Bug#1073039: transition: libqalculate
Package: release.debian.org Severity: normal X-Debbugs-Cc: libqalcul...@packages.debian.org, j...@debian.org Control: affects -1 + src:libqalculate User: release.debian@packages.debian.org Usertags: transition Hello release team, I'm requesting a slot for the libqalculate 5.x transition. This upstream major release bumps the SONAME from 22 to 23. I've rebuilt all reverse dependencies in a chroot locally. These all work fine: - cantor 4:22.12.3-1.1 - plasma-workspace 4:5.27.11.1-1 - step 4:22.12.3-1 qalculate-gtk (from the same upstream) needs to be updated to the latest v5.1.0 to build correctly. I can upload this to experimental as well if it's helpful, or upload the new libqalculate + qalculate-gtk to unstable together - let me know what you prefer. Ben file: title = "libqalculate"; is_affected = .depends ~ "libqalculate22t64" | .depends ~ "libqalculate23"; is_good = .depends ~ "libqalculate23"; is_bad = .depends ~ "libqalculate22t64"; (This is my first library transition, please let me know if I've missed anything!) Best, James
Bug#927732: unblock: variety/0.7.1-2 (pre-approval)
Control: tags -1 moreinfo Hi Niels, I've uploaded the package and it should be in unstable now. Best, James On 2019-04-21 10:45 p.m., Niels Thykier wrote: > Control: tags -1 moreinfo confirmed > > James Lu: >> Package: release.debian.org >> Severity: normal >> User: release.debian@packages.debian.org >> Usertags: unblock >> >> Dear Release Team, >> >> Please consider unblocking variety 0.7.1-2. I've backported a couple of >> fixes from the newest upstream version, which fix a couple of subtle but >> annoying bugs. The changelog is as follows: >> >> variety (0.7.1-2) unstable; urgency=medium >> >> * Backport bugfixes from Variety 0.7.2: >> - fix-crash-on-help-version.patch: Don't forward --help or --version to >> running Variety instances, as this causes it to crash. >> - fix-spurious-error-when-analyzing-gifs.patch: Fix spurious >> FileNotFoundError when analyzing GIFs inside a wallpaper folder >> >> -- James Lu Sun, 21 Apr 2019 19:10:58 -0700 >> >> The debdiff is attached. >> >> Best, >> James >> > > Hi James, > > Please go ahead with this upload and remove the moreinfo tag when it is > in unstable and ready to be unblocked. > > Thanks, > ~Niels >
Bug#927732: unblock: variety/0.7.1-2 (pre-approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear Release Team, Please consider unblocking variety 0.7.1-2. I've backported a couple of fixes from the newest upstream version, which fix a couple of subtle but annoying bugs. The changelog is as follows: variety (0.7.1-2) unstable; urgency=medium * Backport bugfixes from Variety 0.7.2: - fix-crash-on-help-version.patch: Don't forward --help or --version to running Variety instances, as this causes it to crash. - fix-spurious-error-when-analyzing-gifs.patch: Fix spurious FileNotFoundError when analyzing GIFs inside a wallpaper folder -- James Lu Sun, 21 Apr 2019 19:10:58 -0700 The debdiff is attached. Best, James diff -Nru variety-0.7.1/debian/changelog variety-0.7.1/debian/changelog --- variety-0.7.1/debian/changelog 2018-10-28 20:45:18.0 -0700 +++ variety-0.7.1/debian/changelog 2019-04-21 19:10:58.0 -0700 @@ -1,3 +1,13 @@ +variety (0.7.1-2) unstable; urgency=medium + + * Backport bugfixes from Variety 0.7.2: +- fix-crash-on-help-version.patch: Don't forward --help or --version to + running Variety instances, as this causes it to crash. +- fix-spurious-error-when-analyzing-gifs.patch: Fix spurious + FileNotFoundError when analyzing GIFs inside a wallpaper folder + + -- James Lu Sun, 21 Apr 2019 19:10:58 -0700 + variety (0.7.1-1) unstable; urgency=medium [ Jelmer Vernooij ] diff -Nru variety-0.7.1/debian/patches/fix-crash-on-help-version.patch variety-0.7.1/debian/patches/fix-crash-on-help-version.patch --- variety-0.7.1/debian/patches/fix-crash-on-help-version.patch 1969-12-31 16:00:00.0 -0800 +++ variety-0.7.1/debian/patches/fix-crash-on-help-version.patch 2019-04-21 19:10:58.0 -0700 @@ -0,0 +1,33 @@ +Description: Don't forward --help or --version to running Variety instances, as this causes it to crash. + Parse options before checking for running instance to show help. +Author: Pedro Romano +Origin: upstream, https://github.com/varietywalls/variety/commit/4977f86ffc662ae3909cf97f6baa892ea17b4fc5 +Applied-Upstream: 0.7.2 +--- + variety/__init__.py | 6 -- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/variety/__init__.py b/variety/__init__.py +@@ -148,6 +148,9 @@ + + arguments = sys.argv[1:] + ++# validate arguments ++options, args = VarietyWindow.VarietyWindow.parse_options(arguments) ++ + bus = dbus.SessionBus() + # ensure singleton + if bus.request_name(DBUS_KEY) != dbus.bus.REQUEST_NAME_REPLY_PRIMARY_OWNER: +@@ -161,10 +164,9 @@ + safe_print(result) + return + +-# validate arguments and set up logging ++# set up logging + # set_up_logging must be called after the DBus checks, only by one running instance, + # or the log file can be corrupted +-options, args = VarietyWindow.VarietyWindow.parse_options(arguments) + set_up_logging(options.verbose) + + if options.verbose >= 2: diff -Nru variety-0.7.1/debian/patches/fix-spurious-error-when-analyzing-gifs.patch variety-0.7.1/debian/patches/fix-spurious-error-when-analyzing-gifs.patch --- variety-0.7.1/debian/patches/fix-spurious-error-when-analyzing-gifs.patch 1969-12-31 16:00:00.0 -0800 +++ variety-0.7.1/debian/patches/fix-spurious-error-when-analyzing-gifs.patch 2019-04-21 19:10:58.0 -0700 @@ -0,0 +1,45 @@ +Description: Fix spurious FileNotFoundError when analyzing GIFs inside a wallpaper folder. + The path being passed to the helper function was not correct. +Author: James Lu +Origin: upstream, https://github.com/varietywalls/variety/commit/25714cd13e80602a5e08bf02ab1baf2dd9e1a97e +Bug: https://github.com/varietywalls/variety/issues/132 +Applied-Upstream: 0.7.2 +--- + variety/Util.py | 9 ++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/variety/Util.py b/variety/Util.py +index 86c70de..e038ff0 100644 +--- a/variety/Util.py b/variety/Util.py +@@ -363,6 +363,7 @@ class Util: + def list_files(files=(), folders=(), filter_func=(lambda f: True), max_files=1, randomize=True): + count = 0 + for filepath in files: ++logger.debug(lambda: 'checking file %s against filter_func %s' % (filepath, filter_func)) + if filter_func(filepath) and os.access(filepath, os.R_OK): + count += 1 + yield filepath +@@ -379,14 +380,16 @@ class Util: + random.shuffle(files) + random.shuffle(subFolders) + for filename in files: +-if filter_func(filename): ++logger.debug(lambda: 'checking file %s against filter_func %s (root=%s)' % (filename, filter_func, root)) ++path = os.path.join(root, filename) ++if filter_func(p
Bug#882197: stretch-pu: package variety/0.6.3-5+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Dear Release Team, I've prepared an update for Variety to fix some shell injection bugs caused by crafted filenames. These fixes are backported from the 0.6.6 release which is currently in unstable. The debdiff is attached, and the full changelog is below: variety (0.6.3-5+deb9u1) stretch; urgency=medium * Backport various security fixes from Variety 0.6.6: - Fix shell injection on deleting files to trash, from upstream commit https://github.com/varietywalls/variety/commit/475a5e076b9c8c7c83176214f84455dc78834723 - Fix shell injection in filter and clock with specially crafted filenames; upstream commit https://github.com/varietywalls/variety/commit/65722237baa996b0ef2389cea693bfeeba62b224 - Harden ImageMagick calls against potential shell injection: https://github.com/varietywalls/variety/commit/a7c134ecd494bb878c73df9f65cb838dbb57413a Best, James -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (450, 'unstable'), (101, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8), LANGUAGE=en_CA.utf8 (charmap=UTF-8) diff -Nru variety-0.6.3/debian/changelog variety-0.6.3/debian/changelog --- variety-0.6.3/debian/changelog 2017-05-06 16:43:32.0 -0700 +++ variety-0.6.3/debian/changelog 2017-11-14 12:42:11.0 -0800 @@ -1,3 +1,16 @@ +variety (0.6.3-5+deb9u1) stretch; urgency=medium + + * Backport various security fixes from Variety 0.6.6: +- Fix shell injection on deleting files to trash, from upstream commit + https://github.com/varietywalls/variety/commit/475a5e076b9c8c7c83176214f84455dc78834723 +- Fix shell injection in filter and clock with specially crafted + filenames; upstream commit + https://github.com/varietywalls/variety/commit/65722237baa996b0ef2389cea693bfeeba62b224 +- Harden ImageMagick calls against potential shell injection: + https://github.com/varietywalls/variety/commit/a7c134ecd494bb878c73df9f65cb838dbb57413a + + -- James Lu <bitfl...@gmail.com> Tue, 14 Nov 2017 12:42:11 -0800 + variety (0.6.3-5) unstable; urgency=medium * Add fix-autoscroll-high-cpu.patch backported from upstream Bzr revision diff -Nru variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch --- variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch 1969-12-31 16:00:00.0 -0800 +++ variety-0.6.3/debian/patches/0001-Fix-shell-injection-on-deleting-to-trash-via-special.patch 2017-11-14 12:42:11.0 -0800 @@ -0,0 +1,65 @@ +From 475a5e076b9c8c7c83176214f84455dc78834723 Mon Sep 17 00:00:00 2001 +From: James Lu <ja...@overdrivenetworks.com> +Date: Sun, 10 Sep 2017 10:39:13 -0700 +Subject: [PATCH 1/3] Fix shell injection on deleting to trash via specially + crafted filenames + +Rewrite this code in subprocess.call (which doesn't spawn a shell by default), and explicitly check whether trash programs are installed before running them. +--- + variety/VarietyWindow.py | 31 +-- + 1 file changed, 25 insertions(+), 6 deletions(-) + +diff --git a/variety/VarietyWindow.py b/variety/VarietyWindow.py +index b99cd1a..c9bb770 100644 +--- a/variety/VarietyWindow.py b/variety/VarietyWindow.py +@@ -43,6 +43,10 @@ import urlparse + import webbrowser + from PIL import Image as PILImage + ++# Replacement for shutil.which, which (no pun intended) only exists on Python 3.3+ ++# unless we want another 3rd party dependency. ++from distutils.spawn import find_executable ++ + random.seed() + logger = logging.getLogger('variety') + +@@ -1721,14 +1725,29 @@ class VarietyWindow(Gtk.Window): + def _go(): + self.smart.report_file(file, 'trash', async=False) + +-command = 'gvfs-trash "%s" || trash-put "%s" || kfmclient move "%s" trash:/' % (file, file, file) +-logger.info(lambda: "Running trash command %s" % command) +-result = os.system(command.encode('utf8')) +-if result != 0: +-logger.error(lambda: "Trash resulted in error code %d" % result) ++command = '' ++if find_executable('gvfs-trash'): ++command = ['gvfs-trash', file.encode('utf-8')] ++elif find_executable('trash-put'): ++command = ['trash-put', file.encode('utf-8')] ++elif f
Bug#869676: stretch-pu: package gnome-exe-thumbnailer/0.9.4-2+deb9u1
Hello, This was uploaded! (CC'ing my sponsor as well) Best, James On 08/08/17 08:52 AM, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Tue, 2017-07-25 at 22:50 +0800, James Lu wrote: >> I've prepared an update to gnome-exe-thumbnailer which includes two changes >> backported from the 0.9.5 release: >> >> 1) Migrating away from insecure Wine+VBScript based parsing of .msi files to >> msitools, as part of the fix for CVE-2017-11421[1] (VBScript code injection >> via >> filenames containing code). This issue was marked no-dsa, so I'm sending the >> update here instead. I also adjusted the dependencies to add msitools, but >> IIRC >> this means that users upgrading will need to run dist-upgrade (if such a >> change >> is too disruptive, I will probably look at disabling version info for .msi >> files entirely). >> >> 2) Fix readability of version labels by using a dark background colour. >> Previously, the version label exe-thumbnailer adds to generated thumbnails >> used >> a transparent background, which shows up as white text on white with a >> default >> configuration. >> >> [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421 > > Please go ahead. > > Regards, > > Adam > signature.asc Description: OpenPGP digital signature
Bug#869676: stretch-pu: package gnome-exe-thumbnailer/0.9.4-2+deb9u1
Package: release.debian.org Severity: normal Tags: stretch User: release.debian@packages.debian.org Usertags: pu Hi Release Team, I've prepared an update to gnome-exe-thumbnailer which includes two changes backported from the 0.9.5 release: 1) Migrating away from insecure Wine+VBScript based parsing of .msi files to msitools, as part of the fix for CVE-2017-11421[1] (VBScript code injection via filenames containing code). This issue was marked no-dsa, so I'm sending the update here instead. I also adjusted the dependencies to add msitools, but IIRC this means that users upgrading will need to run dist-upgrade (if such a change is too disruptive, I will probably look at disabling version info for .msi files entirely). 2) Fix readability of version labels by using a dark background colour. Previously, the version label exe-thumbnailer adds to generated thumbnails used a transparent background, which shows up as white text on white with a default configuration. [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11421 The debdiff is attached. Best, James -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (700, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en (charmap=UTF-8) diff -Nru gnome-exe-thumbnailer-0.9.4/debian/changelog gnome-exe-thumbnailer-0.9.4/debian/changelog --- gnome-exe-thumbnailer-0.9.4/debian/changelog2016-12-12 04:55:32.0 +0800 +++ gnome-exe-thumbnailer-0.9.4/debian/changelog2017-07-25 22:28:41.0 +0800 @@ -1,3 +1,17 @@ +gnome-exe-thumbnailer (0.9.4-2+deb9u1) stretch; urgency=high + + * Add patch switch-to-msiinfo.patch: +- Switch to msitools' msiinfo for ProductVersion fetching, replacing the + insecure VBScript-based parsing as described at + http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html + (Closes: #868705; LP: #651610; CVE-2017-11421) + * Add msitools to recommends; it is now used to fetch .msi version info. + * Add patch fix-version-label-readability.patch backported from + https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1cf4df81836985d9660f950287232b3255ee17bb +to fix unreadable white-on-white text on version labels. + + -- James Lu <bitfl...@gmail.com> Tue, 25 Jul 2017 07:28:41 -0700 + gnome-exe-thumbnailer (0.9.4-2) unstable; urgency=medium * Add recommends on wine and wine-tools, as these are needed for .lnk and diff -Nru gnome-exe-thumbnailer-0.9.4/debian/control gnome-exe-thumbnailer-0.9.4/debian/control --- gnome-exe-thumbnailer-0.9.4/debian/control 2016-12-12 04:55:32.0 +0800 +++ gnome-exe-thumbnailer-0.9.4/debian/control 2017-07-25 22:05:01.0 +0800 @@ -14,8 +14,10 @@ Multi-Arch: foreign Depends: ${misc:Depends}, icoutils, imagemagick, libglib2.0-bin # wine and wine(32|64)-tools are needed for .lnk and .msi thumbnailing -# wine provides winepath and cscript, while wine(32|64)-tools provides winedump -Recommends: wine, +# wine provides winepath, while wine(32|64)-tools provides winedump +# mistools provides msiinfo to fetch version tags on .msi files +Recommends: msitools, +wine, wine64-tools | wine32-tools | wine64-development-tools | wine32-development-tools Description: Wine .exe and other executable thumbnailer for GNOME gnome-exe-thumbnailer is a thumbnailer for Windows executable files diff -Nru gnome-exe-thumbnailer-0.9.4/debian/patches/fix-version-label-readability.patch gnome-exe-thumbnailer-0.9.4/debian/patches/fix-version-label-readability.patch --- gnome-exe-thumbnailer-0.9.4/debian/patches/fix-version-label-readability.patch 1970-01-01 08:00:00.0 +0800 +++ gnome-exe-thumbnailer-0.9.4/debian/patches/fix-version-label-readability.patch 2017-07-25 22:27:25.0 +0800 @@ -0,0 +1,20 @@ +Author: James Lu <ja...@overdrivenetworks.com> +Subject: Fix readability of version labels by using a dark background colour + Previously, the version label used a transparent background, which would show + up as white text on white in many cases. +Origin: upstream, https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1cf4df81836985d9660f950287232b3255ee17bb + +Index: g-e-t/usr/bin/gnome-exe-thumbnailer +=== +--- g-e-t.orig/usr/bin/gnome-exe-thumbnailer 2017-07-25 07:23:52.269571939 -0700 g-e-t/usr/bin/gnome-exe-thumbnailer2017-07-25 07:23:52.269571939 -0700 +@@ -403,7 +403,7 @@ + if [ "$VERSION" ] + then + convert -font -*-clean-medium-r-*-*-6-*-*-*-*-*-*-* \ +- -background transparent -fill white label:"$VERSION" \ ++ -background '#1090' -fill white label:"$VERSION" \ +
Bug#864075: unblock: icoutils/0.31.2-1.1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, Please consider unblocking package icoutils: This upload fixes an important bug which caused icoutils' wrestool utility to break completely, due to a regression in version 0.31.2. wrestool is a program used to extract icons from Windows programs, and its breakage caused dependant packages (e.g. kde-runtime, gnome-exe-thumbnailer, gextractwinicons) to fail at icon extraction entirely. The full debdiff is attached. unblock icoutils/0.31.2-1.1 -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable-debug'), (500, 'testing- debug'), (500, 'unstable'), (101, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) diff -Nru icoutils-0.31.2/debian/changelog icoutils-0.31.2/debian/changelog --- icoutils-0.31.2/debian/changelog2017-03-07 14:18:53.0 -0800 +++ icoutils-0.31.2/debian/changelog2017-05-30 23:12:09.0 -0700 @@ -1,3 +1,13 @@ +icoutils (0.31.2-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Add patch fix-wrestool.patch from upstream commit + http://git.savannah.nongnu.org/cgit/icoutils.git/commit/?id=3c990fcc754c81a02ab5981d59b01025f1596b2c +to fix wrestool not extracting icons - this is a regression from 0.31.2. +Closes: #860220 + + -- James Lu <bitfl...@gmail.com> Tue, 30 May 2017 23:12:09 -0700 + icoutils (0.31.2-1) unstable; urgency=high * New upstream release. diff -Nru icoutils-0.31.2/debian/.git-dpm icoutils-0.31.2/debian/.git-dpm --- icoutils-0.31.2/debian/.git-dpm 2017-03-07 09:30:30.0 -0800 +++ icoutils-0.31.2/debian/.git-dpm 2017-05-30 23:12:09.0 -0700 @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 -c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 +f06d6e83d1b3256a5b6a0d42b8fc5293e6005bab +f06d6e83d1b3256a5b6a0d42b8fc5293e6005bab c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9 icoutils_0.31.2.orig.tar.bz2 diff -Nru icoutils-0.31.2/debian/patches/fix-wrestool.patch icoutils-0.31.2/debian/patches/fix-wrestool.patch --- icoutils-0.31.2/debian/patches/fix-wrestool.patch 1969-12-31 16:00:00.0 -0800 +++ icoutils-0.31.2/debian/patches/fix-wrestool.patch 2017-05-30 23:12:09.0 -0700 @@ -0,0 +1,37 @@ +From f06d6e83d1b3256a5b6a0d42b8fc5293e6005bab Mon Sep 17 00:00:00 2001 +From: Frank Richter <frank.rich...@gmail.com> +Date: Sat, 11 Mar 2017 14:10:50 +0100 +Subject: Revert "Add additional sanity checks to do_resource(). Found by Jerzy + Kramarz <op7...@gmail.com>." + +That "sanity check" rather broke everything. +Also, I couldn't reproduce the issue it this change was intended to catch from the files I have +any more, so it's probably not needed anyway. + +Origin: upstream, http://git.savannah.nongnu.org/cgit/icoutils.git/commit/?id=3c990fcc754c81a02ab5981d59b01025f1596b2c +Bug-Debian: https://bugs.debian.org/860220 +Last-Update: 2017-05-30 + +Patch-Name: fix-wrestool.patch +--- + wrestool/restable.c | 4 + 1 file changed, 4 deletions(-) + +diff --git a/wrestool/restable.c b/wrestool/restable.c +index c60806f..f568434 100644 +--- a/wrestool/restable.c b/wrestool/restable.c +@@ -87,13 +87,9 @@ do_resources_recurs (WinLibrary *fi, WinResource *base, WinResource *type_wr, + wr = list_resources (fi, base, ); + if (wr == NULL) + return; +- if (!check_offset(fi->memory, fi->total_size, fi->name, [0], sizeof(WinResource))) +- return; + + /* process each resource listed */ + for (c = 0 ; c < rescnt ; c++) { +- if (!check_offset(fi->memory, fi->total_size, fi->name, [c], sizeof(WinResource))) +- break; + /* (over)write the corresponding WinResource holder with the current */ + memcpy(WINRESOURCE_BY_LEVEL(wr[c].level), wr+c, sizeof(WinResource)); + diff -Nru icoutils-0.31.2/debian/patches/series icoutils-0.31.2/debian/patches/series --- icoutils-0.31.2/debian/patches/series 1969-12-31 16:00:00.0 -0800 +++ icoutils-0.31.2/debian/patches/series 2017-05-30 23:12:09.0 -0700 @@ -0,0 +1 @@ +fix-wrestool.patch
Bug#861985: unblock: variety/0.6.3-5 (pre-upload approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, I've prepared variety 0.6.3-5 with two changes: the first is fixing a bug that caused wallpaper selection panels to eat up 100% CPU when open, and the second is updating the package's extended description to match the list of supported wallpaper sources as of Variety 0.6.3. The relevant debdiff is attached. unblock variety/0.6.3-5 Best, James -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable-debug'), (500, 'testing- debug'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) diff -Nru variety-0.6.3/debian/changelog variety-0.6.3/debian/changelog --- variety-0.6.3/debian/changelog 2017-04-27 22:49:27.0 -0700 +++ variety-0.6.3/debian/changelog 2017-05-06 16:43:32.0 -0700 @@ -1,3 +1,15 @@ +variety (0.6.3-5) unstable; urgency=medium + + * Add fix-autoscroll-high-cpu.patch backported from upstream Bzr revision +592 (https://bazaar.launchpad.net/~variety/variety/trunk/revision/592) +This fixes an issue where the Wallpaper Selector and History panels +drain entire CPU cores when open. (LP: #1494992) + * Fix list of supported sites in package extended description: Wallbase.cc +support was removed in 0.6.3, while Wallhaven.cc was never mentioned even +though it is supported. + + -- James Lu <bitfl...@gmail.com> Sat, 06 May 2017 16:43:32 -0700 + variety (0.6.3-4) unstable; urgency=medium * Upload to unstable. diff -Nru variety-0.6.3/debian/control variety-0.6.3/debian/control --- variety-0.6.3/debian/control2017-04-27 22:49:27.0 -0700 +++ variety-0.6.3/debian/control2017-05-06 16:40:03.0 -0700 @@ -45,5 +45,5 @@ Description: Wallpaper changer, downloader and manager Variety is an open-source wallpaper changer, downloader, and manager for Linux. It supports a variety of sources for wallpapers, including local - files, online services such as Flickr, Wallbase.cc, NASA Astronomy Picture of - the Day, Desktoppr.co, and media RSS feeds (Picasa, deviantART, etc.). + files, online services such as Flickr, Wallhaven.cc, NASA Astronomy Picture + of the Day, Desktoppr.co, and media RSS feeds (Picasa, deviantART, etc.). diff -Nru variety-0.6.3/debian/patches/fix-autoscroll-high-cpu.patch variety-0.6.3/debian/patches/fix-autoscroll-high-cpu.patch --- variety-0.6.3/debian/patches/fix-autoscroll-high-cpu.patch 1969-12-31 16:00:00.0 -0800 +++ variety-0.6.3/debian/patches/fix-autoscroll-high-cpu.patch 2017-05-06 16:32:20.0 -0700 @@ -0,0 +1,30 @@ +From: James Lu <ja...@overdrivenetworks.com> +Subject: Fix autoscroll in wallpaper selector & history panels using 100% CPU + . + Previously, the autoscroll event was never cleared when the user moved the + mouse away from the Thumbnails panel. This caused the + self.autoscroll_event.wait(10) call in _autoscroll_thread() to always + instantly succeed, and created an infinite loop eating up CPU. +Origin: upstream, https://bazaar.launchpad.net/~variety/variety/trunk/revision/592 +Bug: https://bugs.launchpad.net/variety/+bug/1494992 +Last-Update: 2017-05-06 + +--- + variety/ThumbsWindow.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/variety/ThumbsWindow.py b/variety/ThumbsWindow.py +index 6cd730c..48ebc43 100644 +--- a/variety/ThumbsWindow.py b/variety/ThumbsWindow.py +@@ -79,6 +79,7 @@ class ThumbsWindow(Gtk.Window): + self.mouse_in = False + self.mouse_position = None + self.previous_speed = 0 ++self.autoscroll_event.clear() + + eventbox = Gtk.EventBox() + eventbox.set_visible(True) +-- +2.11.0 + diff -Nru variety-0.6.3/debian/patches/series variety-0.6.3/debian/patches/series --- variety-0.6.3/debian/patches/series 2017-04-27 22:49:27.0 -0700 +++ variety-0.6.3/debian/patches/series 2017-05-06 16:30:06.0 -0700 @@ -1,3 +1,4 @@ +fix-autoscroll-high-cpu.patch disable-panoramio.patch menu-position-varargs.patch remove-timebombs.patch
Bug#861376: unblock: variety/0.6.3-4 (pre-upload approval)
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi Release Team, In the last few months I've prepared quite a few changes for variety, mostly involving the removal of online wallpaper sources that no longer work, and also fixing one fairly annoying bug causing menus to show up at the top left of the screen. I realize this diff is quite significant, so here's a breakdown: - The menu bug was reported at https://bugs.launchpad.net/variety/+bug/1598298 and fixed in Ubuntu zesty with SRUs to xenial and yakkety pending. The fix first landed as 0.6.3-2 on March 17 and no regressions have been reported since. - The disable-panoramio.patch was based off a similar patch from Arch Linux's 0.6.3-3 package version, and disables Panoramio sources which have been shut down per https://www.panoramio.com/maps-faq. I modified further also migrate away from any configured Panoramio, and this change has been in experimental for 10 days with no regressions reported. - Cleaning up after the earlier Wallpapers.net source removal from 0.6.3-1: removing its dependencies (libjs-underscore, python-lxml) which aren't used anywhere else, and also removing Wallpapers.net from the package description. - Finally, patch refreshes and updates as part of maintenance: I've also removed an old setup.py-install-requires.diff patch which was never used in the build in unstable. - The only change that hasn't been previously pushed is removing python-lxml from the build-dependencies, as I forgot to include that with 0.6.3-3. Attached is a debdiff between 0.6.3-1 (currently in unstable) and 0.6.3-4, which I plan to release if this is okay. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (700, 'testing'), (500, 'unstable-debug'), (500, 'testing- debug'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) diff -Nru variety-0.6.3/debian/changelog variety-0.6.3/debian/changelog --- variety-0.6.3/debian/changelog 2016-11-09 20:55:55.0 -0800 +++ variety-0.6.3/debian/changelog 2017-04-27 22:49:27.0 -0700 @@ -1,3 +1,35 @@ +variety (0.6.3-4) unstable; urgency=medium + + * Upload to unstable. + * Remove python-lxml from build dependencies as well. + + -- James Lu <bitfl...@gmail.com> Thu, 27 Apr 2017 22:49:27 -0700 + +variety (0.6.3-3) experimental; urgency=medium + + * d/control: Remove Wallpapers.net from the extended description; it was +removed upstream in Variety 0.6.1. + * Remove lxml dependency, it is unused since the Wallpapers.net removal in +Variety 0.6.1. + * Drop unused patch setup.py-install-requires.diff + * Add disable-panoramio.patch from Arch Linux version 0.6.3-3, modifying +it to also migrate away from Panoramio sources (LP: #1636389) +- Also remove libjs-underscore dependency, as Panoramio was the only + source using it. + * Refresh menu-position-varargs.patch. + * Refresh forwarded state & dates of most patches. + + -- James Lu <bitfl...@gmail.com> Mon, 17 Apr 2017 11:13:39 -0700 + +variety (0.6.3-2) experimental; urgency=medium + + * Add menu-position-varargs.patch from upstream Bzr revision 582 +(https://bazaar.launchpad.net/~peterlevi/variety/trunk/revision/582) +to fix menus showing up at the top left of the screen on some systems. +(LP: #1598298) + + -- James Lu <bitfl...@gmail.com> Wed, 15 Mar 2017 12:12:09 -0700 + variety (0.6.3-1) unstable; urgency=medium * New upstream release. diff -Nru variety-0.6.3/debian/control variety-0.6.3/debian/control --- variety-0.6.3/debian/control2016-11-09 20:53:19.0 -0800 +++ variety-0.6.3/debian/control2017-04-27 22:49:24.0 -0700 @@ -8,7 +8,6 @@ python-pyexiv2, python-pycurl, python-configobj, - python-lxml, python-imaging, python-cairo, python-dbus @@ -41,13 +40,10 @@ gir1.2-appindicator3-0.1, imagemagick, python-gi-cairo, - python-lxml, - libjs-underscore (>= 1.6.0~) Recommends: yelp Suggests: feh Description: Wallpaper changer, downloader and manager Variety is an open-source wallpaper changer, downloader, and manager for Linux. It supports a variety of sources for wallpapers, including local - files, online services such as Flickr, Wallbase.cc, Wallpapers.net, - NASA Astronomy Picture of the Day, Desktoppr.co, and media RSS feeds - (Picasa, deviantART, etc.). + files, online services such as Flickr, Wallbase.cc, NASA Astronomy Picture of + the Day, Desktoppr.co, and media RSS feeds (Picasa, deviantART, etc.). diff -Nru variety-0.6.3/debian/patches/desktop-file-keywords.diff variety-0.6.3/debian/patches/desktop-file-keywords.diff --- variety-0.6.3/debian/patches/desktop-file-keywords.diff 2016-11-09 20:53:19.0 -0800 +++ variety-0.6.3/debian/patches/desktop-file-keyword