Bug#876145:
I left out the --system flag in my example.
Just to be clear:
pkg_A (requires pkg_B==1.0)
pkg_C (requires pkg_B>=1.0)
$ pip install --system pkg_A # installs pkg_B==1.0
$ pip install --system pkg_C # ignores pkg_B==1.0, installs pkg_B==2.0
$ pkg_A
pkg_resources.ContextualVersionConflict: (pkg_B 2.0
(/usr/local/lib/python2.7/dist-packages),
Requirement.parse('pkg_B==1.0'), set(['pkg_A']))
Because of --ignore-installed, pkg_C ignores the existing pkg_B (which
it is otherwise compatible with) and installs the latest pkg_B==2.0, as
a result this breaks pkg_A.
Bug#876145: python-pip: pip install --system as non-root shouldn't default --ignore-installed
Source: python-pip Version: 9.0.1-2 Severity: normal Dear Maintainer, When running "pip install --system" as a non-root user, the change in set_user_default.patch forces the --ignore-installed flag to be enabled. This has the effect of breaking pip for use cases that install packages as non- root but don't use --user or virtualenv. When dependencies are shared among multiple packages, the --ignore-installed option causes pip to blindly install the latest version of each dependency requested by each package, even if a compatible package version is already installed, and even if this breaks the requirement spec of some other package. This results in package version conflicts. For example: pip install pkg_A (requires pkg_B==1.0) pip install pkg_C (requires pkg_B>=1.0) Because of --ignore-installed, pkg_C ignores the existing pkg_B (which it is otherwise compatible with) and installs the latest pkg_B==2.0, as a result this breaks pkg_A. Here's the relevant logic in pip/commands/install.py: default_user = True if running_under_virtualenv(): default_user = False if os.geteuid() == 0: default_user = False cmd_opts.add_option( '-I', '--ignore-installed', dest='ignore_installed', action='store_true', default=default_user, help='Ignore the installed packages (reinstalling instead).') My preferred fix would be that when the --system flag is set, it should retain the default behavior of pip, and not interfere with the unrelated --ignore- installed flag. Thanks, Peter -- System Information: Debian Release: 9.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#770508: iceweasel: cannot override certificate validation problems with mozilla::pkix, connection hangs
Package: iceweasel
Version: 31.2.0esr-3
Severity: important
Tags: upstream
Dear Maintainer,
Firefox 31 introduced a new certificate validation library mozilla::pkix.
This introduced regressions, where previously the user could override the
validation error and connect anyway (this connection is untrusted!), in
jessie iceweasel attempting to connect to the same sites results in a silent
hang (it appears to be loading forever with no feedback as to what is wrong).
(Subjectively, when this happens it also appears to affect the overall
stability of the browser, as it seems like other sites become slow to load or
fail to load entirely until the browser is restarted).
Based on the following discussion, it appears that this behavior is addressed
Firefox 33, and in the Enterprise Support Release (ESR) of Firefox 31:
https://bugzilla.mozilla.org/show_bug.cgi?id=1042889
Thanks
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Add to Search Bar
Location: ${PROFILE_EXTENSIONS}/add-to-search...@maltekraus.de.xpi
Status: enabled
Name: Default theme
Location:
/usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
Name: HTTPS-Everywhere
Location: ${PROFILE_EXTENSIONS}/https-everywh...@eff.org
Status: enabled
Name: Max Tabs
Location: ${PROFILE_EXTENSIONS}/maxt...@cheeaun.xpi
Status: user-disabled
Name: NoScript
Location: ${PROFILE_EXTENSIONS}/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
Status: enabled
Name: Redmine Toolbar
Location: ${PROFILE_EXTENSIONS}/redminetool...@mpietsch.com.xpi
Status: enabled
Name: Remote Control
Location: ${PROFILE_EXTENSIONS}/remote-cont...@morch.com.xpi
Status: enabled
Name: Tab Mix Plus
Location: ${PROFILE_EXTENSIONS}/{dc572301-7619-498c-a57d-39143191b318}.xpi
Status: enabled
Name: Tab Scope
Location: ${PROFILE_EXTENSIONS}/tabsc...@xuldev.org.xpi
Status: user-disabled
Name: TabNavigator
Location: ${PROFILE_EXTENSIONS}/tab...@cse.iitb.ac.in.xpi
Status: user-disabled
Name: Textarea Cache
Location: ${PROFILE_EXTENSIONS}/{578e7caa-210f-4967-a0d3-88fe5b59a39f}.xpi
Status: enabled
Name: Tile Tabs
Location: ${PROFILE_EXTENSIONS}/tilet...@dw-dev.xpi
Status: user-disabled
-- Plugins information
Name: Gnome Shell Integration
Location: /usr/lib/mozilla/plugins/libgnome-shell-browser-plugin.so
Package: gnome-shell
Status: enabled
Name: Google Talk Plugin
Location: /opt/google/talkplugin/libnpgoogletalk.so
Package: google-talkplugin
Status: enabled
Name: Google Talk Plugin Video Renderer
Location: /opt/google/talkplugin/libnpo1d.so
Package: google-talkplugin
Status: enabled
Name: iTunes Application Detector
Location: /usr/lib/mozilla/plugins/librhythmbox-itms-detection-plugin.so
Package: rhythmbox-plugins
Status: enabled
Name: Shockwave Flash (11.2.202.378)
Location: /usr/lib/mozilla/plugins/libflashplayer.so
Status: enabled
-- Addons package information
ii gnome-shell3.14.1-1 amd64graphical shell for the GNOME des
ii google-talkplu 5.38.5.0-1 amd64Google Talk Plugin
ii iceweasel 31.2.0esr-3 amd64Web browser based on Firefox
ii rhythmbox-plug 3.1-1amd64plugins for rhythmbox music playe
ii xul-ext-adbloc 2.6.6+dfsg-1 all advertisement blocking extension
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4+b1
ii fontconfig2.11.0-6.1
ii libasound21.0.28-1
ii libatk1.0-0 2.14.0-1
ii libc6 2.19-13
ii libcairo2 1.14.0-2.1
ii libdbus-1-3 1.8.10-1
ii libdbus-glib-1-2 0.102-1
ii libevent-2.0-52.0.21-stable-1.1
ii libffi6 3.1-2
ii libfontconfig12.11.0-6.1
ii libfreetype6 2.5.2-2
ii libgcc1 1:4.9.1-19
ii libgdk-pixbuf2.0-02.31.1-2+b1
ii libglib2.0-0 2.42.0-2
ii libgtk2.0-0 2.24.25-1
ii libhunspell-1.3-0 1.3.3-3
ii libnspr4 2:4.10.7-1
ii libnss3 2:3.17.2-1
ii libpango-1.0-01.36.8-2
ii libsqlite3-0 3.8.7.1-1
ii libstartup-notification0 0.12-4
ii libstdc++64.9.1-19
ii libvpx1 1.3.0-3
ii libx11-6 2:1.6.2-3
ii libxext6 2:1.3.3-1
ii libxrender1 1:0.9.8-1+b1
ii libxt61:1.1.4-1+b1
ii procps2:3.3.9-8
ii zlib1g1:1.2.8.dfsg-2
iceweasel
Bug#770508: iceweasel: cannot override certificate validation problems with mozilla::pkix, connection hangs
Thanks for the response. This bug initially surfaced for me when iceweasel was upgraded from 30 to 31 about three months ago. I re-tested for the behavior after upgrading the package yesterday and am getting the same result: attempting to make a TLS connection to a server that uses a self-signed certificate hangs without returning an error. This is puzzling since the bug reports out there seem to indicate people are experiencing the bug by having the connection fail with a non-overridable error reported, which is different from having the connection not do anything at all. This is an about:config about:config workaround, with this setting I am able to override the certificate error and connect to my site: security.use_mozillapkix_verification = false This does strongly indicate that the problem is linked to the introduction of mozilla::pkix. I realize that I should re-test with a clean profile, it could be that there are old certificates and/or plugins in my regular browsing profile that are causing problems. To investigate further, I will see about setting up a dummy server with the guilty certificates to see if you can reproduce. Thanks, Peter On Nov 21, 2014, at 5:51 PM, Mike Hommey m...@glandium.org mailto:m...@glandium.org wrote: On Fri, Nov 21, 2014 at 03:49:06PM -0500, Peter Amstutz wrote: Package: iceweasel Version: 31.2.0esr-3 Severity: important Tags: upstream Dear Maintainer, Firefox 31 introduced a new certificate validation library mozilla::pkix. This introduced regressions, where previously the user could override the validation error and connect anyway (this connection is untrusted!), in jessie iceweasel attempting to connect to the same sites results in a silent hang (it appears to be loading forever with no feedback as to what is wrong). (Subjectively, when this happens it also appears to affect the overall stability of the browser, as it seems like other sites become slow to load or fail to load entirely until the browser is restarted). Based on the following discussion, it appears that this behavior is addressed Firefox 33, and in the Enterprise Support Release (ESR) of Firefox 31: https://bugzilla.mozilla.org/show_bug.cgi?id=1042889 https://bugzilla.mozilla.org/show_bug.cgi?id=1042889 That bug is fixed in 33 and 31.2, both of which are in Debian already. Are you saying the versions in Debian are still affected? Mike
Bug#366473: main python package should include /usr/lib/python2.4/config/Makefile
Package: python2.4 Version: 2.4.2-2 Severity: normal Ok, I don't know too much about the specifics of this situation, so let me just paste the following exchange from IRC (#bzr on freenode) (I'm tetron) tetron ohh, bzr setup.py requires Python development files. tsk tsk. bos31337 tetron: no, it doesn't. bos31337 some linux distros ship broken python installations. bos31337 where they've mistakenly shipped distutils (part of core python) in a devel package. tetron /usr/lib/python2.4/config/Makefile is part of python-dev on Debian bos31337 that's debian brokenness. tetron has it been reported? bos31337 i don't know. i don't use debian. Perhaps it is a matter of taste, but my understanding is that python-dev is specifically for developing with the Python C API, whereas bzr is a pure Python program that happens to use some information from /usr/lib/python2.4/config/Makefile in order to install in a reasonable place. Thus, these config files should probably be part of the main Python package, and not python-dev. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages python2.4 depends on: ii libbz2-1.01.0.3-2high-quality block-sorting file co ii libc6 2.3.6-3GNU C Library: Shared libraries an ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [ ii libncurses5 5.5-1 Shared libraries for terminal hand ii libreadline5 5.1-7 GNU readline and history libraries ii libssl0.9.8 0.9.8a-8 SSL shared libraries ii python2.4-minimal 2.4.2-2A minimal subset of the Python lan python2.4 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#364523: python2.4-crypto: depends on libgmp3c2 but it is not installable
Package: python2.4-crypto Severity: normal Found while trying to install python-paramiko, which depends on python-crypto: $ sudo apt-get install python2.4-crypto Reading Package Lists... Done Building Dependency Tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: python2.4-crypto: Depends: libgmp3c2 but it is not installable E: Broken packages -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344242: wxwidgets leaks regfree() symbol, conflicts with libc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: wxwidgets2.6
Version: 2.6.1.2
Debian package of WxWidgets v2.6.1.2 on AMD64 Linux
WxWidgets has its own regular expression library. Among other things, this
library defines the function regfree(). This directly conflicts with the
POSIX regfree() which is provided by libc on Unix platforms. As a result,
it is possible to get into a situation where an application (perhaps one
linking with a 3rd party library or plugin) links to regcomp() and
regexec() provided by libc, but regfree() provided by WxWidgets. This
causes a crash because the WxWidgets regfree() is obviously not compatible
with the libc regcomp().
I can see no good reason for the implementation of regfree() within
WxWidgets to be named that way. Anyone using regular expressions in
WxWidgets should be doing so via the WxWidgets C++ class. The obvious fix
is to simply rename regfree() to something that won't cause a conflict,
such as wx_regfree().
Bug report has already been filed upstream with the proposed fix (attached
patch).
[ Peter Amstutz ][ [EMAIL PROTECTED] ][ [EMAIL PROTECTED] ]
[Lead Programmer][Interreality Project][Virtual Reality for the Internet]
[ VOS: Next Generation Internet Communication][ http://interreality.org ]
[ http://interreality.org/~tetron ][ pgpkey: pgpkeys.mit.edu 18C21DF7 ]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDqMZ5aeHUyhjCHfcRArO6AKCp6HyhlxAw1TmKrV2qfdAaJnb1pQCfQx8k
lNWTKwSAhR6U6RD1OYtEWMQ=
=gs5p
-END PGP SIGNATURE-
diff -ruw wxwidgets2.6-2.6.1.2/src/common/regex.cpp
wxwidgets2.6-2.6.1.2-regfreefix/src/common/regex.cpp
--- wxwidgets2.6-2.6.1.2/src/common/regex.cpp 2005-08-25 08:52:18.0
-0400
+++ wxwidgets2.6-2.6.1.2-regfreefix/src/common/regex.cpp2005-12-20
21:30:25.0 -0500
@@ -89,7 +89,7 @@
{
if ( IsValid() )
{
-regfree(m_RegEx);
+wx_regfree(m_RegEx);
}
delete [] m_Matches;
diff -ruw wxwidgets2.6-2.6.1.2/src/regex/regex.h
wxwidgets2.6-2.6.1.2-regfreefix/src/regex/regex.h
--- wxwidgets2.6-2.6.1.2/src/regex/regex.h 2005-08-25 08:52:04.0
-0400
+++ wxwidgets2.6-2.6.1.2-regfreefix/src/regex/regex.h 2005-12-20
21:30:58.0 -0500
@@ -254,7 +254,7 @@
/*
* misc generics (may be more functions here eventually)
- ^ re_void regfree(regex_t *);
+ ^ re_void wx_regfree(regex_t *);
*/
@@ -318,7 +318,7 @@
#ifdef __REG_WIDE_T
int __REG_WIDE_EXEC _ANSI_ARGS_((regex_t *, __REG_CONST __REG_WIDE_T *,
size_t, rm_detail_t *, size_t, regmatch_t [], int));
#endif
-re_void regfree _ANSI_ARGS_((regex_t *));
+re_void wx_regfree _ANSI_ARGS_((regex_t *));
extern size_t regerror _ANSI_ARGS_((int, __REG_CONST regex_t *, char *,
size_t));
/* automatically gathered by fwd; do not hand-edit */
/* =^!^= end forwards =^!^= */
