01.0 +0530
> +++ ruby-asciidoctor-include-ext-0.4.0/debian/control 2023-03-19 
> 17:22:1

Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 moreinfo
Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2
Added tag(s) moreinfo.

-- 
1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Pirate Praveen

Control: tags -1 -moreinfo


On Sun, Mar 19 2023 at 01:40:57 PM +01:00:00 +01:00:00, Sebastian 
Ramacher  wrote:

Control: tags -1 moreinfo

Please provide a debdiff


debdiff attached.

diff -Nru ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec
--- ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec	2019-08-22 14:40:31.0 +0530
+++ ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec	2022-05-06 12:42:42.0 +0530
@@ -1,4 +1,4 @@
-require File.expand_path('../lib/asciidoctor/include_ext/version', __FILE__)
+require File.expand_path('lib/asciidoctor/include_ext/version', __dir__)
 
 Gem::Specification.new do |s|
   s.name= 'asciidoctor-include-ext'
@@ -9,24 +9,22 @@
   s.license = 'MIT'
 
   s.summary = "Asciidoctor's standard include::[] processor reimplemented as an extension"
-  s.description = <= 1.5.6', '< 3.0.0'
 
-  s.add_development_dependency 'corefines', '~> 1.11'
-  s.add_development_dependency 'kramdown', '~> 1.16'
-  s.add_development_dependency 'rake', '~> 12.0'
+  s.add_development_dependency 'kramdown', '~> 2.0'
+  s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'rspec', '~> 3.7'
   s.add_development_dependency 'rubocop', '~> 0.51.0'
   s.add_development_dependency 'simplecov', '~> 0.15'
diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/changelog ruby-asciidoctor-include-ext-0.4.0/debian/changelog
--- ruby-asciidoctor-include-ext-0.3.1/debian/changelog	2019-09-04 13:58:01.0 +0530
+++ ruby-asciidoctor-include-ext-0.4.0/debian/changelog	2023-03-19 17:22:18.0 +0530
@@ -1,3 +1,36 @@
+ruby-asciidoctor-include-ext (0.4.0-2) unstable; urgency=medium
+
+  * Team Upload
+  * Reupload to unstable (gitlab is only reverse dependency, which is not in
+testing)
+  * Bump Standards-Version to 4.6.2 (no changes needed)
+  * Switch to ${ruby:Depends} for ruby dependencies
+
+ -- Pirate Praveen   Sun, 19 Mar 2023 17:22:18 +0530
+
+ruby-asciidoctor-include-ext (0.4.0-1) experimental; urgency=medium
+
+  * Team upload
+
+  [ Debian Janitor ]
+  * Bump debhelper from old 11 to 12.
+  * Set debhelper-compat version in Build-Depends.
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
+Repository-Browse.
+  * Update standards version to 4.5.0, no changes needed.
+  * Update watch file format version to 4.
+  * Remove constraints unnecessary since buster:
++ Build-Depends: Drop versioned constraint on ruby-asciidoctor.
++ ruby-asciidoctor-include-ext: Drop versioned constraint on
+  ruby-asciidoctor in Depends.
+
+  [ Pirate Praveen ]
+  * New upstream version 0.4.0
+  * Bump Standards-Version to 4.6.1 (no changes needed)
+  * Bump debhelper compatibility level to 13
+
+ -- Pirate Praveen   Sun, 26 Jun 2022 22:48:20 +0530
+
 ruby-asciidoctor-include-ext (0.3.1-2) unstable; urgency=medium
 
   * Team upload
diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/compat ruby-asciidoctor-include-ext-0.4.0/debian/compat
--- ruby-asciidoctor-include-ext-0.3.1/debian/compat	2019-09-04 13:58:01.0 +0530
+++ ruby-asciidoctor-include-ext-0.4.0/debian/compat	1970-01-01 05:30:00.0 +0530
@@ -1 +0,0 @@
-11
diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/control ruby-asciidoctor-include-ext-0.4.0/debian/control
--- ruby-asciidoctor-include-ext-0.3.1/debian/control	2019-09-04 13:58:01.0 +0530
+++ ruby-asciidoctor-include-ext-0.4.0/debian/control	2023-03-19 17:22:18.0 +0530
@@ -1,13 +1,13 @@
 Source: ruby-asciidoctor-include-ext
 Section: ruby
 Priority: optional
-Maintainer: Debian Ruby Extras Maintainers 
+Maintainer: Debian Ruby Team 
 Uploaders: Sruthi Chandran 
-Build-Depends: debhelper (>= 11~),
+Build-Depends: debhelper-compat (= 13),
gem2deb,
ruby-asciidoctor (<< 3.0.0),
-   ruby-asciidoctor (>= 1.5.6)
-Standards-Version: 4.3.0
+   ruby-asciidoctor
+Standards-Version: 4.6.2
 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext.git
 Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext
 Homepage: https://github.com/jirutka/asciidoctor-include-ext
@@ -18,9 +18,7 @@
 Package: ruby-asciidoctor-include-ext
 Architecture: all
 XB-Ruby-Versions: ${ruby:Versions}
-Depends: ruby | ruby-interpreter,
- ruby-asciidoctor (<< 3.0.0),
- ruby-asciidoctor (>= 1.5.6),
+Depends: ${ruby:Depends},
  ${misc:Depends},
  ${shlibs:Depends}
 Description: Asciidoctor's standard include::[] processor reimplemented as an extension
diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata
--- ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata	1970-01-01 05:30:00.0 +0530
+++ ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata	2023-03-19 17:22:18.0 +0530
@@ -0,0 

Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 -moreinfo
Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2
Removed tag(s) moreinfo.

-- 
1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Debian Bug Tracking System
Processing control commands:

> tags -1 moreinfo
Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2
Added tag(s) moreinfo.

-- 
1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems



Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Sebastian Ramacher
Control: tags -1 moreinfo

On 2023-03-19 17:48:16 +0530, Pirate Praveen wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian@packages.debian.org
> Usertags: unblock
> X-Debbugs-Cc: ruby-asciidoctor-include-...@packages.debian.org
> Control: affects -1 + src:ruby-asciidoctor-include-ext
> 
> Please unblock package ruby-asciidoctor-include-ext
> 
> [ Reason ]
> This fixes a security issue CVE-2022-24803/#1009035 though it also includes
> an upstream update.
> This was uploaded to experimental on 2022-06-26 but missed reuploading to
> unstable as gitlab was
> using the versions directly from experimental (it was uploaded to
> experimental to not break the
> previos gitlab version before it switched to 0.4 version). Noticed this
> today in the rc bug list.
> 
> [ Impact ]
> Only reverse dependency is gitlab so it should not impact any other package
> in bookworm.
> 
> [ Tests ]
> gitlab in experimental was using it already for quite some time (upstream
> gitlab tests are fine)
> 
> [ Risks ]
> For bookworm it is a leaf package (only used by gitlab which is in
> unstable/experimental only)
> 
> [ Checklist ]
>  [x] all changes are documented in the d/changelog
>  [x] I reviewed all changes and I approve them
>  [ ] attach debdiff against the package in testing

Please provide a debdiff

Cheers

> 
> [ Other info ]
> Since it has some other upstream changes, I have not included the debdiff.
> 
> unblock ruby-asciidoctor-include-ext/0.4.0-2
> 

-- 
Sebastian Ramacher



Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2

2023-03-19 Thread Pirate Praveen

Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: ruby-asciidoctor-include-...@packages.debian.org
Control: affects -1 + src:ruby-asciidoctor-include-ext

Please unblock package ruby-asciidoctor-include-ext

[ Reason ]
This fixes a security issue CVE-2022-24803/#1009035 though it also 
includes an upstream update.
This was uploaded to experimental on 2022-06-26 but missed reuploading 
to unstable as gitlab was
using the versions directly from experimental (it was uploaded to 
experimental to not break the
previos gitlab version before it switched to 0.4 version). Noticed this 
today in the rc bug list.


[ Impact ]
Only reverse dependency is gitlab so it should not impact any other 
package in bookworm.


[ Tests ]
gitlab in experimental was using it already for quite some time 
(upstream gitlab tests are fine)


[ Risks ]
For bookworm it is a leaf package (only used by gitlab which is in 
unstable/experimental only)


[ Checklist ]
 [x] all changes are documented in the d/changelog
 [x] I reviewed all changes and I approve them
 [ ] attach debdiff against the package in testing

[ Other info ]
Since it has some other upstream changes, I have not included the 
debdiff.


unblock ruby-asciidoctor-include-ext/0.4.0-2