dgit 2.x users must upgrade to 2.14

To: debian-devel-announce@lists.debian.org
Subject: dgit 2.x users must upgrade to 2.14
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 4 Jan 2017 23:46:42 +0000
Message-id: <[🔎] 22637.35170.321204.791811@chiark.greenend.org.uk>
Mail-followup-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter Green of the Raspbian project found that dgit has a bug
(#849041) which causes it to generate malformed git commit objects.

The malformed commits can be generated by the use of any of the
following dgit features (and the corresponding config options):

    --quilt=gbp    --quilt=dpm   --quilt=unapplied    import-dsc
    --gbp          --dpm                              --overwrite
    gbp-build

These commits are accepted and manipulated without complaint by our
existing git software and servers (including dgit.d.o and, I think,
alioth), but they cannot be pushed to some popular git hosting sites.
The bad commits show up in `git fsck --no-dangling' with this message:
  invalid format - expected 'committer' line

I have just uploaded dgit 2.14 (which contains just the fix for this
bug, and corresponding tests) to sid, and filed an unblock request.

24 packages on the dgit git server seem to be affected by this bug.
(List below.)  I think we will have to rewrite their history.  I am
preparing an ad-hoc tool to help with this and will be in touch with
affected uploaders ASAP.

I'm very sorry about this.  I regret relying too much on git's
defaults and not taking stronger measures myself, earlier.

Thanks for your attention.

Ian.

AFAICT the following packages have bad commits on git.dgit.d.o:
   a2jmidid.git
   aggressive-indent-mode.git
   classic-theme-restorer.git
   clipit.git
   dh-elpa.git
   ebib.git
   edid-decode.git
   flycheck.git
   git-phab.git
   helm.git
   keysafe.git
   ncbi-tools6.git
   network-manager-strongswan.git
   numpydoc.git
   pkg-info-el.git
   sympathy.git
   ublock-origin.git
   verilog-mode.git
   wpa.git
   xen.git
   xtrkcad.git
   yasnippet-snippets.git
   yasnippet.git
   zxcvbn-c.git
-----BEGIN PGP SIGNATURE-----

iQFUBAEBCAA+FiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAlhtiTEgHGlqYWNrc29u
QGNoaWFyay5ncmVlbmVuZC5vcmcudWsACgkQ4+M5I0i1DTkTmwf8CKfV94WqpCNO
rghpGvBZH0ZHcMw0tHvV6J2ixMGd14rqNU1SMW92nByZLcv7ZU9lbc2SmhsiDG4Q
MdV3+SEjdr11q29ExE/hr1BD6VItyokBXPnd1bkGyIPzKGQiKrfcWg54ve/HdpSD
1wTJefG8ok/btmRUuWbJSOaUBw9Rb0KytkPoWRtFL5R2vyORiV/HPHzq7Z3/QpUF
vbsxZmKTclTxWtA2A+OEYTI1CfirDp1ca/qDJtmjiR+MkJUbLov/X8grM+aCl95F
OkB4Yb9Y/F5JKTPsbq1TzhNnAb8z6CXBwPdphcWds8SxYI5FCN1qS2mr6cq8sW6n
vcq0CR6Asw==
=gG7j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 3750-2] libphp-phpmailer regression update
Next by Date: Release update: Soft freeze for stretch
Previous by thread: [SECURITY] [DSA 3750-2] libphp-phpmailer regression update
Next by thread: Release update: Soft freeze for stretch
Index(es):
- Date
- Thread