Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Hi Pirate, On 19-03-2023 16:32, Pirate Praveen wrote: On Sun, Mar 19 2023 at 02:31:02 PM +01:00:00 +01:00:00, Sebastian Ramacher wrote: This type of change is not acceptable during hard freeze. Please revert. ok then we can just remove the version currently in testing. Can you elaborate why bumping the debhelper compat level is a targeted fix? I suggest to read our FAQ [1] which elaborates *why* it's not acceptable (unless substantiated why it's needed and what checks where done). Paul [1] https://release.debian.org/testing/FAQ.html (last paragraph) OpenPGP_signature Description: OpenPGP digital signature
Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
On Sun, Mar 19 2023 at 02:31:02 PM +01:00:00 +01:00:00, Sebastian Ramacher wrote: This type of change is not acceptable during hard freeze. Please revert. ok then we can just remove the version currently in testing.
Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Control: tags -1 moreinfo On 2023-03-19 18:14:29 +0530, Pirate Praveen wrote: > Control: tags -1 -moreinfo > > > On Sun, Mar 19 2023 at 01:40:57 PM +01:00:00 +01:00:00, Sebastian Ramacher > wrote: > > Control: tags -1 moreinfo > > > > Please provide a debdiff > > debdiff attached. > > diff -Nru ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec > ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec > --- ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec > 2019-08-22 14:40:31.0 +0530 > +++ ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec > 2022-05-06 12:42:42.0 +0530 > @@ -1,4 +1,4 @@ > -require File.expand_path('../lib/asciidoctor/include_ext/version', __FILE__) > +require File.expand_path('lib/asciidoctor/include_ext/version', __dir__) > > Gem::Specification.new do |s| >s.name= 'asciidoctor-include-ext' > @@ -9,24 +9,22 @@ >s.license = 'MIT' > >s.summary = "Asciidoctor's standard include::[] processor > reimplemented as an extension" > - s.description = < -This is a reimplementation of the Asciidoctor's built-in (pre)processor for > the > -include::[] directive in extensible and more clean way. It provides the same > -features, but you can easily adjust it or extend for your needs. For example, > -you can change how it loads included files or add another ways how to select > -portions of the document to include. > -EOF > + s.description = <<~EOF > +This is a reimplementation of the Asciidoctor's built-in (pre)processor > for the > +include::[] directive in extensible and more clean way. It provides the > same > +features, but you can easily adjust it or extend for your needs. For > example, > +you can change how it loads included files or add another ways how to > select > +portions of the document to include. > + EOF > >s.files = Dir['lib/**/*', '*.gemspec', 'LICENSE*', 'README*'] > - s.has_rdoc= 'yard' > > - s.required_ruby_version = '>= 2.1' > + s.required_ruby_version = '>= 2.3' > >s.add_runtime_dependency 'asciidoctor', '>= 1.5.6', '< 3.0.0' > > - s.add_development_dependency 'corefines', '~> 1.11' > - s.add_development_dependency 'kramdown', '~> 1.16' > - s.add_development_dependency 'rake', '~> 12.0' > + s.add_development_dependency 'kramdown', '~> 2.0' > + s.add_development_dependency 'rake', '~> 13.0' >s.add_development_dependency 'rspec', '~> 3.7' >s.add_development_dependency 'rubocop', '~> 0.51.0' >s.add_development_dependency 'simplecov', '~> 0.15' > diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/changelog > ruby-asciidoctor-include-ext-0.4.0/debian/changelog > --- ruby-asciidoctor-include-ext-0.3.1/debian/changelog 2019-09-04 > 13:58:01.0 +0530 > +++ ruby-asciidoctor-include-ext-0.4.0/debian/changelog 2023-03-19 > 17:22:18.0 +0530 > @@ -1,3 +1,36 @@ > +ruby-asciidoctor-include-ext (0.4.0-2) unstable; urgency=medium > + > + * Team Upload > + * Reupload to unstable (gitlab is only reverse dependency, which is not in > +testing) > + * Bump Standards-Version to 4.6.2 (no changes needed) > + * Switch to ${ruby:Depends} for ruby dependencies > + > + -- Pirate Praveen Sun, 19 Mar 2023 17:22:18 +0530 > + > +ruby-asciidoctor-include-ext (0.4.0-1) experimental; urgency=medium > + > + * Team upload > + > + [ Debian Janitor ] > + * Bump debhelper from old 11 to 12. > + * Set debhelper-compat version in Build-Depends. > + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, > +Repository-Browse. > + * Update standards version to 4.5.0, no changes needed. > + * Update watch file format version to 4. > + * Remove constraints unnecessary since buster: > ++ Build-Depends: Drop versioned constraint on ruby-asciidoctor. > ++ ruby-asciidoctor-include-ext: Drop versioned constraint on > + ruby-asciidoctor in Depends. > + > + [ Pirate Praveen ] > + * New upstream version 0.4.0 > + * Bump Standards-Version to 4.6.1 (no changes needed) > + * Bump debhelper compatibility level to 13 This type of change is not acceptable during hard freeze. Please revert. Cheers > + > + -- Pirate Praveen Sun, 26 Jun 2022 22:48:20 +0530 > + > ruby-asciidoctor-include-ext (0.3.1-2) unstable; urgency=medium > >* Team upload > diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/compat > ruby-asciidoctor-include-ext-0.4.0/debian/compat > --- ruby-asciidoctor-include-ext-0.3.1/debian/compat 2019-09-04 > 13:58:01.0 +0530 > +++ ruby-asciidoctor-include-ext-0.4.0/debian/compat 1970-01-01 > 05:30:00.0 +0530 > @@ -1 +0,0 @@ > -11 > diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/control > ruby-asciidoctor-include-ext-0.4.0/debian/control > --- ruby-asciidoctor-include-ext-0.3.1/debian/control 2019-09-04 > 13:58:01.0 +0530 > +++ ruby-asciidoctor-include-ext-0.4.0/debian/control 2023-03-19 > 17:22:1
Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Processing control commands: > tags -1 moreinfo Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2 Added tag(s) moreinfo. -- 1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Control: tags -1 -moreinfo On Sun, Mar 19 2023 at 01:40:57 PM +01:00:00 +01:00:00, Sebastian Ramacher wrote: Control: tags -1 moreinfo Please provide a debdiff debdiff attached. diff -Nru ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec --- ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec 2019-08-22 14:40:31.0 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec 2022-05-06 12:42:42.0 +0530 @@ -1,4 +1,4 @@ -require File.expand_path('../lib/asciidoctor/include_ext/version', __FILE__) +require File.expand_path('lib/asciidoctor/include_ext/version', __dir__) Gem::Specification.new do |s| s.name= 'asciidoctor-include-ext' @@ -9,24 +9,22 @@ s.license = 'MIT' s.summary = "Asciidoctor's standard include::[] processor reimplemented as an extension" - s.description = <= 1.5.6', '< 3.0.0' - s.add_development_dependency 'corefines', '~> 1.11' - s.add_development_dependency 'kramdown', '~> 1.16' - s.add_development_dependency 'rake', '~> 12.0' + s.add_development_dependency 'kramdown', '~> 2.0' + s.add_development_dependency 'rake', '~> 13.0' s.add_development_dependency 'rspec', '~> 3.7' s.add_development_dependency 'rubocop', '~> 0.51.0' s.add_development_dependency 'simplecov', '~> 0.15' diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/changelog ruby-asciidoctor-include-ext-0.4.0/debian/changelog --- ruby-asciidoctor-include-ext-0.3.1/debian/changelog 2019-09-04 13:58:01.0 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/changelog 2023-03-19 17:22:18.0 +0530 @@ -1,3 +1,36 @@ +ruby-asciidoctor-include-ext (0.4.0-2) unstable; urgency=medium + + * Team Upload + * Reupload to unstable (gitlab is only reverse dependency, which is not in +testing) + * Bump Standards-Version to 4.6.2 (no changes needed) + * Switch to ${ruby:Depends} for ruby dependencies + + -- Pirate Praveen Sun, 19 Mar 2023 17:22:18 +0530 + +ruby-asciidoctor-include-ext (0.4.0-1) experimental; urgency=medium + + * Team upload + + [ Debian Janitor ] + * Bump debhelper from old 11 to 12. + * Set debhelper-compat version in Build-Depends. + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, +Repository-Browse. + * Update standards version to 4.5.0, no changes needed. + * Update watch file format version to 4. + * Remove constraints unnecessary since buster: ++ Build-Depends: Drop versioned constraint on ruby-asciidoctor. ++ ruby-asciidoctor-include-ext: Drop versioned constraint on + ruby-asciidoctor in Depends. + + [ Pirate Praveen ] + * New upstream version 0.4.0 + * Bump Standards-Version to 4.6.1 (no changes needed) + * Bump debhelper compatibility level to 13 + + -- Pirate Praveen Sun, 26 Jun 2022 22:48:20 +0530 + ruby-asciidoctor-include-ext (0.3.1-2) unstable; urgency=medium * Team upload diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/compat ruby-asciidoctor-include-ext-0.4.0/debian/compat --- ruby-asciidoctor-include-ext-0.3.1/debian/compat 2019-09-04 13:58:01.0 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/compat 1970-01-01 05:30:00.0 +0530 @@ -1 +0,0 @@ -11 diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/control ruby-asciidoctor-include-ext-0.4.0/debian/control --- ruby-asciidoctor-include-ext-0.3.1/debian/control 2019-09-04 13:58:01.0 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/control 2023-03-19 17:22:18.0 +0530 @@ -1,13 +1,13 @@ Source: ruby-asciidoctor-include-ext Section: ruby Priority: optional -Maintainer: Debian Ruby Extras Maintainers +Maintainer: Debian Ruby Team Uploaders: Sruthi Chandran -Build-Depends: debhelper (>= 11~), +Build-Depends: debhelper-compat (= 13), gem2deb, ruby-asciidoctor (<< 3.0.0), - ruby-asciidoctor (>= 1.5.6) -Standards-Version: 4.3.0 + ruby-asciidoctor +Standards-Version: 4.6.2 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext.git Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext Homepage: https://github.com/jirutka/asciidoctor-include-ext @@ -18,9 +18,7 @@ Package: ruby-asciidoctor-include-ext Architecture: all XB-Ruby-Versions: ${ruby:Versions} -Depends: ruby | ruby-interpreter, - ruby-asciidoctor (<< 3.0.0), - ruby-asciidoctor (>= 1.5.6), +Depends: ${ruby:Depends}, ${misc:Depends}, ${shlibs:Depends} Description: Asciidoctor's standard include::[] processor reimplemented as an extension diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata --- ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata 1970-01-01 05:30:00.0 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata 2023-03-19 17:22:18.0 +0530 @@ -0,0
Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Processing control commands: > tags -1 -moreinfo Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2 Removed tag(s) moreinfo. -- 1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Processing control commands: > tags -1 moreinfo Bug #1033194 [release.debian.org] unblock: ruby-asciidoctor-include-ext/0.4.0-2 Added tag(s) moreinfo. -- 1033194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Control: tags -1 moreinfo On 2023-03-19 17:48:16 +0530, Pirate Praveen wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > X-Debbugs-Cc: ruby-asciidoctor-include-...@packages.debian.org > Control: affects -1 + src:ruby-asciidoctor-include-ext > > Please unblock package ruby-asciidoctor-include-ext > > [ Reason ] > This fixes a security issue CVE-2022-24803/#1009035 though it also includes > an upstream update. > This was uploaded to experimental on 2022-06-26 but missed reuploading to > unstable as gitlab was > using the versions directly from experimental (it was uploaded to > experimental to not break the > previos gitlab version before it switched to 0.4 version). Noticed this > today in the rc bug list. > > [ Impact ] > Only reverse dependency is gitlab so it should not impact any other package > in bookworm. > > [ Tests ] > gitlab in experimental was using it already for quite some time (upstream > gitlab tests are fine) > > [ Risks ] > For bookworm it is a leaf package (only used by gitlab which is in > unstable/experimental only) > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [ ] attach debdiff against the package in testing Please provide a debdiff Cheers > > [ Other info ] > Since it has some other upstream changes, I have not included the debdiff. > > unblock ruby-asciidoctor-include-ext/0.4.0-2 > -- Sebastian Ramacher
Bug#1033194: unblock: ruby-asciidoctor-include-ext/0.4.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: ruby-asciidoctor-include-...@packages.debian.org Control: affects -1 + src:ruby-asciidoctor-include-ext Please unblock package ruby-asciidoctor-include-ext [ Reason ] This fixes a security issue CVE-2022-24803/#1009035 though it also includes an upstream update. This was uploaded to experimental on 2022-06-26 but missed reuploading to unstable as gitlab was using the versions directly from experimental (it was uploaded to experimental to not break the previos gitlab version before it switched to 0.4 version). Noticed this today in the rc bug list. [ Impact ] Only reverse dependency is gitlab so it should not impact any other package in bookworm. [ Tests ] gitlab in experimental was using it already for quite some time (upstream gitlab tests are fine) [ Risks ] For bookworm it is a leaf package (only used by gitlab which is in unstable/experimental only) [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing [ Other info ] Since it has some other upstream changes, I have not included the debdiff. unblock ruby-asciidoctor-include-ext/0.4.0-2