Source: libass Version: 1:0.16.0-1 Severity: wishlist Hi!
a new version was just released upstream and it would be great if it could make it into Bookworm. https://github.com/libass/libass/releases/0.17.0 I noticed the automatic uscan watch broke a couple days ago for many GitHub-hosted projects. Apparently, the asset list on the releases page is no longer part of the website but dynamically loaded in from e.g. https://github.com/libass/libass/releases/expanded_assets/0.17.0 without any "latest" redirect afaik. The best fix I can come up with atm is to use GitHub’s REST API and uscan’s searchmode=plain to account for JSON being served instead of HTML. This also required to make the regex a bit stricter, but using the following watchline appears to work fine: opts=pgpsigurlmangle=s/$/.asc/,pgpmode=auto,searchmode=plain \ https://api.github.com/repos/libass/libass/releases/latest \ https?://[^"]*/libass-(\d+[^"]*)+\.tar\.gz (Note: there’s a preexisting warning about pgpsigurlmangle being ignored because pgpmode=auto is also set. Just removing pgpsigurlmangle doesn’t seem to cause issues and it still checks the signature but I’m less sure about this change) If you want to match and search through all releases, rather than just the latest one, remove the trailing /latest from the api.github.com URL. Speaking about pgp, there’s another issue. As announced last release tarballs may now be signed by any one of multiple authorised keys. debian/upstream/signing-key.asc currently only contains Oleg’s public key, who signed 0.15.x and 0.16.0, but this release is signed by my key, so in order for uscan to not reject the signature, all authorised keys need to be added to debian/upstream/signing-key.asc. I described how to do this (+ provided a patch) and how to establish a chain of trust from Oleg’s key to the other authorised keys in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012524 Regarding the new optional dependency, a just barely sufficiently recent version of libunibreak is already packaged in Debian, so it can be linked to for making ASS_FEATURE_WRAP_UNICODE do something. (Otherwise the packaged release 1.1 from 2013 is rather outdated though.) If you have any more questions or if I can somehow help with getting the new release packaged, let me know. Cheers Oneric
signature.asc
Description: PGP signature
