Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Phil Wyett:
> On Wed, 2017-09-13 at 15:32 +0000, Donncha O'Cearbhaill wrote:
>> Phil Wyett:
>>>>
>>>> Hi,
>>>>
>>>> Please note that the debdiff I provided was essentially a raw backport for
>>>> testing and I thought it may have issues. It was never meant as a 'here it
>>>> is,
>>>> all done' patch ready for submission as a stable update.
>>>>
>>>> I am a little busy at the moment, but if I can help here, I will.
>>>>

I have created a backport patch targeting Nautilus 3.22.3 which contains
the cherry-picked translations for the new UI string.

It adds a line to the debian/control file to remove the pre-built .mo
translation files which were included in the upstream source release. I
also needed to add gettext as a build dependency. With this patch the
.mo/.gmo files should be rebuilt with the new strings during the Debian
package build.

I have tested the backported Nautlius package with Tails 3.1 which is
based on Debian stable. The English and localised interface is displayed
correctly.

Ideally this backport would be ready for Tails 3.2 which is schedule to
be released early next week.

Please let me know if I need to make any further changes.

Regards,
Donncha
diff -Nru nautilus-3.22.3/debian/changelog nautilus-3.22.3/debian/changelog
--- nautilus-3.22.3/debian/changelog2017-03-09 02:39:58.0 +0100
+++ nautilus-3.22.3/debian/changelog2017-09-13 22:22:40.0 +0200
@@ -1,3 +1,10 @@
+nautilus (3.22.3-1.1) stretch; urgency=high
+
+  * Non-maintainer upload.
+  * Backport desktop file trust patch from upstream. (Closes: #860268).
+
+ -- Phil Wyett <philwy...@kathenas.org>  Fri, 01 Sep 2017 23:43:51 +0100
+
 nautilus (3.22.3-1) unstable; urgency=medium

   * New upstream release.
diff -Nru nautilus-3.22.3/debian/control nautilus-3.22.3/debian/control
--- nautilus-3.22.3/debian/control  2017-03-09 02:39:58.0 +0100
+++ nautilus-3.22.3/debian/control  2017-09-20 17:58:00.0 +0200
@@ -31,7 +31,8 @@
gobject-introspection (>= 0.9.12-4~),
libgirepository1.0-dev (>= 0.10.7-1~),
libglib2.0-doc,
-   libgtk-3-doc
+   libgtk-3-doc,
+   gettext
 Homepage: https://wiki.gnome.org/action/show/Apps/Nautilus
 Vcs-Browser: 
https://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/nautilus/
 Vcs-Svn: svn://anonscm.debian.org/pkg-gnome/desktop/unstable/nautilus/
diff -Nru nautilus-3.22.3/debian/control.in nautilus-3.22.3/debian/control.in
--- nautilus-3.22.3/debian/control.in   2016-12-10 02:59:53.0 +0100
+++ nautilus-3.22.3/debian/control.in   2017-09-20 14:52:48.0 +0200
@@ -27,7 +27,8 @@
gobject-introspection (>= 0.9.12-4~),
libgirepository1.0-dev (>= 0.10.7-1~),
libglib2.0-doc,
-   libgtk-3-doc
+   libgtk-3-doc,
+   gettext
 Homepage: https://wiki.gnome.org/action/show/Apps/Nautilus
 Vcs-Browser: 
https://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/nautilus/
 Vcs-Svn: svn://anonscm.debian.org/pkg-gnome/desktop/unstable/nautilus/
diff -Nru nautilus-3.22.3/debian/patches/desktop_file_trust.patch 
nautilus-3.22.3/debian/patches/desktop_file_trust.patch
--- nautilus-3.22.3/debian/patches/desktop_file_trust.patch 1970-01-01 
01:00:00.0 +0100
+++ nautilus-3.22.3/debian/patches/desktop_file_trust.patch 2017-09-14 
15:26:27.0 +0200
@@ -0,0 +1,941 @@
+From 1630f53481f445ada0a455e9979236d31a8d3bb0 Mon Sep 17 00:00:00 2001
+From: Carlos Soriano <csori...@gnome.org>
+Date: Mon, 6 Feb 2017 18:47:54 +0100
+Subject: mime-actions: use file metadata for trusting desktop files
+
+Currently we only trust desktop files that have the executable bit
+set, and don't replace the displayed icon or the displayed name until
+it's trusted, which prevents for running random programs by a malicious
+desktop file.
+
+However, the executable permission is preserved if the desktop file
+comes from a compressed file.
+
+To prevent this, add a metadata::trusted metadata to the file once the
+user acknowledges the file as trusted. This adds metadata to the file,
+which cannot be added unless it has access to the computer.
+
+Also remove the SHEBANG "trusted" content we were putting inside the
+desktop file, since that doesn't add more security since it can come
+with the file itself.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=777991
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268
+ .
+ nautilus (3.22.3-1.1) stretch; urgency=high
+ .
+   * Non-maintainer upload.
+   * Backport desktop file trust patch from upstream. (Closes: #860268)
+Author: Phil Wyett <philwy...@kathenas.org>
+---
+
+--- a/src/nautilus-directory-async.c
 b/src/nautilus-directory-async.c
+@@ -30,6 +30,7 @@
+ #include "nautilus

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

CVE-2017-14604 has been issued for this vulnerability.

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

It looks like I attached the wrong debdiff to my previous email. I have
attached the correct version now.
diff -Nru nautilus-3.22.3/debian/changelog nautilus-3.22.3/debian/changelog
--- nautilus-3.22.3/debian/changelog2017-03-09 02:39:58.0 +0100
+++ nautilus-3.22.3/debian/changelog2017-09-13 22:22:40.0 +0200
@@ -1,3 +1,10 @@
+nautilus (3.22.3-1.1) stretch; urgency=high
+
+  * Non-maintainer upload.
+  * Backport desktop file trust patch from upstream. (Closes: #860268).
+
+ -- Phil Wyett   Fri, 01 Sep 2017 23:43:51 +0100
+
 nautilus (3.22.3-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru nautilus-3.22.3/debian/patches/desktop_file_trust.patch 
nautilus-3.22.3/debian/patches/desktop_file_trust.patch
--- nautilus-3.22.3/debian/patches/desktop_file_trust.patch 1970-01-01 
01:00:00.0 +0100
+++ nautilus-3.22.3/debian/patches/desktop_file_trust.patch 2017-09-14 
15:26:27.0 +0200
@@ -0,0 +1,941 @@
+From 1630f53481f445ada0a455e9979236d31a8d3bb0 Mon Sep 17 00:00:00 2001
+From: Carlos Soriano 
+Date: Mon, 6 Feb 2017 18:47:54 +0100
+Subject: mime-actions: use file metadata for trusting desktop files
+
+Currently we only trust desktop files that have the executable bit
+set, and don't replace the displayed icon or the displayed name until
+it's trusted, which prevents for running random programs by a malicious
+desktop file.
+
+However, the executable permission is preserved if the desktop file
+comes from a compressed file.
+
+To prevent this, add a metadata::trusted metadata to the file once the
+user acknowledges the file as trusted. This adds metadata to the file,
+which cannot be added unless it has access to the computer.
+
+Also remove the SHEBANG "trusted" content we were putting inside the
+desktop file, since that doesn't add more security since it can come
+with the file itself.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=777991
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268
+ .
+ nautilus (3.22.3-1.1) stretch; urgency=high
+ .
+   * Non-maintainer upload.
+   * Backport desktop file trust patch from upstream. (Closes: #860268)
+Author: Phil Wyett 
+---
+
+--- a/src/nautilus-directory-async.c
 b/src/nautilus-directory-async.c
+@@ -30,6 +30,7 @@
+ #include "nautilus-global-preferences.h"
+ #include "nautilus-link.h"
+ #include "nautilus-profile.h"
++#include "nautilus-metadata.h"
+ #include 
+ #include 
+ #include 
+@@ -3580,13 +3581,17 @@
+ {
+ GFile *location;
+ gboolean res;
++g_autofree gchar* trusted = NULL;
+
+ if (!is_launcher)
+ {
+ return TRUE;
+ }
+
+-if (nautilus_file_can_execute (file))
++trusted = nautilus_file_get_metadata (file,
++  
NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED,
++  NULL);
++if (nautilus_file_can_execute (file) && trusted != NULL)
+ {
+ return TRUE;
+ }
+--- a/src/nautilus-file-operations.c
 b/src/nautilus-file-operations.c
+@@ -235,10 +235,10 @@
+ #define COPY_FORCE _("Copy _Anyway")
+
+ static void
+-mark_desktop_file_trusted (CommonJob*common,
+-   GCancellable *cancellable,
+-   GFile*file,
+-   gboolean  interactive);
++mark_desktop_file_executable (CommonJob*common,
++  GCancellable *cancellable,
++  GFile*file,
++  gboolean  interactive);
+
+ static gboolean
+ is_all_button_text (const char *button_text)
+@@ -5290,10 +5290,10 @@
+ g_file_equal (copy_job->desktop_location, dest_dir) &&
+ is_trusted_desktop_file (src, job->cancellable))
+ {
+-mark_desktop_file_trusted (job,
+-   job->cancellable,
+-   dest,
+-   FALSE);
++mark_desktop_file_executable (job,
++  job->cancellable,
++  dest,
++  FALSE);
+ }
+
+ if (job->undo_info != NULL)
+@@ -7887,9 +7887,9 @@
+ }
+
+ static void
+-mark_trusted_task_done (GObject  *source_object,
+-GAsyncResult *res,
+-gpointer  user_data)
++mark_desktop_file_executable_task_done (GObject  *source_object,
++GAsyncResult *res,
++gpointer  user_data)
+ {
+ MarkTrustedJob *job = user_data;
+
+@@ -7907,13 +7907,11 @@
+ #define TRUSTED_SHEBANG "#!/usr/bin/env xdg-open\n"
+
+ static void
+-mark_desktop_file_trusted (CommonJob*common,
+-   GCancellable *cancellable,
+-   GFile   

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Phil Wyett:
> Please note that the debdiff I provided was essentially a raw backport for
> testing and I thought it may have issues. It was never meant as a 'here it is,
> all done' patch ready for submission as a stable update.
> 
> I am a little busy at the moment, but if I can help here, I will.
> 
> Regards
> 
> Phil
> 

Hi,

I have cherry-picked the translations for the string "Trust and _Launch"
and created an updated patch and debdiff containing those strings in the
respective .po files.

Unfortunately it looks like the Debian package does not rebuild the
.gmo/.mo files from the .po files during the build. Instead it uses the
pre-built .gmo files which have be include in the upstream release. As a
result the added translation are not included with the built package.

I'm not sure what is the best way to resolve this:

1. Add gettext build dependency and rebuild the .mo files
3. Ask upstream maintainer to make a 3.22 release contain the patch and
translation
3. Create release without translation for that one string

Phil, I have tested your patch on Tail 3.1 (based on Debian Jessie) and
it is functioning as expected.
From 1630f53481f445ada0a455e9979236d31a8d3bb0 Mon Sep 17 00:00:00 2001
From: Carlos Soriano 
Date: Mon, 6 Feb 2017 18:47:54 +0100
Subject: mime-actions: use file metadata for trusting desktop files

Currently we only trust desktop files that have the executable bit
set, and don't replace the displayed icon or the displayed name until
it's trusted, which prevents for running random programs by a malicious
desktop file.

However, the executable permission is preserved if the desktop file
comes from a compressed file.

To prevent this, add a metadata::trusted metadata to the file once the
user acknowledges the file as trusted. This adds metadata to the file,
which cannot be added unless it has access to the computer.

Also remove the SHEBANG "trusted" content we were putting inside the
desktop file, since that doesn't add more security since it can come
with the file itself.

https://bugzilla.gnome.org/show_bug.cgi?id=777991

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268
 .
 nautilus (3.22.3-1.1) stretch; urgency=high
 .
   * Non-maintainer upload.
   * Backport desktop file trust patch from upstream. (Closes: #860268)
Author: Phil Wyett 
---

--- nautilus-3.22.3.orig/src/nautilus-directory-async.c
+++ nautilus-3.22.3/src/nautilus-directory-async.c
@@ -30,6 +30,7 @@
 #include "nautilus-global-preferences.h"
 #include "nautilus-link.h"
 #include "nautilus-profile.h"
+#include "nautilus-metadata.h"
 #include 
 #include 
 #include 
@@ -3580,13 +3581,17 @@ is_link_trusted (NautilusFile *file,
 {
 GFile *location;
 gboolean res;
+g_autofree gchar* trusted = NULL;

 if (!is_launcher)
 {
 return TRUE;
 }

-if (nautilus_file_can_execute (file))
+trusted = nautilus_file_get_metadata (file,
+  
NAUTILUS_METADATA_KEY_DESKTOP_FILE_TRUSTED,
+  NULL);
+if (nautilus_file_can_execute (file) && trusted != NULL)
 {
 return TRUE;
 }
--- nautilus-3.22.3.orig/src/nautilus-file-operations.c
+++ nautilus-3.22.3/src/nautilus-file-operations.c
@@ -235,10 +235,10 @@ typedef struct
 #define COPY_FORCE _("Copy _Anyway")

 static void
-mark_desktop_file_trusted (CommonJob*common,
-   GCancellable *cancellable,
-   GFile*file,
-   gboolean  interactive);
+mark_desktop_file_executable (CommonJob*common,
+  GCancellable *cancellable,
+  GFile*file,
+  gboolean  interactive);

 static gboolean
 is_all_button_text (const char *button_text)
@@ -5290,10 +5290,10 @@ retry:
 g_file_equal (copy_job->desktop_location, dest_dir) &&
 is_trusted_desktop_file (src, job->cancellable))
 {
-mark_desktop_file_trusted (job,
-   job->cancellable,
-   dest,
-   FALSE);
+mark_desktop_file_executable (job,
+  job->cancellable,
+  dest,
+  FALSE);
 }

 if (job->undo_info != NULL)
@@ -7887,9 +7887,9 @@ nautilus_file_operations_empty_trash (Gt
 }

 static void
-mark_trusted_task_done (GObject  *source_object,
-GAsyncResult *res,
-gpointer  user_data)
+mark_desktop_file_executable_task_done (GObject  *source_object,
+GAsyncResult *res,
+gpointer  user_data)
 {
 MarkTrustedJob *job = user_data;

@@ -7907,13 +7907,11 @@ 

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Phil Wyett:
>>
>> Hi,
>>
>> Please note that the debdiff I provided was essentially a raw backport for
>> testing and I thought it may have issues. It was never meant as a 'here it 
>> is,
>> all done' patch ready for submission as a stable update.
>>
>> I am a little busy at the moment, but if I can help here, I will.
>>
>> Regards
>>
>> Phil
>>
> 
> Hi,
> 
> Has anyone looked at how Red Hat are approaching this issue? RHEL 7.4 is gnome
> 3.22 and using nautilus 3.22.3 I believe.
> 
> Regards
> 
> Phil
> 

The corresponding Red Hat bug is at
https://bugzilla.redhat.com/show_bug.cgi?id=1442231. Unfortunately there
has not been any progress with fixing this issue in RHEL or Fedora 25
either.

Thanks for creating the original patch. I'm not experienced with Debian
packing, but I will try to test your patch later today.

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Jeremy Bicha:
> 
> It's not just a UI change but a translatable string change. The new
> dialog that users will have to use to mark .desktop's as trusted will
> be untranslated.
> 
> Therefore, if you want this feature, you will need to use Nautilus >=
> 3.24 which means you will need to upgrade to buster.
> 

I understand backporting is more difficult when there are user facing UI
and localisation changes. AFAIK the only new translatable string in the
patch is "Trust and _Launch". Would it be possible to include the
translations for that string with this backport patch?

Personally I don't consider this change a *feature*, it is a fix for a
serious security issue affecting Debian stable users (and Tails). The
issue is trivially exploitable against the default configuration.

Video demonstrating the issue:
https://twitter.com/bleidl/status/851969179980845056
More information and an example:
https://github.com/DonnchaC/desktop-file-social-engineering

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Is there anything that I can do to help get this backport patch
deployed? This issue can be exploited in the wild and I think it should
be fixed as soon as possible.

I am still waiting for a response for my CVE request.

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

The upstream developer has now indicated that they will not be
backporting the fix to 3.22.x. They have a policy of not backporting
fixes which involve UI changes in stable branches.

Will Debian backport this issue themselves? I have requested a CVE which
I hope will help other distros to coordinate their fixes.

Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=777991

intrigeri:
> Control: tag -1 + security
> 
> Donncha O'Cearbhaill:
>> Thank you Phil for providing a backport patch. What is the next step
>> needed to get this fix released as a backport? The .desktop security
>> issue is widely know and can be exploited in the wild [1]. IMO this
>> fixed should be made available as soon as possible.
> 
> IMO the next step is to find out the answer to "Is there any plan
> upstream to backport this fix to their 3.22.x branch, and/or to
> request a CVE?": if this problem is as severe as it sounds, then it
> should be tracked as a security issue and fixed cross-distro, rather
> than patched in only the distros that are lucky enough to have users
> who care about such things.
> 

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

intrigeri:
> Control: tag -1 + security
> 
> Donncha O'Cearbhaill:
>> Thank you Phil for providing a backport patch. What is the next step
>> needed to get this fix released as a backport? The .desktop security
>> issue is widely know and can be exploited in the wild [1]. IMO this
>> fixed should be made available as soon as possible.
> 
> IMO the next step is to find out the answer to "Is there any plan
> upstream to backport this fix to their 3.22.x branch, and/or to
> request a CVE?": if this problem is as severe as it sounds, then it
> should be tracked as a security issue and fixed cross-distro, rather
> than patched in only the distros that are lucky enough to have users
> who care about such things.
> 

The upstream developer has indicated that he willing to make a 3.22.x
release if a backport patch is provided. I've sent him a link to Phil
Wyett's debdiff which I hope is acceptable.

I will also file a CVE request for this issue which should help to
coordinate the release of this fix for other distros.

Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=777991

Bug#860268: .desktop files can hide malware in Nautilus

[Donncha O'Cearbhaill]

Hi,

Thank you Phil for providing a backport patch. What is the next step
needed to get this fix released as a backport? The .desktop security
issue is widely know and can be exploited in the wild [1]. IMO this
fixed should be made available as soon as possible.

Regards,
Donncha

[1] https://github.com/freedomofpress/securedrop/issues/2238



signature.asc
Description: OpenPGP digital signature

Bug#832821: when configured address contains .onion, things go wrong

[Donncha O'Cearbhaill]

On Fri, 29 Jul 2016 07:17:00 + Peter Palfrader 
wrote:
> Package: onionbalance
> Version: 0.1.4-1~bpo8+1
> Severity: normal
> 
> Hi,
> 
> I had this config:
> 
> |  - # ftp.debian.org via vwakviie2ienjx6t.onion
> |key: private_keys/ftp.debian.org.key
> |instances:
> |  - address: kpw6vrobjzz4yd7x.onion
> |name: klecker-ftp.debian.org
> 
> And shortly after start up I would get
> | [WARNING]: Received a descriptor with address kpw6vrobjzz4yd7x.onion that 
> did not match any configured service instances.
> 
> Digging a little, suggests that onionbalance would try to set up things
> and fetch the descriptor for kpw6vrobjzz4yd7x.onion.  However, when it
> was getting the descriptor, it ended up being confused about the .onion
> extensioni.  I added some log lines to descriptor.py's descriptor_received():
> 
> | [WARNING]: [weasel] iterating over configured services
> | [WARNING]: [weasel]  service  0x7f03bff246d8>
> | [WARNING]: [weasel]   instance  0x7f03bff24588>
> | [WARNING]: [weasel]onion_address kpw6vrobjzz4yd7x.onion
> | [WARNING]: [weasel]descriptor_onion_address kpw6vrobjzz4yd7x
>^^ of course, == will fail between these.
> | [WARNING]: Received a descriptor with address kpw6vrobjzz4yd7x.onion that 
> did not match any configured service instances.
> 
> I suggest that onionbalance either handle .onion as address everywhere,
> or that it reject them earlier.

I have fixed this bug upstream in
https://github.com/DonnchaC/onionbalance/issues/37. The fix has not been
included in a release yet, but it is scheduled for release 0.1.5.

Regards,
Donncha

Bug#812459: python3-stem: fails to upgrade from 'testing' - trying to overwrite /usr/bin/tor-prompt

[Donncha O'Cearbhaill]

This package is marked for autoremoval on the 8th March and the bug has
not received a response from the package maintainer.

I've attached an NMU patch which I think will resolve this issue.

Regards,
Donncha
diff -Nru python-stem-1.4.1b/debian/changelog 
python-stem-1.4.1b/debian/changelog
--- python-stem-1.4.1b/debian/changelog 2016-01-18 14:58:04.0 +0100
+++ python-stem-1.4.1b/debian/changelog 2016-03-06 00:16:13.0 +0100
@@ -1,3 +1,12 @@
+python-stem (1.4.1b-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/rules: Use update-alternatives to select between
+/usr/bin/tor-prompt for the Python 2 and Python 3 packages
+(Closes: #812459).
+
+ -- Donncha O'Cearbhaill <donn...@donncha.is>  Sat, 05 Mar 2016 23:24:41 +0100
+
 python-stem (1.4.1b-2) unstable; urgency=medium
 
   * Rollback #767555 since it kinda loses functionality as it is.
diff -Nru python-stem-1.4.1b/debian/python3-stem.postinst 
python-stem-1.4.1b/debian/python3-stem.postinst
--- python-stem-1.4.1b/debian/python3-stem.postinst 1970-01-01 
01:00:00.0 +0100
+++ python-stem-1.4.1b/debian/python3-stem.postinst 2016-03-06 
00:05:52.0 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = "configure" ] ; then
+update-alternatives --install /usr/bin/tor-prompt tor-prompt 
/usr/bin/python3-tor-prompt 200
+fi
+
+#DEBHELPER#
+
+exit 0
diff -Nru python-stem-1.4.1b/debian/python3-stem.prerm 
python-stem-1.4.1b/debian/python3-stem.prerm
--- python-stem-1.4.1b/debian/python3-stem.prerm1970-01-01 
01:00:00.0 +0100
+++ python-stem-1.4.1b/debian/python3-stem.prerm2016-03-06 
00:05:52.0 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = "remove" ] ; then
+update-alternatives --remove tor-prompt /usr/bin/python3-tor-prompt
+fi
+
+#DEBHELPER#
+
+exit 0
diff -Nru python-stem-1.4.1b/debian/python-stem.postinst 
python-stem-1.4.1b/debian/python-stem.postinst
--- python-stem-1.4.1b/debian/python-stem.postinst  1970-01-01 
01:00:00.0 +0100
+++ python-stem-1.4.1b/debian/python-stem.postinst  2016-03-06 
00:05:52.0 +0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = "configure" ] ; then
+update-alternatives --install /usr/bin/tor-prompt tor-prompt 
/usr/bin/python2-tor-prompt 300
+fi
+
+#DEBHELPER#
+
+exit 0
diff -Nru python-stem-1.4.1b/debian/python-stem.prerm 
python-stem-1.4.1b/debian/python-stem.prerm
--- python-stem-1.4.1b/debian/python-stem.prerm 1970-01-01 01:00:00.0 
+0100
+++ python-stem-1.4.1b/debian/python-stem.prerm 2016-03-06 00:05:52.0 
+0100
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = "remove" ] ; then
+update-alternatives --remove tor-prompt /usr/bin/python2-tor-prompt
+fi
+
+#DEBHELPER#
+
+exit 0
diff -Nru python-stem-1.4.1b/debian/rules python-stem-1.4.1b/debian/rules
--- python-stem-1.4.1b/debian/rules 2016-01-18 15:40:17.0 +0100
+++ python-stem-1.4.1b/debian/rules 2016-03-06 00:17:12.0 +0100
@@ -24,11 +24,12 @@
$$py setup.py install --root debian/python3-stem \
--install-layout=deb; \
done; \
-   rm -rf debian/python-stem/usr/bin
-   
+   mv debian/python-stem/usr/bin/tor-prompt 
debian/python-stem/usr/bin/python2-tor-prompt
+   mv debian/python3-stem/usr/bin/tor-prompt 
debian/python3-stem/usr/bin/python3-tor-prompt
+
 override_dh_auto_clean:
dh_auto_clean -- --all
rm -rf build
 
 override_dh_installman:
-   dh_installman -ppython3-stem debian/tor-prompt.8
+   dh_installman -A debian/tor-prompt.8


signature.asc
Description: OpenPGP digital signature

Bug#806134: ITP: python-schedule -- Job scheduling for humans

[Donncha O'Cearbhaill]

Package: wnpp
Severity: wishlist
Owner: Donncha O'Cearbhaill <donn...@donncha.is>

* Package name: python-schedule
  Version : 0.3.2
  Upstream Author : Daniel Bader <m...@dbader.org>
* URL : https://github.com/dbader/schedule
* License : Expat
  Programming Lang: Python
  Description : Job scheduling for humans

 An in-process scheduler for periodic jobs that uses the builder pattern
 for configuration. Schedule lets you run Python functions (or any other
 callable) periodically at pre-determined intervals using a simple,
 human-friendly syntax.



signature.asc
Description: OpenPGP digital signature

Bug#806158: RFS: schedule/0.3.2-1 [ITP] -- Python job scheduling for humans

[Donncha O'Cearbhaill]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "schedule"

 Package name: schedule
 Version : 0.3.2-1
 Upstream Author : Daniel Bader <m...@dbader.org>
 URL : https://github.com/dbader/schedule/
 License : Expat
 Section : python

It builds those binary packages:

  python-schedule - Job scheduling for humans (Python 2)
  python3-schedule - Job scheduling for humans (Python 3)

To access further information about this package, please visit the
following URL:

http://mentors.debian.net/package/schedule


Alternatively, one can download the package with dget using this command:

  dget -x
http://mentors.debian.net/debian/pool/main/s/schedule/schedule_0.3.2-1.dsc


Regards,
 Donncha O'Cearbhaill



signature.asc
Description: OpenPGP digital signature

Bug#799973: ITP: onionbalance -- Tor hidden service load balancer

[Donncha O'Cearbhaill]

Package: wnpp
Severity: wishlist
Owner: Donncha O'Cearbhaill <donn...@donncha.is>

* Package name: onionbalance
  Version : 0.1.1
  Upstream Author : Donncha O'Cearbhaill <donn...@donncha.is>
* URL : https://github.com/DonnchaC/onionbalance/
* License : GPL-3+
  Programming Lang: Python
  Description : Tor hidden service load balancer

 The onionbalance tool provides load-balancing and redundancy for Tor
 hidden services by distributing user requests to multiple backend
 Tor instances.



signature.asc
Description: OpenPGP digital signature