diff options
-rw-r--r-- | debian/changelog | 37 | ||||
-rw-r--r-- | debian/compat | 1 | ||||
-rw-r--r-- | debian/control | 18 | ||||
-rw-r--r-- | debian/gbp.conf | 19 | ||||
-rw-r--r-- | debian/salsa-ci.yml | 4 |
5 files changed, 67 insertions, 12 deletions
diff --git a/debian/changelog b/debian/changelog index 511b147..339632b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,40 @@ +powerline-gitstatus (1.3.2-0+deb10u1) buster-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Fix CVE-2022-42906: + Powerline Gitstatus, a statusline plugin for the VIM editor, allows + arbitrary code execution. Git repositories can contain per-repository + configuration that changes the behavior of git, including running arbitrary + commands. When using powerline-gitstatus, changing to a directory + automatically runs git commands in order to display information about the + current repository in the prompt. If an attacker can convince a user to + change their current directory to one controlled by the attacker, such as + in a shared filesystem or extracted archive, powerline-gitstatus will run + arbitrary commands under the attacker's control. + + -- Markus Koschany <apo@debian.org> Fri, 20 Jan 2023 16:46:31 +0100 + +powerline-gitstatus (1.3.2-0+deb11u1) bullseye; urgency=medium + + * New upstream version 1.3.2 + - Fix command injection via malicious repository config (CVE-2022-42906) + + -- Jérôme Charaoui <jerome@riseup.net> Wed, 26 Oct 2022 22:54:03 -0400 + +powerline-gitstatus (1.3.1-2) unstable; urgency=medium + + [ Jann Haber ] + * Remove python2 stuff from build-deps, since not used anyway + (Closes: #937314) + + [ Samuel Henrique ] + * Use debhelper-compat 13 + * Bump Standards-Version to 4.5.0 + * Add d/salsa-ci.yml and d/gbp.conf + * d/control: Switch maintenance to PAPT team and add myself as an uploader + + -- Samuel Henrique <samueloph@debian.org> Wed, 08 Jul 2020 21:17:05 +0100 + powerline-gitstatus (1.3.1-1progress5u1) engywuck; urgency=medium * Initial reupload to engywuck. diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 48082f7..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -12 diff --git a/debian/control b/debian/control index 6ae8093..fec2b32 100644 --- a/debian/control +++ b/debian/control @@ -3,26 +3,26 @@ Section: python Priority: optional Maintainer: Progress Linux Maintainers <maintainers@lists.progress-linux.org> XSBC-Uploaders: Daniel Baumann <daniel.baumann@progress-linux.org> -XSBC-Original-Maintainer: Jerome Charaoui <jerome@riseup.net> +XSBC-Original-Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> +XSBC-Original-Uploaders: Jerome Charaoui <jerome@riseup.net>, + Samuel Henrique <samueloph@debian.org> Bugs: mailto:maintainers@lists.progress-linux.org Build-Depends: - debhelper (>= 12), + debhelper-compat (= 12), dh-python, powerline (>= 2.7-2progress5u1), - python-all, - python-setuptools, python3-all, python3-powerline, python3-setuptools, Build-Conflicts: powerline-gitstatus, Rules-Requires-Root: no -Standards-Version: 4.3.0 +Standards-Version: 4.5.0 Homepage: https://github.com/jaspernbrouwer/powerline-gitstatus Vcs-Browser: https://git.progress-linux.org/packages/engywuck/powerline-gitstatus Vcs-Git: https://git.progress-linux.org/packages/engywuck/powerline-gitstatus -XSBC-Original-Vcs-Browser: https://salsa.debian.org/lavamind/powerline-gitstatus -XSBC-Original-Vcs-Git: https://salsa.debian.org/lavamind/powerline-gitstatus.git +XSBC-Original-Vcs-Browser: https://salsa.debian.org/python-team/applications/powerline-gitstatus +XSBC-Original-Vcs-Git: https://salsa.debian.org/python-team/applications/powerline-gitstatus.git Package: powerline-gitstatus Architecture: all @@ -31,8 +31,6 @@ Depends: powerline ${powerline:Version}, python3-powerline-gitstatus, ${misc:Depends}, -Built-Using: - ${built-using}, Description: Powerline Git segment Powerline is a statusline plugin for vim, and provides statuslines and prompts for several other applications, including zsh, bash, tmux, @@ -46,8 +44,6 @@ Depends: python3-powerline ${powerline:Version}, ${misc:Depends}, ${python3:Depends}, -Built-Using: - ${built-using}, Description: Powerline Git segment for Python (3.x) Powerline is a statusline plugin for vim, and provides statuslines and prompts for several other applications, including zsh, bash, tmux, diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..6cbc70d --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,19 @@ +[DEFAULT] +debian-branch=debian/master +pristine-tar = True +cleaner = /bin/true + +[buildpackage] +sign-tags = True +export-dir = ../build-area/ +ignore-branch = True + +[import-orig] +filter-pristine-tar = True + +[pq] +patch-numbers = False + +[dch] +multimaint-merge = True +ignore-branch = True diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml |