-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 11 Oct 2014 00:22:34 -0400 Source: devscripts Binary: devscripts Architecture: source amd64 Version: 2.14.8 Distribution: unstable Urgency: medium Maintainer: James McCoy <jamessan@debian.org> Changed-By: James McCoy <jamessan@debian.org> Description: devscripts - scripts to make the life of a Debian Package maintainer easier Closes: 737160 764367 Changes: devscripts (2.14.8) unstable; urgency=medium . [ James McCoy ] * uscan: + Ensure $keyring is defined before trying to use it when checking whether the upstream keyring exists. + Strip the Referer header when using qa.debian.org's Sourceforge redirector. When there's a foreign Referer header, Sourceforge responds with a web page containing a <meta refresh=...> redirect to the actual file, causing uscan to save the web page rather than the file. (Closes: #764367) * uupdate: When updating a 1.0 source format package, remove any symlinks in the new upstream source before applying the Debian diff, restoring the symlinks after. This prevents patch from following the symlinks, which may point to targets outside of the source tree, when applying the diff. Thanks to Jakub Wilk for the discovery and suggested fix. (Closes: #737160, CVE-2014-1833) . [ Ron Lee ] * cowpoke: Add --sign and --upload command line overrides. Checksums-Sha1: a852ec4483abcb9d9a2d3d3d46ba323fb6d4562b 2236 devscripts_2.14.8.dsc d722277952c69996a2e7ab7e14ac324ecb25edb0 607240 devscripts_2.14.8.tar.xz b52e75dcaf05d316e4d3e509e223f900ea2ff6ce 898224 devscripts_2.14.8_amd64.deb Checksums-Sha256: f234b68b85c98c3e7305800056833b238e7a936049dec598fa03821975d141ff 2236 devscripts_2.14.8.dsc 4e188e60bfe9597d9a7e5162cb45ea88336914fb60d102ded31e90fde67dc407 607240 devscripts_2.14.8.tar.xz e454706b8d7fc12bdb6d5f190392c6e5f0e063198ec90ae14f9819ef480e78f0 898224 devscripts_2.14.8_amd64.deb Files: b65ec1cb215442045b7adf5a33c5dd57 2236 devel optional devscripts_2.14.8.dsc 446fa259995c261a2d329ed1270660f6 607240 devel optional devscripts_2.14.8.tar.xz c889ed63630fa0f66a360055dd2d353d 898224 devel optional devscripts_2.14.8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUOLHKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MUJGQkY0RDY5NTZCRDVERjdCNzJEMjNE RkU2OTFBRTMzMUJBM0RCAAoJEN/mka4zG6PbNJYP/11T7d31T9na8sAWoS0C9zbs kHPGtG85QI/N60uJ4ENcCTvHkNqNmd/z3VyA8bGePMTzEUXmu//y8sXn+utwfSqb ZHcwLR9UGfQ+SRdNMKI5B1dz4aZm6iw/dpgRIK/qkhAcz1Tm9dRQV01bXhpj2rNQ /YMpYF+NdDjrB6JMxsz7k3ZhNLFg4z6sTYRroSMYpZXrhlyxIcF0BxYkkCsA5cR7 5E5kt76wvOYnM7cSWgBO5L7subwBNqaVBS5Zr0IJqTyeU1xx1Xbk+ac80BSOASyI X/pDroHAPCGnklHoSi0RFheBMWVwnZM3Qk/eVrsbS7m8y8IpefZ9YuTV+s+wJISO dKUelWMhE8tDKOzqBH5KzqVrxkhExj4+/mk9G8eHTNOX1985XhftYUHwI+gmwDrN VoQ3NU70FUdJ+lFPym52pPZo5A9qMzbQgamTLUxu3i8u7zvptWQSllMNh4ell8MA ANlSD4bXMC8PFUZw7ki/kclqdBlTuamtdMyaiIQnl2F5haGbMnnaVr/lhaF2lwRs vBG/L7rwOd67FgbyQEdvnJ6hhHY38zozb83KOwF+5PRal0TDOdIW+o0dnjTmFXTp FflCqiCC5XHcJxAHrE+lVQ8Hc8Vk/J42U5l+Sq4iJ9QoRMEl3CW0KKLvmEcpg6BR OzM2he0L286IQX6zCpsa =8hR3 -----END PGP SIGNATURE-----
