Bug#885298: gquilt: Depends on unmaintained pygtk

2017-12-26 Thread Peter Williams 
I lost interest in maintaining gquilt when I created darning 
(https://github.com/pwil3058/darning) and stopped using quilt.  I do not 
intend to do any more work on gquilt so if you wish to continue using it 
you should arrange for someone to take it over from me.


Sorry,
Peter

On 26/12/17 15:39, Jeremy Bicha wrote:

Source: gquilt
Version: 0.25-5
Severity: serious
User: pkg-gnome-maintain...@lists.alioth.debian.org
Usertags: oldlibs pygtk
Tags: sid buster

pygtk is unmaintained upstream. It has not had a release since GNOME 3
was released in 2011.

The way forward is to port your app to use GObject Introspection
bindings.

For more information on GObject Introspection see [1] and [2].

Please try to do this before the Buster release as we're going to
try to remove pygtk this cycle.

If you have any question don't hesitate to ask.

[1] https://wiki.gnome.org/Projects/GObjectIntrospection
[2] https://wiki.gnome.org/Projects/PyGObject

On behalf of the Debian GNOME team,
Jeremy Bicha

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

2010-12-01 Thread Peter Williams 

On 02/12/10 13:22, Christine Spang wrote:

Hi all,

Since we are currently in deep freeze for Squeeze, I'm very
hesitant to ask the release managers to make an exception
for a new release. (I wish I'd known that the new release
fixed important bugs! I glanced at the changelog but it
seemed like it was all trivial or irrelevant-for-Debian
things such as Python 3 fixes.)


The main change was the change to installation using distutils (which 
should put stuff in standard places).  I don't think that changed 
anything substantial (so I agree with your assessment).




It looks like gquilt doesn't actually require PYTHONPATH to
be set, anyway, since python already adds the directory of
the executed script to sys.path. I propose the following
patch:


I missed that subtlety (i.e. making /bin/gquilt a bash script displaced 
the executed script path to the library directory).


A heads up.  I'm currently working on a major upgrade to gquilt.  Do you 
need me to tell me when I do the release?


Peter



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#605155: gquilt: Use of PYTHONPATH env var in an insecure way

2010-11-27 Thread Peter Williams 

On 28/11/10 08:38, Sandro Tosi wrote:

Package: gquilt
Version: 0.22-1
Severity: grave
Tags: security
User: debian-pyt...@lists.debian.org
Usertags: pythonpath

Jakub Wilk performed an analysis[1] for packages setting PYTHONPATH in
an insecure way. Those packages do something like:

 PYTHONPATH=/spam/eggs:$PYTHONPATH

This is wrong, because if PYTHONPATH were originally unset or empty,
current working directory would be added to sys.path.

[1] http://lists.debian.org/debian-python/2010/11/msg00045.html

Your package turns out to have vulnerable scripts in PATH: you can
find a complete log at [2].

[2] http://people.debian.org/~morph/mbf/pythonpath.txt

Some guidelines on how to fix these bugs: in the case given above, you
can use something like

 PYTHONPATH=/spam/eggs${PYTHONPATH:+:$PYTHONPATH}

(If you don't known this construct, grep for Use Alternative Value
in the bash/dash manpage.)

Also, in cases like

PYTHONPATH=/usr/lib/python2.5/site-packages/:$PYTHONPATH

or

PYTHONPATH=$PYTHONPATH:$SPAMDIR exec python $SPAMDIR/spam.py

you shouldn't need to touch PYTHONPATH at all.

Feel free to contact debian-pyt...@lists.debian.org in case of
help.


Please update to gquilt-0.24 (released about 7 weeks ago) as the above 
problem is no longer present in the code.


Peter



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#411198: gquilt: doesn't start due to dependency problem

2007-02-16 Thread Peter Williams 

Jiří Paleček wrote:

Package: gquilt
Version: 0.17-2
Severity: serious
Justification: renders package unusable

Hello,

I have recently updated python 2.4 and from this time, gquilt refused
working with an error message immediately after I run it:

RuntimeError: Bad magic number in .pyc file

Probably there is some problem with the dependencies?
I have only python 2.3 and 2.4 installed


A quick fix would be just delete the pyc files.  The only downside to 
that should be a slight slowdown in start up time due to the absence of 
the byte compiled code.


But I would recommend upgrading to a later version of gquilt (notably 
v-0.19).  I don't know whether this is available as a Debian package yet 
as that is/was done by someone else but the source is available at 
http://downloads.sourceforge.net/gquilt/gquilt-0.19.tar.gz?use_mirror=optusnet.




Regards
Jiri Palecek

-- System Information:
Debian Release: 4.0
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17.3
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-2) (ignored: LC_ALL set to 
cs_CZ)


Versions of packages gquilt depends on:
ii  python-central0.5.12 register and build utility 
for Pyt
ii  python-gtk2   2.8.6-8Python bindings for the 
GTK+ widge
ii  quilt 0.45-6 Tool to work with series of 
patche


Versions of packages gquilt recommends:
ii  meld  1.1.3-1.2  graphical tool to diff and 
merge f


-- no debconf information
--Using Opera's revolutionary e-mail client: http://www.opera.com/mail/




Peter
--
Peter Williams   [EMAIL PROTECTED]

Learning, n. The kind of ignorance distinguishing the studious.
 -- Ambrose Bierce


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]