[Pkg-javascript-devel] Bug#963764: node-node-sass: uses embedded old security-buggy libsass
merkys at debian.org
merkys at debian.org
Wed Jul 8 14:13:06 BST 2020
Control: tags 963764 + help
Hello,
The upstream has updated the libsass support to 3.6.3 [1], it's just not
released yet. I have successfully used head of their git repository to
build node-node-sass without the embedded libsass copy (there were a
couple of failing mocha tests, however).
I could push my fix to salsa, however, I cannot get the MUT update right.
I have tried 'gbp import-orig --pristine-tar --uscan', but when I try
building with it, I get
dpkg-source: error: aborting due to unexpected upstream changes, see
/tmp/node-node-sass_4.14.1+git20200512.e1fc158+dfsg-1.diff.ks7Wz0
dpkg-source: info: you can integrate the local changes with dpkg-source
--commit
dpkg-buildpackage: error: dpkg-source -i -I -b . subprocess returned
exit status 2
debuild: fatal error at line 1182:
dpkg-buildpackage -us -uc -ui -i -I failed
Could someone help me with this? My changes to files under debian/ are as
follows:
diff --git a/debian/changelog b/debian/changelog
index 5a71d11..d9f6e08 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+node-node-sass (4.14.1+git20200512.e1fc158+dfsg-1) UNRELEASED;
urgency=medium
+node-node-sass (4.14.1+git20200512.e1fc158+dfsg-1) UNRELEASED;
urgency=medium
+
+ * Fetching git HEAD, excluding src/libsass.
+ * New upstream version 4.14.1+git20200512.e1fc158+dfsg
+
+ -- Andrius Merkys <merkys at debian.org> Wed, 08 Jul 2020 09:00:53 -0400
+
node-node-sass (4.14.1-2) unstable; urgency=medium
* Team upload
diff --git a/debian/copyright b/debian/copyright
index 2867cb4..2fc5287 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -2,6 +2,8 @@ Format:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: node-sass
Upstream-Contact: https://github.com/sass/node-sass/issues
Source: https://github.com/sass/node-sass
+Files-Excluded:
+ src/libsass
Files: *
Copyright: 2013-2016, Andrew Nesbitt <andrewnez at gmail.com>
diff --git a/debian/patches/series b/debian/patches/series
index 48212ec..58fd4de 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,5 @@
-fix_tap-runner.diff
-fix_versionsh.diff
+#fix_tap-runner.diff
+#fix_versionsh.diff
fix_build.diff
fix-component-tests.diff
0005-build-on-more-architectures.diff
diff --git a/debian/watch b/debian/watch
index d87ee54..157867a 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,8 +1,11 @@
version=4
opts=\
-dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//,\
-filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/node-node-sass-$1.tar.gz/ \
- https://github.com/sass/node-sass/releases
.*/archive/v?([\d\.]+).tar.gz debian
+mode=git,\
+pretty=4.14.1+git%cd.%h,\
+repack,\
+repacksuffix=+dfsg,\
+dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$// \
+ https://github.com/sass/node-sass HEAD debian
opts="searchmode=plain,pgpmode=none,component=async-foreach,\
dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$//" \
Best,
Andrius
[1] https://github.com/sass/node-sass/pull/2859
More information about the Pkg-javascript-devel
mailing list