devscripts - Debian Package Tracker

general

source: devscripts (main)
version: 2.25.19
maintainer: Devscripts Maintainers (DMD)
uploaders: Holger Levsen [DMD] – Benjamin Drung [DMD] – Mattia Rizzolo [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.21.3+deb11u1
oldstable: 2.23.4+deb12u2
old-bpo: 2.25.15~bpo12+1
stable: 2.25.15
stable-bpo: 2.25.19~bpo13+1
testing: 2.25.19
unstable: 2.25.19

versioned links

2.21.3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.19~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.19: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

devscripts (528 bugs: 0, 207, 321, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-07-14 Last update: 2025-09-06 12:03

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-08-09 Last update: 2025-09-06 12:03

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.25.20, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit b25b7b664429630131a7ae9cfb2f808209175743
Author: Yadd <yadd@debian.org>
Date:   Tue Sep 2 10:42:58 2025 +0200

    uscan: reject "version=5" in favor of "Version: 5" and report corresponding error

commit cf0a80171e3bc474b4b0ce185be843e95c166adb
Author: Jeremy Bícha <jbicha@ubuntu.com>
Date:   Thu Sep 11 22:56:51 2025 -0400

    uscan: capitalize GitHub and GitLab correctly in manpages

commit 01007becc2bf195146c529e0cc2c4883f7fabed9
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Mon Sep 22 16:12:23 2025 +0200

    uscan: add references to new watch man pages

commit 3d1f957e318ba73da9bbfc4d0834e56cb4e41b47
Author: Hugh McMaster <hmc@debian.org>
Date:   Sun Sep 21 20:55:25 2025 +1000

    uscan: Fix regression preventing use of "safe.bareRepository = explicit"
    
    Closes: #1114902

commit fe655f15a334ce8329bceeb2ecbe707e5498bd3a
Author: Alexandre Detiste <alexandre.detiste@gmail.com>
Date:   Wed Sep 17 09:46:52 2025 +0200

    remove obsolete what-patch script
    
    Approved-by: Otto Kekäläinen <otto@debian.org>

commit 4e2aa2b69ed68934d0739985a3bd1cee3b5b6600
Author: Yadd <yadd@debian.org>
Date:   Mon Sep 15 19:05:53 2025 +0200

    Update uscan doc

commit 5c3ff4a1200f0f124cbdb0e1fe694eee925e05ff
Author: Hugh McMaster <hmc@debian.org>
Date:   Wed Sep 10 22:49:59 2025 +1000

    uscan: Pass @args to 'git fetch' when updating upstream repositories

commit 1db21512e12291718774c460b8e9ab6cec3d7f14
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Sep 12 22:13:35 2025 +1000

    test/test_uscan_git: Add more git upstream submodule tests

commit eb7c7412c935b6b4c63fec8b11b2329049a75233
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Sep 12 22:02:56 2025 +1000

    test/test_uscan_git: Separate git upstream submodules setup from initial test

commit 86ec69b99ef188629cf14b08548d19a2f7d466b5
Author: Hugh McMaster <hmc@debian.org>
Date:   Sat Sep 13 22:23:14 2025 +1000

    uscan/Git.pm: Fix cloning from branches with 'heads/<branch>' syntax
    
    This is a regression from 506623c0500b1e98c598853687d939920ea33b53.
    
    Closes: #1114750

commit 1aa4f4f7d29a3b2a4cb107852274b86eb3e5e811
Author: Hugh McMaster <hmc@debian.org>
Date:   Wed Sep 10 21:55:08 2025 +1000

    uscan: Call 'git fetch' with  '--recurse-submodules' in submodules mode

commit 65de0cac5bd5094c32d761d4b33c2064a805bc3f
Author: Hugh McMaster <hmc@debian.org>
Date:   Wed Sep 10 21:44:03 2025 +1000

    test/test_uscan_git: Test individual git submodules

commit d1f23139cdc709035175dee17362f9a687a9e642
Author: Hugh McMaster <hmc@debian.org>
Date:   Tue Sep 9 23:00:16 2025 +1000

    test/test_uscan_git: Add second submodule to unit tests

commit 0478c4539eb5280c5e7f17d98e488862ed715ab3
Author: Hugh McMaster <hmc@debian.org>
Date:   Tue Sep 9 22:57:06 2025 +1000

    test/test_uscan_git: Simplify 'git submodule' tests

commit 6a2efb340c2070b97aaff9c2dde954448652ace1
Author: Hugh McMaster <hmc@debian.org>
Date:   Tue Sep 9 22:39:02 2025 +1000

    test/test_uscan_git: Stop 'git-daemon' if the process exists

commit 88f5af04cea55522cece131a2f3cf13aa41336fe
Author: Hugh McMaster <hmc@debian.org>
Date:   Sun Sep 7 23:03:30 2025 +1000

    uscan/WatchSource.pm: Fix logic error when cloning selected git submodules
    
    Closes: #1114540
    
    Thanks to Timo Röhling for the bug report and patch.

commit be9592a7e1aa9c91fdfb4c4640a6b0afef8631e3
Author: Hugh McMaster <hmc@debian.org>
Date:   Sat Sep 6 21:33:47 2025 +1000

    test/test_uscan_git: Test git upstream repositories with submodules

commit 70052b38ea82b2ab3a9f088d43f1cc9b0c48330b
Author: Hugh McMaster <hmc@debian.org>
Date:   Thu Sep 4 21:59:16 2025 +1000

    uscan/Downloader.pm: Support git upstream repositories with submodules
    
    This patch refactors two code paths ('git' and 'git_upstream') to
    avoid code duplication.

commit f039c2fb4c26892b13ea5ad74038743aa7989e18
Author: Hugh McMaster <hmc@debian.org>
Date:   Fri Sep 5 22:42:48 2025 +1000

    test/test_uscan_git: Separate writeDebianWatch() from makeDebianDir()

commit 0a0f9b058dca52c5d083b0ec0577ef5a2966491d
Author: Yadd <yadd@debian.org>
Date:   Tue Sep 2 06:44:06 2025 +0200

    uscan: update missing-template message to suggest an upgrade

commit 6e868af51f41083ca445b368ed633c7e7f345391
Author: Yadd <yadd@debian.org>
Date:   Sun Aug 31 21:54:43 2025 +0200

    uscan: indicate that "Source" is required in debian/watch unless a template is used
    
    Gbp-Dch: ignore

commit e8f4adf6d1954f22d83ee9623be13a34677b55de
Author: Xiyue Deng <manphiz@gmail.com>
Date:   Wed Aug 27 22:22:09 2025 -0700

    Use canonical field name in manpage
    
    - Prefer capitalized and hyphened caninocal name over names without
    hyphen.

commit e0a14232951ba685a396444cfca6fc0533496b8e
Merge: a647cbb1 d1269fd1
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 30 11:20:49 2025 +0200

    Merge remote-tracking branch 'origin/uscan-choose-version-type-in-templates'

commit a647cbb18dbe1a7979635da34079dcbed6c95e7d
Merge: 146960e5 2c4d4d0c
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 30 11:19:15 2025 +0200

    Merge branch 'uscan-choose-version-type-in-templates'

commit d1269fd1e05eb01c6168fdacead4eb1e64a0de4f
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 14:53:09 2025 +0200

    Add "Version-Type" parameter in templates to be able to replace ANY_VERSION by another macro

commit 146960e532233542b8e6a8c3ba5856c85deaa58b
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Wed Aug 27 23:20:49 2025 +0200

    debrebuild: workaround #806984 and #807168 when rebuilding debian-installer(-netboot-image)
    
    (cherry picked from commit 675b040d65804f799b4ddfea82ba60e81d6b5adb)
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit 2c4d4d0cdb3abb7b05ee01714ba5cc14ae2b4a68
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 14:53:09 2025 +0200

    Add "Version-Type" parameter in templates to be able to replace ANY_VERSION by another macro

commit b5ce3d705012e501671e5d9778fc42da0c0d59e6
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 19:34:31 2025 +0200

    uscan: Fix parsing of v4 watch file with @PACKAGE@ in URL
    
    With the introduction of version 5 watch files in commit e461cf203c1b,
    the expansion of @-expressions was moved from the watch file parser to
    a later stage of processing.
    
    The version 1-4 parser was changed to recognise when part of a URL
    contains an @-expression that will expand to a parenthesised regexp
    and so needs to be split off as a file pattern, just as if it
    contained a parenthesised regexp directly.
    
    However, @PACKAGE@ does not expand to a regexp and should not be
    treated this way.  Tighten the matching of @-expressions and add a
    lookahead assertion to exclude it from this treatment.
    
    Closes: #1112065

commit 1d3901ad2f04c19f41c9dbcdde39a0513f18a78e
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 20:47:22 2025 +0200

    uscan: Add regression test for bug #1112065
    
    Test that @PACKAGE@ in a URL component in a v4 watch file is not split
    off into a file pattern.  This will currently fail.

commit 4ba41a342a9efc85b038937e5d692fb643739596
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 20:01:37 2025 +0200

    uscan: Add test cases for v4 watch files
    
    The newly added test cases for uscan use the new version 5 watch
    files, but it is important to check for regressions in handling
    version 4 files as well.
    
    Add v4 counterparts to all the test cases that don't depend on
    features introduced in v5.

commit 448e79f5c00d385b24f5853305cd46539f226bfc
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 13:14:28 2025 +0200

    uscan: document --update-watchfile

commit eb07bdc58abb87d44c0f3ff1abe7395ef53d3c14
Author: Holger Levsen <holger@layer-acht.org>
Date:   Sat Aug 23 13:19:19 2025 +0200

    Update Portuguese .po file for changed strings in the English original.
    
    Gbp-Dch: ignbore
    
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit 01f05a39be6c2c261a4676f592a834ee293c4af7
Author: Holger Levsen <holger@layer-acht.org>
Date:   Sat Aug 23 13:15:07 2025 +0200

    Update Portuguese translation. Thanks to Américo Monteiro. Closes: #1110411
    
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit e3bfa3e4ed3dfad015778b3df04262860f21d8d8
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 23 02:24:49 2025 +0200

    Clean test files
    
    Gbp-Dch: ignbore

commit d04de4d7d82d259b0460c65f79d281514840e618
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 23 02:02:54 2025 +0200

    Open 2.25.20 changelog

Created: 2025-07-29 Last update: 2025-09-24 13:02

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2025-08-23 Last update: 2025-09-24 13:00

45 bugs tagged patch in the BTS normal

The BTS contains patches fixing 45 bugs (47 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-09-24 13:00

Depends on packages which need a new maintainer normal

The packages that devscripts depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl
svn-buildpackage (#726770)
- Suggests: svn-buildpackage

Created: 2019-11-22 Last update: 2025-09-24 12:57

20 open merge requests in Salsa normal

There are 20 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-17 Last update: 2025-09-17 09:05

lintian reports 11 warnings normal

Lintian reports 11 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-08-23 Last update: 2025-08-23 11:00

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-09 Last update: 2025-09-06 12:03

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-14 Last update: 2025-09-06 12:03

news

[rss feed]

[2025-09-22] Accepted devscripts 2.25.19~bpo13+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2025-08-25] devscripts 2.25.19 MIGRATED to testing (Debian testing watch)
[2025-08-24] Accepted devscripts 2.25.15+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2025-08-23] Accepted devscripts 2.25.19 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-08-15] Accepted devscripts 2.25.18 (source) into unstable (Sean Whitton)
[2025-07-28] Accepted devscripts 2.25.17 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-20] Accepted devscripts 2.25.16 (source all) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-11] Accepted devscripts 2.25.15~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-06-21] devscripts 2.25.15 MIGRATED to testing (Debian testing watch)
[2025-06-16] Accepted devscripts 2.25.15 (source) into unstable (Holger Levsen)
[2025-06-01] devscripts 2.25.14 MIGRATED to testing (Debian testing watch)
[2025-05-26] Accepted devscripts 2.25.14 (source) into unstable (Holger Levsen)
[2025-05-22] Accepted devscripts 2.25.13 (source) into unstable (Holger Levsen)
[2025-05-20] devscripts 2.25.12 MIGRATED to testing (Debian testing watch)
[2025-05-11] Accepted devscripts 2.25.12 (source) into unstable (Holger Levsen)
[2025-05-10] devscripts 2.25.11 MIGRATED to testing (Debian testing watch)
[2025-04-29] Accepted devscripts 2.25.11 (source) into unstable (Holger Levsen)
[2025-04-29] Accepted devscripts 2.25.10~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-04-27] devscripts 2.25.10 MIGRATED to testing (Debian testing watch)
[2025-04-17] Accepted devscripts 2.25.10 (source) into unstable (Holger Levsen)
[2025-04-16] devscripts 2.25.9 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted devscripts 2.25.8~bpo12+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2025-04-12] Accepted devscripts 2.25.9 (source) into unstable (Holger Levsen)
[2025-04-09] devscripts 2.25.8 MIGRATED to testing (Debian testing watch)
[2025-04-05] Accepted devscripts 2.25.8 (source) into unstable (Holger Levsen)
[2025-04-04] devscripts 2.25.7 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted devscripts 2.25.7 (source) into unstable (Holger Levsen)
[2025-04-01] devscripts 2.25.6 MIGRATED to testing (Debian testing watch)
[2025-03-27] Accepted devscripts 2.25.6 (source) into unstable (Holger Levsen)
[2025-02-28] devscripts 2.25.5 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 526 540
RC: 0
I&N: 202 207
M&W: 316 324
F&P: 8 9
patch: 45 47
help: 1

links

lintian (0, 11)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (89, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.25.19ubuntu2
45 bugs (2 patches)
patches for 2.25.19ubuntu2