Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted pagure 5.14.1+dfsg-1 (source) into unstable
Date: Mon, 20 Jan 2025 08:41:20 +0000
Signed by: Rebecca N. Palmer <rebecca_palmer@zoho.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 Jan 2025 23:14:24 +0000
Source: pagure
Architecture: source
Version: 5.14.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Rebecca N. Palmer <rebecca_palmer@zoho.com>
Changed-By: Rebecca N. Palmer <rebecca_palmer@zoho.com>
Closes: 1073117 1091383
Changes:
 pagure (5.14.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.  Includes security fixes (Closes: #1091383):
     - Do not allow reading or writing files outside the repository
       via .. or symlink:
       - view_issue_raw_file()
         https://bugzilla.redhat.com/show_bug.cgi?id=2280726
       - generate_archive() CVE-2024-47515
       - _update_file_in_git()
         https://bugzilla.redhat.com/show_bug.cgi?id=2280723
     - Do not interpret filenames starting with - as git options
       in log() / view_history_file().
       https://bugzilla.redhat.com/show_bug.cgi?id=2315805
   * Drop / refresh patches.
   * Fix additional security issues:
     - Javascript prototype pollution (probably non-exploitable).
     - Quote non-escaping in HTML diffs.
   * Adapt to newer versions of dependencies:
     - Don't crash (many places).
     - Keep markdown alignment, keep reporting empty commits as empty.
     - Still possibly broken: plugins, dump and reload.
   * Tests:
     - Re-enable the build-time tests, using pytest.
     - Enable Salsa CI and autopkgtest, default to a subset for speed.
     - Don't crash when a test has no display name.
     - Accept changed error messages.
     - Skip code style checks.
     - Don't assume being in the source repo (e.g. find templates).
     - Clean up afterwards.
   * Javascript:
     - Minify with terser, copy if minification fails.
     - Actually install the minified version (and fix symlinks).
     - Switch back to Debian packaged libjs-jquery-atwho.
     - Add missing licenses to d/copyright.
   * d/watch: fix version duplication.
   * Fix spelling and grammar.
   * Bump Standards-Version to 4.7.0 (no changes needed).
   * Set Rules-Requires-Root: no.
   * New maintainer.  (Closes: #1073117)
Checksums-Sha1:
 fa90eaaf1b34af72634af5e6d034801a87d4bea6 3677 pagure_5.14.1+dfsg-1.dsc
 7d4c152c1d5b0285c48139d24b267246ea588294 3903712 pagure_5.14.1+dfsg.orig.tar.xz
 2d100bd1205d5fc6428a0e75d2721857e4fc3ec8 61620 pagure_5.14.1+dfsg-1.debian.tar.xz
 b364ab85a470216a6aa9a21358e094c53766e931 7497 pagure_5.14.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 5c9a7f0090bd35bbc7beb44ec4da0fa33cfbb89c2a00ba2d7cd8cab772df2dc3 3677 pagure_5.14.1+dfsg-1.dsc
 236341d456b0ce2a3fb74542a6d841f51ca6a956a7ec9f47e7495bd834b25ce2 3903712 pagure_5.14.1+dfsg.orig.tar.xz
 4317077c94b76d60190605e895167cebc529682af0486cdac5ad0d040c10dc93 61620 pagure_5.14.1+dfsg-1.debian.tar.xz
 c328e2fb1eb9faf713ecd0accda18f4d6a7e4d6b8571182023fda32c03b21c59 7497 pagure_5.14.1+dfsg-1_source.buildinfo
Files:
 66bafdeff090c5ff9bb2aae3e4403094 3677 net optional pagure_5.14.1+dfsg-1.dsc
 8923943d4ac25c514f9b38734952f589 3903712 net optional pagure_5.14.1+dfsg.orig.tar.xz
 1f5880e9f274ec026edad52b6c475ece 61620 net optional pagure_5.14.1+dfsg-1.debian.tar.xz
 12c262df2ec0aafaa1d7e860aa490cb3 7497 net optional pagure_5.14.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCgA2FiEEZ8sxEAXE7b4yF1MI3uUNDVZ+omYFAmeOBC0YHHJlYmVjY2Ff
cGFsbWVyQHpvaG8uY29tAAoJEN7lDQ1WfqJmx8QQAInXewY5qV1wUeXWaEyPO1+W
W3BcckLS9FCip+K6WjY5mmrWD0vnz0ozumR7vwwZq8NdL8MJUgBatY6Ry6fhFI9F
ITkp3APkq0RSMv+Zxf4hhu3rXm7gtXbkuvgGE6nRkynJFqJH+IqeGfw8gme7L0YU
eMISIqpSyQwpxhG2KlrFHjIXiIQcKJr1q8keqDgugRzIo0dlOHrS20iDMATQQJSp
Iv0igrgjQQ2MUAf0klmY6dTToU45auvex2bzbmm/R9G2tUQbFqwTp7+rdf7HhELg
sAG9QwUHj9MyUheNPxGGZsSs5PUnezNhk1eSLoYqztYxvguROxToL7PB8yO7qbAk
YnjjxDiLOK2rcHBI/XS0idKvEGw27vFy+6GjLQy34nJ0oz1ViEqd3E8dCjxIE/lb
jvNepMAAwh8b8Wdcq7PHg6XLsMo4XRs8FvwoKIz3nl4YL2muRTXu9zf08KmJpylI
1+4bGWQ7BrfEHZ29k8/SIrBa7b6iri5pIKnT8jIMIUASUObe7SDoh2W01v/B4Y7B
gYf9nKUSgaI3qcmZ6nsaTH566iSMCAf5sGuxriBASKnoBIlxpLpcVE/q+SJ6VgvI
moRnBFDE+TgQKeW10zbQafPETqAGZJzxP/k8+83/YHvLoReWJQLs7ypDfD1PY4RE
eQarsYKmMuE44dfzA5H/
=mY/N
-----END PGP SIGNATURE-----
News for package pagure
