Bug#930991: gajim in Debian Stable does not start anymore

[W. Martin Borgert]

On 2019-06-24 09:47, David Rabel wrote:
> Package: gajim
> Version: 0.16.6-1.1

Dear David,

I'll try to analyse this problem, but don't hold your breath,
because I'm a little bit busy.

Anyway, I suggest strongly to give Gajim >= 1 a try! Gajim
improved massively between 0.16 and 1.

Installation should be more or less:

$ echo deb https://deb.debian.org/debian stretch-backports main \
  | sudo tee /etc/apt/sources.list.d/stretch-backports.list
$ sudo apt update
$ sudo apt install -t stretch-backports gajim

Of course, there might be good reasons to stay with the older
version and the problem still needs to be fixed.

Cheers

Bug#922509: security issue in PEP plugin (CVE-2019-1000021)

[W. Martin Borgert]

Source: slixmpp
Version: 1.2.2-1.1
Severity: grave
Tags: security patch upstream

See
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-121
for details. A fixed version for stretch-security is on its way.

Bug#921195: mcabber: does not connect to Jabber via IPv6 (fails Etch release goal)

[W. Martin Borgert]

Control: reassign -1 libloudmouth1-0
Control: retitle -1 libloudmouth1-0: does not support IPv6 (fails Squeeze 
release goal)
Control: tag -1 + patch

On 2019-02-03 09:32, W. Martin Borgert wrote:
> I'm in the same network, and mcabber works for me.

After testing again, I believe, that my computer just
re-connected to the other (IPv4-capable) network.

With this commit (patch applies), IPv6 seems to work:

https://github.com/mcabber/loudmouth/commit/95078ef12ab30735b4280675837c64686cf9faaa

Bug#907718: python-dateutil needs to be updated for buster

[W. Martin Borgert]

Hi,

I'm just updating salutatoi and it needs python-dateutil (still
Python 2!) >= 2.7.3, it seems. Therefore, #907718 must be solved
in time for buster. Also, there is a new upstream version 2.8.0,
which seems to fix a lot of bugs¹.

TIA & Cheers

¹ 
https://dateutil.readthedocs.io/en/stable/changelog.html#version-2-8-0-2019-02-04

Bug#921195: mcabber: does not connect to Jabber via IPv6 (fails Etch release goal)

[W. Martin Borgert]

On 2019-02-02 21:23, Thorsten Glaser wrote:

I’m currently in the FOSDEM WLAN (IPv6-only, not FOSDEM-legacy),
and I can neither connect to the Jabber server with SRV RRs nor
when hardcoding commu.teckids.org in mcabberrc.


I'm in the same network, and mcabber works for me.

Bug#921095: gajim: traceback when starting gajim: got an unexpected keyword argument 'lang'

[W. Martin Borgert]

Control: severity -1 normal

Hi,

please install python3-nbxmpp 0.6.9-1 from testing, then it will be OK.

The gajim package is still missing the correctly versioned
dependency, but it's solved in git since ten days:

https://salsa.debian.org/xmpp-team/gajim/commit/04fa00c7b1cff05e6e63ada6751f2d13a3955577

So this will be fixed with the next upload.
Sorry for the inconvenience!

Cheers

Bug#918162: Broken with Thunderbird 60

[W. Martin Borgert]

Quoting Moritz Muehlenhoff :
The plugin is broken with Thunderbird 60 in stretch and sid, after  
installation
it's disabled and only prints "External Editor is incompatible with  
Thunderbird 60.4".


Yes, the package needs an update to version 1.0.3.
Will do ASAP! And many thanks for reminding me!

TB 60 was uploaded to stretch over two months ago (and three months  
ago to sid), given
that noone filed a bug so far, it makes me wonder whether this  
package is used

at all...


Not surprising to me! I'm using the package every (working) day, but
as probably a lot of users, I have thunderbird on hold at version
1:52.9.1-1~deb9u1. After that version a lot of breakage happened, not
only to this extension, but also to calendar-exchange-provider
(#906730) and enigmail (#909000).

It is very unfortunate, that we are not able to prevent major package
breakage during a "stable" release cycle, but I'll at least try reduce
the impact by trying to get a new version into proposed-updates.

Cheers

Bug#917791: [Pkg-xmpp-devel] Bug#917791: poezio: Missing dependency on python3-cffi

[W. Martin Borgert]

On 2018-12-30 19:55, Dominik George wrote:
> I can reproduce the issue with 0.12.1-2, and I strongly doubt it works
> without cffi (except in cases where the code that uses cffi is for some
> reason not executed):
>
> $ grep -r cffi
> […]
> poezio/poopt.py:from cffi import FFI

Strange, that it still works on my machine. It shouldn't! :)
In setup.py it's only an "extras_require".
Anyway, let's just add the dependency.

Bug#917791: poezio: Missing dependency on python3-cffi

[W. Martin Borgert]

On 2018-12-30 12:20, Tom Teichler wrote:
> When starting python3-cffi is missing. Does not work at all.

I'm using poezio 0.12.1-2 (uploaded yesterday) and it works
perfectly without python3-cffi*. Could you try that, please?

Bug#915805: Should this package be removed?

[W. Martin Borgert]

On 2018-12-07 13:41, Kevin Smith wrote:
> Apologies, I’d forgotten that we’d prepared an update from upstream and not 
> gotten it submitted. We’ll try to address this in the next week or so.

Nice!

If you intend to raise the package from the not yet dead, please
consider joining the XMPP packaging team and have the Debian
package code in salsa.debian.org/xmpp-team/

Bug#915805: Should this package be removed?

[W. Martin Borgert]

On 2018-12-06 22:55, Moritz Muehlenhoff wrote:
> Unless any objections are raised, I'd reassign this bug to ftp.debian.org
> for removal.

I contacted the maintainers about the package in April,
but did not yet receive an answer.

Bug#914530: prosody: broken LDAP support

[W. Martin Borgert]

Package: prosody
Version: 0.11.0-1
Severity: grave

(I'm abusing the "grave" severity here to prevent prosody going
to testing, "important" would be correct. If there were a
prosody-ldap package, that one would deserve the "grave"
severity bug.)

As long as lua-ldap does not support lua5.2 (#814218), LDAP
support cannot work. This will break prosody installations, that
depend on that feature, such as Debians.

Bug#906057: linphone: Linphone "cannot start transport on port 5060, maybe this port is already used" although it is not.

[W. Martin Borgert]

I use linphone on stretch as my one and only telephone.
So far, I did not encounter this problem.
I suggest to downgrade this issue to "important",
because it seems to affect only few users.

Bug#909000: Enigmail 2.0 needed in Stretch after Thunderbird 60 upload

[W. Martin Borgert]

Quoting Daniel Kahn Gillmor :

thanks for testing! it appears that i failed to push earlier, but it
should now be pushed to salsa.


Yes, it is there, it build and installs fine and I could decrypt
and verify existing email. I then couldn't test further, because
I need the exchange calendar add-on, so I had to go back to
1:52.9.1-1~deb9u1 (see #906730: "calendar-exchange-provider:
Add-on is not compatible with Thunderbird 60.0"). I have
thunderbird on "hold" to refuse 60.0 until calendar works again.

Bug#909000: Enigmail 2.0 needed in Stretch after Thunderbird 60 upload

[W. Martin Borgert]

Hi Daniel,


In the meantime, for enigmail, i've pushed a debian/stretch branch into
salsa with commit id b6e978d64af1defdfed876b09c8a57acb796ad72 as


Did you push? I can't find the id. I would like to test.

Btw. having it in bpo9 would be very good. I know, that this is abuse of
backports. But whatever we do, it's better than letting users install
via "Add-ones Manager".

Cheers

Bug#906876: xul-ext-scrapbook no longer works with firefox-esr 60

[W. Martin Borgert]

On 2018-08-21 21:51, Adrian Bunk wrote:
> Package: xul-ext-scrapbook
> Version: 1.5.13-3
> Severity: serious
>
> XUL addons are no longer supported. 

Somebody would need to package scrapbookq (#898545) or some other replacement.

Bug#899352: Problematic commit reverted for stretch-backports

[W. Martin Borgert]

I uploaded a new backport 0.10.1-1~bpo9+2 with the problematic
commit reverted. HTH.

Bug#899352: prosody: removes prosody role from ssl-cert

[W. Martin Borgert]

Quoting Peter Palfrader :

That entire commit seems highly problematic and not well
through-through for all use-cases.


Yes. It seems, that all three bugs you reported today relate
to the same commit. I will try to fix this today for bpo.

Bug#899352: prosody: removes prosody role from ssl-cert

[W. Martin Borgert]

Seems to be fault of commit d39e1733bcf0d4a8898ab0cf1c31d3950ed8d557
(https://salsa.debian.org/xmpp-team/prosody/commit/d39e1733bcf0d4a8898ab0cf1c31d3950ed8d557).

Strange - I came across the same error when installing 0.10.1-1~bpo9+1
at work, but somehow thought, that I made a mistake and just did a
"sudo adduser prosody ssl-cert" instead of filing a bug :~(

IMHO, just reverting the change of line 28/29 in
debian/prosody.postinst would help about this, right?

Bug#887981: [Pkg-gajim-maintainers] Bug#887981: gajim in stretch-backports fails to start

[W. Martin Borgert]

On 2018-01-23 08:40, Stefanie Dargel wrote:
> Thank you for the quick response. Version 0.5.5 was indeed installed
> manually.
>
> So this bugreport can be closed.

OK

Bug#887981: [Pkg-gajim-maintainers] Bug#887981: gajim in stretch-backports fails to start

[W. Martin Borgert]

Quoting Stefanie Dargel :

gajim in stretch-backports fails to start with:

"Gajim needs python-nbxmpp >= 0.6.1 to run. Quitting..."


This is strange. I'm using the backport myself at work, so it is a
typical "works for me" :~)


python3-nbxmpp 0.6.2-1~bpo9+1 and python-nbxmpp 0.6.2-1~bpo9+1 are
installed.


The first one is needed, indeed, the second one not.

Could you try the following in the console/terminal:

$ python3

import nbxmpp
nbxmpp.__version__

'0.6.2'

If the output is not 0.6.2, you have maybe installed a different
version of the nbxmpp library manually somewhere and Gajim picks
the wrong one.

For questions, you can also reach me via XMPP (jid == email).
If you have a working XMPP client...

Bug#886539: gajim-pgp (1.2.1-2~bpo9+1) depends on python3-gnupg (>= 0.4.1), that is not available

[W. Martin Borgert]

Hi Patrik,

thanks for your bug report. The issue is known to the
python-gnupg maintainer, they just needs more time to prepare
the package than they hoped. I assume, we don't need to wait
long!

Cheers

Bug#885603: gajim in stretch-backports depends on python3-nbxmpp, which is not in stretch-backports

[W. Martin Borgert]

Dear Patrik,

python-nbxmpp (which includes python3-nbxmpp) is now in backports.
Gajim should be installablen now!

Have fun!

Bug#885603: gajim in stretch-backports depends on python3-nbxmpp, which is not in stretch-backports

[W. Martin Borgert]

Dear Patrik,

thanks for your bug report!

python-nbxmpp (which includes python3-nbxmpp) is,
unfortunately, still waiting in the NEW queue:

https://ftp-master.debian.org/backports-new.html

Let's hope, it will leave it soon!

Cheers

Bug#884358: marked as done (gajim: broken dependencies, gajim no longer starts)

[W. Martin Borgert]

Hi Antonio, it seems upstream has fixed the bug you found and
also some other issues related to the database. Could you
please try alpha2? Should be in unstable now or very soon.
Thanks in advance!

Bug#884358: Bug#884311: Gajim: problem with latest python-openssl

[W. Martin Borgert]

Thanks, Bjoern, too!

Quoting Bjoern Schiessle :

Only drawback, I can no longer install
plugins directly from gajim with the plugin manager. Probably because
this is not a final release yet.


Yes, this is something I like to repair. The plugin manager should be
disabled by default, but easy to activate.


But as the most important plugins are
packaged I would be fine with moving this to unstable.


Great!

Bug#884358: Bug#884311: Gajim: problem with latest python-openssl

[W. Martin Borgert]

Quoting Dimitris :

i must say i prefer the old looks of gajim (dont really like the gnome3
approach) but that's something personal, usability is what counts more.
so i would also be in favor of porting it to unstable.


Thanks, Dimitris, for your super-fast test and reply!

Well, about the new look, that's not something I'm able to influence
and the new version is coming sooner or later anyway. But upstream
is very open to suggestions, also about making Gajim look good in
DEs other than Gnome. So it might improve!

If there are no further blockers I'll upload the new Gajim (and all
the plugins) to unstable in the next days.

Cheers

Bug#884358: Gajim: problem with latest python-openssl

[W. Martin Borgert]

Dear Bjoern, dear Dimitris,

thank you for your bug reports! I ask you for a favour:

Could you please try Gajim from Debian experimental?
The plugins for the new Gajim are in experimental, too,
if you need them.

I'm not yet sure, whether I will fix this bug in a new
Gajim 0.16.8-something, because IMHO Gajim
0.16.11-somethingelse already works very fine for me.

If the new Gajim works for you as well, I would do the
next upload to unstable instead of experimental.

Thanks in advance!

Cheers, Martin

Bug#880838: marked as pending

[W . Martin Borgert]

tag 880838 pending
thanks

Hello,

Bug #880838 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/python-restless.git/commit/?id=cbfc829

---
commit cbfc829e36d9de19db54f46ed0c701f0a93754f2
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Nov 12 12:42:09 2017 +0100

prepare 2.1.1-1

diff --git a/debian/changelog b/debian/changelog
index 0744e43..9668e72 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+python-restless (2.1.1-1) unstable; urgency=medium
+
+  * New upstream version
+  * Add patch to set charset (Closes: #880838)
+  * Bump standards version and compat level
+  * Try R³=no
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 12 Nov 2017 10:21:17 +
+
 python-restless (2.0.3-1) unstable; urgency=medium
 
   * New upstream version

Bug#784512: Is anybody working on PySide2?

[W. Martin Borgert]

Quoting Dmitry Shachnev :

Where did you read that pyside2 will be part of Qt? I thought it is rather
a side project from The Qt Company.


http://lists.qt-project.org/pipermail/pyside/2016-April/002401.html


* The goal is to make Pyside an integral part of new Qt releases.

Bug#784512: [Python-modules-team] Bug#784512: Is anybody working on PySide2?

[W. Martin Borgert]

On 2017-08-27 16:43, Scott Kitterman wrote:
> If python-ghost can't use PyQt5 instead (some packages are written to work 
> with either), then if you want to keep it in the archive, I would plan on 
> packaging pyside2.

Ghost uses only PySide2 in 2.0.0-dev. Because I have no
knowledge of Qt at all (nor too much time to invest), I cannot
package PySide2. I'll ask Ghost upstream about the issue. Maybe
one can add an alternative API, such as Qt5 or something GIR
based...

Bug#784512: Is anybody working on PySide2?

[W. Martin Borgert]

Hi,

python-ghost depends on pyside, which will be removed with Qt4.
Upstream already ported to pyside2, but I can't find pyside2 in
Debian, not even an ITP or RFP. But somewhere I read, that
pyside2 will be part of Qt. Is somebody working on this? It
would be bad to remove pyside from Debian before pyside2 is in
place, right?

TIA for any useful hint!


signature.asc
Description: PGP signature

Bug#869528: marked as pending

[W . Martin Borgert]

tag 869528 pending
thanks

Hello,

Bug #869528 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/python-simpy3.git/commit/?id=2999219

---
commit 2999219219730036384d3b44e2bf7e1b56d393ad
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sat Aug 26 03:27:14 2017 +0200

prepare 3.0.10-2

diff --git a/debian/changelog b/debian/changelog
index 7ef5680..450dcd7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+python-simpy3 (3.0.10-2) unstable; urgency=medium
+
+  * Do not remove license file, that is part of package docs
+(Closes: #869528)
+  * New policy version 4.0.1 (no changes)
+
+ -- W. Martin Borgert <deba...@debian.org>  Fri, 25 Aug 2017 20:40:01 +
+
 python-simpy3 (3.0.10-1) unstable; urgency=low
 
   * New upstream release 3.0.10

Bug#865891: marked as pending

[W . Martin Borgert]

tag 865891 pending
thanks

Hello,

Bug #865891 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/sorl-thumbnail.git/commit/?id=e3039c9

---
commit e3039c9a118e3722464540c1734f96b77d432b26
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sat Aug 5 02:09:21 2017 +0200

prepare 12.3+git20170708-1

diff --git a/debian/changelog b/debian/changelog
index 3866def..b21c65a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sorl-thumbnail (12.3+git20170708-1) unstable; urgency=medium
+
+  * New upstream git snapshot (Closes: #865891)
+  * Standards-Version is 4.0.0 now (no change)
+  * Use compat level 10 (lintian)
+
+ -- W. Martin Borgert <deba...@debian.org>  Fri, 04 Aug 2017 23:07:08 +
+
 sorl-thumbnail (12.3+git20160928-2) unstable; urgency=medium
 
   * Disable support for Wand again, because tests crash on i386

Bug#870280: xelatex: Undefined control sequence \l__xeCJK_listings_letter_bool

[W. Martin Borgert]

After Alexis gave a pure latex example without docbook/dblatex,
shouldn't the bug be assigned back to texlive-latex-recommended?


signature.asc
Description: PGP signature

Bug#854546: gajim crash on startup: TypeError: __init__() got an unexpected keyword argument 'gpgbinary'

[W. Martin Borgert]

Control: severity -1 normal
Control: tags -1 + moreinfo

Praveen, is it possible that you maybe have another python-gnupg
installed than the official Debian one? I.e. a "pip" install of the
incompatible version https://github.com/isislovecruft/python-gnupg?

There is an open bug about changing the import name:
https://github.com/isislovecruft/python-gnupg/issues/47

If it turns out to be the problem:
 - better not install any Python libraries system-wide other
   than by using apt/dpkg, pip is only for virtualenv
 - let's hope, that either the fork changes their import name
   or that both developers join to create one version

Please let us know, whether this is the problem or not, thanks!

Lowering severity, because it seems to be an uncommon issue.

Bug#863671: (no subject)

[W. Martin Borgert]

Hi Matt, hi all,

does somebody have a test case for the vulnerability?

After trying fruitlessly to adapt the code from version 2.2 to
our 1.7, I managed to bring the old code change to our even
older version. But I have no idea, whether it is any good, other
that it compiles. But without test case, the patch is not valid.

Also, I'm happy about any critical review of the patch.

TIA!
Description: fix CVE-2015-9059 (command injection vulnerability)
Origin: upstream
Bug-Vendor: https://bugs.debian.org/863671
Applied-Upstream: 
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
Last-Update: 2017-05-30
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/picocom.c
+++ b/picocom.c
@@ -41,6 +41,7 @@
 #define _GNU_SOURCE
 #include 
 
+#include "split.h"
 #include "term.h"
 
 /**/
@@ -549,6 +550,9 @@
 {
 }
 
+#define RUNCMD_ARGS_MAX 32
+#define RUNCMD_EXEC_FAIL 126
+
 void
 establish_child_signal_handlers (void)
 {
@@ -564,7 +568,7 @@
 }
 
 int
-run_cmd(int fd, ...)
+run_cmd(int fd, const char *cmd, const char *args_extra)
 {
pid_t pid;
sigset_t sigm, sigm_old;
@@ -602,7 +606,9 @@
/* child: external program */
int r;
long fl;
-   char cmd[512];
+
+   int argc;
+   char *argv[RUNCMD_ARGS_MAX + 1];
 
establish_child_signal_handlers();
sigprocmask(SIG_SETMASK, _old, NULL);
@@ -619,30 +625,31 @@
close(STO);
dup2(fd, STI);
dup2(fd, STO);
-   {
-   /* build command-line */
-   char *c, *ce;
-   const char *s;
-   int n;
-   va_list vls;
-   
-   c = cmd;
-   ce = cmd + sizeof(cmd) - 1;
-   va_start(vls, fd);
-   while ( (s = va_arg(vls, const char *)) ) {
-   n = strlen(s);
-   if ( c + n + 1 >= ce ) break;
-   memcpy(c, s, n); c += n;
-   *c++ = ' ';
-   }
-   va_end(vls);
-   *c = '\0';
+
+   /* build command arguments vector */
+   argc = 0;
+   r = split_quoted(cmd, , argv, RUNCMD_ARGS_MAX);
+   if ( r < 0 ) {
+   fd_printf(STDERR_FILENO, "Cannot parse command\n");
+   exit(RUNCMD_EXEC_FAIL);
}
-   /* run extenral command */
-   fd_printf(STDERR_FILENO, "%s\n", cmd);
-   r = system(cmd);
-   if ( WIFEXITED(r) ) exit(WEXITSTATUS(r));
-   else exit(128);
+   r = split_quoted(args_extra, , argv, RUNCMD_ARGS_MAX);
+   if ( r < 0 ) {
+   fd_printf(STDERR_FILENO, "Cannot parse extra args\n");
+   exit(RUNCMD_EXEC_FAIL);
+   }
+   if ( argc < 1 ) {
+   fd_printf(STDERR_FILENO, "No command given\n");
+   exit(RUNCMD_EXEC_FAIL);
+   }   
+   argv[argc] = NULL;
+
+   /* run external command */
+   fd_printf(STDERR_FILENO, "$ %s %s\n", cmd, args_extra);
+   execvp(argv[0], argv);
+
+   fd_printf(STDERR_FILENO, "exec: %s\n", strerror(errno));
+   exit(RUNCMD_EXEC_FAIL);
}
 }
 
@@ -807,7 +814,7 @@
if ( r < -1 && errno == EINTR ) break;
if ( r <= -1 )
fatal("cannot read filename: 
%s", strerror(errno));
-   run_cmd(tty_fd, opts.send_cmd, fname, 
NULL);
+   run_cmd(tty_fd, opts.send_cmd, fname);
break;
case KEY_RECEIVE:
fd_printf(STO, "*** file: ");
@@ -817,7 +824,7 @@
if ( r <= -1 )
fatal("cannot read filename: 
%s", strerror(errno));
if ( fname[0] )
-   run_cmd(tty_fd, 
opts.receive_cmd, fname, NULL);
+   run_cmd(tty_fd, 
opts.receive_cmd, fname);
else
run_cmd(tty_fd, 
opts.receive_cmd, NULL);
break;
--- a/Makefile
+++ b/Makefile
@@ -13,11 +13,12 @@
 LDFLAGS = -g
 LDLIBS =
 
-picocom : picocom.o term.o
+picocom : picocom.o 

Bug#863445: possible to remote extract plain-text from encrypted sessions

[W. Martin Borgert]

Package: gajim
Version: 0.16.6-1
Severity: grave
Tags: patch security upstream

grave, because introduces a security hole allowing unencrypted
access to supposedly encrypted messages

Gajim implements unconditionally XEP-0146, which allows other
clients to access certain user data. This can be abused by
malicious XMPP servers:
https://dev.gajim.org/gajim/gajim/issues/8378

It seems, that XMPP experts already plan to deprecate the
feature:
https://mail.jabber.org/pipermail/standards/2016-August/031335.html

Gajim upstream made the feature an opt-in, which is IMHO good
enough for now:
https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc

We just need to apply the change to the Debian package.

Bug#841421: python-opcua: FTBFS (build hangs)

[W. Martin Borgert]

Hi Santiago,

could you test the new version 0.90.3-1 in unstable, please?
No hurry, because of the freeze the package will not migrate
to testing soon anyway.

TIA & Cheers!

Bug#860668: marked as pending

[W . Martin Borgert]

tag 860668 pending
thanks

Hello,

Bug #860668 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/sorl-thumbnail.git/commit/?id=07c0494

---
commit 07c0494cb2af30c736323c01223f795da4406e34
Author: W. Martin Borgert <deba...@debian.org>
Date:   Thu Apr 27 00:15:55 2017 +0200

Disable tests/support for Wand (Closes: #860668)

diff --git a/debian/changelog b/debian/changelog
index 0a48e79..1cfdf85 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+sorl-thumbnail (12.3+git20160928-2) UNRELEASED; urgency=medium
+
+  * Disable support for Wand again, because tests crash on i386
+(Closes: #860668).
+
+ -- W. Martin Borgert <deba...@debian.org>  Wed, 26 Apr 2017 22:10:48 +
+
 sorl-thumbnail (12.3+git20160928-1) unstable; urgency=medium
 
   * New upstream git snapshot (Closes: #834678).

Bug#856335: marked as pending

[W . Martin Borgert]

tag 856335 pending
thanks

Hello,

Bug #856335 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/python-pyftpdlib.git/commit/?id=933255d

---
commit 933255d1940e941b96c47874e391f965bf59b39d
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Apr 23 00:24:53 2017 +0200

disable tests, that are known to be unstable

diff --git a/debian/changelog b/debian/changelog
index 0ab54d2..c46639f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 python-pyftpdlib (1.5.1-4) UNRELEASED; urgency=medium
 
+  * Disable automatic tests, that are known to be unstable (Closes: #856335)
   * Remove Janos Guljas as maintainer (Closes: #849728)
 
  -- W. Martin Borgert <deba...@debian.org>  Wed, 25 Jan 2017 00:34:58 +

Bug#859894: not compatible with latest OMEMO standard and clients

[W. Martin Borgert]

Package: gajim-omemo
Version: 1.0.0-1
Severity: grave

Set to grave, because
"makes the package in question unusable by most ... users".

As outcome of a security audit of the OMEMO protocol (XMPP e2e
encryption method), it has been changed:

The auth tag is no longer appended to the payload, but now to
the key.

Because all clients now change to the new scheme, gajim-omemo
needs to change, too. Upstream is updated already.

Bug#856335: python-pyftpdlib: FTBFS, unittests error: error_temp: 426 Internal error; transfer aborted

[W. Martin Borgert]

Control: forwarded 856335 https://github.com/giampaolo/pyftpdlib/issues/420

I cannot reproduce the test failures, neither on single core nor
quad core amd64.

Bug#854739: patch for CVE-2017-5591

[W. Martin Borgert]

Identical fix is now also in new upstream release 1.3.2.

Bug#854739: patch for CVE-2017-5591

[W. Martin Borgert]

Control: tag -1 + patch

The patch seems to be OK for sleekxmpp, too.

Bug#854739: patch for CVE-2017-5591

[W. Martin Borgert]

slixmpp has a simple patch:

slixmpp/plugins/xep_0280/carbons.py
@@ -61,10 +61,12 @@ def session_bind(self, jid):
 self.xmpp.plugin['xep_0030'].add_feature('urn:xmpp:carbons:2')
 
 def _handle_carbon_received(self, msg):
-self.xmpp.event('carbon_received', msg)
+if msg['from'].bare == self.xmpp.boundjid.bare:
+self.xmpp.event('carbon_received', msg)
 
 def _handle_carbon_sent(self, msg):
-self.xmpp.event('carbon_sent', msg)
+if msg['from'].bare == self.xmpp.boundjid.bare:
+self.xmpp.event('carbon_sent', msg)
 
 def enable(self, ifrom=None, timeout=None, callback=None,
timeout_callback=None):

Maybe it works for sleekxmpp, too. Will try soon.

Bug#852363: inputstream is "private" since html5lib 1.0b9

[W. Martin Borgert]

On 2017-02-07 23:27, Sandro Tosi wrote:
> do you still plan to update this package? let me know if i can help
> you in anyway

My interest in pisa/xhtml2pdf is trac-wikiprint, a plugin to
create "PDF books" from multiple Trac wikipages. It was working
fine some years back, but broke with time. I'm not optimistic
about fixing this for stretch.

> looking further into this, it turns out pisa has been totally
> deprecated[1] in favor or xhtml2pdf[2] so i think the right way
> forward is: a workaround to fix it for stretch, and package [2] and
> get rid of pisa for buster

Yes. I like to package xhtml2pdf as a new package, replacing
pisa. I'm not sure, how exactly, because xhtml2pdf is barely
useful for other use cases. I could not render any "serious" web
page with 0.1b2. I will probably leave out the xhtml2pdf command
line utility, because it will lead only to users frustration.

Bug#850246: marked as pending

[W . Martin Borgert]

tag 850246 pending
thanks

Hello,

Bug #850246 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-social-auth.git;a=commitdiff;h=8edbe32

---
commit 8edbe32025abbda39b71bf0afacf58d22b59678b
Author: W. Martin Borgert <deba...@debian.org>
Date:   Fri Jan 6 01:18:23 2017 +

prepare 1:0.2.19+dfsg-3

diff --git a/debian/changelog b/debian/changelog
index e7db419..d05202d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-social-auth (1:0.2.19+dfsg-3) unstable; urgency=high
+
+  * Revert latest version. Brown paper bag. (Closes: #850246)
+Using epoch plus Debian version "-3" because of #645895.
+
+ -- W. Martin Borgert <deba...@debian.org>  Fri, 06 Jan 2017 00:00:55 +
+
 python-social-auth (0.3.0-1) unstable; urgency=medium
 
   * New upstream release.

Bug#850246: missing dependencies, does not work

[W. Martin Borgert]

Quoting Michal Čihař :

The library is now completely unusable as it requires at least
social_core, which is not yet packaged. All files are currently stub
which should map old social auth API to new modularized code and
without the dependencies this is just completely unusable.


Oh, sh*t, big fail. I was aware of the deprecation and
mentioned it in d/ch, but must have confused the versions :~(


I think best approach would be to revert to 0.2.x for now as there is
no chance new packages 0.3.x requires will get in (due to soft freeze
starting today).


Yes, reverting the code would be the best measure.

The new code base would not be a good idea for stretch anyway
so late, even if we had some weeks left.

I'll use an epoch (1:) to be able to go back to 0.2.19+dfsg-2.
Otherwise it would be confusing which version Debian actually
ships.

Bug#848419: trac-announcer: FTBFS in stretch (failing tests)

[W. Martin Borgert]

It seems, that trac-announcer is not yet compatible with current
trac. The package will therefore not be in stretch. If a fixed
version is released, we can deliver it via backports.

Bug#842007: marked as pending

[W . Martin Borgert]

tag 842007 pending
thanks

Hello,

Bug #842007 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-pyftpdlib.git;a=commitdiff;h=095d22b

---
commit 095d22b07b57da77fdd2f7df6ddffba69b53ef9e
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Dec 25 20:44:21 2016 +

prepare 1.5.1-3

diff --git a/debian/changelog b/debian/changelog
index d694fda..a068dcf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-pyftpdlib (1.5.1-3) unstable; urgency=medium
+
+  * Set TRAVIS=1 to skip one unit test, marked by upstream as
+"failing on Travis" (Closes: #842007)
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 25 Dec 2016 20:40:48 +
+
 python-pyftpdlib (1.5.1-2) unstable; urgency=medium
 
   * Build-Depend on python{,3}-openssl/python3-openssl and python{,3}-mock.

Bug#842939: xul-ext-wot: WOT find guilty to sell user data

[W. Martin Borgert]

According to the analysis by Mike Kuketz
(https://www.kuketz-blog.de/wot-addon-wie-ein-browser-addon-seine-nutzer-ausspaeht/),
the (most?) problematic commit is of 2015-04-20
(https://github.com/mywot/firefox-xul/commit/0df107cae8ac18901bd665acace4b369c244a3f9).

This would mean, that users of stable were less (not?) affected.
I would remove the plugin anyway, just because of "trust issues".
-- 
Teacher: "Now, if give you five apples, and then take three of them away, what 
are you left with?"
Pupil: "Trust issues."

Bug#842939: xul-ext-wot: WOT found guilty to sell user data

[W. Martin Borgert]

I don't think, that removing this package from Debian is the right
way. Users who have it installed get no notice and would keep this
(apparent) malware. There should be a new package version, that does
not contain the plugin anymore (like transitional packages), for
both stable-sec and unstable (maybe oldstable too)?

Bug#790274: python-pyftpdlib: FTBFS: Failure in test_on_incomplete_file_sent

[W. Martin Borgert]

fixed 790274 1.4.0-1
thanks

Presumably the bug is not present in >= 1.4.0-1 anymore.
Probably the bug needs fixing in Jessie.
Btw, I will try to backport 1.5.1-n to Jessie, because I need py3 support.

Bug#841079: marked as pending

[W . Martin Borgert]

tag 841079 pending
thanks

Hello,

Bug #841079 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-pyftpdlib.git;a=commitdiff;h=012b0b5

---
commit 012b0b577eaa2cc60f50ada0d119949578430169
Author: W. Martin Borgert <deba...@debian.org>
Date:   Tue Oct 18 00:56:45 2016 +

prepare 1.5.1-2

diff --git a/debian/changelog b/debian/changelog
index bd8b669..d694fda 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,9 @@
-python-pyftpdlib (1.5.1-2) UNRELEASED; urgency=medium
+python-pyftpdlib (1.5.1-2) unstable; urgency=medium
 
-  [ W. Martin Borgert 2016-10-18 ]
-  * Build-Depend on python-openssl/python3-openssl.
+  * Build-Depend on python{,3}-openssl/python3-openssl and python{,3}-mock.
+  * Run tests from source dir. (Closes: #841079) hopefully
 
- -- W. Martin Borgert <deba...@debian.org>  Tue, 18 Oct 2016 00:09:44 +0000
+ -- W. Martin Borgert <deba...@debian.org>  Tue, 18 Oct 2016 00:55:20 +
 
 python-pyftpdlib (1.5.1-1) unstable; urgency=medium
 

Bug#840761: marked as pending

[W . Martin Borgert]

tag 840761 pending
thanks

Hello,

Bug #840761 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-opcua.git;a=commitdiff;h=9c4f3eb

---
commit 9c4f3ebec1e00a582da134e3b21acf4353163011
Author: W. Martin Borgert <deba...@debian.org>
Date:   Fri Oct 14 21:21:47 2016 +

prepare 0.10.17-2

diff --git a/debian/changelog b/debian/changelog
index dce5309..b761b97 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-opcua (0.10.17-2) unstable; urgency=medium
+
+  * Fix missing build-deps (Closes: #840761).
+
+ -- W. Martin Borgert <deba...@debian.org>  Fri, 14 Oct 2016 20:50:36 +
+
 python-opcua (0.10.17-1) unstable; urgency=medium
 
   * Initial upload (Closes: #839679).

Bug#835722: python-pgmagick: FTBFS

[W. Martin Borgert]

close 835722
thanks

I cannot reproduce this build error.
Maybe a temporary problem?
Feel free to open again, if I'm mistaken.

Bug#837618: xml-core: Makes some packages to FTBFS with 'dh_installxmlcatalogs: Unexpected debhelper version format'

[W. Martin Borgert]

tags 837618 patch
thanks

The attached patch works for me.
--- dh_installxmlcatalogs.old	2016-09-23 21:25:51.396231999 +0200
+++ dh_installxmlcatalogs	2016-09-23 21:23:31.447489900 +0200
@@ -110,7 +110,7 @@
 use Debian::Debhelper::Dh_Lib;
 use Debian::Debhelper::Dh_Version;
 
-$Debian::Debhelper::Dh_Version::version =~ /^(\d+)\.(\d+)/
+$Debian::Debhelper::Dh_Version::version =~ /^(\d+)(\.(\d+))*/
 	or error("Unexpected debhelper version format");
 # For the "sub" argument to autoscript:
 $1 > 9 or ($1 == 9 and $2 >= '20120909') or error('debhelper 9.20120909 or later required');

Bug#834677: refcard: FTBFS in testing (xelatex compilation failed)

[W. Martin Borgert]

On 2016-09-01 21:10, Holger Wansing wrote:
> Martin: I fear, there is another upload needed :-(

No problem! Anyway, I added you to Uploaders :~)

Bug#832854: python-restless: FTBFS: RuntimeError: Working outside of request context.

[W. Martin Borgert]

It seems, that this was a problem with Sphinx 1.4.5 (still in testing).
With 1.4.6 (unstable), I could build the package again, as with 1.4.4.

Bug#830634: marked as pending

[W . Martin Borgert]

tag 830634 pending
thanks

Hello,

Bug #830634 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-activipy.git;a=commitdiff;h=6651383

---
commit 6651383ebe295e0f05867e90192afb72c3dd83a9
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Jul 31 22:29:48 2016 +0200

prepare 0.1-3 (fix test run, bump standards)

diff --git a/debian/changelog b/debian/changelog
index ba61284..c9d2ec6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-activipy (0.1-3) unstable; urgency=medium
+
+  * Run tests in source dir, not in .pybuild dir (Closes: #830634).
+  * Bump standards version, no changes.
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 31 Jul 2016 20:27:39 +
+
 python-activipy (0.1-2) unstable; urgency=low
 
   * Fix build-dep on pytest, thanks to Chris West (Closes: #806477).

Bug#827622: buildbot: FTBFS: 4 column based index found

[W. Martin Borgert]

tags 827622 +patch
thanks

To solve the index structure problem, changed with Sphinx 1.4:


--- buildbot-0.8.12.orig/docs/bbdocs/ext.py
+++ buildbot-0.8.12/docs/bbdocs/ext.py
@@ -15,6 +15,7 @@

 from docutils import nodes
 from sphinx import addnodes
+from sphinx import version_info
 from sphinx.domains import Domain
 from sphinx.domains import Index
 from sphinx.domains import ObjType
@@ -66,7 +67,10 @@ class BBRefTargetDirective(Directive):
 else:
 indextype = 'single'
 indexentry = tpl % (fullname,)
-entries.append((indextype, indexentry, targetname, targetname))
+if version_info >= (1, 4, 0, '', 0):
+entries.append((indextype, indexentry, targetname,  
targetname, None))

+else:
+entries.append((indextype, indexentry, targetname,  
targetname))


 if entries:
 inode = addnodes.index(entries=entries)


But we also cannot allow warnings to be errors:


--- buildbot-0.8.12.orig/docs/Makefile
+++ buildbot-0.8.12/docs/Makefile
@@ -22,7 +22,7 @@ images-eps:
 # -- Makefile for Sphinx documentation --

 # You can set these variables from the command line.
-SPHINXOPTS= -q -W
+SPHINXOPTS= -q
 SPHINXBUILD   = sphinx-build
 PAPER =
 BUILDDIR  = _build


Not nice, but works. With buildbot nine, the bbdocs extension
is hopefully up to date with Debians sphinx version, again.

Bug#830636: marked as pending

[W . Martin Borgert]

tag 830636 pending
thanks

Hello,

Bug #830636 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/sorl-thumbnail.git;a=commitdiff;h=d3a88f4

---
commit d3a88f482cc61c81e6e6dfaf2a1fbb3d3112d4ac
Author: W. Martin Borgert <deba...@debian.org>
Date:   Mon Jul 25 01:54:44 2016 +0200

prepare 12.3-3

diff --git a/debian/changelog b/debian/changelog
index 2a257ab..c610b5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+sorl-thumbnail (12.3-3) unstable; urgency=medium
+
+  * Add build-dep on python-pytest-django (Closes: #830636).
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 24 Jul 2016 23:52:40 +
+
 sorl-thumbnail (12.3-2) unstable; urgency=medium
 
   [ W. Martin Borgert <deba...@debian.org> ]

Bug#817231: rabbitvcs: All files in home folder removed

[W. Martin Borgert]

This seems to be this bug:
https://github.com/rabbitvcs/rabbitvcs/issues/127
(dupe: https://github.com/rabbitvcs/rabbitvcs/issues/161)

Bug#818734: marked as pending

[W . Martin Borgert]

tag 818734 pending
thanks

Hello,

Bug #818734 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/sorl-thumbnail.git;a=commitdiff;h=bb49212

---
commit bb49212029140ee6c3d657c888c1715e3d67100e
Author: W. Martin Borgert <deba...@debian.org>
Date:   Wed Jun 1 23:41:29 2016 +0200

prepare 12.3-2

diff --git a/debian/changelog b/debian/changelog
index fc1e977..2a257ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,14 @@
-sorl-thumbnail (12.3-2) UNRELEASED; urgency=medium
+sorl-thumbnail (12.3-2) unstable; urgency=medium
 
   [ W. Martin Borgert <deba...@debian.org> ]
-  * Add build-dep on pytest.
+  * Add build-dep on pytest (Closes: #818734).
+  * Add build-conflicts on locales-all (Closes: #792576).
 
-  [ Ondřej Nový ]
+  [ Ondřej Nový <n...@ondrej.org> ]
   * Fixed VCS URL (https)
   * Standards-Version is 3.9.8 now (no change)
 
- -- Ondřej Nový <n...@ondrej.org>  Tue, 29 Mar 2016 22:36:36 +0200
+ -- W. Martin Borgert <deba...@debian.org>  Wed, 01 Jun 2016 21:38:33 +
 
 sorl-thumbnail (12.3-1) unstable; urgency=low
 

Bug#811239: FTBFS: error: template-id 'compute<>' for 'Eigen::FullPivLU

[W. Martin Borgert]

See this thread (with solution) on the freecad forum:
http://forum.freecadweb.org/viewtopic.php?f=4=13728=109598
"Compilation of 0.16pre fails on Debian in GCS.cpp"

0.16pre probably builds fine, because the change in GCS.cpp is
already done.

Any chance to get 0.16(_pre) into unstable soon? That would
increase chances to solve any build problems in time to have
0.16 (final) in Stretch.

Bug#806477: marked as pending

[W . Martin Borgert]

tag 806477 pending
thanks

Hello,

Bug #806477 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-activipy.git;a=commitdiff;h=36b2198

---
commit 36b21982a4dca0dc0b5ff4a4da1ef89395d4640b
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sat Nov 28 00:48:55 2015 +0100

fix build-dep, prepare 0.1-2

diff --git a/debian/changelog b/debian/changelog
index 8b15a23..ba61284 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-activipy (0.1-2) unstable; urgency=low
+
+  * Fix build-dep on pytest, thanks to Chris West (Closes: #806477).
+
+ -- W. Martin Borgert <deba...@debian.org>  Fri, 27 Nov 2015 23:31:27 +
+
 python-activipy (0.1-1) unstable; urgency=low
 
   * Initial release (Closes: #803983).

Bug#802120: marked as pending

[W . Martin Borgert]

tag 802120 pending
thanks

Hello,

Bug #802120 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-mpld3.git;a=commitdiff;h=573b3e4

---
commit 573b3e463222a0b521d324776b53c9e56291e131
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Oct 18 12:29:49 2015 +

fix build-deps

diff --git a/debian/changelog b/debian/changelog
index 466eb0d..9f3b82d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-mpld3 (0.3git+20140910dfsg-3) unstable; urgency=medium
+
+  * Fix b-d on matplotlib and jinja2 (Closes: #802120) Thanks Chris West!
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 18 Oct 2015 12:25:43 +
+
 python-mpld3 (0.3git+20140910dfsg-2) unstable; urgency=low
 
   * Added the missing link(s) to d3.js (Closes: #770759)

Bug#802149: marked as pending

[W . Martin Borgert]

tag 802149 pending
thanks

Hello,

Bug #802149 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-mplexporter.git;a=commitdiff;h=db60571

---
commit db60571aa18a1f0fb9cc2f7dddf51e611c61bb7b
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Oct 18 15:37:43 2015 +0200

fix build-deps on numpy and matplotlib

diff --git a/debian/changelog b/debian/changelog
index 3e0aa9b..c2d4ea2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-mplexporter (0.0.1+20140921-2) unstable; urgency=medium
+
+  * fix b-d on numpy/matplotlib (Closes: #802149) Thanks Chris West!
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 18 Oct 2015 13:35:57 +
+
 python-mplexporter (0.0.1+20140921-1) unstable; urgency=low
 
   * Initial release (Closes: #762629)

Bug#802119: marked as pending

[W . Martin Borgert]

tag 802119 pending
thanks

Hello,

Bug #802119 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-diaspy.git;a=commitdiff;h=a5837f6

---
commit a5837f6e21fdd4fd8a1958b2509c15ec77a10089
Author: W. Martin Borgert <deba...@debian.org>
Date:   Sun Oct 18 10:59:58 2015 +

fix build-dep on -requests

diff --git a/debian/changelog b/debian/changelog
index 434683f..6c93d32 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-diaspy (0.5.0.1-2) unstable; urgency=low
+
+  * Fix build-dep (Closes: #802119). Thanks Chris West!
+
+ -- W. Martin Borgert <deba...@debian.org>  Sun, 18 Oct 2015 10:13:44 +
+
 python-diaspy (0.5.0.1-1) unstable; urgency=low
 
   * Initial release (Closes: #794531).

Bug#783612: python-pymodbus: fails to install: python SyntaxError

[W. Martin Borgert]

notfound 783612 1.2.0+git20150925-1
thanks

Forgot to close this bug in d/ch.

Bug#783612: marked as pending

[W . Martin Borgert]

tag 783612 pending
thanks

Hello,

Bug #783612 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/pymodbus.git;a=commitdiff;h=655c07a

---
commit 655c07a688bd5f94bfdb1d981566c1b2f54e61d8
Author: W. Martin Borgert <deba...@debian.org>
Date:   Tue Oct 13 22:57:00 2015 +0200

prepare version 1.2.0+git20151013-1

diff --git a/debian/changelog b/debian/changelog
index 3224f5e..9b67f8c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+pymodbus (1.2.0+git20151013-1) unstable; urgency=low
+
+  * Use latest git from upstream.
+  * Don't install ez_setup.py.
+  * Fixed Vcs fields.
+  * Closes: #783612, thanks to Andreas Beckmann!
+(syntax error, already closed in previous version)
+
+ -- W. Martin Borgert <deba...@debian.org>  Tue, 13 Oct 2015 20:41:48 +
+
 pymodbus (1.2.0+git20150925-1) unstable; urgency=low
 
   * Use latest git from upstream, fixing some issues.

Bug#797165: CVE-2015-0852: integer overflow in PluginPCX.cpp

[W. Martin Borgert]

tags 797165 +patch
thanks

Could someone please check attached patch? Thanks.
Description: fix integer overflow
Origin: upstream
 http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch=1.17=1.18=MAIN
 http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch=1.18=1.19=MAIN
Bug-Debian: https://bugs.debian.org/797165
Last-Update: 2015-09-14
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/Source/FreeImage/PluginPCX.cpp
+++ b/Source/FreeImage/PluginPCX.cpp
@@ -347,12 +347,14 @@
 
 	try {
 		// check PCX identifier
-
-		long start_pos = io->tell_proc(handle);
-		BOOL validated = pcx_validate(io, handle);		
-		io->seek_proc(handle, start_pos, SEEK_SET);
-		if(!validated) {
-			throw FI_MSG_ERROR_MAGIC_NUMBER;
+		// (note: should have been already validated using FreeImage_GetFileType but check again)
+		{
+			long start_pos = io->tell_proc(handle);
+			BOOL validated = pcx_validate(io, handle);
+			io->seek_proc(handle, start_pos, SEEK_SET);
+			if(!validated) {
+throw FI_MSG_ERROR_MAGIC_NUMBER;
+			}
 		}
 
 		// process the header
@@ -366,20 +368,38 @@
 		SwapHeader();
 #endif
 
-		// allocate a new DIB
+		// process the window
+		const WORD *window = header.window;	// left, upper, right,lower pixel coord.
+		const int left		= window[0];
+		const int top		= window[1];
+		const int right		= window[2];
+		const int bottom	= window[3];
 
-		unsigned width = header.window[2] - header.window[0] + 1;
-		unsigned height = header.window[3] - header.window[1] + 1;
-		unsigned bitcount = header.bpp * header.planes;
-
-		if (bitcount == 24) {
-			dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
-		} else {
-			dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);			
+		// check image size
+		if((left >= right) || (top >= bottom)) {
+			throw FI_MSG_ERROR_PARSING;
 		}
 
-		// if the dib couldn't be allocated, throw an error
+		const unsigned width = right - left + 1;
+		const unsigned height = bottom - top + 1;
+		const unsigned bitcount = header.bpp * header.planes;
+
+		// allocate a new DIB
+		switch(bitcount) {
+			case 1:
+			case 4:
+			case 8:
+dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
+break;
+			case 24:
+dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+break;
+			default:
+throw FI_MSG_ERROR_DIB_MEMORY;
+break;
+		}
 
+		// if the dib couldn't be allocated, throw an error
 		if (!dib) {
 			throw FI_MSG_ERROR_DIB_MEMORY;
 		}
@@ -426,19 +446,23 @@
 
 if (palette_id == 0x0C) {
 	BYTE *cmap = (BYTE*)malloc(768 * sizeof(BYTE));
-	io->read_proc(cmap, 768, 1, handle);
 
-	pal = FreeImage_GetPalette(dib);
-	BYTE *pColormap = [0];
+	if(cmap) {
+		io->read_proc(cmap, 768, 1, handle);
 
-	for(int i = 0; i < 256; i++) {
-		pal[i].rgbRed   = pColormap[0];
-		pal[i].rgbGreen = pColormap[1];
-		pal[i].rgbBlue  = pColormap[2];
-		pColormap += 3;
+		pal = FreeImage_GetPalette(dib);
+		BYTE *pColormap = [0];
+
+		for(int i = 0; i < 256; i++) {
+			pal[i].rgbRed   = pColormap[0];
+			pal[i].rgbGreen = pColormap[1];
+			pal[i].rgbBlue  = pColormap[2];
+			pColormap += 3;
+		}
+
+		free(cmap);
 	}
 
-	free(cmap);
 }
 
 // wrong palette ID, perhaps a gray scale is needed ?
@@ -466,9 +490,9 @@
 		// calculate the line length for the PCX and the DIB
 
 		// length of raster line in bytes
-		unsigned linelength = header.bytes_per_line * header.planes;
+		const unsigned linelength = header.bytes_per_line * header.planes;
 		// length of DIB line (rounded to DWORD) in bytes
-		unsigned pitch = FreeImage_GetPitch(dib);
+		const unsigned pitch = FreeImage_GetPitch(dib);
 
 		// run-length encoding ?
 

Bug#795129: marked as pending

[W . Martin Borgert]

tag 795129 pending
thanks

Hello,

Bug #795129 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-exif.git;a=commitdiff;h=bec4403

---
commit bec440357965d204dffa84954de1b9b7ac181be1
Author: W. Martin Borgert deba...@debian.org
Date:   Wed Aug 12 00:10:26 2015 +0200

fix #795129

diff --git a/debian/changelog b/debian/changelog
index d27634f..27b074e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-exif (2.1.1-2) unstable; urgency=low
+
+  * Build-depend on python3-setuptools (Closes: #795129)
+
+ -- W. Martin Borgert deba...@debian.org  Tue, 11 Aug 2015 22:09:27 +
+
 python-exif (2.1.1-1) unstable; urgency=medium
 
   * New upstream release


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775609: marked as pending

[W . Martin Borgert]

tag 775609 pending
thanks

Hello,

Bug #775609 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-exif.git;a=commitdiff;h=ef2de6d

---
commit ef2de6d0323c2010bb3cdb9b0e8d01c0dfc62165
Author: W. Martin Borgert deba...@debian.org
Date:   Sun Jan 25 23:37:26 2015 +0100

Drop buggy Python 3 support for Jessie, prepare upload.

diff --git a/debian/changelog b/debian/changelog
index 64dbeff..3cb5b4d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-exif (1.4.2-2) unstable; urgency=low
+
+  * Drop buggy Python 3 support for Jessie (Closes: #775609).
+
+ -- W. Martin Borgert deba...@debian.org  Sun, 25 Jan 2015 22:33:19 +
+
 python-exif (1.4.2-1) unstable; urgency=low
 
   * New upstream release (Closes: #763347), new upstream homepage


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775609: Remove Python 3 version of module to fix RC bug? (python-exif)

[W. Martin Borgert]

I just now don't have the time to look at bug #775609
(python3-exif doesn't work, RC). If nobody steps in, I would
upload a new package w/o Python 3 support for jessie.

Wheezy hat python-exif, but not python3-exif, so there is no
regression for users of wheezy.

Anyway, upstream made a new release with Python 3 fixed, so
I would package this right after Jessie release and provide
a backport.

Questions:

 - is removing the Python 3 package the right thing to do?
 - how to do this? just remove it from debian/control?

Thanks in advance!

(If somebody has time to really fix the bug, this would be
very much appreciated, of course!)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#774424: trac-subcomponents: Trac query broken with this plugin enabled

[W. Martin Borgert]

Package: trac-subcomponents
Version: 1.2.0+hga86f0413121f-3
Severity: grave
Tags: patch, upstream

grave, because it makes the package in question mostly unusable

Trac queries don't work anymore, if this plugin is installed and enabled.
One gets a Python exception:
UnicodeError: source returned bytes, but no encoding specified

Problem description and patch here http://trac-hacks.org/ticket/11752 are OK:

diff -r a86f0413121f subcomponents/web_ui.py
--- a/subcomponents/web_ui.py   Sun Jan 19 18:06:51 2014 +0100
+++ b/subcomponents/web_ui.py   Wed Aug 06 02:43:29 2014 -0700
@@ -134,9 +134,8 @@
 stream |=  
Transformer(//div[@class='field'][1]).after(self._build_renamechildren_field())

 elif req.path_info.startswith('/query'):
 # We need to load our script after the  
initializeFilters() call done by Trac
-html = HTML('script type=text/javascript  
charset=utf-8 src=' +

-req.href.base +
- 
'/chrome/subcomponents/componentselect.js/script')

+html = tag.script(type='text/javascript', charset='utf-8',
+   
src=req.href.chrome('subcomponents/componentselect.js'))

 stream |= Transformer('//head').append(html)
 return stream


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#754860: Remove trac-git from jessie

[W. Martin Borgert]

On 2014-12-07 14:22, Jean-Michel Nirgal Vourgère wrote:
 Can you confirm trac-git is obsolete?

Yes, its function is integrated into trac.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771794: [Python-modules-team] Bug#771794: pip silently removes/updates system provided python packages

[W. Martin Borgert]

Quoting Matthias Klose d...@debian.org:
For jessie I suggest to just disable pip when used on the system  
python, unless a new option  
--yes-i-want-to-screw-up-my-system-python is given.


How about disabling pip for uid 0 altogether?


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#734505: Can we close twitter-recess bug #734505?

[W. Martin Borgert]

Quoting László Böszörményi (GCS) g...@debian.org:

I agree. I was suprised that it was working for Martin, glad that you
are confirmed that miracle didn't happen.


But Debian is magic :~)


In short, I don't feel we should carry it around. Ideas / opinions?


Not really. Maybe just leave it as it is and ask for removal if there
is no progress for some more months? Sorry for the noise!


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#734505: Can we close twitter-recess bug #734505?

[W. Martin Borgert]

On 2014-12-01 01:32, Julian Taylor wrote:
 still doesn't work for me in current unstable. The less version is still
 the same.

Julian, you are right! My testing was wrong: I did not test the
--compile option, but only the LESS/CSS style checker function
(no options), so your bug report remains valid.

But IMHO serious is not right severity for the bug. It is
reserved for severe violations of Debian policy. It should
probably be normal or important.

László, what do you think?


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#734505: Can we close twitter-recess bug #734505?

[W. Martin Borgert]

Julian, I tried with your example and it seems to work now.
Maybe the node-less is newer now than when you tried?

László, could you check and close the bug accordingly?

Thanks and cheers

PS: Too bad, this bug stopped the package from entering Jessie :~(


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770759: python3-mpld3: does not show graph because of missing link to D3.js

[W. Martin Borgert]

Package: python3-mpld3
Version: 0.3git+20140910dfsg-1
Severity: grave
Justification: renders package unusable

The link
/usr/lib/python3/dist-packages/mpld3/js/d3.v3.min.js - 
/usr/share/javascript/d3/d3.min.js
is missing, so graphs are not shown, which is the purpose of the package.
The same applies to the Python 2 package.

Note: This will be fixed in git in some minutes.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-mpld3 depends on:
ii  libjs-d33.4.11-1
ii  python  2.7.8-2
ii  python-mplexporter  0.0.1+20140921-1

python-mpld3 recommends no packages.

python-mpld3 suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#770759: marked as pending

[W . Martin Borgert]

tag 770759 pending
thanks

Hello,

Bug #770759 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-mpld3.git;a=commitdiff;h=34a2de3

---
commit 34a2de36513fb38919f954973523ad3a92d55335
Author: W. Martin Borgert deba...@debian.org
Date:   Sun Nov 23 21:17:49 2014 +0100

added the missing link(s) to d3.js, add dh-python build-dep, update 
standards-version

diff --git a/debian/changelog b/debian/changelog
index a246f75..466eb0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+python-mpld3 (0.3git+20140910dfsg-2) unstable; urgency=low
+
+  * Added the missing link(s) to d3.js (Closes: #770759)
+  * Added dh-python build-dep
+  * Standards-Version is now 3.9.6, no changes.
+
+ -- W. Martin Borgert deba...@debian.org  Sun, 23 Nov 2014 20:46:12 +
+
 python-mpld3 (0.3git+20140910dfsg-1) unstable; urgency=low
 
   * Initial release (Closes: #761328)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#764984: marked as pending

[W . Martin Borgert]

tag 764984 pending
thanks

Hello,

Bug #764984 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-odf.git;a=commitdiff;h=5a10fde

---
commit 5a10fdeaa6fddeff5a5d5132b8ca24e0a198b1d5
Author: W. Martin Borgert deba...@debian.org
Date:   Sun Oct 12 22:01:43 2014 +0200

add build-dep on dh-python

diff --git a/debian/changelog b/debian/changelog
index 670ab73..0862873 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-odf (1.2.0-2) unstable; urgency=low
+
+  * Build-dep on dh-python (Closes: #764984)
+  * New policy version, no changes
+
+ -- W. Martin Borgert deba...@debian.org  Sun, 12 Oct 2014 19:59:27 +
+
 python-odf (1.2.0-1) unstable; urgency=low
 
   * New upstream version (Closes: #763870)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#742347: Closed wrong bug

[W. Martin Borgert]

reopen 742347
close 761436
thanks

Oops, closed the wrong bug. It should have been #761436, not #742347.
However, by adding the dependency in node-jsdom, #742347 can be closed.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#571120: RFS: pisa/python-pisa

[W. Martin Borgert]

On 2014-05-23 22:37, Matthias Schmitz wrote:
 any progress here? I'am afraid pisa and therewith trac-wikiprint is
 gone today...

I looked into this, but forgot to reply: There has been some
upstream changes, that should be reflected in the package.
Mainly the name pisa is not used anymore, it seems, only
xhtml2pdf. The latest version is 0.0.4 at github [1]. But
there was a release 0.0.6 at PyPI [2]. Is it based on the
github code? Anyway, we should probably use the new version
numbers with a new epoch and providing pisa. What do you think?

Btw., I cloned the github repo now to alioth [3] for playing.

[1] https://github.com/chrisglass/xhtml2pdf
[2] https://pypi.python.org/pypi/xhtml2pdf/
[3] http://anonscm.debian.org/gitweb/?p=collab-maint/xhtml2pdf.git


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#571120: RFS: pisa/python-pisa

[W. Martin Borgert]

Quoting Matthias Schmitz matth...@sigxcpu.org:

Would you (or somebody from the Debian Python Modules
Team) please have a look over my changes [2] and if it fits upload the
package?


Looks good to me.

PS: Sorry for the late reply - to many public holidays ;~)


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#709170: no option to set the SSL protocol version?

[W. Martin Borgert]

On 2013-05-30 11:18, Charles Cazabon wrote:
 If this does fix the issue, I'd really like to see Debian revert this broken
 patch -- breaking existing configs and reducing compatibility with correct
 servers is not a good tradeoff for trying to make MSexchange work.

Well, the patch in only in Debian since 2013-05-17 and only in the
unstable distribution. unstable is exactly for finding such
problems and fixing them before the package reaches testing.

Anyway, I would love to see a fix for MSexChange compatibility with
the new SSL library, that does not break other IMAP servers. To my
regret, the MS product has still a very high market share,
notwithstanding much better free alternatives exist.

Do you think, one could make the SSL version an option, defaulting,
of course, to the original value? And with a check for the Python
version?

Or maybe the problem can be solved in a totally different manner. I
only came to this solution by trial and error.

(For Debian, versions before 2.7 are not relevant, because we
target Debian 8.0 and maybe 7.0 via backports, which both
have Python 2.7, even 6.0 had 2.6.)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#706644: untrusted input file might be harmful

[W. Martin Borgert]

Package: tpp
Version: 1.3.1-2
Severity: grave
Tags: security

Please feel free to downgrade the bug report or remove the
security tag. It's just my point of view.

Opening an untrusted input file may be harmful, because tpp
supports an exec command, which can do bad things, e.g.
sending your private SSL or GnuPG files or removing your home
directory without any warning or confirmation. The manual page
does not mention this shell-style behaviour. It is probably
unexpected of an presentation program, even a geeky one.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683188: Your NMU (API change in python-subversion breaks trac)

[W. Martin Borgert]

Hi Michael,

I just realised that your upload of subversion 1.7.9-1+nmu1 was
not targetting wheezy, which has 1.6.17dfsg-4+deb7u1. Was this
intentional? TIA!

Cheers


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683188: API change in python-subversion breaks trac

[W. Martin Borgert]

On 2013-04-06 18:24, Michael Gilbert wrote:
 Does SVN_STREAM_CHUNK_SIZE even contain the expected value
 of 102400?

Yes, 102400 of type 'long'.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683188: API change in python-subversion breaks trac

[W. Martin Borgert]

One can easily test it:

$ python
 import svn.core
 svn.core.SVN_STREAM_CHUNK_SIZE
102400L # should be 102400
 type(svn.core.SVN_STREAM_CHUNK_SIZE)
type 'long'   # should be type 'int'


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683188: Is #683188 really fixed? (API change in python-subversion breaks trac)

[W. Martin Borgert]

Hi,

I have libapache2-svn, libsvn1, python-subversion, and subversion
in version 1.6.17dfsg-4+deb7u1, which should fix #683188 (API
change in python-subversion breaks trac). The original problem,
described in #676176 (Unable to show changeset : TypeError:
expecting an integer for the buffer size) persists, unfortunately.
My workaround from 2012-12-21, still works for me:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676176#51

To me it looks like the problem is not yet fixed. Any idea, what
is going wrong? Thanks!


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#683188: API change in python-subversion breaks trac

[W. Martin Borgert]

This workaround works for me in the case of Trac:

--- orig/usr/share/pyshared/svn/core.py 2012-06-04 08:13:32.0 +0200
+++ /usr/share/pyshared/svn/core.py 2012-12-21 15:56:01.857716004 +0100
@@ -145,7 +145,7 @@
   # read the rest of the stream
   chunks = [ ]
   while 1:
-data = svn_stream_read(self._stream, SVN_STREAM_CHUNK_SIZE)
+data = svn_stream_read(self._stream, int(SVN_STREAM_CHUNK_SIZE))
 if not data:
   break
 chunks.append(data)

I'm not sure about any negative effects, however.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#667720: Dependency graph does not check ticket view permissions

[W. Martin Borgert]

On 2012-04-06 10:02, Wichert Akkerman wrote:
 The dependency graph view of a ticket does not do any permission
 checks. This is a security problem on private trac sites since it
 creates a channel through which sensitive information about tickets
 (existence, dependencies and ticket titles) is revealed.

Sorry for the delayed answer. I didn't get/see any email about
this bug and only accidently saw it today.

I tested the one-line patch on github and it helped at least for
the case when anonymous users don't have TICKET_VIEW permission.

I will upload a new package with this patch. Better patches
welcome, esp. for using trac-mastertickets with trac-privatetickets,
trac-sensitivetickets, or trac-virtualticketpermissions.



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#665968: Any progress on the jQuery build process?

[W. Martin Borgert]

Hi,

because I'm involved into the Trac packaging and Trac includes
jQuery, I like to know what is the state of this bug.

More than 100 packages contain links to the file jquery.js, so
it is quite relevant to have the package in a good mood.

TIA!




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#651986: trac-bitten: upstart script is incompatible with standard Debian system

[W. Martin Borgert]

The upstart script is only an example under
/usr/share/doc/trac-bitten-slave/examples/.
Feel free to ignore it.




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#645235: trac: missing source for jquery.js

[W. Martin Borgert]

It should not contain jQuery anyway, but depend on libjs-jquery.
This, however, proved to be difficult in trac 0.11.
I managed to mess it up at least for some users and I'm still
not sure about the ultimative and clean solution.




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#619576: openerp-server: The Company OpenERP states that there will be no upgrade module to version 6

[W. Martin Borgert]

Package: openerp-server
Severity: wishlist

Why is this bug serious? It is annoying, but common, that new
software versions may completely break old installations. While
this is a major PITA and Debian should make software upgrades
as convenient as possible, I can not see a reason for removing
the software because of a bad or missing upgrade process. Any
commercial services by some company are not related to Debian.

If a smooth upgrade process cannot be provided by Debian, the
version v6 should (maybe) packaged seperately, so that users
can install both in parallel and decide how to handle problems.




--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org