Bug#885298: gquilt: Depends on unmaintained pygtk
I lost interest in maintaining gquilt when I created darning (https://github.com/pwil3058/darning) and stopped using quilt. I do not intend to do any more work on gquilt so if you wish to continue using it you should arrange for someone to take it over from me. Sorry, Peter On 26/12/17 15:39, Jeremy Bicha wrote: Source: gquilt Version: 0.25-5 Severity: serious User: pkg-gnome-maintain...@lists.alioth.debian.org Usertags: oldlibs pygtk Tags: sid buster pygtk is unmaintained upstream. It has not had a release since GNOME 3 was released in 2011. The way forward is to port your app to use GObject Introspection bindings. For more information on GObject Introspection see [1] and [2]. Please try to do this before the Buster release as we're going to try to remove pygtk this cycle. If you have any question don't hesitate to ask. [1] https://wiki.gnome.org/Projects/GObjectIntrospection [2] https://wiki.gnome.org/Projects/PyGObject On behalf of the Debian GNOME team, Jeremy Bicha
Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way
On 02/12/10 13:22, Christine Spang wrote: Hi all, Since we are currently in deep freeze for Squeeze, I'm very hesitant to ask the release managers to make an exception for a new release. (I wish I'd known that the new release fixed important bugs! I glanced at the changelog but it seemed like it was all trivial or irrelevant-for-Debian things such as Python 3 fixes.) The main change was the change to installation using distutils (which should put stuff in standard places). I don't think that changed anything substantial (so I agree with your assessment). It looks like gquilt doesn't actually require PYTHONPATH to be set, anyway, since python already adds the directory of the executed script to sys.path. I propose the following patch: I missed that subtlety (i.e. making /bin/gquilt a bash script displaced the executed script path to the library directory). A heads up. I'm currently working on a major upgrade to gquilt. Do you need me to tell me when I do the release? Peter -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way
On 28/11/10 08:38, Sandro Tosi wrote: Package: gquilt Version: 0.22-1 Severity: grave Tags: security User: debian-pyt...@lists.debian.org Usertags: pythonpath Jakub Wilk performed an analysis[1] for packages setting PYTHONPATH in an insecure way. Those packages do something like: PYTHONPATH=/spam/eggs:$PYTHONPATH This is wrong, because if PYTHONPATH were originally unset or empty, current working directory would be added to sys.path. [1] http://lists.debian.org/debian-python/2010/11/msg00045.html Your package turns out to have vulnerable scripts in PATH: you can find a complete log at [2]. [2] http://people.debian.org/~morph/mbf/pythonpath.txt Some guidelines on how to fix these bugs: in the case given above, you can use something like PYTHONPATH=/spam/eggs${PYTHONPATH:+:$PYTHONPATH} (If you don't known this construct, grep for Use Alternative Value in the bash/dash manpage.) Also, in cases like PYTHONPATH=/usr/lib/python2.5/site-packages/:$PYTHONPATH or PYTHONPATH=$PYTHONPATH:$SPAMDIR exec python $SPAMDIR/spam.py you shouldn't need to touch PYTHONPATH at all. Feel free to contact debian-pyt...@lists.debian.org in case of help. Please update to gquilt-0.24 (released about 7 weeks ago) as the above problem is no longer present in the code. Peter -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#411198: gquilt: doesn't start due to dependency problem
Jiří Paleček wrote: Package: gquilt Version: 0.17-2 Severity: serious Justification: renders package unusable Hello, I have recently updated python 2.4 and from this time, gquilt refused working with an error message immediately after I run it: RuntimeError: Bad magic number in .pyc file Probably there is some problem with the dependencies? I have only python 2.3 and 2.4 installed A quick fix would be just delete the pyc files. The only downside to that should be a slight slowdown in start up time due to the absence of the byte compiled code. But I would recommend upgrading to a later version of gquilt (notably v-0.19). I don't know whether this is available as a Debian package yet as that is/was done by someone else but the source is available at http://downloads.sourceforge.net/gquilt/gquilt-0.19.tar.gz?use_mirror=optusnet. Regards Jiri Palecek -- System Information: Debian Release: 4.0 Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17.3 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-2) (ignored: LC_ALL set to cs_CZ) Versions of packages gquilt depends on: ii python-central0.5.12 register and build utility for Pyt ii python-gtk2 2.8.6-8Python bindings for the GTK+ widge ii quilt 0.45-6 Tool to work with series of patche Versions of packages gquilt recommends: ii meld 1.1.3-1.2 graphical tool to diff and merge f -- no debconf information --Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ Peter -- Peter Williams [EMAIL PROTECTED] Learning, n. The kind of ignorance distinguishing the studious. -- Ambrose Bierce -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]