Sign me up Login

Details about package cjson

Name:	cjson (PTS)
Uploader:	Maytham Alsudany <maytha8thedev@gmail.com> (Debian QA page)
Description:	libcjson-dev - Ultralightweight JSON parser in ANSI C (development files) libcjson1 - Ultralightweight JSON parser in ANSI C

Package uploads

Upload #2

Information

Version:	1.7.15-1+deb12u1
Uploaded:	2024-04-09 01:45
Source package:	cjson_1.7.15-1+deb12u1.dsc
Distribution:	bookworm
Section:	libs
Priority:	optional
Homepage:	https://github.com/DaveGamble/cJSON
Vcs-Git:	https://salsa.debian.org/debian/cjson.git
Vcs-Browser:	https://salsa.debian.org/debian/cjson
Closes bugs:	#1059287

Changelog

 cjson (1.7.15-1+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Backport patch to add NULL checkings (CVE-2023-50472, CVE-2023-50471)
     (Closes: #1059287)

QA information

–
Package uses debhelper-compat

Debhelper compatibility level 13

–

Newer upstream version available

Local:	1.7.15
Upstream:	1.7.17
Url:	https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.17.tar.gz

–
Package is not native

Format: 3.0 (quilt)
–
The uploader is not in the package's "Maintainer" or "Uploaders" fields

User email

maytha8thedev@gmail.com

"Maintainer" email

byang@debian.org
–
Package has lintian errors
cjson changes
- E bad-distribution-in-changes-file
  - bookworm
cjson source
- W source-nmu-has-incorrect-version-number
  - 1.7.15-1+deb12u1 [debian/changelog:1]
- I out-of-date-standards-version
  - 4.6.0 (released 2021-08-18) (current is 4.6.2)
- X debian-watch-does-not-check-openpgp-signature
  - [debian/watch]
- X prefer-uscan-symlink
  - filenamemangle s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%cJSON-$1.tar.gz% [debian/watch:4]
- X update-debian-copyright
  - 2018 vs 2024 [debian/copyright:10]
- X upstream-metadata-file-is-missing
–
Package closes bugs in a wrong way
Errors:
- Bug #1059287 is closed
- src:cjson:
  - #1059287 (Normal): cjson: CVE-2023-50471 CVE-2023-50472
–
Package is already in Debian
- Detected as a non-maintainer upload
- The package uploader is not currently maintaining cjson in Debian
- Last upload was on the 2024-03-22
–
Upstream-Contact missing from d/copyright

Upstream Contact: None

Licenses: MIT, Apache-2.0

Comments

No comments

Upload #1

Information

Version:	1.7.15-1+deb12u1
Uploaded:	2024-04-08 07:46
Source package:	cjson_1.7.15-1+deb12u1.dsc
Distribution:	bookworm
Section:	libs
Priority:	optional
Homepage:	https://github.com/DaveGamble/cJSON
Vcs-Git:	https://salsa.debian.org/debian/cjson.git
Vcs-Browser:	https://salsa.debian.org/debian/cjson
Closes bugs:	#1059287

Changelog

 cjson (1.7.15-1+deb12u1) bookworm; urgency=medium
 .
   * Update Maintainer field
   * Bump Standards-Version to 4.6.2 (no changes)
   * Backport patch to add NULL checkings (CVE-2023-50472, CVE-2023-50471)
     (Closes: #1059287)
   * Add Build-Depends-Package to symbols

QA information

–
Package uses debhelper-compat

Debhelper compatibility level 13

–

Newer upstream version available

Local:	1.7.15
Upstream:	1.7.17
Url:	https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.17.tar.gz

–
Package is not native

Format: 3.0 (quilt)
–
"Maintainer" email is the same as the uploader
–
Package has lintian errors
cjson changes
- E bad-distribution-in-changes-file
  - bookworm
cjson source
- X debian-watch-does-not-check-openpgp-signature
  - [debian/watch]
- X prefer-uscan-symlink
  - filenamemangle s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%cJSON-$1.tar.gz% [debian/watch:4]
- X update-debian-copyright
  - 2018 vs 2024 [debian/copyright:10]
- X upstream-metadata-file-is-missing
–
Package closes bugs in a wrong way
Errors:
- Bug #1059287 is closed
- src:cjson:
  - #1059287 (Normal): cjson: CVE-2023-50471 CVE-2023-50472
–
Package is already in Debian
- The package uploader is not currently maintaining cjson in Debian
- Last upload was on the 2024-03-22
–
Upstream-Contact missing from d/copyright

Upstream Contact: None

Licenses: MIT, Apache-2.0

Comments

You increase chances to find a sponsor if the upload does not contain an error (red mark) and as few as possible (ideally none) warning (yellow mark).

If you want to update the package for the branch of testing (i.e. Debian 13/trixie), the targeted distribution should be `unstable`.  The successful upload of an error-free version to unstable is a requirement for a subsequent unpdate as bpo for current `stable` / Debian 12/bookworm documented e.g., [here](https://backports.debian.org/).  Your can simultaneously upload both of the update to testing and stable to the mentors page, a sponsoring DD can schedule the deferred upload of the later as bpo.

Needs work Norwid Behrnd at April 8, 2024, 8:24 a.m.

This isn't a backport, this is an update to bookworm (stable) dist.

Ready Maytham Alsudany at April 8, 2024, 8:55 a.m.

So far I understood every update to update bookworm, because it currently is branch stable .and. already published would represent an backport.  Thus, if there were already a `package X.Y.1-2~bpo12+1` with a first / initial backport, its update could be named e.g., `package X.Y.2-1~bpo12+1` to be the next one provided to bookworm, however based on previous work to `package X.Y.2-1` already present in branch `testing`, i.e. currently `trixie`.

Did I misunderstand / misread something from the survey on https://backports.debian.org/bookworm-backports/overview/ ?

Norwid Behrnd at April 16, 2024, 3:20 p.m.

Yes: https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions

Maytham Alsudany at April 16, 2024, 3:31 p.m.

Upstream Contact:	None
Licenses:	MIT, Apache-2.0

Upstream Contact:	None
Licenses:	MIT, Apache-2.0