Re: Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
> Debian "py7zr" package has security issue CVE-2022-44900, > and this issue affects Debian "calibre" package because "calibre" depends > this "py7zr" module. > https://tracker.debian.org/pkg/py7zr > > Please examine Debian bug report 1032091, and fix this issue. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091 > > Debian release system will auto-remove these packages from testing > distribution > on Wed 12 Apr 2023. feel free to provide a patch to fix it. upgrading to newer upstream releases is prohibitive given the increasing amount of additional/frivolous dependencies upstream decided to rely on. -- Sandro "morph" Tosi My website: http://sandrotosi.me/ Me at Debian: http://wiki.debian.org/SandroTosi Twitter: https://twitter.com/sandrotosi
Please fix Debian bug 1032091 "py7zr: CVE-2022-44900"
Hello, Python maintainers. Debian "py7zr" package has security issue CVE-2022-44900, and this issue affects Debian "calibre" package because "calibre" depends this "py7zr" module. https://tracker.debian.org/pkg/py7zr Please examine Debian bug report 1032091, and fix this issue. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032091 Debian release system will auto-remove these packages from testing distribution on Wed 12 Apr 2023. Thanks, -- YOKOTA Hiroshi
Re: Python pybuild system & setup.cfg
On 23.03.2023 22:10, Scott Kitterman wrote: On Thursday, March 23, 2023 5:07:56 PM EDT Étienne Mollier wrote: Hi Étienne, hi Scott, offpunk upstream made a similar move recently. I added the following packages to build dependencies: * flit * pybuild-plugin-pyproject Hope this helps, Since setuptools is the build system identified in pyproject.toml, flit isn't needed for this package. Adding pybuild-plugin-pyproject to build depends should be sufficient. Many thanks" Adding pybuild-plugin-pyproject to the B-D simply solved the issue. Hilmar -- sigfault
Re: Python pybuild system & setup.cfg
On Thursday, March 23, 2023 5:07:56 PM EDT Étienne Mollier wrote: > Hi Hilmar, > > Preuße, Hilmar, on 2023-03-23: > > I'm a little bit lost, by building the pssh package. The upstream author > > released a new version, which changed the build system. Before I had a > > setup.py in the root directory, now there is a pyproject.toml and a > > setup.cfg file, the setup.py is gone. The debian/rules file calls the dh > > sequencer: > > > > DESTDIR=debian/tmp > > > > %: > > dh $@ --buildsystem=pybuild > > > > The build fails right at the beginning, with: > > > > dh clean --buildsystem=pybuild > > > >dh_auto_clean -O--buildsystem=pybuild > > > > I: pybuild base:240: python3.11 setup.py clean > > python3.11: can't open file '/<>/setup.py': [Errno 2] No > > such file or directory > > E: pybuild pybuild:388: clean: plugin distutils failed with: exit > > code=2: python3.11 setup.py clean > > > > The content of the pyproject.toml is: > > > > [build-system] > > requires = ["setuptools"] > > build-backend = "setuptools.build_meta" > > > > The build Deps I use until now are: > > > > Build-Depends: debhelper-compat (= 13), > > > > python3, > > python3-setuptools, > > dh-sequence-python3 > > > > I don't know what needs to be changed to convince debhelper to use the > > setup.cfg instead of setup.py. My wild guess is that I have to change my > > BD's but I don't know what needs to be added/removed. > > offpunk upstream made a similar move recently. I added the > following packages to build dependencies: > * flit > * pybuild-plugin-pyproject > > Hope this helps, Since setuptools is the build system identified in pyproject.toml, flit isn't needed for this package. Adding pybuild-plugin-pyproject to build depends should be sufficient. Scott K signature.asc Description: This is a digitally signed message part.
Re: Python pybuild system & setup.cfg
Hi Hilmar, Preuße, Hilmar, on 2023-03-23: > I'm a little bit lost, by building the pssh package. The upstream author > released a new version, which changed the build system. Before I had a > setup.py in the root directory, now there is a pyproject.toml and a > setup.cfg file, the setup.py is gone. The debian/rules file calls the dh > sequencer: > > DESTDIR=debian/tmp > > %: > dh $@ --buildsystem=pybuild > > The build fails right at the beginning, with: > > dh clean --buildsystem=pybuild >dh_auto_clean -O--buildsystem=pybuild > I: pybuild base:240: python3.11 setup.py clean > python3.11: can't open file '/<>/setup.py': [Errno 2] No > such file or directory > E: pybuild pybuild:388: clean: plugin distutils failed with: exit > code=2: python3.11 setup.py clean > > The content of the pyproject.toml is: > > [build-system] > requires = ["setuptools"] > build-backend = "setuptools.build_meta" > > The build Deps I use until now are: > > Build-Depends: debhelper-compat (= 13), > python3, > python3-setuptools, > dh-sequence-python3 > > I don't know what needs to be changed to convince debhelper to use the > setup.cfg instead of setup.py. My wild guess is that I have to change my > BD's but I don't know what needs to be added/removed. offpunk upstream made a similar move recently. I added the following packages to build dependencies: * flit * pybuild-plugin-pyproject Hope this helps, -- Étienne Mollier Fingerprint: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da Sent from /dev/tty1, please excuse my verbosity. signature.asc Description: PGP signature
Python pybuild system & setup.cfg
Hi, I'm a little bit lost, by building the pssh package. The upstream author released a new version, which changed the build system. Before I had a setup.py in the root directory, now there is a pyproject.toml and a setup.cfg file, the setup.py is gone. The debian/rules file calls the dh sequencer: DESTDIR=debian/tmp %: dh $@ --buildsystem=pybuild The build fails right at the beginning, with: dh clean --buildsystem=pybuild dh_auto_clean -O--buildsystem=pybuild I: pybuild base:240: python3.11 setup.py clean python3.11: can't open file '/<>/setup.py': [Errno 2] No such file or directory E: pybuild pybuild:388: clean: plugin distutils failed with: exit code=2: python3.11 setup.py clean The content of the pyproject.toml is: [build-system] requires = ["setuptools"] build-backend = "setuptools.build_meta" The build Deps I use until now are: Build-Depends: debhelper-compat (= 13), python3, python3-setuptools, dh-sequence-python3 I don't know what needs to be changed to convince debhelper to use the setup.cfg instead of setup.py. My wild guess is that I have to change my BD's but I don't know what needs to be added/removed. Thanks for help, Hilmar -- sigfault
Request to join PythonTeam
Hello PythonTeam! I've recently become DD after many years of Debian usage and I've been packaging python software for various platforms for as long as I remember so I'd like to finally join Debian PythonTeam :) I mostly write packaging automation tools in Python such as [apkg] but I also package various FOSS as needed for different distros (Debian, Fedora, EL, SUSE, Arch, Nix). I do both upstream and downstream packaging - in Debian and Fedora/EPEL. Availability of packages from distro repos is a major factor when considering adoption of software and so I'd like to be able to help with packaging various python things that might be useful to humanity. I'd like to join Debian PythonTeam, I have read and accepted [policy]. My Salsa username is jruzicka, Debian account jru. I'm currently interested in packaging [dunamai] and its sibling [poetry-dynamic-versioning] for dynamic version discovery from VCS. I've created [ITP] bug #1033361 for Dunamai which includes the link to new [Salsa repo] with CI enabled and green including lintian and simple autopkgtest. It's using poetry-core through pybuild/pyproject and it seems to work fine - great job supporting that! Please let me know if you notice any issues with the package. Source package is called just `dunamai`, maybe it should be `python-dunamai`? Resulting package is called `python3-dunamai` but it also contains `dunamai` CLI and users might expect it to get installed on apt install dunamai so maybe Provides: dunamai or something similar? All feedback is appreciated. Cheers, Jakub Ružička [policy]: https://salsa.debian.org/python-team/tools/python-modules/blob/master/policy.rst [apkg]: https://gitlab.nic.cz/packaging/apkg [dunamai]: https://github.com/mtkennerly/dunamai/ [poetry-dynamic-versioning]: https://github.com/mtkennerly/poetry-dynamic-versioning [ITP]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033361 [Salsa repo]: https://salsa.debian.org/jruzicka/dunamai signature.asc Description: PGP signature
Request to join PythonTeam
Hello PythonTeam! I've recently become DD after many years of Debian usage and I've been packaging python software for various platforms for as long as I remember so I'd like to finally join Debian PythonTeam :) I mostly write packaging automation tools in Python such as [apkg] but I also package various FOSS as needed for different distros (Debian, Fedora, EL, SUSE, Arch, Nix). I do both upstream and downstream packaging - in Debian and Fedora/EPEL. Availability of packages from distro repos is a major factor when considering adoption of software and so I'd like to be able to help with packaging various python things that might be useful to humanity. I'd like to join Debian PythonTeam, I have read and accepted [policy]. My Salsa username is jruzicka, Debian account jru. I'm currently interested in packaging [dunamai] and its sibling [poetry-dynamic-versioning] for dynamic version discovery from VCS. I've created [ITP] bug #1033361 for Dunamai which includes the link to new [Salsa repo] with CI enabled and green including lintian and simple autopkgtest. It's using poetry-core through pybuild/pyproject and it seems to work fine - great job supporting that! Please let me know if you notice any issues with the package. Source package is called just `dunamai`, maybe it should be `python-dunamai`? Resulting package is called `python3-dunamai` but it also contains `dunamai` CLI and users might expect it to get installed on apt install dunamai so maybe Provides: dunamai or something similar? All feedback is appreciated. Cheers, Jakub Ružička [policy]: https://salsa.debian.org/python-team/tools/python-modules/blob/master/policy.rst [apkg]: https://gitlab.nic.cz/packaging/apkg [dunamai]: https://github.com/mtkennerly/dunamai/ [poetry-dynamic-versioning]: https://github.com/mtkennerly/poetry-dynamic-versioning [ITP]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033361 [Salsa repo]: https://salsa.debian.org/jruzicka/dunamai signature.asc Description: PGP signature