devscripts - Debian Package Tracker

general

source: devscripts (main)
version: 2.25.19
maintainer: Devscripts Maintainers (DMD)
uploaders: Holger Levsen [DMD] – Benjamin Drung [DMD] – Mattia Rizzolo [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.21.3+deb11u1
oldstable: 2.23.4+deb12u2
old-bpo: 2.25.15~bpo12+1
stable: 2.25.15
stable-p-u: 2.25.15+deb13u1
testing: 2.25.19
unstable: 2.25.19

versioned links

2.21.3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.4+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.15+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25.19: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

devscripts (520 bugs: 0, 203, 317, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-07-14 Last update: 2025-08-25 07:29

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-8454: It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

Created: 2025-08-09 Last update: 2025-08-25 07:29

Depends on packages which need a new maintainer normal

The packages that devscripts depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl
svn-buildpackage (#726770)
- Suggests: svn-buildpackage

Created: 2019-11-22 Last update: 2025-09-04 07:33

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2025-08-23 Last update: 2025-09-04 07:30

45 bugs tagged patch in the BTS normal

The BTS contains patches fixing 45 bugs (47 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-09-04 07:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.25.20, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 0a0f9b058dca52c5d083b0ec0577ef5a2966491d
Author: Yadd <yadd@debian.org>
Date:   Tue Sep 2 06:44:06 2025 +0200

    uscan: update missing-template message to suggest an upgrade

commit 6e868af51f41083ca445b368ed633c7e7f345391
Author: Yadd <yadd@debian.org>
Date:   Sun Aug 31 21:54:43 2025 +0200

    uscan: indicate that "Source" is required in debian/watch unless a template is used
    
    Gbp-Dch: ignore

commit e8f4adf6d1954f22d83ee9623be13a34677b55de
Author: Xiyue Deng <manphiz@gmail.com>
Date:   Wed Aug 27 22:22:09 2025 -0700

    Use canonical field name in manpage
    
    - Prefer capitalized and hyphened caninocal name over names without
    hyphen.

commit e0a14232951ba685a396444cfca6fc0533496b8e
Merge: a647cbb1 d1269fd1
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 30 11:20:49 2025 +0200

    Merge remote-tracking branch 'origin/uscan-choose-version-type-in-templates'

commit a647cbb18dbe1a7979635da34079dcbed6c95e7d
Merge: 146960e5 2c4d4d0c
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 30 11:19:15 2025 +0200

    Merge branch 'uscan-choose-version-type-in-templates'

commit d1269fd1e05eb01c6168fdacead4eb1e64a0de4f
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 14:53:09 2025 +0200

    Add "Version-Type" parameter in templates to be able to replace ANY_VERSION by another macro

commit 146960e532233542b8e6a8c3ba5856c85deaa58b
Author: Jochen Sprickerhof <jspricke@debian.org>
Date:   Wed Aug 27 23:20:49 2025 +0200

    debrebuild: workaround #806984 and #807168 when rebuilding debian-installer(-netboot-image)
    
    (cherry picked from commit 675b040d65804f799b4ddfea82ba60e81d6b5adb)
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit 2c4d4d0cdb3abb7b05ee01714ba5cc14ae2b4a68
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 14:53:09 2025 +0200

    Add "Version-Type" parameter in templates to be able to replace ANY_VERSION by another macro

commit b5ce3d705012e501671e5d9778fc42da0c0d59e6
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 19:34:31 2025 +0200

    uscan: Fix parsing of v4 watch file with @PACKAGE@ in URL
    
    With the introduction of version 5 watch files in commit e461cf203c1b,
    the expansion of @-expressions was moved from the watch file parser to
    a later stage of processing.
    
    The version 1-4 parser was changed to recognise when part of a URL
    contains an @-expression that will expand to a parenthesised regexp
    and so needs to be split off as a file pattern, just as if it
    contained a parenthesised regexp directly.
    
    However, @PACKAGE@ does not expand to a regexp and should not be
    treated this way.  Tighten the matching of @-expressions and add a
    lookahead assertion to exclude it from this treatment.
    
    Closes: #1112065

commit 1d3901ad2f04c19f41c9dbcdde39a0513f18a78e
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 20:47:22 2025 +0200

    uscan: Add regression test for bug #1112065
    
    Test that @PACKAGE@ in a URL component in a v4 watch file is not split
    off into a file pattern.  This will currently fail.

commit 4ba41a342a9efc85b038937e5d692fb643739596
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Aug 25 20:01:37 2025 +0200

    uscan: Add test cases for v4 watch files
    
    The newly added test cases for uscan use the new version 5 watch
    files, but it is important to check for regressions in handling
    version 4 files as well.
    
    Add v4 counterparts to all the test cases that don't depend on
    features introduced in v5.

commit 448e79f5c00d385b24f5853305cd46539f226bfc
Author: Yadd <yadd@debian.org>
Date:   Mon Aug 25 13:14:28 2025 +0200

    uscan: document --update-watchfile

commit eb07bdc58abb87d44c0f3ff1abe7395ef53d3c14
Author: Holger Levsen <holger@layer-acht.org>
Date:   Sat Aug 23 13:19:19 2025 +0200

    Update Portuguese .po file for changed strings in the English original.
    
    Gbp-Dch: ignbore
    
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit 01f05a39be6c2c261a4676f592a834ee293c4af7
Author: Holger Levsen <holger@layer-acht.org>
Date:   Sat Aug 23 13:15:07 2025 +0200

    Update Portuguese translation. Thanks to Américo Monteiro. Closes: #1110411
    
    Signed-off-by: Holger Levsen <holger@layer-acht.org>

commit e3bfa3e4ed3dfad015778b3df04262860f21d8d8
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 23 02:24:49 2025 +0200

    Clean test files
    
    Gbp-Dch: ignbore

commit d04de4d7d82d259b0460c65f79d281514840e618
Author: Yadd <yadd@debian.org>
Date:   Sat Aug 23 02:02:54 2025 +0200

    Open 2.25.20 changelog

Created: 2025-07-29 Last update: 2025-09-03 21:06

lintian reports 11 warnings normal

Lintian reports 11 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-08-23 Last update: 2025-08-23 11:00

20 open merge requests in Salsa normal

There are 20 open merge requests for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-08-19 Last update: 2025-08-19 06:28

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-09 Last update: 2025-08-25 07:29

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-8454: (needs triaging) It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-14 Last update: 2025-08-25 07:29

news

[rss feed]

[2025-08-25] devscripts 2.25.19 MIGRATED to testing (Debian testing watch)
[2025-08-24] Accepted devscripts 2.25.15+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sebastiaan Couwenberg)
[2025-08-23] Accepted devscripts 2.25.19 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-08-15] Accepted devscripts 2.25.18 (source) into unstable (Sean Whitton)
[2025-07-28] Accepted devscripts 2.25.17 (source) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-20] Accepted devscripts 2.25.16 (source all) into experimental (Yadd) (signed by: Xavier Guimard)
[2025-07-11] Accepted devscripts 2.25.15~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-06-21] devscripts 2.25.15 MIGRATED to testing (Debian testing watch)
[2025-06-16] Accepted devscripts 2.25.15 (source) into unstable (Holger Levsen)
[2025-06-01] devscripts 2.25.14 MIGRATED to testing (Debian testing watch)
[2025-05-26] Accepted devscripts 2.25.14 (source) into unstable (Holger Levsen)
[2025-05-22] Accepted devscripts 2.25.13 (source) into unstable (Holger Levsen)
[2025-05-20] devscripts 2.25.12 MIGRATED to testing (Debian testing watch)
[2025-05-11] Accepted devscripts 2.25.12 (source) into unstable (Holger Levsen)
[2025-05-10] devscripts 2.25.11 MIGRATED to testing (Debian testing watch)
[2025-04-29] Accepted devscripts 2.25.11 (source) into unstable (Holger Levsen)
[2025-04-29] Accepted devscripts 2.25.10~bpo12+1 (source) into stable-backports (Roger Shimizu)
[2025-04-27] devscripts 2.25.10 MIGRATED to testing (Debian testing watch)
[2025-04-17] Accepted devscripts 2.25.10 (source) into unstable (Holger Levsen)
[2025-04-16] devscripts 2.25.9 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted devscripts 2.25.8~bpo12+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Roger Shimizu)
[2025-04-12] Accepted devscripts 2.25.9 (source) into unstable (Holger Levsen)
[2025-04-09] devscripts 2.25.8 MIGRATED to testing (Debian testing watch)
[2025-04-05] Accepted devscripts 2.25.8 (source) into unstable (Holger Levsen)
[2025-04-04] devscripts 2.25.7 MIGRATED to testing (Debian testing watch)
[2025-04-01] Accepted devscripts 2.25.7 (source) into unstable (Holger Levsen)
[2025-04-01] devscripts 2.25.6 MIGRATED to testing (Debian testing watch)
[2025-03-27] Accepted devscripts 2.25.6 (source) into unstable (Holger Levsen)
[2025-02-28] devscripts 2.25.5 MIGRATED to testing (Debian testing watch)
[2025-02-25] Accepted devscripts 2.25.5 (source) into unstable (Holger Levsen)

bugs [bug history graph]

all: 514 527
RC: 0
I&N: 198 203
M&W: 312 320
F&P: 4
patch: 45 47
help: 1

links

lintian (0, 11)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (89, -)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.25.19ubuntu2
44 bugs (2 patches)
patches for 2.25.19ubuntu2