Details about package cjson
Name: | cjson (PTS) |
---|---|
Uploader: | Maytham Alsudany <maytha8thedev@gmail.com> (Debian QA page) |
Description: | libcjson-dev - Ultralightweight JSON parser in ANSI C (development files) libcjson1 - Ultralightweight JSON parser in ANSI C |
Package uploads
Upload #2
Information
Version: | 1.7.15-1+deb12u1 |
---|---|
Uploaded: | 2024-04-09 01:45 |
Source package: | cjson_1.7.15-1+deb12u1.dsc |
Distribution: | bookworm |
Section: | libs |
Priority: | optional |
Homepage: | https://github.com/DaveGamble/cJSON |
Vcs-Git: | https://salsa.debian.org/debian/cjson.git |
Vcs-Browser: | https://salsa.debian.org/debian/cjson |
Closes bugs: | #1059287 |
Changelog
cjson (1.7.15-1+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Backport patch to add NULL checkings (CVE-2023-50472, CVE-2023-50471) (Closes: #1059287)
QA information
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
Local: 1.7.15 Upstream: 1.7.17 Url: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.17.tar.gz -
–
Package is not native
Format: 3.0 (quilt) -
–
The uploader is not in the package's "Maintainer" or "Uploaders" fields
- User email
- maytha8thedev@gmail.com
- "Maintainer" email
- byang@debian.org
-
–
Package has lintian errorscjson changes
-
E
bad-distribution-in-changes-file
- bookworm
cjson source-
W
source-nmu-has-incorrect-version-number
- 1.7.15-1+deb12u1 [debian/changelog:1]
-
I
out-of-date-standards-version
- 4.6.0 (released 2021-08-18) (current is 4.6.2)
-
X
debian-watch-does-not-check-openpgp-signature
- [debian/watch]
-
X
prefer-uscan-symlink
- filenamemangle s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%cJSON-$1.tar.gz% [debian/watch:4]
-
X
update-debian-copyright
- 2018 vs 2024 [debian/copyright:10]
-
X
upstream-metadata-file-is-missing
-
E
bad-distribution-in-changes-file
-
–
Package closes bugs in a wrong way
-
–
Package is already in Debian
- Detected as a non-maintainer upload
- The package uploader is not currently maintaining cjson in Debian
- Last upload was on the 2024-03-22
-
–
Upstream-Contact missing from d/copyright
Upstream Contact: None Licenses: MIT, Apache-2.0
Comments
No comments
Upload #1
Information
Version: | 1.7.15-1+deb12u1 |
---|---|
Uploaded: | 2024-04-08 07:46 |
Source package: | cjson_1.7.15-1+deb12u1.dsc |
Distribution: | bookworm |
Section: | libs |
Priority: | optional |
Homepage: | https://github.com/DaveGamble/cJSON |
Vcs-Git: | https://salsa.debian.org/debian/cjson.git |
Vcs-Browser: | https://salsa.debian.org/debian/cjson |
Closes bugs: | #1059287 |
Changelog
cjson (1.7.15-1+deb12u1) bookworm; urgency=medium . * Update Maintainer field * Bump Standards-Version to 4.6.2 (no changes) * Backport patch to add NULL checkings (CVE-2023-50472, CVE-2023-50471) (Closes: #1059287) * Add Build-Depends-Package to symbols
QA information
-
–
Package uses debhelper-compatDebhelper compatibility level 13
-
–
Newer upstream version available
Local: 1.7.15 Upstream: 1.7.17 Url: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.17.tar.gz -
–
Package is not native
Format: 3.0 (quilt) -
–
"Maintainer" email is the same as the uploader
-
–
Package has lintian errorscjson changes
-
E
bad-distribution-in-changes-file
- bookworm
cjson source-
X
debian-watch-does-not-check-openpgp-signature
- [debian/watch]
-
X
prefer-uscan-symlink
- filenamemangle s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%cJSON-$1.tar.gz% [debian/watch:4]
-
X
update-debian-copyright
- 2018 vs 2024 [debian/copyright:10]
-
X
upstream-metadata-file-is-missing
-
E
bad-distribution-in-changes-file
-
–
Package closes bugs in a wrong way
-
–
Package is already in Debian
- The package uploader is not currently maintaining cjson in Debian
- Last upload was on the 2024-03-22
-
–
Upstream-Contact missing from d/copyright
Upstream Contact: None Licenses: MIT, Apache-2.0
Comments
-
You increase chances to find a sponsor if the upload does not contain an error (red mark) and as few as possible (ideally none) warning (yellow mark). If you want to update the package for the branch of testing (i.e. Debian 13/trixie), the targeted distribution should be `unstable`. The successful upload of an error-free version to unstable is a requirement for a subsequent unpdate as bpo for current `stable` / Debian 12/bookworm documented e.g., [here](https://backports.debian.org/). Your can simultaneously upload both of the update to testing and stable to the mentors page, a sponsoring DD can schedule the deferred upload of the later as bpo.
Needs work Norwid Behrnd at April 8, 2024, 8:24 a.m. -
This isn't a backport, this is an update to bookworm (stable) dist.
Ready Maytham Alsudany at April 8, 2024, 8:55 a.m. -
So far I understood every update to update bookworm, because it currently is branch stable .and. already published would represent an backport. Thus, if there were already a `package X.Y.1-2~bpo12+1` with a first / initial backport, its update could be named e.g., `package X.Y.2-1~bpo12+1` to be the next one provided to bookworm, however based on previous work to `package X.Y.2-1` already present in branch `testing`, i.e. currently `trixie`. Did I misunderstand / misread something from the survey on https://backports.debian.org/bookworm-backports/overview/ ?
Norwid Behrnd at April 16, 2024, 3:20 p.m. -
Yes: https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions
Maytham Alsudany at April 16, 2024, 3:31 p.m.