Accepted debsig-verify 0.14 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 13 Feb 2016 11:32:58 +0100
Source: debsig-verify
Binary: debsig-verify
Architecture: source
Version: 0.14
Distribution: unstable
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
debsig-verify - Debian package signature verification tool
Changes:
debsig-verify (0.14) unstable; urgency=low
.
* Assume at least C89 and POSIX.1-2001.
* Fix man page formatting.
* Add references to debsigs(1) and gpg(1) to the man page.
* Add missing man page .TH fields.
* Use https instead of git or http in URLs.
* Add new test case covering key to name id mapping.
* Switch to use more of libdpkg instead of ad-hoc code:
- Use path_make_temp_template().
- Switch from popen() to subproc_fork() and execlp(), to avoid shell
invocation and unsafe argument passing.
- Use the command module to invoke GnuPG instead of execlp().
* Do not use an absolute pathname to the GnuPG program.
* Make the GnuPG program configurable through the DEBSIG_GNUPG_PROGRAM
environment variable.
* Fix handling of a possibly non-terminated origin ID string.
* Fix a file TOCTOU issue in the XML parser.
* Set umask() for mkstemp() calls.
* Do not free() nor unlink() an uninitialized string.
* Fix printing debug message on unmatched key IDs in getKeyID().
* Update copyright years.
Checksums-Sha1:
a5ad5cd3813e1d5b7f7057195147f907957fb0fe 1659 debsig-verify_0.14.dsc
067e4fcdb0a4fefba9c1f4cd754373dcd9b4e48a 127188 debsig-verify_0.14.tar.xz
Checksums-Sha256:
8ed0552527cf76f67178920fb3ab8da2dd24ae7df67ec17558150a5b34e2be1b 1659 debsig-verify_0.14.dsc
a93346012c3602014ba28f7eb2e53ac7bd46ab78b481bb72afbb9871a2c376be 127188 debsig-verify_0.14.tar.xz
Files:
c9bff807ca26453b5ee873b37733ec0d 1659 admin optional debsig-verify_0.14.dsc
f3957713768196292570455a91098456 127188 admin optional debsig-verify_0.14.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWvwc4AAoJELlyvz6krlejkb4P/AwCb7GNOd7+ZCrRghRKUMaD
w53pQ2n7ZIVmdDsK3kKi2DMBYPLbB+wcCE733Ob+IpWhKzFcq5yto+NLIcPvaNOR
4pXSBVbyHIUdQGniS4wvdYQplJSns19YAJNwJThOVl/Nz+6Tu8d2F1sLn+FD1Q9r
AxKh8C7DYuc9/GNOWM7kCqf+Huqp8HUSdsvnGN6qmiLmh+SGLgD3VpdL/u/PLtvp
EmETIiqjec1xL2oMT4zf3m16Nrmdk2R8icjx/EuzosSbH8acaed+EcM7T1aWEjEW
oYWAgDymC8XzhPT/UXAwb3R2d5HMAxGtwX+vp1uC/joRwYUmCAUvEg6/4gK6mN90
NhV6kHxkEhvGD0mQhXH/Pxvn1btM3sIfThQpHdZ+suQWwiDDfBBNuuRPZwm0G/Bx
hRB1dfsqqyZo/m+ITIX3MK8gStG6focXwToiB8oMqc/vfMTI3xzszLr1cnxMBYvj
U495cum6BtpTqvZ3lyiS5a0Wf5vHRS/8j1HI65TzB7jGKjLx39cBt078+wiHvPfm
nBXIrlX4bTYxCf911tydbUUno1qqD1ZSnjV/G1cz63fYby0IE2T/dVwGHey4kX0T
PqCdPaE0tfz9bxm0HPXWa6QT6spdQlHrOlDvpfXiOFecE2A/J5ZKa93xeXgtZjwf
BsSL/JwiwNM1ncFKaGE+
=lz+s
-----END PGP SIGNATURE-----