Debian Bug report logs - #658947
cvs: Uses perl4 corelibs without Depends

version graph

Package: cvs; Maintainer for cvs is Thorsten Glaser <tg@mirbsd.de>; Source for cvs is src:cvs.

Reported by: Dominic Hargreaves <dom@earth.li>

Date: Mon, 6 Feb 2012 21:33:17 UTC

Severity: normal

Found in version 1.12.13+real-6

Fixed in version cvs/2:1.12.13+real-7

Done: Thorsten Glaser <tg@mirbsd.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Thorsten Glaser <tg@mirbsd.de>:
Bug#658947; Package cvs. (Mon, 06 Feb 2012 21:33:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
New Bug report received and forwarded. Copy sent to Thorsten Glaser <tg@mirbsd.de>. (Mon, 06 Feb 2012 21:33:21 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: submit@bugs.debian.org
Subject: cvs: Uses perl4 corelibs without Depends
Date: Mon, 6 Feb 2012 21:30:05 +0000
Package: cvs
Version: 1.12.13+real-6
Severity: normal
User: debian-perl@lists.debian.org
Usertags: perl4-corelibs

Dear maintainer,

This package currently uses one or more deprecated perl 4 era packages,
as shown on the lintian report[1]:

As detailed at [2] we would like you to either add a dependency on

libperl4-corelibs-perl | perl (<< 5.12.3-7)

or (ideally) to replace their use with more modern equivalents.

If you prefer, I will NMU your package with the dependency added.

The wiki page [2] has references (taken from the source of the libraries
in question) for the recommended replacement libraries.

Thanks,
Dominic.

[1] <http://lintian.debian.org/tags/script-uses-perl4-libs-without-dep.html>
[2] <http://wiki.debian.org/Teams/DebianPerlGroup/OpenTasks/Transitions/Perl4CoreLibs>

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#658947; Package cvs. (Mon, 06 Feb 2012 22:03:30 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thorsten Glaser <tg@mirbsd.de>:
Extra info received and forwarded to list. (Mon, 06 Feb 2012 22:03:30 GMT) Full text and rfc822 format available.

Message #10 received at 658947@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: Dominic Hargreaves <dom@earth.li>, 658947@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#658947: cvs: Uses perl4 corelibs without Depends
Date: Mon, 6 Feb 2012 21:52:48 +0000 (UTC)
tags 658947 = pending
thanks

Dominic Hargreaves dixit:

>This package currently uses one or more deprecated perl 4 era packages,
>as shown on the lintian report[1]:

This is sort of a false positive – cvs has a number of scripts
in contrib/ which often don’t even work as-is but are provided
as an idea of how to do certain things. The script in question
is rcslock, which starts like this:

# THIS SCRIPT IS PROBABLY BROKEN.  REMOVING THE -T SWITCH ON THE #! LINE ABOVE
# WOULD FIX IT, BUT THIS IS INSECURE.  WE RECOMMEND FIXING THE ERRORS WHICH THE
# -T SWITCH WILL CAUSE PERL TO REPORT BEFORE RUNNING THIS SCRIPT FROM A CVS
# SERVER TRIGGER.  PLEASE SEND PATCHES CONTAINING THE CHANGES YOU FIND

That’s why, the next upload will no longer contain this script
and a few others (changes already committed into cvs where the
packaging is kept).

>If you prefer, I will NMU your package with the dependency added.

Please explicitly do not add these dependencies to the cvs package
due to the reasons stated above. I’ll upload sometime within the
next two months, to get the changes in before the freeze, but this
is not in a hurry. If you have some usertag tracking, I recommend
to untrack this bug as it can be seen a false positive.

Thanks anyway,
//mirabilos
-- 
Support mksh as /bin/sh and RoQA dash NOW!
‣ src:bash (242 (261) bugs: 0 RC, 169 (183) I&N, 73 (78) M&W, 0 F&P)
‣ src:dash (73 (84) bugs: 3 RC, 27 (30) I&N, 43 (51) M&W, 0 F&P)
‣ src:mksh (1 bug: 0 RC, 0 I&N, 1 M&W, 0 F&P)
http://qa.debian.org/data/bts/graphs/d/dash.png is pretty red, innit?




Added tag(s) pending. Request was from Thorsten Glaser <tg@mirbsd.de> to control@bugs.debian.org. (Mon, 06 Feb 2012 22:03:32 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Thorsten Glaser <tg@mirbsd.de>:
Bug#658947; Package cvs. (Mon, 06 Feb 2012 22:25:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
Extra info received and forwarded to list. Copy sent to Thorsten Glaser <tg@mirbsd.de>. (Mon, 06 Feb 2012 22:25:13 GMT) Full text and rfc822 format available.

Message #17 received at 658947@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: Thorsten Glaser <tg@mirbsd.de>
Cc: 658947@bugs.debian.org
Subject: Re: Bug#658947: cvs: Uses perl4 corelibs without Depends
Date: Mon, 6 Feb 2012 22:04:43 +0000
On Mon, Feb 06, 2012 at 09:52:48PM +0000, Thorsten Glaser wrote:
> tags 658947 = pending
> thanks
> 
> Dominic Hargreaves dixit:
> 
> >This package currently uses one or more deprecated perl 4 era packages,
> >as shown on the lintian report[1]:
> 
> This is sort of a false positive – cvs has a number of scripts
> in contrib/ which often don’t even work as-is but are provided
> as an idea of how to do certain things. The script in question
> is rcslock, which starts like this:
> 
> # THIS SCRIPT IS PROBABLY BROKEN.  REMOVING THE -T SWITCH ON THE #! LINE ABOVE
> # WOULD FIX IT, BUT THIS IS INSECURE.  WE RECOMMEND FIXING THE ERRORS WHICH THE
> # -T SWITCH WILL CAUSE PERL TO REPORT BEFORE RUNNING THIS SCRIPT FROM A CVS
> # SERVER TRIGGER.  PLEASE SEND PATCHES CONTAINING THE CHANGES YOU FIND
> 
> That’s why, the next upload will no longer contain this script
> and a few others (changes already committed into cvs where the
> packaging is kept).

Heh. Sounds like it was waiting for a reason to go :)

> >If you prefer, I will NMU your package with the dependency added.
> 
> Please explicitly do not add these dependencies to the cvs package
> due to the reasons stated above. I’ll upload sometime within the
> next two months, to get the changes in before the freeze, but this
> is not in a hurry. If you have some usertag tracking, I recommend
> to untrack this bug as it can be seen a false positive.

Noted; thanks for the reply.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




Reply sent to Thorsten Glaser <tg@mirbsd.de>:
You have taken responsibility. (Tue, 07 Feb 2012 18:51:06 GMT) Full text and rfc822 format available.

Notification sent to Dominic Hargreaves <dom@earth.li>:
Bug acknowledged by developer. (Tue, 07 Feb 2012 18:51:06 GMT) Full text and rfc822 format available.

Message #22 received at 658947-close@bugs.debian.org (full text, mbox):

From: Thorsten Glaser <tg@mirbsd.de>
To: 658947-close@bugs.debian.org
Subject: Bug#658947: fixed in cvs 2:1.12.13+real-7
Date: Tue, 07 Feb 2012 18:47:16 +0000
Source: cvs
Source-Version: 2:1.12.13+real-7

We believe that the bug you reported is fixed in the latest version of
cvs, which is due to be installed in the Debian FTP archive:

cvs_1.12.13+real-7.diff.gz
  to main/c/cvs/cvs_1.12.13+real-7.diff.gz
cvs_1.12.13+real-7.dsc
  to main/c/cvs/cvs_1.12.13+real-7.dsc
cvs_1.12.13+real-7_amd64.deb
  to main/c/cvs/cvs_1.12.13+real-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 658947@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Glaser <tg@mirbsd.de> (supplier of updated cvs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Format: 1.8
Date: Tue, 07 Feb 2012 18:01:44 +0000
Source: cvs
Binary: cvs
Architecture: source amd64
Version: 2:1.12.13+real-7
Distribution: unstable
Urgency: high
Maintainer: Thorsten Glaser <tg@mirbsd.de>
Changed-By: Thorsten Glaser <tg@mirbsd.de>
Description: 
 cvs        - Concurrent Versions System
Closes: 658947
Changes: 
 cvs (2:1.12.13+real-7) unstable; urgency=high
 .
   * Drop unsafe scripts from contrib, add NEWS entry for that
     (Closes: #658947)
   * debian/rules: cleanup (remove install/check, dh_installdirs;
     switch to dh_prep if extant)
   * Use -Wl,--as-needed for the link to appease dpkg-shlibdebs
   * Update maintainer scripts from template jupp (better comments)
   * Drop csh-using contrib script from package, with NEWS entry
   * Demote rcs2log(1) to contrib, add NEWS entry
   * Stop shipping a patch to rcs(1) with the binary package, ffs
   * Don’t ship cvshelp.man either, it’s antiquated and not useful
   * Fix meaning of -rHEAD for the diff subcommand (with NEWS entry)
   * Make the testsuite again usable (full PASS)
   * Apply suggested patch for CVE-2012-0804 from Petr Pisar
   * Update lintian overrides
Checksums-Sha1: 
 98b051d71a596def7fb9ee78a79210db28b4ab05 1938 cvs_1.12.13+real-7.dsc
 77226b423068338ea5130ee1cb2b5f078611dba4 107825 cvs_1.12.13+real-7.diff.gz
 4877fef8799e727a40bb8d11586cbc9cac10d747 2741100 cvs_1.12.13+real-7_amd64.deb
Checksums-Sha256: 
 095147eb5a16cbc97e5dce6b35fc266d039165ddd5ef3726d45ca0d48a5366f9 1938 cvs_1.12.13+real-7.dsc
 498c4b06498557bcd66bc5a0cb179565be6dff43c4b3c5389fe1eb39cb0eb502 107825 cvs_1.12.13+real-7.diff.gz
 41b5b12dc20ac72b2eb080484936b3c3cb7eaf0e1ee6094001187befe819eb88 2741100 cvs_1.12.13+real-7_amd64.deb
Files: 
 c5eefb2e73084628b0bc6b7dd8ac5525 1938 vcs optional cvs_1.12.13+real-7.dsc
 cc47832cf24e332008aec23f20140072 107825 vcs optional cvs_1.12.13+real-7.diff.gz
 c76e53a88955d405fa041ff2a6a96885 2741100 vcs optional cvs_1.12.13+real-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MirBSD)

iQIcBAEBCQAGBQJPMXAcAAoJEHa1NLLpkAfgGWsP/1HK2ssc7Vtd6rjKnICrb1AD
2asBx01O+X55ux5AVFrkgi0QHt1JE8mmupaLKkWArqeWD/B8eIiQp36dQPLAyolJ
+oPsEs5eyOrRB2CKF7sxW0+IJxecR0ck5Cx0zBx4Qee1JkWS9wFxnLUQohNGomo8
ZVBwbTdv7dIfBky7LDdi3ACuXE16AAxZ+vnb44wqIAfNMqrHCifpSilMyGyvo91p
PZ0LLa3NhqXdNtS6b/3ghd5cM4IrANk2ydCSzisoSU1T4komBpiKarVqgqf+WdYv
sTcYAfmgeY2scyPS9DngKi5kggi7sKZlNaO8WefvT/GALwum7uvOBaDhueHkqftT
gmPxARBlUz8gDpS8pwCmF/uJLxFx3XM/3zMSbMq+2yYoNYbBoqyY8Ky7koTS9t8F
nWsYz1UKMy9oGcYtYay9RF5l8vZNmKoGe/fk7B7Ym3Ksta8ge6UW51w5yv1S1yzq
Y80tw241kGsowGnYyLDhKIEh0z/aT3aYmf67c2RcXoRCaZHHXbEes59R0jaDSvon
nI6hOTarIFauVQfzvcGL+iP1LWUHrUma6/0JtlyKFQV0IdgGFI9+JvoTuQtXJiJu
TzCFrZ5mAXg5nICb3qlwQNSkRCHiazhpuDs1cvTQY8qpjpEZvN3ahlcsxpHKYZoV
VjU6l+XwZ9fpZhHrvTaN
=Rdhv
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 07 Mar 2012 07:36:41 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:29:44 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.