Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-25 Thread أحمد المحمودي
On Mon, Jan 21, 2019 at 03:37:24PM +0100, Adam Borowski wrote:
> Alas, it still FTBFSes:
> 
> Working on: /<>/doc/manual.xml
> xmlto: /<>/doc/manual.xml does not validate (status 3)
> xmlto: Fix document syntax or use --skip-validation option
> /<>/doc/manual.xml:3993: element link: validity error : IDREF 
> attribute linkend references an unknown ID "CONFIG-SCRIPTING-SPIDERMONKEY"
> Document /<>/doc/manual.xml does not validate
> make[2]: *** [Makefile:201: manual.html-chunked] Error 13
---end quoted text---

Fixed upstream. I have re-uploaded to mentors.
-- 
‎أحمد المحمودي (Ahmed El-Mahmoudy)
 Digital design engineer
GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7
GPG Fingerprints:
 6E2E E4BB 72E2 F417 D066  6ABF 7B30 B496 A7EF 5761
 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: PGP signature


Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-21 Thread Adam Borowski
On Mon, Jan 21, 2019 at 03:26:18PM +0100, أحمد المحمودي wrote:
> Re-uploaded elinks, with libmozjs60-dev | libmozjs-dev (removed obsolete 
> libmozjs185-dev)

Alas, it still FTBFSes:

Working on: /<>/doc/manual.xml
xmlto: /<>/doc/manual.xml does not validate (status 3)
xmlto: Fix document syntax or use --skip-validation option
/<>/doc/manual.xml:3993: element link: validity error : IDREF 
attribute linkend references an unknown ID "CONFIG-SCRIPTING-SPIDERMONKEY"
Document /<>/doc/manual.xml does not validate
make[2]: *** [Makefile:201: manual.html-chunked] Error 13


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.
⠈⠳⣄



Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-21 Thread أحمد المحمودي
On Sat, Jan 19, 2019 at 01:41:58AM +0100, Adam Borowski wrote:
> On Sat, Jan 19, 2019 at 07:47:51AM +0800, Paul Wise wrote:
> > On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote:
> > The most ideal situation would be to leave it off by default but
> > have a command-line option to turn it on.
---end quoted text---

Elinks is only compiled with javascript, but it is disabled by default. 
ie. the user has to switch it on.

Re-uploaded elinks, with libmozjs60-dev | libmozjs-dev (removed obsolete 
libmozjs185-dev)

-- 
‎أحمد المحمودي (Ahmed El-Mahmoudy)
 Digital design engineer
GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7
GPG Fingerprints:
 6E2E E4BB 72E2 F417 D066  6ABF 7B30 B496 A7EF 5761
 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: PGP signature


Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-18 Thread Adam Borowski
On Sat, Jan 19, 2019 at 07:47:51AM +0800, Paul Wise wrote:
> On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote:
> 
> > I'm not entirely sure if enabling javascript is such a hot idea in a
> > codebase that hardly sees maintenance these days.  But it's up to you...
> 
> Personally I think the users of terminal-based web browsers would be
> very surprised and possibly upset that their browser suddenly supports
> JavaScript. At minimum, I would suggest a NEWS.Debian entry about
> this. The most ideal situation would be to leave it off by default but
> have a command-line option to turn it on.

I wouldn't be _this_ negative, but only if the defaults are reasonable (ie,
javascript only from the first-party site, akin to Firefox with uMatrix in
its default configuration).  I don't know how good this implementation of
Javascript is in practice -- previous attempt sucked -- but quite a large
part of sites rely on that abomination to display meaningful contents.

Thus, it might work adequately, only testing can show.  It's up to Ahmed to
decide -- this kind of decisions are what we have maintainers for (before
users start spamming complaints :p).

My remark was mostly about a project dormant for years -- or, with the fork,
not established enough to be trusted for security matters -- not being able
to provide reasonable support for something that's a notorious attack
surface.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.
⠈⠳⣄



Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-18 Thread Paul Wise
On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote:

> I'm not entirely sure if enabling javascript is such a hot idea in a
> codebase that hardly sees maintenance these days.  But it's up to you...

Personally I think the users of terminal-based web browsers would be
very surprised and possibly upset that their browser suddenly supports
JavaScript. At minimum, I would suggest a NEWS.Debian entry about
this. The most ideal situation would be to leave it off by default but
have a command-line option to turn it on.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise



Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-18 Thread Adam Borowski
On Fri, Jan 18, 2019 at 07:42:08AM +0100, أحمد المحمودي wrote:
>  I am adopting elinks.

Awesome!

>  Anyways, this upload is targetting experimental, as I have enabled 
>  several features like Bittorrent and Javascript.

I'm not entirely sure if enabling javascript is such a hot idea in a
codebase that hardly sees maintenance these days.  But it's up to you...

> elinks (0.13~20190114-1) experimental; urgency=medium

>   dget -x 
> https://mentors.debian.net/debian/pool/main/e/elinks/elinks_0.13~20190114-1.dsc

Alas, the package build-depends on libmozjs185-dev which has been removed in
March...


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.
⠈⠳⣄



Bug#919637: RFS: elinks/0.13~20190114-1 [ITA]

2019-01-17 Thread أحمد المحمودي
Package: sponsorship-requests
Severity: normal

Hello,

 I am adopting elinks. I have worked on the fork that Moritz has 
 mentioned: https://github.com/rkd77/felinks
 I have emailed previous upstream maintainers,asking them if they are 
 still maintaining elinks. Two emails bounced back, and I still got no 
 reply from the others.
 Anyways, this upload is targetting experimental, as I have enabled 
 several features like Bittorrent and Javascript.

This upload fixes the following bugs
#740981 (normal): elinks: doesn't check if hostname matches certificate's 
CN/SAN (CWE-297)
#757631 (normal): elinks: HTML5 source element display missing
#797931 (normal): elinks: Does not support SSL rehandshakes
#797934 (wishlist): elinks: Support for SSL authentication using client certs
#797968 (wishlist): elinks: Please add support for TLS SNI
#856852 (normal): cert_verify is disabled by default
#866015 (important): elinks: SSL error with some websites
#879539 (minor): elinks: contains code related to gnutls pgp supprt
#891575 (important): elinks: CVE-2012-6709
#917406 (normal): ITA: elinks -- advanced text-mode WWW browser

Last changelog entry is:
elinks (0.13~20190114-1) experimental; urgency=medium

  * New upstream release (Closes: #891575, #797931, #797934, #757631,
#866015, #797968, #740981, #865852)
  * Add git-buildpackage conf file
  * Refreshed patches & removed patches that were includes upstream.
Removed patches:
08-drop-deprecated-gnutls-functions.diff (Closes: #879539)
08_524696_fix_imdb_urls.diff
09-Switch-to-use-lua-5.1.diff
  * Add libgcrypt20-dev to build deps
  * Re-added 14_debug_disable_Werror.diff to enable development versions debug
support
  * Added 16_POST_BUFFER_SIZE.diff patch which to enable  uploading large files
over https:// connections.
  * Add ascii-replacement-utf8-console.diff patch to print ASCII replacement
for characters not found in current codepage in utf8 mode
  * Enable LZMA support
  * Enable BitTorrent
  * Enable NNTP Support
  * Enable Unicode combining characters support
  * Enable EX mode support
  * Enable SpiderMonkey support
  * Enable terminfo support
  * Build documentation
  * Build with libev
  * Bumped to compat level 12.
No need to have dh-autoreconf, autotools-dev from build deps
Also no need to explicitly call the respective sequences in rules
  * Remove old upstream gpg key.
  * Remove whitespaces
  * Renamed elinks.config to elinks.conf, old name confused build scrips
  * debian/rules: Override dh_installexamples to exclude .gitignore
  * Add typos.diff patch to fix spelling mistakes
  * debian/control:
+ Replace Conflicts with Breaks+Replaces
+ Update standards version to 4.3.0
+ New maintainer (Closes: #917406)
+ Add Vcs-* fields
  * Add upstream metadata
  * Switch to DEP-5 copyright format
  * Disable pristine-tar, since we are getting the release from upstream git


There is one lintian warning:
W: elinks-data: manpage-has-errors-from-man usr/share/man/man5/elinks.conf.5.gz 
1166: warning [p 14, 7.0i]: can't break line

The package is on: g...@salsa.debian.org:aelmahmoudy-guest/elinks.git , 
felinks branch

To access further information about this package, please visit the following 
URL:
https://mentors.debian.net/package/elinks

Alternatively, one can download the package with dget using this command:
  dget -x 
https://mentors.debian.net/debian/pool/main/e/elinks/elinks_0.13~20190114-1.dsc

-- 
‎أحمد المحمودي (Ahmed El-Mahmoudy)
 Digital design engineer
GPG KeyIDs: 4096R/A7EF5671 2048R/EDDDA1B7
GPG Fingerprints:
 6E2E E4BB 72E2 F417 D066  6ABF 7B30 B496 A7EF 5761
 8206 A196 2084 7E6D 0DF8  B176 BC19 6A94 EDDD A1B7


signature.asc
Description: PGP signature