Your message dated Thu, 1 Dec 2022 11:02:35 +0100 with message-id <Y4h7u4ZpgrnRT3u+@ramacher.at> and subject line Re: Bug#1025219: libass: new upstream version 0.17.0 has caused the Debian Bug report #1025219, regarding libass: new upstream version 0.17.0 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1025219: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025219 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: libass: new upstream version 0.17.0
- From: Oneric <oneric@oneric.de>
- Date: Thu, 1 Dec 2022 06:57:25 +0100
- Message-id: <[🔎] Y4hCRUvJOq8NgoCX@oneric.de>
Source: libass Version: 1:0.16.0-1 Severity: wishlist Hi! a new version was just released upstream and it would be great if it could make it into Bookworm. https://github.com/libass/libass/releases/0.17.0 I noticed the automatic uscan watch broke a couple days ago for many GitHub-hosted projects. Apparently, the asset list on the releases page is no longer part of the website but dynamically loaded in from e.g. https://github.com/libass/libass/releases/expanded_assets/0.17.0 without any "latest" redirect afaik. The best fix I can come up with atm is to use GitHub’s REST API and uscan’s searchmode=plain to account for JSON being served instead of HTML. This also required to make the regex a bit stricter, but using the following watchline appears to work fine: opts=pgpsigurlmangle=s/$/.asc/,pgpmode=auto,searchmode=plain \ https://api.github.com/repos/libass/libass/releases/latest \ https?://[^"]*/libass-(\d+[^"]*)+\.tar\.gz (Note: there’s a preexisting warning about pgpsigurlmangle being ignored because pgpmode=auto is also set. Just removing pgpsigurlmangle doesn’t seem to cause issues and it still checks the signature but I’m less sure about this change) If you want to match and search through all releases, rather than just the latest one, remove the trailing /latest from the api.github.com URL. Speaking about pgp, there’s another issue. As announced last release tarballs may now be signed by any one of multiple authorised keys. debian/upstream/signing-key.asc currently only contains Oleg’s public key, who signed 0.15.x and 0.16.0, but this release is signed by my key, so in order for uscan to not reject the signature, all authorised keys need to be added to debian/upstream/signing-key.asc. I described how to do this (+ provided a patch) and how to establish a chain of trust from Oleg’s key to the other authorised keys in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012524 Regarding the new optional dependency, a just barely sufficiently recent version of libunibreak is already packaged in Debian, so it can be linked to for making ASS_FEATURE_WRAP_UNICODE do something. (Otherwise the packaged release 1.1 from 2013 is rather outdated though.) If you have any more questions or if I can somehow help with getting the new release packaged, let me know. Cheers OnericAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Oneric <oneric@oneric.de>, 1025219-done@bugs.debian.org
- Subject: Re: Bug#1025219: libass: new upstream version 0.17.0
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Thu, 1 Dec 2022 11:02:35 +0100
- Message-id: <Y4h7u4ZpgrnRT3u+@ramacher.at>
- In-reply-to: <[🔎] Y4hCRUvJOq8NgoCX@oneric.de>
- References: <[🔎] Y4hCRUvJOq8NgoCX@oneric.de>
Version: 1:0.17.0-1 On 2022-12-01 06:57:25 +0100, Oneric wrote: > Source: libass > Version: 1:0.16.0-1 > Severity: wishlist > > Hi! > > a new version was just released upstream and it > would be great if it could make it into Bookworm. > https://github.com/libass/libass/releases/0.17.0 Thanks for the update. > > I noticed the automatic uscan watch broke a couple days ago for many > GitHub-hosted projects. Apparently, the asset list on the releases page > is no longer part of the website but dynamically loaded in from e.g. > https://github.com/libass/libass/releases/expanded_assets/0.17.0 > without any "latest" redirect afaik. > > The best fix I can come up with atm is to use GitHub’s REST API and uscan’s > searchmode=plain to account for JSON being served instead of HTML. This also > required to make the regex a bit stricter, but using the following watchline > appears to work fine: > > opts=pgpsigurlmangle=s/$/.asc/,pgpmode=auto,searchmode=plain \ > https://api.github.com/repos/libass/libass/releases/latest \ > https?://[^"]*/libass-(\d+[^"]*)+\.tar\.gz The project seems to have settled on variants of this. Cheers > > (Note: there’s a preexisting warning about pgpsigurlmangle > being ignored because pgpmode=auto is also set. Just removing > pgpsigurlmangle doesn’t seem to cause issues and it still checks the > signature but I’m less sure about this change) > > If you want to match and search through all releases, rather than just the > latest one, remove the trailing /latest from the api.github.com URL. > > Speaking about pgp, there’s another issue. As announced last release > tarballs may now be signed by any one of multiple authorised keys. > debian/upstream/signing-key.asc currently only contains Oleg’s public key, who > signed 0.15.x and 0.16.0, but this release is signed by my key, so in order for > uscan to not reject the signature, all authorised keys need to be added to > debian/upstream/signing-key.asc. I described how to do this (+ provided a patch) > and how to establish a chain of trust from Oleg’s key to the other authorised > keys in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012524 > > Regarding the new optional dependency, a just barely sufficiently recent version > of libunibreak is already packaged in Debian, so it can be linked to for making > ASS_FEATURE_WRAP_UNICODE do something. > (Otherwise the packaged release 1.1 from 2013 is rather outdated though.) > > If you have any more questions or if I can somehow help > with getting the new release packaged, let me know. > > Cheers > > Oneric -- Sebastian Ramacher
--- End Message ---