Details about package iputils

Package uploads

Upload #1

Information

Changelog

 iputils (3:20250605-1) unstable; urgency=medium
 .
   * NMU
   * New upstream version 20250605
     https://github.com/iputils/iputils/releases/tag/20250605
   * Fixes regression in ping.
   * New upstream version 20250602
     https://github.com/iputils/iputils/releases/tag/20250602
   * Fixes CVE-2025-47268 and CVE-2025-48964
   * debian/rules: Remove unwanted html doc
   * debian/missing-sources: Add missing html (not shipped)

QA information

• –
  Package uses debhelper-compat
  Debhelper compatibility level 13
• –
  Package is the latest upstream version

  Local:	20250605
  Upstream:	20250605
  Url:	https://github.com/iputils/iputils/releases/download/20250605/iputils-20250605.tar.xz

• –
  Package is not native

  Format:

  3.0 (quilt)

• –
  The uploader is not in the package's "Maintainer" or "Uploaders" fields

  User email

  petr.vorel@gmail.com

  "Maintainer" email

  noahm@debian.org

• –
  Package has lintian errors
  iputils source

  • E source-is-missing
    • [doc/tracepath.html]
  • W source-nmu-has-incorrect-version-number
    • 3:20250605-1 [debian/changelog:1]
  • I out-of-date-standards-version
    • 4.5.0 (released 2020-01-20) (current is 4.7.2)
  • P silent-on-rules-requiring-root
    • [debian/control]
  • X debian-watch-does-not-check-openpgp-signature
    • [debian/watch]
  • X very-long-line-length-in-source-file
    • 543 > 512 [doc/tracepath.8:110]
    • 738 > 512 [doc/ping.8:497]
    • 756 > 512 [Documentation/LICENSE.BSD3:9]
    • 875 > 512 [doc/tracepath.html:101]
• –
  Package is already in Debian
  • Detected as a non-maintainer upload
  • The package uploader is not currently maintaining iputils in Debian
  • Last upload was on the 2025-04-22
• –
  d/copyright is in DEP5 format

  Upstream Contact:	https://github.com/iputils/iputils/issues/
  Licenses:	GPL-2+, BSD-3-clause, public-domain

Comments

1. Hi Petr,
   
   Debian QA indicates lintian errors, please use sbuild in a minimal chroot and fix them so that an interested sponsor can look into your package.
   
   Regards,
   Aryan Karamtoth
   Debian Contributor
   IRC: SpaciousCoder78

   Needs work Aryan Karamtoth at July 21, 2025, 2:44 a.m.

2. Hi Petr,
   
   Since you mention CVEs, I assume you are trying to target trixie with important security fixes?
   
   If that's the case I think you need to create a suitably high severity bug in the BTS (1) to block the release if appropriate, (2) to make sure the package maintainer has a chance to get involved (quickly!) if they can (he may not have seen your MRs) and (3) to refer to from the unblock request for further information.
   
   I'd also suggest filing a pre-approval unblock request as soon as you have the bug, a candidate debdiff and a good justification for taking the new upstream instead of attempting to cherry-pick the targeted fixes. The sooner the better, especially if some collaboration is needed.
   
   Other suggestions:
   1) NMU version would be "3:20250605-0.1".
   2) Drop the unrelated debian/* changes unless they are intrinsic to taking the new upstream if this is for trixie. Due to the freeze, it's the wrong time to attend to lintian issues!
   3) Coalesce the two upstream versions in the changelog - you only mention the one you are bringing in (I think). I would mention key features of both under the consolidated entry but drop the mention of regression fixes if they just reverse regressions from the other version that is consolidated. So I think that just leaves the CVE references.
   
   Hope this helps and good luck - we don't want to lose "ping"!
   
   Andrew

   Needs work Andrew Bower at July 21, 2025, 10:47 p.m.

© 2008-2022 mentors.debian.net - Hosting and hardware provided by Wavecon - Source code and bugs (Version 75780d6) - Contact