Hi, Could you unblock paste and sqlalchemy source packages? Both are waiting in unstable.
About paste 1.0.1-1: ==================== It's a new upstream release, but it contains only security fix (compared to 1.0-1), it has a TEMP name in CVE: paste 1.0-1 allowed escaping the root (and reading files) when used with paste.httpserver (this does not effect other servers, and does not apply when proxying requests from Apache to paste.httpserver) `debdiff paste_1.0-1.dsc paste_1.0.1-1.dsc` output is attached as paste.debdiff About sqlalchemy 0.3.1-2 ======================== It fixes RC (serious) bug #403767: Licensing information is missing `debdiff sqlalchemy_0.3.1-1.dsc sqlalchemy_0.3.1-2.dsc` output is attached as sqlalchemy.debdiff Please CC: me on replies, Thanks in advance -- :wq!
diff -Nru /tmp/9RYLp5NsNr/paste-1.0/debian/changelog /tmp/h6T8ArgtUG/paste-1.0.1/debian/changelog --- /tmp/9RYLp5NsNr/paste-1.0/debian/changelog 2006-12-20 14:47:03.000000000 +0100 +++ /tmp/h6T8ArgtUG/paste-1.0.1/debian/changelog 2006-12-20 14:47:04.000000000 +0100 @@ -1,3 +1,12 @@ +paste (1.0.1-1) unstable; urgency=medium + + * New upstream release. This release includes *only* the security + fix, version 1.1 (released simultaneously) will be uploaded to + experimental (due to Etch freeze) + * Added XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control + + -- Piotr Ozarowski <[EMAIL PROTECTED]> Mon, 18 Dec 2006 13:15:20 +0100 + paste (1.0-1) unstable; urgency=low * New upstream release diff -Nru /tmp/9RYLp5NsNr/paste-1.0/debian/control /tmp/h6T8ArgtUG/paste-1.0.1/debian/control --- /tmp/9RYLp5NsNr/paste-1.0/debian/control 2006-12-20 14:47:03.000000000 +0100 +++ /tmp/h6T8ArgtUG/paste-1.0.1/debian/control 2006-12-20 14:47:04.000000000 +0100 @@ -7,6 +7,8 @@ Build-Depends-Indep: python (>= 2.3.5-11), python-all-dev, python-central (>= 0.5.6), python-setuptools (>= 0.6b3-1), python-docutils Standards-Version: 3.7.2 XS-Python-Version: >= 2.4 +XS-Vcs-Svn: svn://svn.debian.org/python-modules/packages/paste/trunk/ +XS-Vcs-Browser: http://svn.debian.org/wsvn/python-modules/packages/paste/trunk/?op=log Package: python-paste Architecture: all diff -Nru /tmp/9RYLp5NsNr/paste-1.0/docs/news.txt /tmp/h6T8ArgtUG/paste-1.0.1/docs/news.txt --- /tmp/9RYLp5NsNr/paste-1.0/docs/news.txt 2006-10-22 22:56:34.000000000 +0200 +++ /tmp/h6T8ArgtUG/paste-1.0.1/docs/news.txt 2006-12-18 01:23:36.000000000 +0100 @@ -3,6 +3,12 @@ .. contents:: +1.0.1 +----- + +* Security fix for StaticURLParser (only applies when using + ``paste.httpserver`` publically without an Apache frontend). + 1.0 --- diff -Nru /tmp/9RYLp5NsNr/paste-1.0/paste/urlparser.py /tmp/h6T8ArgtUG/paste-1.0.1/paste/urlparser.py --- /tmp/9RYLp5NsNr/paste-1.0/paste/urlparser.py 2006-10-22 22:56:41.000000000 +0200 +++ /tmp/h6T8ArgtUG/paste-1.0.1/paste/urlparser.py 2006-12-18 01:23:40.000000000 +0100 @@ -435,6 +435,8 @@ self.root_directory = root_directory if root_directory is not None: self.root_directory = os.path.normpath(self.root_directory) + else: + self.root_directory = os.path.normpath(directory) self.cache_max_age = cache_max_age def __call__(self, environ, start_response): diff -Nru /tmp/9RYLp5NsNr/paste-1.0/Paste.egg-info/PKG-INFO /tmp/h6T8ArgtUG/paste-1.0.1/Paste.egg-info/PKG-INFO --- /tmp/9RYLp5NsNr/paste-1.0/Paste.egg-info/PKG-INFO 2006-10-22 22:57:21.000000000 +0200 +++ /tmp/h6T8ArgtUG/paste-1.0.1/Paste.egg-info/PKG-INFO 2006-12-18 01:24:29.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: Paste -Version: 1.0 +Version: 1.0.1 Summary: Tools for using a Web Server Gateway Interface stack Home-page: http://pythonpaste.org Author: Ian Bicking diff -Nru /tmp/9RYLp5NsNr/paste-1.0/PKG-INFO /tmp/h6T8ArgtUG/paste-1.0.1/PKG-INFO --- /tmp/9RYLp5NsNr/paste-1.0/PKG-INFO 2006-10-22 22:57:23.000000000 +0200 +++ /tmp/h6T8ArgtUG/paste-1.0.1/PKG-INFO 2006-12-18 01:24:32.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: Paste -Version: 1.0 +Version: 1.0.1 Summary: Tools for using a Web Server Gateway Interface stack Home-page: http://pythonpaste.org Author: Ian Bicking diff -Nru /tmp/9RYLp5NsNr/paste-1.0/setup.py /tmp/h6T8ArgtUG/paste-1.0.1/setup.py --- /tmp/9RYLp5NsNr/paste-1.0/setup.py 2006-10-22 22:56:45.000000000 +0200 +++ /tmp/h6T8ArgtUG/paste-1.0.1/setup.py 2006-12-18 01:23:40.000000000 +0100 @@ -2,7 +2,7 @@ # revision (set to True for real releases) RELEASE = False -__version__ = '1.0' +__version__ = '1.0.1' from setuptools import setup, find_packages import sys, os
diff -u sqlalchemy-0.3.1/debian/copyright sqlalchemy-0.3.1/debian/copyright --- sqlalchemy-0.3.1/debian/copyright +++ sqlalchemy-0.3.1/debian/copyright @@ -4,16 +4,73 @@ +Since Thu, 7 Sep 2006 20:58:45 +0200 it is co-maintained by +Piotr Ożarowski <[EMAIL PROTECTED]> + It was originally downloaded from http://sqlalchemy.org/ -Upstream Author: Mike Bayer et al <[EMAIL PROTECTED]> +Upstream Author: Mike Bayer <[EMAIL PROTECTED]> + +Copyright (C) 2004,2005,2006 Michael Bayer [EMAIL PROTECTED] Copyright: ---8<-- -SQLAlchemy is licensed under an MIT-style license (see LICENSE). -Other incorporated projects may be licensed under different licenses. -All licenses allow for non-commercial and commercial use. ---8<-- + This is the MIT license: http://www.opensource.org/licenses/mit-license.php + + Copyright (c) 2005, 2006 Michael Bayer and contributors. SQLAlchemy is a + trademark of Michael Bayer. + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +----------------------------------------------------------- + +test/coverage.py file (only in source package): + + Copyright 2001 Gareth Rees. All rights reserved. + Copyright 2004-2006 Ned Batchelder. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR + TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE. + +----------------------------------------------------------- -I did not see any other licenses or copyrights in the source tree. -Here's the LICENSE file: +The Debian packaging is (C) 2006, Tommi Virtanen <[EMAIL PROTECTED]> and Piotr +Ożarowski <[EMAIL PROTECTED]> - it is licensed under the GPL. -# See the file LICENSE at the top of the source tree. +On Debian systems, the complete text of the GNU General Public License +can be found in `/usr/share/common-licenses/GPL'. diff -u sqlalchemy-0.3.1/debian/changelog sqlalchemy-0.3.1/debian/changelog --- sqlalchemy-0.3.1/debian/changelog +++ sqlalchemy-0.3.1/debian/changelog @@ -1,3 +1,21 @@ +sqlalchemy (0.3.1-2) unstable; urgency=medium + + * debian/copyright file updated (closes: #403767) + + -- Piotr Ozarowski <[EMAIL PROTECTED]> Wed, 20 Dec 2006 00:02:53 +0100 + +sqlalchemy (0.3.3-1) experimental; urgency=low + + * New upstream release + + -- Piotr Ozarowski <[EMAIL PROTECTED]> Fri, 15 Dec 2006 15:36:00 +0100 + +sqlalchemy (0.3.2-1) experimental; urgency=low + + * New upstream release + + -- Piotr Ozarowski <[EMAIL PROTECTED]> Mon, 11 Dec 2006 18:09:00 +0100 + sqlalchemy (0.3.1-1) unstable; urgency=low * New upstream release
pgpgAZ8oeMt1k.pgp
Description: PGP signature
