Requesting freeze exception for alpine
Hello lovely wheezy freezers and distro releasers,
I'd like to request an exception for alpine 2.02+dfsg-1 to enter testing.
I'd actually prefer to create a 2.02+dfsg-2 that fixes a security bug, if
that's okay: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653238
2.02+dfsg-1 has the following debian/changelog entry:
alpine (2.02+dfsg-1) unstable; urgency=medium
* ACK'd non-maintainer upload by tolimar. (Thank you!)
* Removed Windows (and other) binaries from ldap/binaries/* and
pico/msmem.c and alpine/ldap32.dll. This is now documented in
debian/copyright. (Closes: #641479)
* Configuring debian/rules for hardening flags, as per release goal.
(Therefore, this release adds a versioned dpkg dependency.)
* Set urgency to medium due to fix for release-critical bug.
* Bump the Standards-Version to 3.9.3; no changes since 3.9.1 affect
this package.
-- Asheesh Laroia <asheesh@asheesh.org> Mon, 02 Jul 2012 16:44:02 -0600
The debdiff would be polluted by the removed files, but here is the diff
between the debian/ directories.
Again, I'd prefer to (with your blessing) upload a 2.02+dfsg-2 that fixes
a non-critical security vulnerability,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653238 .
(To clarify my understanding: if I fix other issues that aren't suitable
for a freeze exception, it's best to upload those to experimental?)
Thanks!
diff -urN older/alpine-2.02/debian/changelog newer/alpine-2.02+dfsg/debian/changelog
--- older/alpine-2.02/debian/changelog 2011-12-02 08:16:13.000000000 -0600
+++ newer/alpine-2.02+dfsg/debian/changelog 2012-07-02 17:49:33.000000000 -0600
@@ -1,3 +1,17 @@
+alpine (2.02+dfsg-1) unstable; urgency=medium
+
+ * ACK'd non-maintainer upload by tolimar. (Thank you!)
+ * Removed Windows (and other) binaries from ldap/binaries/* and
+ pico/msmem.c and alpine/ldap32.dll. This is now documented in
+ debian/copyright. (Closes: #641479)
+ * Configuring debian/rules for hardening flags, as per release goal.
+ (Therefore, this release adds a versioned dpkg dependency.)
+ * Set urgency to medium due to fix for release-critical bug.
+ * Bump the Standards-Version to 3.9.3; no changes since 3.9.1 affect
+ this package.
+
+ -- Asheesh Laroia <asheesh@asheesh.org> Mon, 02 Jul 2012 16:44:02 -0600
+
alpine (2.02-3.1) unstable; urgency=medium
* Non-maintainer upload.
diff -urN older/alpine-2.02/debian/control newer/alpine-2.02+dfsg/debian/control
--- older/alpine-2.02/debian/control 2010-11-01 23:59:27.000000000 -0600
+++ newer/alpine-2.02+dfsg/debian/control 2012-07-02 17:45:53.000000000 -0600
@@ -5,8 +5,8 @@
Uploaders: Andreas Tille <tille@debian.org>, Luke Faraone <lfaraone@debian.org>
Build-Depends: debhelper (>= 5), libldap2-dev, libpam0g-dev, libncurses-dev,
libssl-dev, autotools-dev, ca-certificates, automake, autoconf, libtool, libkrb5-dev,
- cdbs, aspell
-Standards-Version: 3.9.1
+ cdbs, aspell, dpkg-dev (>= 1.16.1~)
+Standards-Version: 3.9.3
DM-Upload-Allowed: yes
Vcs-Browser: http://svn.debian.org/wsvn/collab-maint/ext-maint/alpine/trunk/?rev=0&sc=0
Vcs-Svn: svn://svn.debian.org/svn/collab-maint/ext-maint/alpine/trunk/
diff -urN older/alpine-2.02/debian/copyright newer/alpine-2.02+dfsg/debian/copyright
--- older/alpine-2.02/debian/copyright 2010-10-15 21:37:55.000000000 -0600
+++ newer/alpine-2.02+dfsg/debian/copyright 2012-07-02 17:49:47.000000000 -0600
@@ -6,6 +6,26 @@
the re-alpine project <http://sourceforge.net/projects/re-alpine>'s
current tarball.
+Some files have been removed to comply with the Debian Free Software
+Guidelines. See Debian bug #641479 <http://bugs.debian.org/641479>
+for more history. Particular files that were removed are:
+
+* pico/msmem.c. Reason: File has, at best, ambiguous permission to distribute.
+
+A lot of "ldap" binaries with no obvious source code within the
+tarball, and that are not needed to do a build. Here is a list of them:
+
+* alpine/ldap32.dll
+* ldap/binaries/debug/ldap32.lib
+* ldap/binaries/debug/libldap.dll
+* ldap/binaries/debug/libldap.lib
+* ldap/binaries/debug/ltest32.exe
+* ldap/binaries/debug/ltest.exe
+* ldap/binaries/release/ldap32.dll
+* ldap/binaries/release/ldap32.lib
+* ldap/binaries/release/libldap.dll
+* ldap/binaries/release/libldap.lib
+
Upstream Authors: University of Washington - http://www.washington.edu/alpine/
and others
@@ -28,6 +48,6 @@
`/usr/share/common-licenses/Apache-2.0'.
The Debian packaging is
- © 2006-2008 Asheesh Laroia <asheesh@asheesh.org>
+ © 2006-2012 Asheesh Laroia <asheesh@asheesh.org>
© 2008, Andreas Tille <tille@debian.org> and
is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
diff -urN older/alpine-2.02/debian/rules newer/alpine-2.02+dfsg/debian/rules
--- older/alpine-2.02/debian/rules 2010-10-15 17:35:29.000000000 -0600
+++ newer/alpine-2.02+dfsg/debian/rules 2012-07-02 16:31:55.000000000 -0600
@@ -11,6 +11,11 @@
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/class/autotools.mk
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+include /usr/share/dpkg/buildflags.mk
+
+
DEB_CONFIGURE_EXTRA_FLAGS := \
--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
Reply to: