Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1
* Adam D. Barratt: " Re: Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1" (Sat, 15 Jun 2024 16:17:47 +0100): > Control: tags -1 + confirmed > > On Mon, 2024-05-06 at 11:19 +0200, Mathias Behrle wrote: > > Backport the patch to send only compressed content from > > authenticated sessions. > > https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 > > > > Please go ahead. > > Regards, > > Adam Thanks, uploaded. Cheers -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1070478: bookworm-pu: package tryton-server/tryton-server_6.0.29-2+deb12u2
* Adam D. Barratt: " Re: Bug#1070478: bookworm-pu: package tryton-server/tryton-server_6.0.29-2+deb12u2" (Sat, 15 Jun 2024 16:16:32 +0100): > Control: tags -1 + confirmed > > On Mon, 2024-05-06 at 10:35 +0200, Mathias Behrle wrote: > > Backport the patch to fix the vulnerabilty to zip bomb > > attacks via decoded gzip content from unauthenticated users. > > https://discuss.tryton.org/t/security-release-for-issue-13142/7196 > > Please go ahead. > > Regards, > > Adam Thanks, uploaded. Cheers -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1
* Mathias Behrle: " Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1" (Mon, 6 May 2024 11:19:28 +0200): > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: tryton-cli...@packages.debian.org > Control: affects -1 + src:tryton-client > User: release.debian@packages.debian.org > Usertags: pu > > [ Reason ] > Backport the patch to send only compressed content from > authenticated sessions. > https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 > > The security release > https://discuss.tryton.org/t/security-release-for-issue-13142/7196 > and filed for Debian as 1070...@bugs.debian.org > introduced a regression for the client shown at > https://foss.heptapod.net/tryton/tryton/-/issues/13203 > > [ Impact ] > Without the patch a user could be confronted with an error in the client > connecting to a patched server. > > [ Tests ] > The test suite completes without errors. The patch is now publicly > available and in use since 2 weeks. > > [ Risks ] > The patch has minimal complexity and is from the upstream author > who is generally very knowledgable about his code. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable > > [ Changes ] > The upstream commit was added as a patch that allows gzip > compressed content only for authenticated users. > > [ Other info ] > This patch follows 1070...@bugs.debian.org. Friendly ping like for 1070...@bugs.debian.org: " I see that requests for bookworm-pu of other packages were accepted in the meantime. If there is something missing or wrong with this request please let me know. " Thanks, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1070478: bookworm-pu: package tryton-server/tryton-server_6.0.29-2+deb12u2
* Mathias Behrle: " Bug#1070478: bookworm-pu: package tryton-server/tryton-server_6.0.29-2+deb12u2" (Mon, 6 May 2024 10:35:02 +0200): > Package: release.debian.org > Severity: normal > Tags: bookworm > X-Debbugs-Cc: tryton-ser...@packages.debian.org > Control: affects -1 + src:tryton-server > User: release.debian@packages.debian.org > Usertags: pu > > [ Reason ] > Backport the patch to fix the vulnerabilty to zip bomb > attacks via decoded gzip content from unauthenticated users. > https://discuss.tryton.org/t/security-release-for-issue-13142/7196 > > In coordination with the security team it was classified as NO-DSA and > rather be applicable via bookworm-pu. > > [ Impact ] > Without the patch any unauthenticated users could perform zimp bomb > attacks against tryton-server. > > [ Tests ] > The test suite completes without errors. The patch is now publicly > available and in use since 20 days. > > [ Risks ] > The patch has minimal complexity and is from the upstream author > who is generally very knowledgable about his code. > > [ Checklist ] > [x] *all* changes are documented in the d/changelog > [x] I reviewed all changes and I approve them > [x] attach debdiff against the package in (old)stable > [x] the issue is verified as fixed in unstable > > [ Changes ] > The upstream commit was added as a patch that allows gzip > compressed content only for authenticated users. > > 01_avoid_call_to_pypi.patch was refreshed to apply cleanly with no > further changes. > > [ Other info ] > This patch requires also a patch for tryton-client in a separate upload > to prevent a regression of tryton-client when it tries to send gzipped > content without authentication. Friendly ping for this one and 1070...@bugs.debian.org as well. I see that requests for bookworm-pu of other packages were accepted in the meantime. If there is something missing or wrong with this request please let me know. Thanks, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: tryton-cli...@packages.debian.org Control: affects -1 + src:tryton-client User: release.debian@packages.debian.org Usertags: pu [ Reason ] Backport the patch to send only compressed content from authenticated sessions. https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 The security release https://discuss.tryton.org/t/security-release-for-issue-13142/7196 and filed for Debian as 1070...@bugs.debian.org introduced a regression for the client shown at https://foss.heptapod.net/tryton/tryton/-/issues/13203 [ Impact ] Without the patch a user could be confronted with an error in the client connecting to a patched server. [ Tests ] The test suite completes without errors. The patch is now publicly available and in use since 2 weeks. [ Risks ] The patch has minimal complexity and is from the upstream author who is generally very knowledgable about his code. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The upstream commit was added as a patch that allows gzip compressed content only for authenticated users. [ Other info ] This patch follows 1070...@bugs.debian.org. -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 diff -Nru tryton-client-6.0.26/debian/changelog tryton-client-6.0.26/debian/changelog --- tryton-client-6.0.26/debian/changelog 2023-03-06 12:43:07.0 +0100 +++ tryton-client-6.0.26/debian/changelog 2024-05-06 11:01:29.0 +0200 @@ -1,3 +1,13 @@ +tryton-client (6.0.26-1+deb12u1) bookworm; urgency=medium + + * Add 04-send-gzip-only-with-session.patch. +To prevent zip bomb attacks the server accepts since +https://foss.heptapod.net/tryton/tryton/-/commit/1923117e935de62276352585185ced6d854bcb3d +only compressed content from authenticated users. +This patch allows only to send gzip content within a session. + + -- Mathias Behrle Mon, 06 May 2024 11:01:29 +0200 + tryton-client (6.0.26-1) unstable; urgency=medium * Merging upstream version 6.0.26. diff -Nru tryton-client-6.0.26/debian/patches/04-send-gzip-only-with-session.patch tryton-client-6.0.26/debian/patches/04-send-gzip-only-with-session.patch --- tryton-client-6.0.26/debian/patches/04-send-gzip-only-with-session.patch 1970-01-01 01:00:00.0 +0100 +++ tryton-client-6.0.26/debian/patches/04-send-gzip-only-with-session.patch 2024-05-06 10:57:01.0 +0200 @@ -0,0 +1,32 @@ +Description: Send gzip content only when in a session. + To prevent zip bomb attacks the server accepts since + https://foss.heptapod.net/tryton/tryton/-/commit/1923117e935de62276352585185ced6d854bcb3d + only compressed content from authenticated users. + This patch allows only to send gzip content within a session. +Author: Cédric Krier +Bug: https://foss.heptapod.net/tryton/tryton/-/issues/13203 +Origin: https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 +Forwarded: not-needed + +--- a/tryton/jsonrpc.py b/tryton/jsonrpc.py +@@ -130,7 +130,6 @@ + class Transport(xmlrpc.client.SafeTransport): + + accept_gzip_encoding = True +-encode_threshold = 1400 # common MTU + + def __init__( + self, fingerprints=None, ca_certs=None, session=None): +@@ -140,6 +139,11 @@ + self.__ca_certs = ca_certs + self.session = session + ++@property ++def encode_threshold(self): ++if self.session: ++return 1400 # common MTU ++ + def getparser(self): + target = JSONUnmarshaller() + parser = JSONParser(target) diff -Nru tryton-client-6.0.26/debian/patches/series tryton-client-6.0.26/debian/patches/series --- tryton-client-6.0.26/debian/patches/series 2023-03-06 12:43:07.0 +0100 +++ tryton-client-6.0.26/debian/patches/series 2024-05-06 10:46:17.0 +0200 @@ -1,3 +1,4 @@ 01-desktop-icon.patch 02-icon-search-path.patch 03-disable-version-check.patch +04-send-gzip-only-with-session.patch
Bug#1070478: bookworm-pu: package tryton-server/tryton-server_6.0.29-2+deb12u2
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: tryton-ser...@packages.debian.org Control: affects -1 + src:tryton-server User: release.debian@packages.debian.org Usertags: pu [ Reason ] Backport the patch to fix the vulnerabilty to zip bomb attacks via decoded gzip content from unauthenticated users. https://discuss.tryton.org/t/security-release-for-issue-13142/7196 In coordination with the security team it was classified as NO-DSA and rather be applicable via bookworm-pu. [ Impact ] Without the patch any unauthenticated users could perform zimp bomb attacks against tryton-server. [ Tests ] The test suite completes without errors. The patch is now publicly available and in use since 20 days. [ Risks ] The patch has minimal complexity and is from the upstream author who is generally very knowledgable about his code. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The upstream commit was added as a patch that allows gzip compressed content only for authenticated users. 01_avoid_call_to_pypi.patch was refreshed to apply cleanly with no further changes. [ Other info ] This patch requires also a patch for tryton-client in a separate upload to prevent a regression of tryton-client when it tries to send gzipped content without authentication. -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 diff -Nru tryton-server-6.0.29/debian/changelog tryton-server-6.0.29/debian/changelog --- tryton-server-6.0.29/debian/changelog 2023-08-21 17:10:12.0 +0200 +++ tryton-server-6.0.29/debian/changelog 2024-04-18 11:59:53.0 +0200 @@ -1,3 +1,13 @@ +tryton-server (6.0.29-2+deb12u2) bookworm; urgency=medium + + * Add 03_deny_compressed_content_from_unauth_request.patch. +This patch fixes the vulnerabilty to zip bomb attacks via +decoded gzip content from unauthenticated users. +https://discuss.tryton.org/t/security-release-for-issue-13142/7196 + * Refresh 01_avoid_call_to_pypi.patch. + + -- Mathias Behrle Thu, 18 Apr 2024 11:59:53 +0200 + tryton-server (6.0.29-2+deb12u1) bookworm-security; urgency=high * Add 02_enforce_record_rules.patch. diff -Nru tryton-server-6.0.29/debian/patches/01_avoid_call_to_pypi.patch tryton-server-6.0.29/debian/patches/01_avoid_call_to_pypi.patch --- tryton-server-6.0.29/debian/patches/01_avoid_call_to_pypi.patch 2023-08-21 15:16:42.0 +0200 +++ tryton-server-6.0.29/debian/patches/01_avoid_call_to_pypi.patch 2024-04-18 11:54:21.0 +0200 @@ -15,7 +15,7 @@ --- a/setup.py +++ b/setup.py -@@ -158,7 +158,7 @@ +@@ -136,7 +136,7 @@ install_requires=[ 'defusedxml', 'lxml >= 2.0', diff -Nru tryton-server-6.0.29/debian/patches/03_deny_compressed_content_from_unauth_request.patch tryton-server-6.0.29/debian/patches/03_deny_compressed_content_from_unauth_request.patch --- tryton-server-6.0.29/debian/patches/03_deny_compressed_content_from_unauth_request.patch 1970-01-01 01:00:00.0 +0100 +++ tryton-server-6.0.29/debian/patches/03_deny_compressed_content_from_unauth_request.patch 2024-04-18 11:45:22.0 +0200 @@ -0,0 +1,23 @@ +Description: Deny compressed content from unauthenticated requests + This patch fixes the vulnerabilty to zip bomb attacks via + decoded gzip content from unauthenticated users. + https://discuss.tryton.org/t/security-release-for-issue-13142/7196 +Author: Cédric Krier +Bug: https://foss.heptapod.net/tryton/tryton/-/issues/13142 + +--- a/trytond/protocols/wrappers.py b/trytond/protocols/wrappers.py +@@ -53,8 +53,11 @@ + @property + def decoded_data(self): + if self.content_encoding == 'gzip': +-zipfile = gzip.GzipFile(fileobj=BytesIO(self.data), mode='rb') +-return zipfile.read() ++if self.user_id: ++zipfile = gzip.GzipFile(fileobj=BytesIO(self.data), mode='rb') ++return zipfile.read() ++else: ++abort(HTTPStatus.UNSUPPORTED_MEDIA_TYPE) + else: + return self.data + diff -Nru tryton-server-6.0.29/debian/patches/series tryton-server-6.0.29/debian/patches/series --- tryton-server-6.0.29/debian/patches/series 2023-08-21 16:45:08.0 +0200 +++ tryton-server-6.0.29/debian/patches/series 2024-04-18 11:38:06.0 +0200 @@ -1,2 +1,3 @@ 01_avoid_call_to_pypi.patch 02_enforce_record_rules.patch +03_deny_compressed_content_from_unauth_request.patch
Bug#1033399: pre-approve unblock: tryton-server/6.0.29-2
Control: tags -1 - moreinfo Hi Sebastian, hi all, > On 2023-03-24 13:07:57 +0100, Mathias Behrle wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: unblock > > X-Debbugs-Cc: tryton-ser...@packages.debian.org > > Control: affects -1 + src:tryton-server > > > > Please pre-approve the unblock of package tryton-server > > Please go ahead and let us know once the package is available in > unstable. The package was accepted in unstable. Cheers Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1033399: pre-approve unblock: tryton-server/6.0.29-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-Cc: tryton-ser...@packages.debian.org Control: affects -1 + src:tryton-server Please pre-approve the unblock of package tryton-server [ Reason ] This release targets several fixes that should go into bookworm: * Add missing quotes in maintainer scripts (Closes: #1033055). * Make conf file parsing section aware (Closes: #1033055). * Correct a variable typo (Closes: #1033055). * Remove lsb-base from Depends. [ Impact ] There can be errors when using spaces or something alike in the debconf related questions. [ Tests ] Salsa CI tests are passing https://salsa.debian.org/tryton-team/tryton-server/-/pipelines/513249 as well as all build tests. I did a full manual test over all packages. [ Risks ] The code changes are trivial enough to not expect regressions. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock tryton-server/6.0.29-2 -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 tryton-server_6.0.29_-1_tryton-server_6.0.29-2.debdiff Description: Binary data
Bug#1032870: unblock tryton-sao/6.0.28+ds1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the package tryton-sao. tryton-sao/6.0.28+ds1-2 fixes https://bugs.debian.org/1032353 unblock: tryton-sao/6.0.28+ds1-2 -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#1032411: unblock: tryton-server/6.0.29-1
* Paul Gevers: " Bug#1032411: unblock: tryton-server/6.0.29-1" (Mon, 6 Mar 2023 19:36:17 +0100): > Control: tags -1 moreinfo. > > On 06-03-2023 11:07, Mathias Behrle wrote: > > Please unblock the package tryton-server. > > tryton-server isn't blocked now, and if nothing makes it a key package > between now and 18 days from now, it should just migrate on it's own. Yes, unblock is the wrong term. > > tryton-server/6.0.29-1 fixes security issue > > https://foss.heptapod.net/tryton/tryton/-/issues/12108 > > (no CVE vailable yet). > > > > The procedure is coordinated with the security team. > > > > unblock: tryton-server/6.0.29-1 > > Is it OK to wait the natural time, or do we need to age it? (I assume > that's why you filed this bug, but it's not clear). Yes, as indicated the upload fixes a security issue and should migrate earlier than the current 10 days. It is already 3 days old with all tests passing, so it should migrate ASAP. Thanks, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 pgpcaEkLQzRf7.pgp Description: Digitale Signatur von OpenPGP
Bug#1032411: unblock: tryton-server/6.0.29-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock the package tryton-server. tryton-server/6.0.29-1 fixes security issue https://foss.heptapod.net/tryton/tryton/-/issues/12108 (no CVE vailable yet). The procedure is coordinated with the security team. unblock: tryton-server/6.0.29-1 -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#985575: unblock: tryton-client/5.0.33-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-client [ Reason ] I uploaded the last state of the current Tryton LTS in time, but was not aware of missing autopkgtests for the client. All other packages have autopkgtests for the included test suite and thus should/will migrate in time. The client as GTK app has no such tests included and thus has only a superficial autopkgtest. [ Impact ] The user will just not profit from the currently latest bugfix release for the client. As it is the most used package of the Tryton suite directly downloaded from our pool it is just [ Tests ] There are no tests for this GTK application than the actual testing by the users of the client. The number of users of the LTS can be considered as high enough to warrant for imminent reporting of reggressions. There are currently no regressions reported. https://ci.debian.net/data/autopkgtest/unstable/amd64/t/tryton-client/11034014/log.gz reports basically success. [ Risks ] The bugfix release strategy of the Tryton project is quite conservative introducing only small and really needed fixes. Bugfix releases for the Tryton suite introduced almost never any regression, especially because I upload only to Debian after having the bugfix release matured some time after the release. Thus I consider this release definitely low risk. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock tryton-client/5.0.33-1 -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 diff -Nru tryton-client-5.0.31/CHANGELOG tryton-client-5.0.33/CHANGELOG --- tryton-client-5.0.31/CHANGELOG 2021-02-01 22:55:05.0 +0100 +++ tryton-client-5.0.33/CHANGELOG 2021-03-03 18:15:25.0 +0100 @@ -1,3 +1,9 @@ +Version 5.0.33 - 2021-03-03 +* Bug fixes (see mercurial logs for details) + +Version 5.0.32 - 2021-02-19 +* Bug fixes (see mercurial logs for details) + Version 5.0.31 - 2021-02-01 * Bug fixes (see mercurial logs for details) diff -Nru tryton-client-5.0.31/COPYRIGHT tryton-client-5.0.33/COPYRIGHT --- tryton-client-5.0.31/COPYRIGHT 2021-02-01 22:55:04.0 +0100 +++ tryton-client-5.0.33/COPYRIGHT 2021-03-03 18:15:24.0 +0100 @@ -5,7 +5,7 @@ Copyright (C) 2008-2011 Udo Spallek. Copyright (C) 2008-2011 virtual things - Preisler & Spallek GbR. Copyright (C) 2008-2021 B2CK SPRL. -Copyright (C) 2010-2020 Nicolas Ãvrard. +Copyright (C) 2010-2021 Nicolas Ãvrard. Copyright (C) 2011-2012 Rodrigo Hübner. Copyright (C) 2012-2013 Antoine Smolders. diff -Nru tryton-client-5.0.31/debian/changelog tryton-client-5.0.33/debian/changelog --- tryton-client-5.0.31/debian/changelog 2021-02-17 17:01:43.0 +0100 +++ tryton-client-5.0.33/debian/changelog 2021-03-12 14:52:02.0 +0100 @@ -1,3 +1,10 @@ +tryton-client (5.0.33-1) unstable; urgency=medium + + * Merging upstream version 5.0.33. + * Updating copyright file. + + -- Mathias Behrle Fri, 12 Mar 2021 14:52:02 +0100 + tryton-client (5.0.31-1) unstable; urgency=medium * Updating to standards version 4.5.1, no changes needed. diff -Nru tryton-client-5.0.31/debian/copyright tryton-client-5.0.33/debian/copyright --- tryton-client-5.0.31/debian/copyright 2021-02-17 17:01:43.0 +0100 +++ tryton-client-5.0.33/debian/copyright 2021-03-12 14:52:01.0 +0100 @@ -8,7 +8,7 @@ 2008-2011 Udo Spallek 2008-2011 virtual things - Preisler & Spallek GbR 2008-2021 B2CK SPRL - 2010-2020 Nicolas Ãvrard + 2010-2021 Nicolas Ãvrard 2011-2012 Rodrigo Hübner 2012-2013 Antoine Smolders License: GPL-3+ diff -Nru tryton-client-5.0.31/.hgtags tryton-client-5.0.33/.hgtags --- tryton-client-5.0.31/.hgtags 2021-02-01 22:55:05.0 +0100 +++ tryton-client-5.0.33/.hgtags 2021-03-03 18:15:25.0 +0100 @@ -50,3 +50,5 @@ d7d870b90fbf15104321ea278c1c5ff10b8c0e9f 5.0.29 9cb8b4324b1a5e57670cd76bfe21c69f538f969a 5.0.30 c0c6f729df4a818f1a9fa0f953df9183c248a90b 5.0.31 +cdddb64ea19d3d8319ab2b7d61604c372224615c 5.0.32 +1b8ce300f1013ce8c8fc87632c51e6efd9826f20 5.0.33 diff -Nru tryton-client-5.0.31/PKG-INFO tryton-client-5.0.33/PKG-INFO --- tryton-client-5.0.31/PKG-INFO 2021-02-01 22:55:07.271955300 +0100 +++ tryton-client-5.0.33/PKG-INFO 2021-03-03 18:15:27.246101600 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: tryton -Version: 5.0.31 +Version: 5.0.33 Summary: Tryton client Home-page: http://www.tryton.org/ Author: Tryton diff -Nru tryton-client-5.0.31/tryton/common/domain_parser.py tryton-client-5.0.33/tryton/common/domain_parser.py --- tryton-client-5.0.31/tryton/common/domain_parser.py 2021-01-28 22:56:34.0 +0100 +++ tryton-client-5.0.33/tryton/common/domain_parser.py
Bug#926439: unblock: tryton-server/5.0.4-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-server This version fixes CVE-2019-10868. debdiff attached. unblock tryton-server/5.0.4-2 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (800, 'testing'), (700, 'unstable'), (600, 'experimental'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru tryton-server-5.0.4/debian/changelog tryton-server-5.0.4/debian/changelog --- tryton-server-5.0.4/debian/changelog2019-01-23 16:06:18.0 +0100 +++ tryton-server-5.0.4/debian/changelog2019-04-03 17:29:15.0 +0200 @@ -1,3 +1,15 @@ +tryton-server (5.0.4-2) unstable; urgency=high + + * Add 03_sec_issue8189_check_read_access_on_search_order.patch +for CVE-2019-10868. +This patch fixes security issue http://bugs.tryton.org/issue8189: + Check read access on field in search_order. + An authenticated user can order records based on a field for which + he has no access right. This may allow the user to guess values. + See also https://discuss.tryton.org/t/security-release-for-issue8189/ + + -- Mathias Behrle Wed, 03 Apr 2019 17:29:15 +0200 + tryton-server (5.0.4-1) unstable; urgency=medium * Add more configuration parameters to trytond.conf. diff -Nru tryton-server-5.0.4/debian/patches/03_sec_issue8189_check_read_access_on_search_order.patch tryton-server-5.0.4/debian/patches/03_sec_issue8189_check_read_access_on_search_order.patch --- tryton-server-5.0.4/debian/patches/03_sec_issue8189_check_read_access_on_search_order.patch 1970-01-01 01:00:00.0 +0100 +++ tryton-server-5.0.4/debian/patches/03_sec_issue8189_check_read_access_on_search_order.patch 2019-04-03 17:16:42.0 +0200 @@ -0,0 +1,53 @@ +Description: Check read access on field in search_order. + An authenticated user can order records based on a field for which + he has no access right. This may allow the user to guess values. + +Origin: upstream, http://hg.tryton.org/trytond/rev/b2fab24f9c60 +Bug: http://bugs.tryton.org/issue8189 +Forwarded: not-needed +Last-Update: 2019-04-03 + +--- tryton-server-5.0.4.orig/trytond/model/modelstorage.py tryton-server-5.0.4/trytond/model/modelstorage.py +@@ -395,7 +395,7 @@ class ModelStorage(Model): + + ModelAccess.check(cls.__name__, 'read') + +-def check(domain, cls, to_check): ++def check_domain(domain, cls, to_check): + if is_leaf(domain): + local, relate = (domain[0].split('.', 1) + [None])[:2] + to_check[cls.__name__].add(local) +@@ -405,16 +405,29 @@ class ModelStorage(Model): + else: + target = cls._fields[local].get_target() + target_domain = [(relate,) + tuple(domain[1:])] +-check(target_domain, target, to_check) ++check_domain(target_domain, target, to_check) + elif not domain: + return + else: + i = 1 if domain[0] in ['OR', 'AND'] else 0 + for d in domain[i:]: +-check(d, cls, to_check) ++check_domain(d, cls, to_check) ++ ++def check_order(order, cls, to_check): ++if not order: ++return ++for oexpr, otype in order: ++local, _, relate = oexpr.partition('.') ++to_check[cls.__name__].add(local) ++if relate: ++target = cls._fields[local].get_target() ++target_order = [(relate, otype)] ++check_order(target_order, target, to_check) ++ + if transaction.user and transaction.context.get('_check_access'): + to_check = defaultdict(set) +-check(domain, cls, to_check) ++check_domain(domain, cls, to_check) ++check_order(order, cls, to_check) + for name, fields_names in to_check.items(): + ModelAccess.check(name, 'read') + ModelFieldAccess.check(name, fields_names, 'read') diff -Nru tryton-server-5.0.4/debian/patches/series tryton-server-5.0.4/debian/patches/series --- tryton-server-5.0.4/debian/patches/series 2019-01-23 16:06:17.0 +0100 +++ tryton-server-5.0.4/debian/patches/series 2019-04-03 17:11:53.0 +0200 @@ -1,2 +1,3 @@ 01_migrate_obsolete_modules.patch 02_avoid_call_to_pypi.patch +03_sec_issue8189_check_read_access_on_search_order.patch
Bug#868025: Tryton suite 4.4 blocked in unstable
* Mathias Behrle: " Bug#868025: Tryton suite 4.4 blocked in unstable" (Tue, 11 Jul 2017 11:53:43 +0200): > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > X-Debbugs-CC: maintain...@debian.tryton.org > > Dear release managers, > > currently the whole Tryton series 4.4 is stuck in unstable[0]. All Tryton > modules incl. server are marked as valid candidates. > > The only problem is with > > Excuse for tryton-meta > > Migration status: BLOCKED: Cannot migrate due to another item, which is > blocked (please check which dependencies are stuck) > 22 days old (needed 5 days) > Piuparts tested OK - > https://piuparts.debian.org/sid/source/t/tryton-meta.html > Invalidated by dependency > > which depends on all Tryton modules >=4.4 and thus should be ok? > > Could please someone help me to sort out, how to get the packages migrated? > > Thanks, > Mathias > > > NB: > Some Tryton modules (calendar*, party_vcard_dav, webdav) were discontinued and > removed from unstable, but they were also removed from tryton-meta. > > > [0] https://qa.debian.org/developer.php?login=mbeh...@debian.org I think, I got one/the problem. Current tryton-meta in testing still refers to the removed modules and is basically a corrupt package (which I forgot to let remove together with the discontinued packages). So tryon-meta won't be able to migrate until the old tryton-meta is out of the way. I still don't understand, why e.g. tryton-server does not migrate. -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 pgpf4ER1FjdEW.pgp Description: Digitale Signatur von OpenPGP
Bug#868025: Tryton suite 4.4 blocked in unstable
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org X-Debbugs-CC: maintain...@debian.tryton.org Dear release managers, currently the whole Tryton series 4.4 is stuck in unstable[0]. All Tryton modules incl. server are marked as valid candidates. The only problem is with Excuse for tryton-meta Migration status: BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck) 22 days old (needed 5 days) Piuparts tested OK - https://piuparts.debian.org/sid/source/t/tryton-meta.html Invalidated by dependency which depends on all Tryton modules >=4.4 and thus should be ok? Could please someone help me to sort out, how to get the packages migrated? Thanks, Mathias NB: Some Tryton modules (calendar*, party_vcard_dav, webdav) were discontinued and removed from unstable, but they were also removed from tryton-meta. [0] https://qa.debian.org/developer.php?login=mbeh...@debian.org -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Bug#859489: unblock: tryton-server/4.2.1-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock X-Debbugs-CC: maintain...@debian.tryton.org Please unblock package tryton-server Version 4.2.1-2 fixes CVE-2017-0360 in unstable/testing. unblock: tryton-server/4.2.1-2 -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6 AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6 pgpq3YXYgZite.pgp Description: Digitale Signatur von OpenPGP
Bug#773114: pre-approve unblock: tryton-server/3.4.0-3
* Jonathan Wiltshire: Bug#773114: pre-approve unblock: tryton-server/3.4.0-3 (Tue, 16 Dec 2014 23:15:47 +): Control: tag -1 moreinfo On Sun, Dec 14, 2014 at 03:59:07PM +0100, Mathias Behrle wrote: please approve the upload of tryton-server_3.4.0-3. This little fix corrects the piupart error at https://piuparts.debian.org/sid/fail/tryton-server_3.4.0-2.log Would you say this is release critical or just nice to have? The data directory of tryton-server (/var/lib/tryton) is not deleted after purge (unowned files after purge), which is not conform to policy. If this is enough RC I would like to defer to you. Cheers, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 pgpCYW8xLIWiX.pgp Description: Digitale Signatur von OpenPGP
Bug#773114: pre-approve unblock: tryton-server/3.4.0-3
X-Debbugs-CC: tryton-deb...@lists.alioth.debian.org Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-server_3.4.0-3. This little fix corrects the piupart error at https://piuparts.debian.org/sid/fail/tryton-server_3.4.0-2.log debdiff attached Thank you! unblock: tryton-server/3.4.0-3 diff -Nru tryton-server-3.4.0/debian/changelog tryton-server-3.4.0/debian/changelog --- tryton-server-3.4.0/debian/changelog 2014-12-07 15:26:32.0 +0100 +++ tryton-server-3.4.0/debian/changelog 2014-12-14 15:48:51.0 +0100 @@ -1,3 +1,9 @@ +tryton-server (3.4.0-3) unstable; urgency=medium + + * Removing on purge also the data directory of tryton-server. + + -- Mathias Behrle mathi...@m9s.biz Sun, 14 Dec 2014 15:48:51 +0100 + tryton-server (3.4.0-2) unstable; urgency=medium * Adding path to the configuration file to the commands in the README. diff -Nru tryton-server-3.4.0/debian/tryton-server.postrm tryton-server-3.4.0/debian/tryton-server.postrm --- tryton-server-3.4.0/debian/tryton-server.postrm 2014-10-30 15:34:45.0 +0100 +++ tryton-server-3.4.0/debian/tryton-server.postrm 2014-12-14 15:48:25.0 +0100 @@ -32,7 +32,7 @@ rm -f ${TRYTON_CONFFILEPRE34} # Removing (potentially) empty directories - for _ITEM in ${TRYTON_CONFDIR} ${TRYTON_LOGDIR} + for _ITEM in ${TRYTON_CONFDIR} ${TRYTON_LOGDIR} ${TRYTON_HOMEDIR} do rmdir --ignore-fail-on-non-empty ${_ITEM} /dev/null 21 || true done pgphmsq5VJ5lf.pgp Description: Digitale Signatur von OpenPGP
Bug#771780: pre-approve unblock: tryton-server/3.4.0-2
* Ivo De Decker: Re: Bug#771780: pre-approve unblock: tryton-server/3.4.0-2 (Sun, 7 Dec 2014 12:44:08 +0100): Hi, On Tue, Dec 02, 2014 at 11:37:48AM +0100, Mathias Behrle wrote: please approve the upload of tryton-server_3.4.0-2. I intended to wait for the bug fix release for the 3.4 series, but as that takes longer than expected I assume it is meanwhile too late to get those fixes of severity important or less into jessie. Therefore here come the last fixes for tryton-server, that include * moving the old configuration file to a backup place. Could you explain why these changes are necessary? The configuration file /etc/trytond.conf changed its basic format (without migration) and its location moved to a common configuration directory /etc/tryton/trytond.conf. Since the backup of the old file currently is not possible to do with dpkg-maintscript-helper[1], the file has simply to be moved/deleted. In this case I am moving it to keep the old configuration for the information of the user (and deleting it on purge). Are they fixing (Debian) bug reports? No. * removing an unnecessary Recommend It's probably better not to do this during the freeze, just to be sure. It is a Recommend, not a Depend. SSL is builtin in Python 2.6+ [2], which the package is using (Tryton depends on Python 2.7). Finally the package is working according to my tests fine without python-openssl. * documentation fixes. This should be acceptable if the first change is accepted. Cheers, Mathias [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767003 [2] https://wiki.python.org/moin/SSL -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 pgpkFvE0LKR09.pgp Description: Digitale Signatur von OpenPGP
Bug#771780: pre-approve unblock: tryton-server/3.4.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-server_3.4.0-2. I intended to wait for the bug fix release for the 3.4 series, but as that takes longer than expected I assume it is meanwhile too late to get those fixes of severity important or less into jessie. Therefore here come the last fixes for tryton-server, that include * moving the old configuration file to a backup place. * removing an unnecessary Recommend * documentation fixes. debdiff attached Thank you! unblock: tryton-server/3.4.0-2 diff -Nru tryton-server-3.4.0/debian/changelog tryton-server-3.4.0/debian/changelog --- tryton-server-3.4.0/debian/changelog 2014-10-23 13:22:48.0 +0200 +++ tryton-server-3.4.0/debian/changelog 2014-12-02 11:06:28.0 +0100 @@ -1,3 +1,15 @@ +tryton-server (3.4.0-2) unstable; urgency=medium + + * Adding path to the configuration file to the commands in the README. + * Adding path to the configuration file to the commands in NEWS. + * Correcting conf file handling. + * Removing python-openssl from Recommends, no more needed. + * Improving the documentation in trytond.conf. + * Correcting documentation in trytond.conf to reflect current ipv6 +behavior. + + -- Mathias Behrle mathi...@m9s.biz Tue, 02 Dec 2014 11:06:28 +0100 + tryton-server (3.4.0-1) unstable; urgency=medium * Merging upstream version 3.4.0. diff -Nru tryton-server-3.4.0/debian/control tryton-server-3.4.0/debian/control --- tryton-server-3.4.0/debian/control 2014-10-21 11:29:26.0 +0200 +++ tryton-server-3.4.0/debian/control 2014-10-30 17:33:24.0 +0100 @@ -20,7 +20,7 @@ python-pkg-resources Recommends: postgresql, python-psycopg2, postgresql-client, python-levenshtein, - python-bcrypt, python-pydot, python-webdav, python-openssl, ssl-cert, unoconv + python-bcrypt, python-pydot, python-webdav, ssl-cert, unoconv Suggests: tryton-client | tryton-neso, tryton-server-doc, tryton-modules-all, python-sphinx, libreoffice-draw, libreoffice-writer, diff -Nru tryton-server-3.4.0/debian/NEWS tryton-server-3.4.0/debian/NEWS --- tryton-server-3.4.0/debian/NEWS 2014-10-22 23:24:05.0 +0200 +++ tryton-server-3.4.0/debian/NEWS 2014-10-30 15:53:04.0 +0100 @@ -6,11 +6,12 @@ The format of the configuration file changed to a simple ini style format. There is no automatic migration of old configuration settings. So be sure to adapt /etc/tryton/trytond.conf (or whatever configuration - file you may use) to the new format. + file you may use) to the new format (the old configuration file was saved + to /etc/tryton/trytond.conf.pre34). As for each major release don't forget to backup your database(s) and then run the database update with - # trytond --all -d your_database_name + # trytond -c /etc/tryton/trytond.conf --all -d your_database_name and restart the server with # service tryton-server restart diff -Nru tryton-server-3.4.0/debian/trytond.conf tryton-server-3.4.0/debian/trytond.conf --- tryton-server-3.4.0/debian/trytond.conf 2014-10-22 22:55:58.0 +0200 +++ tryton-server-3.4.0/debian/trytond.conf 2014-12-02 10:46:59.0 +0100 @@ -12,14 +12,21 @@ # The URI to connect to the SQL database (following RFC-3986) # uri = database://username:password@host:port/ +# (Internal default: sqlite:// (i.e. a local SQLite database)) # -# PostgreSQL via TCP/IP -#uri = postgresql://tryton:tryton@localhost:5432/ # PostgreSQL via Unix domain sockets +# (e.g. PostgreSQL database running on the same machine (localhost)) #uri = postgresql://tryton:tryton@/ +# +# PostgreSQL via TCP/IP +# (e.g. connecting to a PostgreSQL database running on a remote machine or +# by means of md5 authentication. Needs PostgreSQL to be configured to accept +# those connections (pg_hba.conf).) +#uri = postgresql://tryton:tryton@localhost:5432/ # The path to the directory where the Tryton Server stores files. # The server must have write permissions to this directory. +# (Internal default: /var/lib/trytond) path = /var/lib/tryton # Shall available databases be listed in the client? @@ -49,10 +56,13 @@ # Settings for the JSON-RPC network interface # The IP/host and port number of the interface -#listen = localhost:8000 +# (Internal default: localhost:8000) +# +# Listen on all interfaces (IPv4) +#listen = 0.0.0.0:8000 # # Listen on all interfaces (IPv4 and IPv6) -#listen = 0.0.0.0:8000,*:8000 +#listen = [::]:8000 # The hostname for this interface #hostname = diff -Nru tryton-server-3.4.0/debian/tryton-server.postinst tryton-server-3.4.0/debian/tryton-server.postinst --- tryton-server-3.4.0/debian/tryton-server.postinst 2014-10-23 12:22:20.0 +0200 +++ tryton-server-3.4.0/debian/tryton-server.postinst 2014-10-30 15:52:16.0 +0100 @@ -3,8 +3,11 @@ set -e TRYTON_USER=tryton -TRYTON_CONFFILE=/etc/tryton/trytond.conf -TRYTON_LOGCONFFILE
Bug#771781: pre-approve unblock: tryton-modules-ldap-authentication/3.4.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-ldap-authentication_3.4.0-2. This fix includes * documentation fixes. debdiff attached diff for NEWS attached separately, because there seems to be a bug in debdiff not including the changes in the NEWS file. Thank you! unblock: tryton-modules-ldap-authentication/3.4.0-2 diff -Nru tryton-modules-ldap-authentication-3.4.0/debian/changelog tryton-modules-ldap-authentication-3.4.0/debian/changelog --- tryton-modules-ldap-authentication-3.4.0/debian/changelog 2014-10-23 00:06:17.0 +0200 +++ tryton-modules-ldap-authentication-3.4.0/debian/changelog 2014-12-02 11:09:13.0 +0100 @@ -1,3 +1,9 @@ +tryton-modules-ldap-authentication (3.4.0-2) unstable; urgency=medium + + * Correcting NEWS for the now included migration in tryton-server. + + -- Mathias Behrle mathi...@m9s.biz Tue, 02 Dec 2014 11:09:13 +0100 + tryton-modules-ldap-authentication (3.4.0-1) unstable; urgency=medium * Adding actual upstream signing key. commit 59c861340137f240b725579ef34b699af3f9d32e Author: Mathias Behrle mathi...@m9s.biz Date: Wed Nov 12 13:24:46 2014 +0100 Correcting NEWS for the now included migration in tryton-server. diff --git a/debian/NEWS b/debian/NEWS index dde7aba..bf0dd51 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,9 +1,10 @@ tryton-modules-ldap-authentication (3.4.0-1) unstable; urgency=medium - * The functionality of module tryton-modules-ldap-connection was merged - into this module. Since there is no uninstallation procedure yet for - Tryton modules, you have to manually remove the module from the database. - Example for PostgreSQL: - $ psql -c DELETE FROM ir_module_module WHERE name = 'ldap_connection'; -d db_name + The functionality of the module tryton-modules-ldap-connection was merged + into this module. + + Note: The configuration of the URI to connect to the LDAP server migrated + to the server configuration file (i.e. /etc/tryton/trytond.conf). + Please adjust your settings there. -- Mathias Behrle mathi...@m9s.biz Tue, 21 Oct 2014 13:14:37 +0200 pgpdxwIW7S5Gv.pgp Description: Digitale Signatur von OpenPGP
Tryton in jessie
Hi, the current version of Tryton in testing is 3.2, the release of next version 3.4 is announced for 20.11.2014. Security and bugfix support by upstream is limited to 2 years per series, so we would like to ship Tryton version 3.4 with jessie. The Tryton project publishes bug fix releases approximately per month, those bugs being in Debian categorization mainly of severity 'normal' to 'important'. In our experience evtl. bugs of a new Tryton series are mainly cleaned out with the two to three bug fix releases following the initial release. That said, I am asking beforehand for slots for at least two (better three) bug fix releases to provide the best user experience for our Tryton users. Does this meet the approval of the release team? Cheers, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Re: Tryton in jessie
* Emilio Pozuelo Monfort: Re: Tryton in jessie (Mon, 22 Sep 2014 23:03:05 +0200): On 22/09/14 12:05, Mathias Behrle wrote: Hi, the current version of Tryton in testing is 3.2, the release of next version 3.4 is announced for 20.11.2014. Security and bugfix support by upstream is limited to 2 years per series, so we would like to ship Tryton version 3.4 with jessie. The Tryton project publishes bug fix releases approximately per month, those bugs being in Debian categorization mainly of severity 'normal' to 'important'. In our experience evtl. bugs of a new Tryton series are mainly cleaned out with the two to three bug fix releases following the initial release. That said, I am asking beforehand for slots for at least two (better three) bug fix releases to provide the best user experience for our Tryton users. Does this meet the approval of the release team? So you're asking for: - A freeze exception for a 3.4 upload in late November. - 2 or 3 freeze exceptions around December, January and February. Unless I completely misunderstood you, that's a no-go. Sorry for mixing up the release date of 3.4. It is indeed due to 20.10.2014, so the initial upload would be before the freeze, of course. Any uploads after the freeze will need to go through the normal unblock process and only bug fixes are likely to be accepted, especially as we get deeper into the freeze. According to the correct release date, the requested freeze exceptions for the bug fix releases would then evaluate to November, December and evtl. January. I would like to notice, that the bug fix releases of the project are strictly conservative and never introduced any regressions to my knowledge. Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073
* Adam D. Barratt: Re: Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073 (Tue, 27 May 2014 22:06:03 +0100): Control: tags -1 + pending On Tue, 2014-05-27 at 12:19 +0200, Mathias Behrle wrote: * Adam D. Barratt: Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073 (Mon, 26 May 2014 19:57:33 +0100): [...] On Mon, 2014-05-26 at 18:08 +0200, Mathias Behrle wrote: the original fix for CVE-2013-2217 was missing a proper cleanup of the cache directories in tmp (#749073), which can lead to saturation of the subdirectory limit (~32000 on ext3). [...] Please go ahead; thanks. Uploaded by sponsor Raphael Hertzog. Flagged for acceptance. BTW: Do I need to confirm this? You don't have to, no; it can be helpful to people following the bug log though, so it's clear what stage the process is at. Ok, now much clearer to me. ftpmaster already sent 'suds_0.3.9-1+deb6u2_amd64.changes ACCEPTED into oldstable-proposed-updates-oldstable-new' To you, yes, not to us. :-) ftp-master don't notify us when new packages enter {,old}stable-new, although we do have our own tools that do so and send us a diff of the upload. As a side note, as I've seen it confuse people before, that particular accepted mail only means that the package has made it to oldstable-new; it still needs a member of the release team to process it before it reaches oldstable-proposed-updates (or gets rejected). Thanks a lot for your work, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073
* Adam D. Barratt: Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073 (Mon, 26 May 2014 19:57:33 +0100): Control: tags -1 + confirmed On Mon, 2014-05-26 at 18:08 +0200, Mathias Behrle wrote: the original fix for CVE-2013-2217 was missing a proper cleanup of the cache directories in tmp (#749073), which can lead to saturation of the subdirectory limit (~32000 on ext3). I would like to upload suds_0.3.9-1+deb6u2 with this patch backported from https://bitbucket.org/jurko/suds/issue/15/insecure-temporary-directory-use https://bitbucket.org/jurko/suds/commits/3126ac3a406c37f9982f01ad0ca4ed42cf9a47cb https://bitbucket.org/jurko/suds/commits/aee4b2f0318f4b4545a1da826149edaa2c047460 Please go ahead; thanks. Uploaded by sponsor Raphael Hertzog. BTW: Do I need to confirm this? ftpmaster already sent 'suds_0.3.9-1+deb6u2_amd64.changes ACCEPTED into oldstable-proposed-updates-oldstable-new' Cheers -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#749368: wheezy-pu: package suds/0.4.1-5+deb7u1 Bugs #749073 + #714340
* Adam D. Barratt: Bug#749368: wheezy-pu: package suds/0.4.1-5+deb7u1 Bugs #749073 + #714340 (Mon, 26 May 2014 19:55:53 +0100): Control: tags -1 + confirmed On Mon, 2014-05-26 at 18:14 +0200, Mathias Behrle wrote: somehow the original fix for CVE-2013-2217 never got into wheezy. This patch fixes the CVE. Please go ahead. Uploaded by sponsor Raphael Hertzog. Cheers, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#749366: squeeze-pu: package suds/0.3.9-1+deb6u2 Bug#749073
Package: release.debian.org Severity: normal Tags: squeeze User: release.debian@packages.debian.org Usertags: pu X-Debbugs-CC: maintain...@debian.tryton.org Dear release managers, the original fix for CVE-2013-2217 was missing a proper cleanup of the cache directories in tmp (#749073), which can lead to saturation of the subdirectory limit (~32000 on ext3). I would like to upload suds_0.3.9-1+deb6u2 with this patch backported from https://bitbucket.org/jurko/suds/issue/15/insecure-temporary-directory-use https://bitbucket.org/jurko/suds/commits/3126ac3a406c37f9982f01ad0ca4ed42cf9a47cb https://bitbucket.org/jurko/suds/commits/aee4b2f0318f4b4545a1da826149edaa2c047460 Debdiff attached. Thanks for considering, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 diff -Nru suds-0.3.9/debian/changelog suds-0.3.9/debian/changelog --- suds-0.3.9/debian/changelog 2014-05-26 17:35:52.0 +0200 +++ suds-0.3.9/debian/changelog 2014-05-26 17:28:48.0 +0200 @@ -1,3 +1,10 @@ +suds (0.3.9-1+deb6u2) oldstable; urgency=low + + * Improving fix for CVE-2013-2217 to also remove cache directories +from tmp after program execution (Closes: #749073). + + -- Mathias Behrle mathi...@m9s.biz Mon, 26 May 2014 17:25:21 +0200 + suds (0.3.9-1+deb6u1) oldstable; urgency=low * Fix CVE-2013-2217 (Closes: #714340) diff -Nru suds-0.3.9/suds/cache.py suds-0.3.9/suds/cache.py --- suds-0.3.9/suds/cache.py 2014-05-26 17:35:52.0 +0200 +++ suds-0.3.9/suds/cache.py 2014-05-26 16:33:26.0 +0200 @@ -20,6 +20,8 @@ import os from tempfile import gettempdir as tmp +import tempfile +import shutil from suds.transport import * from datetime import datetime as dt from datetime import timedelta @@ -130,6 +132,8 @@ fnsuffix = 'gcf' units = ('months', 'weeks', 'days', 'hours', 'minutes', 'seconds') +__default_location = None + def __init__(self, location=None, **duration): @param location: The directory for the cached files. @@ -140,7 +144,7 @@ @type duration: {unit:value} if location is None: -location = tempfile.mkdtemp() +location = self.__get_default_location() self.location = location self.duration = (None, 0) self.setduration(**duration) @@ -169,6 +173,19 @@ self.location = location +@staticmethod +def __get_default_location(): + +Returns the current process's default cache location folder. +The folder is determined lazily on first call. + +if not FileCache.__default_location: +tmp = tempfile.mkdtemp(suds-default-cache) +FileCache.__default_location = tmp +import atexit +atexit.register(FileCache.__remove_default_location) +return FileCache.__default_location + def mktmp(self): Make the I{location} directory if it doesn't already exits. @@ -180,6 +197,13 @@ log.debug(self.location, exc_info=1) return self +@staticmethod +def __remove_default_location(): + +Removes the default cache location folder. + +shutil.rmtree(FileCache.__default_location, ignore_errors=True) + def put(self, id, bfr): try: fn = self.__fn(id) signature.asc Description: PGP signature
Bug#749368: wheezy-pu: package suds/0.4.1-5+deb7u1 Bugs #749073 + #714340
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian@packages.debian.org Usertags: pu X-Debbugs-CC: maintain...@debian.tryton.org Dear release managers, somehow the original fix for CVE-2013-2217 never got into wheezy. This patch fixes the CVE. I would like to upload suds_0.4.1-5+deb7u1 with this patch backported from https://bitbucket.org/jurko/suds/issue/15/insecure-temporary-directory-use https://bitbucket.org/jurko/suds/commits/3126ac3a406c37f9982f01ad0ca4ed42cf9a47cb https://bitbucket.org/jurko/suds/commits/aee4b2f0318f4b4545a1da826149edaa2c047460 Debdiff attached. Regards, Mathias -- Mathias Behrle PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 diff -Nru suds-0.4.1/debian/changelog suds-0.4.1/debian/changelog --- suds-0.4.1/debian/changelog 2012-06-30 17:22:50.0 +0200 +++ suds-0.4.1/debian/changelog 2014-05-26 16:56:49.0 +0200 @@ -1,3 +1,12 @@ +suds (0.4.1-5+deb7u1) stable; urgency=medium + + * Adding 02-fix-unsecure-cache-path.patch for CVE-2013-2217. +This patch fixes the unsecure creation of cache paths and +removes the cache directory on exit of the calling program. +Relates to #714340 and #749073. + + -- Mathias Behrle mathi...@m9s.biz Mon, 26 May 2014 16:52:21 +0200 + suds (0.4.1-5) unstable; urgency=low [ Mathias Behrle ] diff -Nru suds-0.4.1/debian/patches/02-fix-unsecure-cache-path.patch suds-0.4.1/debian/patches/02-fix-unsecure-cache-path.patch --- suds-0.4.1/debian/patches/02-fix-unsecure-cache-path.patch 1970-01-01 01:00:00.0 +0100 +++ suds-0.4.1/debian/patches/02-fix-unsecure-cache-path.patch 2014-05-26 14:28:52.0 +0200 @@ -0,0 +1,91 @@ +Author: Jurko GospodnetiÄ +Description: Fix for CVE-2013-2217: + Use secure temporary directory creation when initializing + file-based URL cache. + + This patch is taken from the suds-jurko fork of suds at + https://bitbucket.org/jurko/suds. It removes the cache + files on exit of the calling program. + + References: + https://bitbucket.org/jurko/suds/issue/15/insecure-temporary-directory-use + https://bitbucket.org/jurko/suds/commits/3126ac3a406c37f9982f01ad0ca4ed42cf9a47cb + https://bitbucket.org/jurko/suds/commits/aee4b2f0318f4b4545a1da826149edaa2c047460 +Bug: https://bugzilla.redhat.com/show_bug.cgi?id=978696 +Bug-Debian: http://bugs.debian.org/714340 +Forwarded: https://bugzilla.redhat.com/show_bug.cgi?id=978696#c14 +--- suds.orig/suds/cache.py 2014-05-26 14:28:47.950557418 +0200 suds/suds/cache.py 2014-05-26 14:28:47.946557554 +0200 +@@ -19,6 +19,8 @@ + + + import os ++import tempfile ++import shutil + import suds + from tempfile import gettempdir as tmp + from suds.transport import * +@@ -127,7 +129,9 @@ + + fnprefix = 'suds' + units = ('months', 'weeks', 'days', 'hours', 'minutes', 'seconds') +- ++ ++__default_location = None ++ + def __init__(self, location=None, **duration): + + @param location: The directory for the cached files. +@@ -138,12 +142,12 @@ + @type duration: {unit:value} + + if location is None: +-location = os.path.join(tmp(), 'suds') ++location = self.__get_default_location() + self.location = location + self.duration = (None, 0) + self.setduration(**duration) + self.checkversion() +- ++ + def fnsuffix(self): + + Get the file name suffix +@@ -175,7 +179,20 @@ + @type location: str + + self.location = location +- ++ ++@staticmethod ++def __get_default_location(): ++ ++Returns the current process's default cache location folder. ++The folder is determined lazily on first call. ++ ++if not FileCache.__default_location: ++tmp = tempfile.mkdtemp(suds-default-cache) ++FileCache.__default_location = tmp ++import atexit ++atexit.register(FileCache.__remove_default_location) ++return FileCache.__default_location ++ + def mktmp(self): + + Make the I{location} directory if it doesn't already exits. +@@ -186,7 +203,14 @@ + except: + log.debug(self.location, exc_info=1) + return self +- ++ ++@staticmethod ++def __remove_default_location(): ++ ++Removes the default cache location folder. ++ ++shutil.rmtree(FileCache.__default_location, ignore_errors=True) ++ + def put(self, id, bfr): + try: + fn = self.__fn(id) diff -Nru suds-0.4.1/debian/patches/series suds-0.4.1/debian/patches/series --- suds-0.4.1/debian/patches/series 2012-06-30 16:44:34.0 +0200 +++ suds-0.4.1/debian/patches/series 2014-05-26 14:08:25.0 +0200 @@ -1 +1,2 @@ 01-remove-makefile +02-fix-unsecure-cache-path.patch signature.asc Description: PGP signature
Bug#701663: pre-approve unblock: tryton-server/2.2.7-1
* Betr.: Re: Bug#701663: pre-approve unblock: tryton-server/2.2.7-1 (Sun, 24 Mar 2013 21:17:21 +): Sorry, but nack. Minor and important just aren't candidates any more. Yes, in the meantime it is too late. Please give me a short advice how to proceed further: Should I file another unblock request for tpu after the release of wheezy to get it in r1? Thanks -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://m9s.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#701663: pre-approve unblock: tryton-server/2.2.7-1
* Betr.: Re: Bug#701663: pre-approve unblock: tryton-server/2.2.7-1 (Fri, 15 Mar 2013 19:24:30 +): Control: tag -1 + moreinfo On Mon, Feb 25, 2013 at 09:55:17PM +0100, Mathias Behrle wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-server_2.2.7-1. There were several bugfix releases in Tryton, that are out since a considerable time and thus are well tested. I am filing this unblock request for the server first to know if it finds the approval of the release team. Once it is accepted I will file the unblock requests for the client and 16 modules. Those fixes are generally quite smaller than this one. Your changelog doesn't indicate how serious the proposed fixes are and I don't have time to dig through upstream commits trying to work it out. If there were Debian bugs for them, what severity would each be? This is my estimation with respect to debian bug severity: * Fix documentation about child * http://hg.tryton.org/2.2/trytond/rev/c9909a4825d1 - minor * Fix domain concatenation between list and tuple * http://hg.tryton.org/2.2/trytond/rev/518c047f560e - important * Set domain_get mode correctly * http://hg.tryton.org/2.2/trytond/rev/2027979de6eb - important * Fix read related values of reference fields * http://hg.tryton.org/2.2/trytond/rev/bc728fcb3c49 - important * fix use of password not in ASCII * http://hg.tryton.org/2.2/trytond/rev/0b7f360ee251 - important * Add missing context when filling cache from search * http://hg.tryton.org/2.2/trytond/rev/6841eaa2a624 - important * local_cache and model2ids must depend on datetime * http://hg.tryton.org/2.2/trytond/rev/89d4d6c8c19a - important Please take into account, that we are running those patches in production already for considerable time. There should be absolutely low/no risk to include them in r0. Best regards, Mathias signature.asc Description: PGP signature
Bug#701663: pre-approve unblock: tryton-server/2.2.7-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-server_2.2.7-1. There were several bugfix releases in Tryton, that are out since a considerable time and thus are well tested. I am filing this unblock request for the server first to know if it finds the approval of the release team. Once it is accepted I will file the unblock requests for the client and 16 modules. Those fixes are generally quite smaller than this one. Upstream VCS of tryton-server is at [1]. The new version contains the following fixes: * Fix documentation about child * http://hg.tryton.org/2.2/trytond/rev/c9909a4825d1 * Fix domain concatenation between list and tuple * http://hg.tryton.org/2.2/trytond/rev/518c047f560e * Set domain_get mode correctly * http://hg.tryton.org/2.2/trytond/rev/2027979de6eb * Fix read related values of reference fields * http://hg.tryton.org/2.2/trytond/rev/bc728fcb3c49 * fix use of password not in ASCII * http://hg.tryton.org/2.2/trytond/rev/0b7f360ee251 * Add missing context when filling cache from search * http://hg.tryton.org/2.2/trytond/rev/6841eaa2a624 * local_cache and model2ids must depend on datetime * http://hg.tryton.org/2.2/trytond/rev/89d4d6c8c19a Additionally * Updating to Standards-Version: 3.9.4, no changes needed. * Removing obsolete Dm-Upload-Allowed to get the package lintian clean [2]. [1] http://hg.tryton.org/2.2/trytond [2] http://lintian.debian.org/maintainer/maintain...@debian.tryton.org.html#tryton-server debdiff attached unblock: tryton-server/2.2.7-1 diff -Nru tryton-server-2.2.4/CHANGELOG tryton-server-2.2.7/CHANGELOG --- tryton-server-2.2.4/CHANGELOG 2012-09-10 18:06:36.0 +0200 +++ tryton-server-2.2.7/CHANGELOG 2013-02-12 18:12:09.0 +0100 @@ -1,3 +1,12 @@ +Version 2.2.7 - 2013-02-12 +* Bug fixes (see mercurial logs for details) + +Version 2.2.6 - 2012-12-23 +* Bug fixes (see mercurial logs for details) + +Version 2.2.5 - 2012-11-05 +* Bug fixes (see mercurial logs for details) + Version 2.2.4 - 2012-09-10 * Bug fixes (see mercurial logs for details) diff -Nru tryton-server-2.2.4/COPYRIGHT tryton-server-2.2.7/COPYRIGHT --- tryton-server-2.2.4/COPYRIGHT 2012-09-10 18:06:35.0 +0200 +++ tryton-server-2.2.7/COPYRIGHT 2013-02-12 18:12:08.0 +0100 @@ -1,7 +1,7 @@ Copyright (C) 2004-2008 Tiny SPRL. -Copyright (C) 2007-2012 Cédric Krier. +Copyright (C) 2007-2013 Cédric Krier. Copyright (C) 2007-2011 Bertrand Chenal. -Copyright (C) 2008-2012 B2CK SPRL. +Copyright (C) 2008-2013 B2CK SPRL. Copyright (C) 2011 Openlabs Technologies Consulting (P) Ltd. This program is free software: you can redistribute it and/or modify diff -Nru tryton-server-2.2.4/debian/changelog tryton-server-2.2.7/debian/changelog --- tryton-server-2.2.4/debian/changelog 2012-10-03 21:52:54.0 +0200 +++ tryton-server-2.2.7/debian/changelog 2013-02-24 22:14:47.0 +0100 @@ -1,3 +1,15 @@ +tryton-server (2.2.7-1) unstable; urgency=low + + * Merging upstream version 2.2.5. + * Merging upstream version 2.2.6. + * Merging upstream version 2.2.7. + * Refreshing 02-support-pywebdav-0.9.8 patch. + * Updating to Standards-Version: 3.9.4, no changes needed. + * Removing obsolete Dm-Upload-Allowed + * Updating copyright. + + -- Mathias Behrle mathi...@m9s.biz Sun, 24 Feb 2013 22:14:23 +0100 + tryton-server (2.2.4-1) unstable; urgency=low * Merging upstream version 2.2.4. diff -Nru tryton-server-2.2.4/debian/control tryton-server-2.2.7/debian/control --- tryton-server-2.2.4/debian/control 2012-09-11 19:41:40.0 +0200 +++ tryton-server-2.2.7/debian/control 2013-02-24 22:01:37.0 +0100 @@ -3,9 +3,8 @@ Priority: optional Maintainer: Debian Tryton Maintainers maintain...@debian.tryton.org Uploaders: Daniel Baumann dan...@debian.org, Mathias Behrle mathi...@m9s.biz -Dm-Upload-Allowed: yes Build-Depends: debhelper (= 9), python (= 2.6.6-3~), python-setuptools -Standards-Version: 3.9.3 +Standards-Version: 3.9.4 Homepage: http://www.tryton.org/ Vcs-Browser: http://debian.tryton.org/gitweb/?p=packages/tryton-server.git Vcs-Git: git://debian.tryton.org/git/packages/tryton-server.git diff -Nru tryton-server-2.2.4/debian/copyright tryton-server-2.2.7/debian/copyright --- tryton-server-2.2.4/debian/copyright 2012-09-11 19:41:40.0 +0200 +++ tryton-server-2.2.7/debian/copyright 2013-02-24 22:07:39.0 +0100 @@ -2,10 +2,10 @@ Files: * Copyright: 2004-2008 Tiny SPRL - 2007-2012 Cedric Krier + 2007-2013 Cédric Krier 2007-2011 Bertrand Chenal - 2008-2012 B2CK SPRL - 2011 Openlabs Technologies Consulting (P) Ltd. + 2008-2013 B2CK SPRL + 2011 Openlabs Technologies Consulting (P) Ltd License: GPL-3+ Files: doc/* diff -Nru tryton-server-2.2.4/debian/patches/02-support-pywebdav-0.9.8 tryton-server-2.2.7/debian/patches/02
Bug#687628: pre-approve unblock: tryton-modules-account-statement/2.2.1-1
* Betr.: Re: Bug#687628: pre-approve unblock: tryton-modules-account-statement/2.2.1-1 (Wed, 03 Oct 2012 19:08:54 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 13:52 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-account-statement_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix sign of the amount to pay on line Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687631: pre-approve unblock: tryton-modules-calendar/2.2.1-1
* Betr.: Re: Bug#687631: pre-approve unblock: tryton-modules-calendar/2.2.1-1 (Wed, 03 Oct 2012 19:08:31 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 13:57 +0200, Mathias Behrle wrote: please approve the upload of unblock: tryton-modules-calendar_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Convert buffer into string for vobject * No need to browse events when copying * don't copy the UUID field when an event is copied: create a new one * Don't eat name inside the loop in get_calendar_field Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687633: pre-approve unblock: tryton-modules-calendar-scheduling/2.2.2-1
* Betr.: Re: Bug#687633: pre-approve unblock: tryton-modules-calendar-scheduling/2.2.2-1 (Wed, 03 Oct 2012 19:08:13 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 14:08 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-calendar-scheduling_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Add missing test on owner Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687634: pre-approve unblock: tryton-modules-calendar-todo/2.2.1-1
* Betr.: Re: Bug#687634: pre-approve unblock: tryton-modules-calendar-todo/2.2.1-1 (Wed, 03 Oct 2012 19:07:57 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 14:13 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-calendar-todo_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix typo from changeset caaaccd11a73 * Create new UUID on copy of todo * Convert buffer into string for vobject Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687639: pre-approve unblock: tryton-modules-stock-supply/2.2.2-1
* Betr.: Re: Bug#687639: pre-approve unblock: tryton-modules-stock-supply/2.2.2-1 (Wed, 03 Oct 2012 19:07:01 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 14:32 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-stock-supply_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Tax rule apply method return a list of tax ids Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687636: pre-approve unblock: tryton-modules-product/2.2.2-1
* Betr.: Re: Bug#687636: pre-approve unblock: tryton-modules-product/2.2.2-1 (Wed, 03 Oct 2012 19:07:39 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 14:25 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-product_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Re-fix non zero rate unittest * Fix non zero rate unittest Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687691: pre-approve unblock: tryton-modules-timesheet/2.2.2-1
* Betr.: Re: Bug#687691: pre-approve unblock: tryton-modules-timesheet/2.2.2-1 (Wed, 03 Oct 2012 19:06:43 +0100): Control: tags -1 + confirmed On Sat, 2012-09-15 at 10:11 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-timesheet_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Do not compute twice the children timesheets Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687638: pre-approve unblock: tryton-modules-stock/2.2.3-1
* Betr.: Re: Bug#687638: pre-approve unblock: tryton-modules-stock/2.2.3-1 (Wed, 03 Oct 2012 19:07:21 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 14:28 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-stock_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Ensure clause concatination works with tuple vs list Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687625: pre-approve unblock: tryton-client/2.2.3-1
* Betr.: Re: Bug#687625: pre-approve unblock: tryton-client/2.2.3-1 (Wed, 03 Oct 2012 19:09:50 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 13:27 +0200, Mathias Behrle wrote: please approve the upload of tryton-client_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix wrong sorting to get lazy first * Use repr for faultCode in Fault.__repr__ * Fix test on legend graph attribute * get_toplevel_window should return only gtk.WINDOW_TOPLEVEL * set_value of M2O must simulate a focus-out in case it did not yet occur * Fix name of fields loaded from predefined export * Activate form buttons only when they are sensitive * Fix domain_inversion for comparison of datetime with None Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1
* Betr.: Re: Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1 (Wed, 03 Oct 2012 19:06:22 +0100): Control: tags -1 + confirmed On Wed, 2012-10-03 at 14:22 +0200, Mathias Behrle wrote: * Betr.: Re: Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1 (Tue, 02 Oct 2012 19:07:07 +0100): On Sat, 2012-09-15 at 10:22 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-party-vcarddav_2.2.1-1. The new version contains the upstream bug fix release [1]. [...] * Reports must no more be encoded in base64 I might regret asking this, but... why not? Thanks for asking. I answered about all the migration stuff already on [2], from which I am quoting Indeed the original change for all kind of buffer/string migrations was the move from base64 encoding to buffer for binary fields in the server: http://hg.tryton.org/trytond/rev/8d2762bb1aa4?revcount=160 Indeed you did, but I didn't equate the two changes. Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687627: pre-approve unblock: tryton-modules-account/2.2.3-1
* Betr.: Re: Bug#687627: pre-approve unblock: tryton-modules-account/2.2.3-1 (Wed, 03 Oct 2012 19:09:12 +0100): Control: tags -1 + confirmed On Fri, 2012-09-14 at 13:46 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-account_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix typo for account.rec_name * Ensure clause concatination works with tuple vs list * Fix search_receivable_payable with None value Please go ahead, and let us know once the package has been in unstable for a few days. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1
* Betr.: Re: Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1 (Wed, 03 Oct 2012 20:23:25 +0100): Control: tags -1 + confirmed On Wed, 2012-10-03 at 21:22 +0200, Mathias Behrle wrote: could I please have a go for this issue, too, as for the the other Tryton modules? Including context is helpful ;-p Ack. Package was uploaded to unstable on 2012-10-05. Please unblock. Thanks, Mathias signature.asc Description: PGP signature
Bug#687626: pre-approve unblock: tryton-server/2.2.4-1
* Betr.: Re: Bug#687626: pre-approve unblock: tryton-server/2.2.4-1 (Wed, 03 Oct 2012 19:09:30 +0100): Hello Adam, On Fri, 2012-09-14 at 13:36 +0200, Mathias Behrle wrote: please approve the upload of tryton-server_2.2.4-1. The new version contains the upstream bug fix release [1]. The fixes are for * NULL value for boolean fields should be considered like False * Don't fail on unknown database for WebDAV * Fix reading from cache in field one2many * Fix comparison of BrowseRecord when other is not a BrowseRecord * Skip empty arch when searching other strings of same model * Fix MySQLdb to use time for TIME instead of timedelta * Add missing empty selection for action in menu * Add missing quote on order field * Fix nested order_calc tables_args manipulation Please go ahead, and let us know once the package has been in unstable for a few days. Just uploaded Tryton server and related packages to unstable. I will be absent from 9.-16.10.2012. Should I preferably give feedback on 8.10. or after 16.10.? Regards, Mathias signature.asc Description: PGP signature
Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1
* Betr.: Re: Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1 (Tue, 02 Oct 2012 19:07:07 +0100): On Sat, 2012-09-15 at 10:22 +0200, Mathias Behrle wrote: please approve the upload of tryton-modules-party-vcarddav_2.2.1-1. The new version contains the upstream bug fix release [1]. [...] * Reports must no more be encoded in base64 I might regret asking this, but... why not? Thanks for asking. I answered about all the migration stuff already on [2], from which I am quoting Indeed the original change for all kind of buffer/string migrations was the move from base64 encoding to buffer for binary fields in the server: http://hg.tryton.org/trytond/rev/8d2762bb1aa4?revcount=160 The decision to migrate from base64 encoding to buffer AFAIK was made, because - buffer saves overhead of base64 encoding - usage of buffer is pythonic Anyway: since this change was made in the Tryton server, all Tryton modules have to adapt to this change. * Reports must no more be encoded in base64 just says, that this change was forgotten in module migration. [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687632 Regards, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://m9s.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1
Hello Adam, could I please have a go for this issue, too, as for the the other Tryton modules? Thanks, Mathias signature.asc Description: PGP signature
Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1
* Betr.: Re: Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1 (Fri, 14 Sep 2012 13:18:54 +0100): Hello Adam, [The comments below are relevant for at least some of the other tryton-* requests, I've just chosen to reply to this one] On 14.09.2012 13:01, Mathias Behrle wrote: please approve the upload of tryton-modules-calendar-classification_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Convert buffer into string for vobject That's really not a particular helpful description for deciding whether the upload is appropriate for an unblock; upstream's changelog of * Bug fixes (see mercurial logs for details) doesn't provide much elucidation either. Please could you provide more information as to what bugs / problems are actually resolved by the changes? This issue is caused by the migration of the binary field format to buffer [1]. Writing and reading from the DB affords the conversion from buffer to string. Would it be adequate to post for each package the link to the mercurial repository? The standard commit messages are linked to the reviews [1] and/or issue numbers in the bug tracker of tryton.org to provide easy tracking information. For this package the link can be found at [2]. What I did already per package is to summarize those commit messages as provided in the mercurial logs. Could you please just mark the messages, where you need more detailed information? NB: The Tryton project itself is very conservative with respect to bug fixes. They are always transplants from trunk (and in the case of version 2.2 from the higher stable version 2.4) and never require a database update. Before making their way into Debian they are tested by a wide public. The very low number of bug reports of Tryton packages in Debian can be seen as a hint for the stability of the software. For wheezy the Tryton maintainers even decided to not upload the current version 2.4, but to stick to 2.2 to be absolutely sure to get a real stable version into wheezy. This all to say, that a bugfix release in Tryton *never* will contain a feature, but is a real bugfix release. that can be applied at minimal risk. [1] http://codereview.tryton.org/426003/diff/1/calendar_.py [2] http://hg.tryton.org/2.2/modules/calendar_classification Regards, Mathias signature.asc Description: PGP signature
Bug#687691: pre-approve unblock: tryton-modules-timesheet/2.2.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-timesheet_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Do not compute twice the children timesheets Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-timesheet/2.2.2-1 diff -Nru tryton-modules-timesheet-2.2.0/CHANGELOG tryton-modules-timesheet-2.2.1/CHANGELOG --- tryton-modules-timesheet-2.2.0/CHANGELOG 2011-10-25 11:29:45.0 +0200 +++ tryton-modules-timesheet-2.2.1/CHANGELOG 2012-09-01 19:17:39.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-01 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-25 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-timesheet-2.2.0/COPYRIGHT tryton-modules-timesheet-2.2.1/COPYRIGHT --- tryton-modules-timesheet-2.2.0/COPYRIGHT 2011-07-06 09:57:43.0 +0200 +++ tryton-modules-timesheet-2.2.1/COPYRIGHT 2012-09-01 19:17:38.0 +0200 @@ -1,6 +1,6 @@ Copyright (C) 2008-2011 Cédric Krier. Copyright (C) 2008-2011 Bertrand Chenal. -Copyright (C) 2008-2011 B2CK SPRL. +Copyright (C) 2008-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-timesheet-2.2.0/debian/changelog tryton-modules-timesheet-2.2.1/debian/changelog --- tryton-modules-timesheet-2.2.0/debian/changelog 2012-06-30 18:35:28.0 +0200 +++ tryton-modules-timesheet-2.2.1/debian/changelog 2012-09-12 15:55:13.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-timesheet (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:55:13 +0200 + tryton-modules-timesheet (2.2.0-2) unstable; urgency=low [ Mathias Behrle ] diff -Nru tryton-modules-timesheet-2.2.0/PKG-INFO tryton-modules-timesheet-2.2.1/PKG-INFO --- tryton-modules-timesheet-2.2.0/PKG-INFO 2011-10-25 11:31:03.0 +0200 +++ tryton-modules-timesheet-2.2.1/PKG-INFO 2012-09-01 19:17:42.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond_timesheet -Version: 2.2.0 +Version: 2.2.1 Summary: Timesheet Module with: - Work - Timesheet line diff -Nru tryton-modules-timesheet-2.2.0/trytond_timesheet.egg-info/PKG-INFO tryton-modules-timesheet-2.2.1/trytond_timesheet.egg-info/PKG-INFO --- tryton-modules-timesheet-2.2.0/trytond_timesheet.egg-info/PKG-INFO 2011-10-25 11:31:03.0 +0200 +++ tryton-modules-timesheet-2.2.1/trytond_timesheet.egg-info/PKG-INFO 2012-09-01 19:17:42.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond-timesheet -Version: 2.2.0 +Version: 2.2.1 Summary: Timesheet Module with: - Work - Timesheet line diff -Nru tryton-modules-timesheet-2.2.0/__tryton__.py tryton-modules-timesheet-2.2.1/__tryton__.py --- tryton-modules-timesheet-2.2.0/__tryton__.py 2011-10-25 11:29:52.0 +0200 +++ tryton-modules-timesheet-2.2.1/__tryton__.py 2011-10-25 11:32:55.0 +0200 @@ -8,7 +8,7 @@ 'name_es_ES': 'Partes de trabajo', 'name_fr_FR': 'Feuille de présence', 'name_nl_NL': 'Tijdregistratie', -'version': '2.2.0', +'version': '2.2.1', 'author': 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', diff -Nru tryton-modules-timesheet-2.2.0/work.py tryton-modules-timesheet-2.2.1/work.py --- tryton-modules-timesheet-2.2.0/work.py 2011-08-02 20:08:47.0 +0200 +++ tryton-modules-timesheet-2.2.1/work.py 2012-06-19 22:32:56.0 +0200 @@ -80,7 +80,7 @@ ('parent', 'child_of', ids), ]) # force inactive ids to be in all_ids -all_ids = all_ids + ids +all_ids = list(set(all_ids + ids)) clause = SELECT work, sum(hours) FROM timesheet_line \ WHERE work IN (%s) \ % ,.join(('%s',) * len(all_ids)) signature.asc Description: PGP signature
Bug#687695: pre-approve unblock: tryton-modules-party-vcarddav/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-party-vcarddav_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Create new uuid for every party on copy * Convert buffer into string for vobject * Reports must no more be encoded in base64 Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-party-vcarddav/2.2.1-1 diff -Nru tryton-modules-party-vcarddav-2.2.0/CHANGELOG tryton-modules-party-vcarddav-2.2.1/CHANGELOG --- tryton-modules-party-vcarddav-2.2.0/CHANGELOG 2011-10-24 23:15:56.0 +0200 +++ tryton-modules-party-vcarddav-2.2.1/CHANGELOG 2012-09-02 16:23:08.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-24 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-party-vcarddav-2.2.0/COPYRIGHT tryton-modules-party-vcarddav-2.2.1/COPYRIGHT --- tryton-modules-party-vcarddav-2.2.0/COPYRIGHT 2011-07-06 09:56:51.0 +0200 +++ tryton-modules-party-vcarddav-2.2.1/COPYRIGHT 2012-09-02 16:23:07.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2009-2011 Cédric Krier. +Copyright (C) 2009-2012 Cédric Krier. Copyright (C) 2009-2011 Bertrand Chenal. -Copyright (C) 2009-2011 B2CK SPRL. +Copyright (C) 2009-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-party-vcarddav-2.2.0/debian/changelog tryton-modules-party-vcarddav-2.2.1/debian/changelog --- tryton-modules-party-vcarddav-2.2.0/debian/changelog 2012-06-30 18:21:36.0 +0200 +++ tryton-modules-party-vcarddav-2.2.1/debian/changelog 2012-09-12 16:56:20.0 +0200 @@ -1,3 +1,10 @@ +tryton-modules-party-vcarddav (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + * Refreshing patch 01-support-pywebdav-0.9.8. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 16:56:03 +0200 + tryton-modules-party-vcarddav (2.2.0-3) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-party-vcarddav-2.2.0/debian/patches/01-support-pywebdav-0.9.8 tryton-modules-party-vcarddav-2.2.1/debian/patches/01-support-pywebdav-0.9.8 --- tryton-modules-party-vcarddav-2.2.0/debian/patches/01-support-pywebdav-0.9.8 2012-06-30 16:46:40.0 +0200 +++ tryton-modules-party-vcarddav-2.2.1/debian/patches/01-support-pywebdav-0.9.8 2012-09-12 16:55:12.0 +0200 @@ -1,7 +1,7 @@ Author: Mathias Behrle mathi...@m9s.biz Description: Support new structure of pywebdav 0.9.4.1. tryton-modules-party-vcarddav.orig/carddav.py 2012-01-02 12:49:50.708128811 +0100 -+++ tryton-modules-party-vcarddav/carddav.py 2012-03-26 16:07:58.090847515 +0200 +--- tryton-modules-party-vcarddav.orig/carddav.py 2011-10-24 23:17:47.0 +0200 tryton-modules-party-vcarddav/carddav.py 2012-09-12 16:54:51.489662701 +0200 @@ -1,7 +1,11 @@ #This file is part of Tryton. The COPYRIGHT file at the top level of #this repository contains the full copyright notices and license terms. @@ -16,11 +16,11 @@ from trytond.protocols.webdav import TrytonDAVInterface, CACHE from trytond.pool import Pool from trytond.transaction import Transaction tryton-modules-party-vcarddav.orig/webdav.py 2012-01-02 12:49:50.712128604 +0100 -+++ tryton-modules-party-vcarddav/webdav.py 2012-03-26 16:09:34.807554228 +0200 -@@ -2,7 +2,10 @@ +--- tryton-modules-party-vcarddav.orig/webdav.py 2012-09-12 15:53:56.994986069 +0200 tryton-modules-party-vcarddav/webdav.py 2012-09-12 16:54:51.493662568 +0200 +@@ -1,7 +1,10 @@ + #This file is part of Tryton. The COPYRIGHT file at the top level of #this repository contains the full copyright notices and license terms. - import base64 import urlparse -from DAV.errors import DAV_NotFound, DAV_Forbidden +try: @@ -30,7 +30,7 @@ from trytond.model import ModelView, ModelSQL from trytond.tools import reduce_ids from trytond.transaction import Transaction -@@ -148,7 +151,10 @@ +@@ -147,7 +150,10 @@ return res def get_resourcetype(self, uri, cache=None): diff -Nru tryton-modules-party-vcarddav-2.2.0/party.py tryton-modules-party-vcarddav-2.2.1/party.py --- tryton-modules-party-vcarddav-2.2.0/party.py 2011-09-30 22:53:56.0 +0200 +++ tryton-modules-party-vcarddav-2.2.1/party.py 2012-08-23 23:43:32.0 +0200 @@ -1,6 +1,5 @@ #This file is part of Tryton. The COPYRIGHT file at the top level of #this repository contains the full copyright notices and license terms. -import base64 import copy import uuid from trytond.model import ModelSQL, ModelView, fields @@ -50,11 +49,23 @@ return res def copy(self, ids, default=None): +int_id = isinstance(ids, (int, long
Bug#687625: pre-approve unblock: tryton-client/2.2.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-client_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix wrong sorting to get lazy first * Use repr for faultCode in Fault.__repr__ * Fix test on legend graph attribute * get_toplevel_window should return only gtk.WINDOW_TOPLEVEL * set_value of M2O must simulate a focus-out in case it did not yet occur * Fix name of fields loaded from predefined export * Activate form buttons only when they are sensitive * Fix domain_inversion for comparison of datetime with None Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-client/2.2.3-1 diff -Nru tryton-client-2.2.2/CHANGELOG tryton-client-2.2.3/CHANGELOG --- tryton-client-2.2.2/CHANGELOG 2012-05-07 11:10:32.0 +0200 +++ tryton-client-2.2.3/CHANGELOG 2012-09-01 18:55:56.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.3 - 2012-09-01 +* Bug fixes (see mercurial logs for details) + Version 2.2.2 - 2012-05-07 * Bug fixes (see mercurial logs for details) diff -Nru tryton-client-2.2.2/debian/changelog tryton-client-2.2.3/debian/changelog --- tryton-client-2.2.2/debian/changelog 2012-06-30 17:24:56.0 +0200 +++ tryton-client-2.2.3/debian/changelog 2012-09-11 19:37:56.0 +0200 @@ -1,3 +1,9 @@ +tryton-client (2.2.3-1) unstable; urgency=low + + * Merging upstream version 2.2.3. + + -- Mathias Behrle mathi...@m9s.biz Tue, 11 Sep 2012 19:37:56 +0200 + tryton-client (2.2.2-2) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-client-2.2.2/PKG-INFO tryton-client-2.2.3/PKG-INFO --- tryton-client-2.2.2/PKG-INFO 2012-05-07 11:10:35.0 +0200 +++ tryton-client-2.2.3/PKG-INFO 2012-09-01 18:56:01.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: tryton -Version: 2.2.2 +Version: 2.2.3 Summary: Tryton client Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-client-2.2.2/tryton/common/common.py tryton-client-2.2.3/tryton/common/common.py --- tryton-client-2.2.2/tryton/common/common.py 2012-04-23 18:28:30.0 +0200 +++ tryton-client-2.2.3/tryton/common/common.py 2012-07-30 11:05:49.0 +0200 @@ -243,7 +243,8 @@ def get_toplevel_window(): windows = [x for x in gtk.window_list_toplevels() -if x.window and x.props.visible] +if x.window and x.props.visible +and x.get_window_type() == gtk.WINDOW_TOPLEVEL] trans2windows = dict((x.get_transient_for(), x) for x in windows) for window in set(windows) - set(trans2windows.iterkeys()): return window diff -Nru tryton-client-2.2.2/tryton/common/domain_inversion.py tryton-client-2.2.3/tryton/common/domain_inversion.py --- tryton-client-2.2.2/tryton/common/domain_inversion.py 2011-12-25 14:51:07.0 +0100 +++ tryton-client-2.2.3/tryton/common/domain_inversion.py 2012-05-22 14:40:45.0 +0200 @@ -3,6 +3,7 @@ import operator import types +import datetime def in_(a, b): if isinstance(a, (list, tuple)): @@ -52,7 +53,18 @@ # We should consider that other domain inversion will set a correct # value to this field return True -return OPERATORS[operand](context[field], value) +context_field = context[field] +if isinstance(context_field, datetime.date) and not value: +if isinstance(context_field, datetime.datetime): +value = datetime.datetime.min +else: +value = datetime.date.min +if isinstance(value, datetime.date) and not context_field: +if isinstance(value, datetime.datetime): +context_field = datetime.datetime.min +else: +context_field = datetime.date.min +return OPERATORS[operand](context_field, value) def inverse_leaf(domain): if domain in ('AND', 'OR'): @@ -396,6 +408,15 @@ assert eval_domain(domain, {'x': 6}) assert not eval_domain(domain, {'x': 4}) +domain = [['x', '', None]] +assert eval_domain(domain, {'x': datetime.date.today()}) +assert eval_domain(domain, {'x': datetime.datetime.now()}) + +domain = [['x', '', datetime.date.today()]] +assert eval_domain(domain, {'x': None}) +domain = [['x', '', datetime.datetime.now()]] +assert eval_domain(domain, {'x': None}) + domain = [['x', 'in', [3, 5]]] assert eval_domain(domain, {'x': 3}) assert not eval_domain(domain, {'x': 4}) diff -Nru tryton-client-2.2.2/tryton/gui/window/form.py tryton-client-2.2.3/tryton/gui/window/form.py --- tryton-client-2.2.2/tryton/gui/window/form.py 2012-04-23 18:28:30.0 +0200 +++ tryton-client-2.2.3/tryton/gui/window/form.py 2012-05-22 14:46:14.0 +0200 @@ -406,19 +406,24 @@ return True def sig_action(self, widget): -self.buttons['action'].props.active = True
Bug#687626: pre-approve unblock: tryton-server/2.2.4-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-server_2.2.4-1. The new version contains the upstream bug fix release [1]. The fixes are for * NULL value for boolean fields should be considered like False * Don't fail on unknown database for WebDAV * Fix reading from cache in field one2many * Fix comparison of BrowseRecord when other is not a BrowseRecord * Skip empty arch when searching other strings of same model * Fix MySQLdb to use time for TIME instead of timedelta * Add missing empty selection for action in menu * Add missing quote on order field * Fix nested order_calc tables_args manipulation Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-server/2.2.4-1 diff -Nru tryton-server-2.2.3/CHANGELOG tryton-server-2.2.4/CHANGELOG --- tryton-server-2.2.3/CHANGELOG 2012-05-07 11:11:01.0 +0200 +++ tryton-server-2.2.4/CHANGELOG 2012-09-10 18:06:36.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.4 - 2012-09-10 +* Bug fixes (see mercurial logs for details) + Version 2.2.3 - 2012-05-07 * Bug fixes (see mercurial logs for details) diff -Nru tryton-server-2.2.3/debian/changelog tryton-server-2.2.4/debian/changelog --- tryton-server-2.2.3/debian/changelog 2012-06-30 17:37:43.0 +0200 +++ tryton-server-2.2.4/debian/changelog 2012-09-12 16:52:22.0 +0200 @@ -1,3 +1,10 @@ +tryton-server (2.2.4-1) unstable; urgency=low + + * Merging upstream version 2.2.4. + * Refreshing patch 02-support-pywebdav-0.9.8. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 16:52:02 +0200 + tryton-server (2.2.3-2) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-server-2.2.3/debian/patches/02-support-pywebdav-0.9.8 tryton-server-2.2.4/debian/patches/02-support-pywebdav-0.9.8 --- tryton-server-2.2.3/debian/patches/02-support-pywebdav-0.9.8 2012-06-30 16:46:37.0 +0200 +++ tryton-server-2.2.4/debian/patches/02-support-pywebdav-0.9.8 2012-09-12 16:44:38.0 +0200 @@ -1,7 +1,7 @@ Author: Mathias Behrle mathi...@m9s.biz Description: Support new structure of pywebdav 0.9.4.1. tryton-server.orig/trytond/protocols/webdav.py 2012-05-09 11:42:39.277620212 +0200 -+++ tryton-server/trytond/protocols/webdav.py 2012-05-09 11:42:59.112947846 +0200 +--- tryton-server.orig/trytond/protocols/webdav.py 2012-09-11 19:41:40.0 +0200 tryton-server/trytond/protocols/webdav.py 2012-09-12 16:44:26.630387413 +0200 @@ -12,11 +12,15 @@ import logging from threading import local @@ -127,7 +127,7 @@ global CACHE CACHE = LocalDict() if not Transaction().cursor: -@@ -527,22 +538,57 @@ +@@ -527,25 +538,57 @@ if dbname: Cache.resets(dbname) @@ -154,12 +154,16 @@ + def get_userinfo(self, user, password, command=''): -dbname = urllib.unquote_plus(self.path.split('/', 2)[1]) -+path = urlparse.urlparse(self.path).path -+dbname = urllib.unquote_plus(path.split('/', 2)[1]) - if not dbname: --database = Database().connect() +-database = Database().connect() +-cursor = database.cursor() +-databases = database.list(cursor) +-cursor.close() +-if not dbname or dbname not in databases: -return 1 -user = int(login(dbname, user, password, cache=False)) ++path = urlparse.urlparse(self.path).path ++dbname = urllib.unquote_plus(path.split('/', 2)[1]) ++if not dbname: +Database().connect() +return True +if user: @@ -196,8 +200,8 @@ class SecureWebDAVAuthRequestHandler(WebDAVAuthRequestHandler): tryton-server.orig/trytond/webdav/webdav.py 2012-05-09 11:42:39.277620212 +0200 -+++ tryton-server/trytond/webdav/webdav.py 2012-05-09 11:42:59.112947846 +0200 +--- tryton-server.orig/trytond/webdav/webdav.py 2011-10-24 15:57:46.0 +0200 tryton-server/trytond/webdav/webdav.py 2012-09-12 16:07:24.620219292 +0200 @@ -2,11 +2,33 @@ #this repository contains the full copyright notices and license terms. import os @@ -497,9 +501,9 @@ +raise Exception('Bad arguments') + Attachment() tryton-server.orig/CHANGELOG 2012-05-09 11:42:39.277620212 +0200 -+++ tryton-server/CHANGELOG 2012-05-09 11:42:59.112947846 +0200 -@@ -4,6 +4,7 @@ +--- tryton-server.orig/CHANGELOG 2012-09-11 19:41:40.0 +0200 tryton-server/CHANGELOG 2012-09-12 16:07:24.620219292 +0200 +@@ -7,6 +7,7 @@ Version 2.2.2 - 2012-03-28 * Bug fixes (see mercurial logs for details) * Don't allow rpc call on ModelStorage without ModelView (CVE-2012-0215) @@ -507,8 +511,8 @@ Version 2.2.1 - 2011-12-26 * Bug fixes (see mercurial logs for details) tryton-server.orig/doc/topics/install.rst 2012-05-09 11:42:39.277620212 +0200 -+++ tryton-server/doc
Bug#687627: pre-approve unblock: tryton-modules-account/2.2.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-account_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix typo for account.rec_name * Ensure clause concatination works with tuple vs list * Fix search_receivable_payable with None value Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-account/2.2.3-1 diff -Nru tryton-modules-account-2.2.2/CHANGELOG tryton-modules-account-2.2.3/CHANGELOG --- tryton-modules-account-2.2.2/CHANGELOG 2012-05-07 11:09:15.0 +0200 +++ tryton-modules-account-2.2.3/CHANGELOG 2012-09-02 15:13:34.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.3 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.2 - 2012-05-07 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-account-2.2.2/debian/changelog tryton-modules-account-2.2.3/debian/changelog --- tryton-modules-account-2.2.2/debian/changelog 2012-06-30 18:03:45.0 +0200 +++ tryton-modules-account-2.2.3/debian/changelog 2012-09-11 19:38:11.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-account (2.2.3-1) unstable; urgency=low + + * Merging upstream version 2.2.3. + + -- Mathias Behrle mathi...@m9s.biz Tue, 11 Sep 2012 19:38:11 +0200 + tryton-modules-account (2.2.2-2) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-account-2.2.2/move.py tryton-modules-account-2.2.3/move.py --- tryton-modules-account-2.2.2/move.py 2012-04-24 14:23:39.0 +0200 +++ tryton-modules-account-2.2.3/move.py 2012-08-26 15:32:07.0 +0200 @@ -156,8 +156,8 @@ def search_rec_name(self, name, clause): ids = self.search(['OR', -('reference',) + clause[1:], -(self._rec_name,) + clause[1:], +('reference',) + tuple(clause[1:]), +(self._rec_name,) + tuple(clause[1:]), ]) return [('id', 'in', ids)] @@ -886,7 +886,7 @@ else: if 'account' not in res: res['account'] = party.account_payable.id -res['account.rec_name'] = party.account_payable.id +res['account.rec_name'] = party.account_payable.rec_name if party and vals.get('credit'): if vals['credit'] Decimal('0.0'): diff -Nru tryton-modules-account-2.2.2/party.py tryton-modules-account-2.2.3/party.py --- tryton-modules-account-2.2.2/party.py 2011-12-25 17:53:29.0 +0100 +++ tryton-modules-account-2.2.3/party.py 2012-08-23 23:48:03.0 +0200 @@ -181,7 +181,7 @@ 'GROUP BY l.party ' 'HAVING (SUM((COALESCE(l.debit, 0) - COALESCE(l.credit, 0))) ' \ + clause[1] + ' %s)', -[code] + today_value + [company_id] + [Decimal(clause[2])]) +[code] + today_value + [company_id] + [Decimal(clause[2] or 0)]) return [('id', 'in', [x[0] for x in cursor.fetchall()])] Party() diff -Nru tryton-modules-account-2.2.2/PKG-INFO tryton-modules-account-2.2.3/PKG-INFO --- tryton-modules-account-2.2.2/PKG-INFO 2012-05-07 11:09:17.0 +0200 +++ tryton-modules-account-2.2.3/PKG-INFO 2012-09-02 15:13:38.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond_account -Version: 2.2.2 +Version: 2.2.3 Summary: Financial and Accounting Module with: - General accounting - Fiscal year management diff -Nru tryton-modules-account-2.2.2/tax.py tryton-modules-account-2.2.3/tax.py --- tryton-modules-account-2.2.2/tax.py 2011-11-22 13:27:43.0 +0100 +++ tryton-modules-account-2.2.3/tax.py 2012-08-26 15:28:13.0 +0200 @@ -238,10 +238,10 @@ return res def search_rec_name(self, name, clause): -ids = self.search([('code',) + clause[1:]], limit=1, order=[]) +ids = self.search([('code',) + tuple(clause[1:])], limit=1, order=[]) if ids: -return [('code',) + clause[1:]] -return [('name',) + clause[1:]] +return [('code',) + tuple(clause[1:])] +return [('name',) + tuple(clause[1:])] def delete(self, ids): if isinstance(ids, (int, long)): diff -Nru tryton-modules-account-2.2.2/trytond_account.egg-info/PKG-INFO tryton-modules-account-2.2.3/trytond_account.egg-info/PKG-INFO --- tryton-modules-account-2.2.2/trytond_account.egg-info/PKG-INFO 2012-05-07 11:09:16.0 +0200 +++ tryton-modules-account-2.2.3/trytond_account.egg-info/PKG-INFO 2012-09-02 15:13:37.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond-account -Version: 2.2.2 +Version: 2.2.3 Summary: Financial and Accounting Module with: - General accounting - Fiscal year management diff -Nru tryton-modules-account-2.2.2/__tryton__.py tryton-modules
Bug#687628: pre-approve unblock: tryton-modules-account-statement/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-account-statement_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix sign of the amount to pay on line Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-account-statement/2.2.1-1 diff -Nru tryton-modules-account-statement-2.2.0/CHANGELOG tryton-modules-account-statement-2.2.1/CHANGELOG --- tryton-modules-account-statement-2.2.0/CHANGELOG 2011-10-24 17:26:21.0 +0200 +++ tryton-modules-account-statement-2.2.1/CHANGELOG 2012-09-02 15:29:59.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-24 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-account-statement-2.2.0/COPYRIGHT tryton-modules-account-statement-2.2.1/COPYRIGHT --- tryton-modules-account-statement-2.2.0/COPYRIGHT 2011-07-06 09:55:55.0 +0200 +++ tryton-modules-account-statement-2.2.1/COPYRIGHT 2012-09-02 15:29:58.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2008-2011 Cédric Krier. +Copyright (C) 2008-2012 Cédric Krier. Copyright (C) 2008-2011 Bertrand Chenal. -Copyright (C) 2008-2011 B2CK SPRL. +Copyright (C) 2008-2012 B2CK SPRL. Copyright (C) 2004-2008 Tiny SPRL. This program is free software: you can redistribute it and/or modify diff -Nru tryton-modules-account-statement-2.2.0/debian/changelog tryton-modules-account-statement-2.2.1/debian/changelog --- tryton-modules-account-statement-2.2.0/debian/changelog 2012-06-30 18:07:34.0 +0200 +++ tryton-modules-account-statement-2.2.1/debian/changelog 2012-09-12 15:54:35.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-account-statement (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:54:35 +0200 + tryton-modules-account-statement (2.2.0-2) unstable; urgency=low [ Mathias Behrle ] diff -Nru tryton-modules-account-statement-2.2.0/PKG-INFO tryton-modules-account-statement-2.2.1/PKG-INFO --- tryton-modules-account-statement-2.2.0/PKG-INFO 2011-10-24 17:28:01.0 +0200 +++ tryton-modules-account-statement-2.2.1/PKG-INFO 2012-09-02 15:30:03.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond_account_statement -Version: 2.2.0 +Version: 2.2.1 Summary: Financial and Accounting Module with: - Statement - Statement journal diff -Nru tryton-modules-account-statement-2.2.0/statement.py tryton-modules-account-statement-2.2.1/statement.py --- tryton-modules-account-statement-2.2.0/statement.py 2011-08-21 11:21:19.0 +0200 +++ tryton-modules-account-statement-2.2.1/statement.py 2012-08-26 15:42:10.0 +0200 @@ -244,7 +244,9 @@ else: res['lines']['update'].append({ 'id': line['id'], -'amount': amount_to_pay, +'amount': (amount_to_pay +if line['amount'] = 0 +else -amount_to_pay), }) res['lines'].setdefault('add', []) vals = line.copy() diff -Nru tryton-modules-account-statement-2.2.0/trytond_account_statement.egg-info/PKG-INFO tryton-modules-account-statement-2.2.1/trytond_account_statement.egg-info/PKG-INFO --- tryton-modules-account-statement-2.2.0/trytond_account_statement.egg-info/PKG-INFO 2011-10-24 17:28:01.0 +0200 +++ tryton-modules-account-statement-2.2.1/trytond_account_statement.egg-info/PKG-INFO 2012-09-02 15:30:02.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond-account-statement -Version: 2.2.0 +Version: 2.2.1 Summary: Financial and Accounting Module with: - Statement - Statement journal diff -Nru tryton-modules-account-statement-2.2.0/__tryton__.py tryton-modules-account-statement-2.2.1/__tryton__.py --- tryton-modules-account-statement-2.2.0/__tryton__.py 2011-10-24 17:27:06.0 +0200 +++ tryton-modules-account-statement-2.2.1/__tryton__.py 2011-10-24 17:30:09.0 +0200 @@ -8,7 +8,7 @@ 'name_es_ES': 'Estado de cuentas', 'name_fr_FR': 'Relevé comptable', 'name_nl_NL': 'Bankafschriften', -'version': '2.2.0', +'version': '2.2.1', 'author': 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', signature.asc Description: PGP signature
Bug#687631: pre-approve unblock: tryton-modules-calendar/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of unblock: tryton-modules-calendar_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Convert buffer into string for vobject * No need to browse events when copying * don't copy the UUID field when an event is copied: create a new one * Don't eat name inside the loop in get_calendar_field Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-calendar/2.2.1-1 diff -Nru tryton-modules-calendar-2.2.0/calendar.py tryton-modules-calendar-2.2.1/calendar.py --- tryton-modules-calendar-2.2.0/calendar.py 2011-08-21 11:21:20.0 +0200 +++ tryton-modules-calendar-2.2.1/calendar.py 2012-08-07 12:35:53.0 +0200 @@ -545,8 +545,8 @@ assert name in ('calendar_owner', 'calendar_read_users', 'calendar_write_users'), 'Invalid name' res = {} +name = name[9:] for event in self.browse(ids): -name = name[9:] if name in ('read_users', 'write_users'): res[event.id] = [x.id for x in event.calendar[name]] else: @@ -738,6 +738,25 @@ collection_obj.event.reset() return res +def copy(self, ids, default=None): +int_id = isinstance(ids, (int, long)) +if int_id: +ids = [ids] + +if default is None: +default = {} + +new_ids = [] +for event_id in ids: +current_default = default.copy() +current_default['uuid'] = self.default_uuid() +new_id = super(Event, self).copy(event_id, default=current_default) +new_ids.append(new_id) + +if int_id: +return new_ids[0] +return new_ids + def delete(self, ids): attendee_obj = Pool().get('calendar.event.attendee') collection_obj = Pool().get('webdav.collection') @@ -1066,7 +1085,7 @@ ical = vobject.iCalendar() vevent = ical.add('vevent') if event.vevent: -ical.vevent = vobject.readOne(event.vevent) +ical.vevent = vobject.readOne(str(event.vevent)) vevent = ical.vevent ical.vevent.transformToNative() if event.summary: @@ -1239,7 +1258,7 @@ ''' valarm = None if alarm.valarm: -valarm = vobject.readOne(alarm.valarm) +valarm = vobject.readOne(str(alarm.valarm)) return valarm Alarm() @@ -1357,7 +1376,7 @@ res = None if attendee.attendee: res = vobject.base.textLineToContentLine( -attendee.attendee.replace('\r\n ', '')) +str(attendee.attendee).replace('\r\n ', '')) else: res = vobject.base.ContentLine('ATTENDEE', [], '') diff -Nru tryton-modules-calendar-2.2.0/CHANGELOG tryton-modules-calendar-2.2.1/CHANGELOG --- tryton-modules-calendar-2.2.0/CHANGELOG 2011-10-24 18:53:05.0 +0200 +++ tryton-modules-calendar-2.2.1/CHANGELOG 2012-09-02 15:51:07.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-24 * Bug fixes (see mercurial logs for details) * Basic support of event time-range filter diff -Nru tryton-modules-calendar-2.2.0/COPYRIGHT tryton-modules-calendar-2.2.1/COPYRIGHT --- tryton-modules-calendar-2.2.0/COPYRIGHT 2011-07-06 09:56:10.0 +0200 +++ tryton-modules-calendar-2.2.1/COPYRIGHT 2012-09-02 15:50:28.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2009-2011 Cédric Krier. +Copyright (C) 2009-2012 Cédric Krier. Copyright (C) 2009-2011 Bertrand Chenal. -Copyright (C) 2009-2011 B2CK SPRL. +Copyright (C) 2009-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-calendar-2.2.0/debian/changelog tryton-modules-calendar-2.2.1/debian/changelog --- tryton-modules-calendar-2.2.0/debian/changelog 2012-06-30 18:11:01.0 +0200 +++ tryton-modules-calendar-2.2.1/debian/changelog 2012-09-12 15:54:58.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-calendar (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:54:57 +0200 + tryton-modules-calendar (2.2.0-3) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-calendar-2.2.0/PKG-INFO tryton-modules-calendar-2.2.1/PKG-INFO --- tryton-modules-calendar-2.2.0/PKG-INFO 2011-10-24 18:53:34.0 +0200 +++ tryton-modules-calendar-2.2.1/PKG-INFO 2012-09-02 15:51:10.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond_calendar -Version: 2.2.0 +Version: 2.2.1 Summary: Add CalDAV support Home-page: http
Bug#687632: pre-approve unblock: tryton-modules-calendar-classification/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-calendar-classification_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Convert buffer into string for vobject Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached tryton-modules-calendar-classification/2.2.1-1 diff -Nru tryton-modules-calendar-classification-2.2.0/calendar.py tryton-modules-calendar-classification-2.2.1/calendar.py --- tryton-modules-calendar-classification-2.2.0/calendar.py 2011-07-06 09:56:12.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/calendar.py 2012-08-07 12:37:03.0 +0200 @@ -56,7 +56,7 @@ if 'vevent' in record: vevent = record['vevent'] if vevent: -vevent = vobject.readOne(vevent) +vevent = vobject.readOne(str(vevent)) if hasattr(vevent, 'summary'): vevent.summary.value = summary diff -Nru tryton-modules-calendar-classification-2.2.0/CHANGELOG tryton-modules-calendar-classification-2.2.1/CHANGELOG --- tryton-modules-calendar-classification-2.2.0/CHANGELOG 2011-10-24 19:05:15.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/CHANGELOG 2012-09-02 16:02:47.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-24 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-calendar-classification-2.2.0/COPYRIGHT tryton-modules-calendar-classification-2.2.1/COPYRIGHT --- tryton-modules-calendar-classification-2.2.0/COPYRIGHT 2011-07-06 09:56:12.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/COPYRIGHT 2012-09-02 16:02:23.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2009-2011 Cédric Krier. +Copyright (C) 2009-2012 Cédric Krier. Copyright (C) 2009-2011 Bertrand Chenal. -Copyright (C) 2009-2011 B2CK SPRL. +Copyright (C) 2009-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-calendar-classification-2.2.0/debian/changelog tryton-modules-calendar-classification-2.2.1/debian/changelog --- tryton-modules-calendar-classification-2.2.0/debian/changelog 2012-06-30 18:11:56.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/debian/changelog 2012-09-12 15:55:01.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-calendar-classification (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:55:01 +0200 + tryton-modules-calendar-classification (2.2.0-2) unstable; urgency=low [ Mathias Behrle ] diff -Nru tryton-modules-calendar-classification-2.2.0/PKG-INFO tryton-modules-calendar-classification-2.2.1/PKG-INFO --- tryton-modules-calendar-classification-2.2.0/PKG-INFO 2011-10-24 19:05:36.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/PKG-INFO 2012-09-02 16:02:51.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond_calendar_classification -Version: 2.2.0 +Version: 2.2.1 Summary: Handle classification of event Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-classification-2.2.0/trytond_calendar_classification.egg-info/PKG-INFO tryton-modules-calendar-classification-2.2.1/trytond_calendar_classification.egg-info/PKG-INFO --- tryton-modules-calendar-classification-2.2.0/trytond_calendar_classification.egg-info/PKG-INFO 2011-10-24 19:05:36.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/trytond_calendar_classification.egg-info/PKG-INFO 2012-09-02 16:02:50.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond-calendar-classification -Version: 2.2.0 +Version: 2.2.1 Summary: Handle classification of event Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-classification-2.2.0/__tryton__.py tryton-modules-calendar-classification-2.2.1/__tryton__.py --- tryton-modules-calendar-classification-2.2.0/__tryton__.py 2011-10-24 19:05:26.0 +0200 +++ tryton-modules-calendar-classification-2.2.1/__tryton__.py 2011-10-24 19:07:25.0 +0200 @@ -9,7 +9,7 @@ 'name_es_ES' : 'Clasificación del calendario', 'name_fr_FR' : 'Classification calendrier', 'name_ru_RU' : 'ÐлаÑÑиÑикаÑÐ¸Ñ Ð¿Ð¾ календаÑÑ', -'version' : '2.2.0', +'version' : '2.2.1', 'author' : 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', signature.asc Description: PGP signature
Bug#687633: pre-approve unblock: tryton-modules-calendar-scheduling/2.2.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-calendar-scheduling_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Add missing test on owner Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-calendar-scheduling/2.2.2-1 diff -Nru tryton-modules-calendar-scheduling-2.2.1/calendar.py tryton-modules-calendar-scheduling-2.2.2/calendar.py --- tryton-modules-calendar-scheduling-2.2.1/calendar.py 2011-11-22 13:28:33.0 +0100 +++ tryton-modules-calendar-scheduling-2.2.2/calendar.py 2012-08-26 15:35:32.0 +0200 @@ -759,7 +759,7 @@ attendees = self.browse(ids) for attendee in attendees: owner = attendee.event.calendar.owner -if not owner.calendar_email_notification_partstat: +if not owner or not owner.calendar_email_notification_partstat: continue organizer = self.organiser_to_notify(attendee) if not organizer: @@ -804,7 +804,7 @@ if attendee.status == 'declined': continue -if not owner.calendar_email_notification_partstat: +if not owner or not owner.calendar_email_notification_partstat: continue organizer = self.organiser_to_notify(attendee) if not organizer: @@ -846,7 +846,7 @@ if (not attendee.status) or attendee.status in ('', 'needs-action'): return res_id -if not owner.calendar_email_notification_partstat: +if not owner or not owner.calendar_email_notification_partstat: return res_id organizer = self.organiser_to_notify(attendee) if not organizer: diff -Nru tryton-modules-calendar-scheduling-2.2.1/CHANGELOG tryton-modules-calendar-scheduling-2.2.2/CHANGELOG --- tryton-modules-calendar-scheduling-2.2.1/CHANGELOG 2011-12-26 10:40:11.0 +0100 +++ tryton-modules-calendar-scheduling-2.2.2/CHANGELOG 2012-09-02 16:06:47.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.2 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.1 - 2011-12-26 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-calendar-scheduling-2.2.1/COPYRIGHT tryton-modules-calendar-scheduling-2.2.2/COPYRIGHT --- tryton-modules-calendar-scheduling-2.2.1/COPYRIGHT 2011-11-22 13:28:33.0 +0100 +++ tryton-modules-calendar-scheduling-2.2.2/COPYRIGHT 2012-09-02 16:06:23.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2009-2011 Cédric Krier. +Copyright (C) 2009-2012 Cédric Krier. Copyright (C) 2009-2011 Bertrand Chenal. -Copyright (C) 2009-2011 B2CK SPRL. +Copyright (C) 2009-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-calendar-scheduling-2.2.1/debian/changelog tryton-modules-calendar-scheduling-2.2.2/debian/changelog --- tryton-modules-calendar-scheduling-2.2.1/debian/changelog 2012-06-30 18:12:21.0 +0200 +++ tryton-modules-calendar-scheduling-2.2.2/debian/changelog 2012-09-12 15:45:29.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-calendar-scheduling (2.2.2-1) unstable; urgency=low + + * Merging upstream version 2.2.2. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:45:29 +0200 + tryton-modules-calendar-scheduling (2.2.1-3) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-calendar-scheduling-2.2.1/PKG-INFO tryton-modules-calendar-scheduling-2.2.2/PKG-INFO --- tryton-modules-calendar-scheduling-2.2.1/PKG-INFO 2011-12-26 10:40:13.0 +0100 +++ tryton-modules-calendar-scheduling-2.2.2/PKG-INFO 2012-09-02 16:06:51.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond_calendar_scheduling -Version: 2.2.1 +Version: 2.2.2 Summary: Add Scheduling support on CalDAV Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-scheduling-2.2.1/trytond_calendar_scheduling.egg-info/PKG-INFO tryton-modules-calendar-scheduling-2.2.2/trytond_calendar_scheduling.egg-info/PKG-INFO --- tryton-modules-calendar-scheduling-2.2.1/trytond_calendar_scheduling.egg-info/PKG-INFO 2011-12-26 10:40:11.0 +0100 +++ tryton-modules-calendar-scheduling-2.2.2/trytond_calendar_scheduling.egg-info/PKG-INFO 2012-09-02 16:06:50.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond-calendar-scheduling -Version: 2.2.1 +Version: 2.2.2 Summary: Add Scheduling support on CalDAV Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-scheduling-2.2.1/__tryton__.py tryton-modules-calendar-scheduling-2.2.2/__tryton__.py --- tryton-modules-calendar-scheduling-2.2.1/__tryton__.py 2011-11-22 13:28
Bug#687634: pre-approve unblock: tryton-modules-calendar-todo/2.2.1-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-calendar-todo_2.2.1-1. The new version contains the upstream bug fix release [1]. The fixes are for * Fix typo from changeset caaaccd11a73 * Create new UUID on copy of todo * Convert buffer into string for vobject Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-calendar-todo/2.2.1-1 diff -Nru tryton-modules-calendar-todo-2.2.0/CHANGELOG tryton-modules-calendar-todo-2.2.1/CHANGELOG --- tryton-modules-calendar-todo-2.2.0/CHANGELOG 2011-10-24 19:16:01.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/CHANGELOG 2012-09-02 16:12:41.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.1 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.0 - 2011-10-24 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-calendar-todo-2.2.0/COPYRIGHT tryton-modules-calendar-todo-2.2.1/COPYRIGHT --- tryton-modules-calendar-todo-2.2.0/COPYRIGHT 2011-07-06 09:56:20.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/COPYRIGHT 2012-09-02 16:12:40.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2009-2011 Cédric Krier. +Copyright (C) 2009-2012 Cédric Krier. Copyright (C) 2009-2011 Bertrand Chenal. -Copyright (C) 2009-2011 B2CK SPRL. +Copyright (C) 2009-2012 B2CK SPRL. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff -Nru tryton-modules-calendar-todo-2.2.0/debian/changelog tryton-modules-calendar-todo-2.2.1/debian/changelog --- tryton-modules-calendar-todo-2.2.0/debian/changelog 2012-06-30 18:12:53.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/debian/changelog 2012-09-12 15:55:04.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-calendar-todo (2.2.1-1) unstable; urgency=low + + * Merging upstream version 2.2.1. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:55:04 +0200 + tryton-modules-calendar-todo (2.2.0-3) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-calendar-todo-2.2.0/PKG-INFO tryton-modules-calendar-todo-2.2.1/PKG-INFO --- tryton-modules-calendar-todo-2.2.0/PKG-INFO 2011-10-24 19:16:18.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/PKG-INFO 2012-09-02 16:12:44.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond_calendar_todo -Version: 2.2.0 +Version: 2.2.1 Summary: Add Todo support on CalDAV Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-todo-2.2.0/todo.py tryton-modules-calendar-todo-2.2.1/todo.py --- tryton-modules-calendar-todo-2.2.0/todo.py 2011-08-21 11:21:20.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/todo.py 2012-08-23 23:41:22.0 +0200 @@ -409,6 +409,25 @@ collection_obj.todo.reset() return res +def copy(self, ids, default=None): +int_id = isinstance(ids, (int, long)) +if int_id: +ids = [ids] + +if default is None: +default = {} + +new_ids = [] +for todo_id in ids: +current_default = default.copy() +current_default['uuid'] = self.default_uuid() +new_id = super(Todo, self).copy(todo_id, default=current_default) +new_ids.append(new_id) + +if int_id: +return new_ids[0] +return new_ids + def ical2values(self, todo_id, ical, calendar_id, vtodo=None): ''' Convert iCalendar to values for create or write @@ -687,7 +706,7 @@ ical = vobject.iCalendar() vtodo = ical.add('vtodo') if todo.vtodo: -ical.vtodo = vobject.readOne(todo.vtodo) +ical.vtodo = vobject.readOne(str(todo.vtodo)) vtodo = ical.vtodo ical.vtodo.transformToNative() if todo.summary: diff -Nru tryton-modules-calendar-todo-2.2.0/trytond_calendar_todo.egg-info/PKG-INFO tryton-modules-calendar-todo-2.2.1/trytond_calendar_todo.egg-info/PKG-INFO --- tryton-modules-calendar-todo-2.2.0/trytond_calendar_todo.egg-info/PKG-INFO 2011-10-24 19:16:18.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/trytond_calendar_todo.egg-info/PKG-INFO 2012-09-02 16:12:43.0 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.0 Name: trytond-calendar-todo -Version: 2.2.0 +Version: 2.2.1 Summary: Add Todo support on CalDAV Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-calendar-todo-2.2.0/__tryton__.py tryton-modules-calendar-todo-2.2.1/__tryton__.py --- tryton-modules-calendar-todo-2.2.0/__tryton__.py 2011-10-24 19:16:08.0 +0200 +++ tryton-modules-calendar-todo-2.2.1/__tryton__.py 2011-10-24 19:21:37.0 +0200 @@ -9,7 +9,7 @@ 'name_es_ES': 'Calendario de tareas', 'name_fr_FR' : 'Tâche Calendrier', 'name_ru_RU' : 'ÐадаÑи дÐ
Bug#687636: pre-approve unblock: tryton-modules-product/2.2.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-product_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Re-fix non zero rate unittest * Fix non zero rate unittest Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-product/2.2.2-1 diff -Nru tryton-modules-product-2.2.1/CHANGELOG tryton-modules-product-2.2.2/CHANGELOG --- tryton-modules-product-2.2.1/CHANGELOG 2011-12-26 10:40:46.0 +0100 +++ tryton-modules-product-2.2.2/CHANGELOG 2012-09-02 16:33:04.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.2 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.1 - 2011-12-26 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-product-2.2.1/COPYRIGHT tryton-modules-product-2.2.2/COPYRIGHT --- tryton-modules-product-2.2.1/COPYRIGHT 2011-11-22 13:29:33.0 +0100 +++ tryton-modules-product-2.2.2/COPYRIGHT 2012-09-02 16:33:03.0 +0200 @@ -1,6 +1,6 @@ -Copyright (C) 2008-2011 Cédric Krier. +Copyright (C) 2008-2012 Cédric Krier. Copyright (C) 2008-2011 Bertrand Chenal. -Copyright (C) 2008-2011 B2CK SPRL. +Copyright (C) 2008-2012 B2CK SPRL. Copyright (C) 2004-2008 Tiny SPRL. This program is free software: you can redistribute it and/or modify diff -Nru tryton-modules-product-2.2.1/debian/changelog tryton-modules-product-2.2.2/debian/changelog --- tryton-modules-product-2.2.1/debian/changelog 2012-06-30 18:22:21.0 +0200 +++ tryton-modules-product-2.2.2/debian/changelog 2012-09-12 15:45:49.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-product (2.2.2-1) unstable; urgency=low + + * Merging upstream version 2.2.2. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:45:49 +0200 + tryton-modules-product (2.2.1-2) unstable; urgency=low [ Mathias Behrle ] diff -Nru tryton-modules-product-2.2.1/PKG-INFO tryton-modules-product-2.2.2/PKG-INFO --- tryton-modules-product-2.2.1/PKG-INFO 2011-12-26 10:40:48.0 +0100 +++ tryton-modules-product-2.2.2/PKG-INFO 2012-09-02 16:33:09.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond_product -Version: 2.2.1 +Version: 2.2.2 Summary: Define products, categories of product, units of measure, categories of units of measure. Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-product-2.2.1/tests/test_product.py tryton-modules-product-2.2.2/tests/test_product.py --- tryton-modules-product-2.2.1/tests/test_product.py 2011-12-15 19:27:21.0 +0100 +++ tryton-modules-product-2.2.2/tests/test_product.py 2012-06-12 14:41:23.0 +0200 @@ -64,17 +64,17 @@ }) transaction.cursor.commit() -self.failUnlessRaises(Exception, self.uom.write, { +self.failUnlessRaises(Exception, self.uom.write, uom_id, { 'rate': 0.0, }) transaction.cursor.rollback() -self.failUnlessRaises(Exception, self.uom.write, { +self.failUnlessRaises(Exception, self.uom.write, uom_id, { 'factor': 0.0, }) transaction.cursor.rollback() -self.failUnlessRaises(Exception, self.uom.write, { +self.failUnlessRaises(Exception, self.uom.write, uom_id, { 'rate': 0.0, 'factor': 0.0, }) diff -Nru tryton-modules-product-2.2.1/trytond_product.egg-info/PKG-INFO tryton-modules-product-2.2.2/trytond_product.egg-info/PKG-INFO --- tryton-modules-product-2.2.1/trytond_product.egg-info/PKG-INFO 2011-12-26 10:40:47.0 +0100 +++ tryton-modules-product-2.2.2/trytond_product.egg-info/PKG-INFO 2012-09-02 16:33:08.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond-product -Version: 2.2.1 +Version: 2.2.2 Summary: Define products, categories of product, units of measure, categories of units of measure. Home-page: http://www.tryton.org/ Author: B2CK diff -Nru tryton-modules-product-2.2.1/__tryton__.py tryton-modules-product-2.2.2/__tryton__.py --- tryton-modules-product-2.2.1/__tryton__.py 2011-11-22 13:29:33.0 +0100 +++ tryton-modules-product-2.2.2/__tryton__.py 2011-12-28 00:44:38.0 +0100 @@ -10,7 +10,7 @@ 'name_fr_FR': 'Produit', 'name_nl_NL': 'Producten', 'name_ru_RU': 'ТÐЦ', -'version' : '2.2.1', +'version': '2.2.2', 'author' : 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', signature.asc Description: PGP signature
Bug#687638: pre-approve unblock: tryton-modules-stock/2.2.3-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-stock_2.2.3-1. The new version contains the upstream bug fix release [1]. The fixes are for * Ensure clause concatination works with tuple vs list Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-stock/2.2.3-1 diff -Nru tryton-modules-stock-2.2.2/CHANGELOG tryton-modules-stock-2.2.3/CHANGELOG --- tryton-modules-stock-2.2.2/CHANGELOG 2012-05-07 11:10:16.0 +0200 +++ tryton-modules-stock-2.2.3/CHANGELOG 2012-09-02 16:51:58.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.3 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.2 - 2012-05-07 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-stock-2.2.2/debian/changelog tryton-modules-stock-2.2.3/debian/changelog --- tryton-modules-stock-2.2.2/debian/changelog 2012-06-30 18:31:20.0 +0200 +++ tryton-modules-stock-2.2.3/debian/changelog 2012-09-11 19:38:16.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-stock (2.2.3-1) unstable; urgency=low + + * Merging upstream version 2.2.3. + + -- Mathias Behrle mathi...@m9s.biz Tue, 11 Sep 2012 19:38:16 +0200 + tryton-modules-stock (2.2.2-2) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-stock-2.2.2/location.py tryton-modules-stock-2.2.3/location.py --- tryton-modules-stock-2.2.2/location.py 2011-11-22 13:30:15.0 +0100 +++ tryton-modules-stock-2.2.3/location.py 2012-08-07 12:18:12.0 +0200 @@ -138,7 +138,7 @@ ], order=[]) if ids: return [('id', 'in', ids)] -return [(self._rec_name,) + clause[1:]] +return [(self._rec_name,) + tuple(clause[1:])] def get_quantity(self, ids, name): product_obj = Pool().get('product.product') diff -Nru tryton-modules-stock-2.2.2/PKG-INFO tryton-modules-stock-2.2.3/PKG-INFO --- tryton-modules-stock-2.2.2/PKG-INFO 2012-05-07 11:10:19.0 +0200 +++ tryton-modules-stock-2.2.3/PKG-INFO 2012-09-02 16:52:03.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond_stock -Version: 2.2.2 +Version: 2.2.3 Summary: Stock Management and Inventory Control with: - Location definition - Stock move diff -Nru tryton-modules-stock-2.2.2/trytond_stock.egg-info/PKG-INFO tryton-modules-stock-2.2.3/trytond_stock.egg-info/PKG-INFO --- tryton-modules-stock-2.2.2/trytond_stock.egg-info/PKG-INFO 2012-05-07 11:10:17.0 +0200 +++ tryton-modules-stock-2.2.3/trytond_stock.egg-info/PKG-INFO 2012-09-02 16:52:02.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond-stock -Version: 2.2.2 +Version: 2.2.3 Summary: Stock Management and Inventory Control with: - Location definition - Stock move diff -Nru tryton-modules-stock-2.2.2/__tryton__.py tryton-modules-stock-2.2.3/__tryton__.py --- tryton-modules-stock-2.2.2/__tryton__.py 2011-12-26 10:41:20.0 +0100 +++ tryton-modules-stock-2.2.3/__tryton__.py 2012-05-07 14:54:46.0 +0200 @@ -8,7 +8,7 @@ 'name_es_ES': 'Gestión de existencias', 'name_fr_FR': 'Gestion des stocks', 'name_ru_RU': 'УпÑавление Ñкладами', -'version': '2.2.2', +'version': '2.2.3', 'author': 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', signature.asc Description: PGP signature
Bug#687639: pre-approve unblock: tryton-modules-stock-supply/2.2.2-1
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Dear release managers, please approve the upload of tryton-modules-stock-supply_2.2.2-1. The new version contains the upstream bug fix release [1]. The fixes are for * Tax rule apply method return a list of tax ids Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html debdiff attached unblock: tryton-modules-stock-supply/2.2.2-1 diff -Nru tryton-modules-stock-supply-2.2.1/CHANGELOG tryton-modules-stock-supply-2.2.2/CHANGELOG --- tryton-modules-stock-supply-2.2.1/CHANGELOG 2012-05-07 11:10:26.0 +0200 +++ tryton-modules-stock-supply-2.2.2/CHANGELOG 2012-09-02 16:56:34.0 +0200 @@ -1,3 +1,6 @@ +Version 2.2.2 - 2012-09-02 +* Bug fixes (see mercurial logs for details) + Version 2.2.1 - 2012-05-07 * Bug fixes (see mercurial logs for details) diff -Nru tryton-modules-stock-supply-2.2.1/debian/changelog tryton-modules-stock-supply-2.2.2/debian/changelog --- tryton-modules-stock-supply-2.2.1/debian/changelog 2012-06-30 18:34:12.0 +0200 +++ tryton-modules-stock-supply-2.2.2/debian/changelog 2012-09-12 15:46:00.0 +0200 @@ -1,3 +1,9 @@ +tryton-modules-stock-supply (2.2.2-1) unstable; urgency=low + + * Merging upstream version 2.2.2. + + -- Mathias Behrle mathi...@m9s.biz Wed, 12 Sep 2012 15:46:00 +0200 + tryton-modules-stock-supply (2.2.1-2) unstable; urgency=low * Updating maintainers field. diff -Nru tryton-modules-stock-supply-2.2.1/PKG-INFO tryton-modules-stock-supply-2.2.2/PKG-INFO --- tryton-modules-stock-supply-2.2.1/PKG-INFO 2012-05-07 11:10:29.0 +0200 +++ tryton-modules-stock-supply-2.2.2/PKG-INFO 2012-09-02 16:56:39.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond_stock_supply -Version: 2.2.1 +Version: 2.2.2 Summary: Supply Management Module with: - Order point - Purchase Request diff -Nru tryton-modules-stock-supply-2.2.1/purchase_request.py tryton-modules-stock-supply-2.2.2/purchase_request.py --- tryton-modules-stock-supply-2.2.1/purchase_request.py 2012-04-24 13:40:59.0 +0200 +++ tryton-modules-stock-supply-2.2.2/purchase_request.py 2012-06-12 14:55:54.0 +0200 @@ -697,10 +697,10 @@ for tax in request.product.supplier_taxes_used: if request.party and request.party.supplier_tax_rule: pattern = self._get_tax_rule_pattern(request) -tax_id = tax_rule_obj.apply(request.party.supplier_tax_rule, +tax_ids = tax_rule_obj.apply(request.party.supplier_tax_rule, tax, pattern) -if tax_id: -taxes.append(tax_id) +if tax_ids: +taxes.extend(tax_ids) continue taxes.append(tax.id) line['taxes'] = [('add', taxes)] diff -Nru tryton-modules-stock-supply-2.2.1/trytond_stock_supply.egg-info/PKG-INFO tryton-modules-stock-supply-2.2.2/trytond_stock_supply.egg-info/PKG-INFO --- tryton-modules-stock-supply-2.2.1/trytond_stock_supply.egg-info/PKG-INFO 2012-05-07 11:10:27.0 +0200 +++ tryton-modules-stock-supply-2.2.2/trytond_stock_supply.egg-info/PKG-INFO 2012-09-02 16:56:38.0 +0200 @@ -1,6 +1,6 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: trytond-stock-supply -Version: 2.2.1 +Version: 2.2.2 Summary: Supply Management Module with: - Order point - Purchase Request diff -Nru tryton-modules-stock-supply-2.2.1/__tryton__.py tryton-modules-stock-supply-2.2.2/__tryton__.py --- tryton-modules-stock-supply-2.2.1/__tryton__.py 2011-11-22 13:30:24.0 +0100 +++ tryton-modules-stock-supply-2.2.2/__tryton__.py 2012-05-07 14:54:52.0 +0200 @@ -7,7 +7,7 @@ 'name_es_CO': 'Gestión de pedidos de inventario', 'name_es_ES': 'Gestión de suministro de existencias', 'name_fr_FR': 'Gestion des approvisionnements de stock', -'version': '2.2.1', +'version': '2.2.2', 'author': 'B2CK', 'email': 'i...@b2ck.com', 'website': 'http://www.tryton.org/', signature.asc Description: PGP signature
Bugfix Release for Tryton (was: Bugfix releases for Tryton expected)
* Betr.: Re: Bugfix releases for Tryton expected (was: Bits from the Release Team: Freeze approaching!) (Mon, 4 Jun 2012 19:42:23 +0200): The expected bug fix release for Tryton version 2.2 is now complete [1]. Bug fix releases in Tryton are well tested, especially version 2.2 gets the fixes from trunk backported to versions 2.4 - 1.8. So there should be minimal risk to include these fixes in wheezy. I have already prepared and tested the updated packages and I think it will be best to create one unblock bug per package. If there are any objections please let me know. The involved packages are: tryton-client tryton-proteus tryton-server tryton-modules-account tryton-modules-account-statement tryton-modules-calendar tryton-modules-calendar-classification tryton-modules-calendar-scheduling tryton-modules-calendar-todo tryton-modules-party-vcarddav tryton-modules-product tryton-modules-stock tryton-modules-stock-supply tryton-modules-timesheet Cheers, Mathias [1] http://news.tryton.org/2012/09/maintenance-releases-for-supported.html On Wed, May 30, 2012 at 18:43:50 +0200, Mathias Behrle wrote: * Betr.: Bits from the Release Team: Freeze approaching! (Sun, 13 May 2012 22:45:36 +0200): Hi, Freeze planning === As you might remember, we are aiming at a freeze in June. The exact date has not been determined yet. However, given the large amount of work remaining, we are now targeting a freeze in the *second half of June*. If there is something you really believe should be in Wheezy and you expect that it will not be ready before we freeze, please contact us *now*. We are expecting another of the usual bugfix releases [1] for Tryton, which will happen *after* the second half of June. Those bugfix releases are well tested and should go in either case into wheezy. Bug fixes can always be considered post freeze. Assuming the changes aren't huge and are verifiably bug fixes. Cheers, Julien signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-4
tag 681196 - moreinfo thanks On Wed, Jul 11, 2012 at 12:11:14 +0200, Mathias Behrle wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-proteus. The -3 upload fixes the #680817 FTBFS, revealed by a Lucas-powered rebuild. 680817 is still open. Cheers, Julien Removing tag moreinfo, which seems to keep this issue out of the scope of the release team. Cheers, Mathias signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-4
* Betr.: Re: Bug#681196: unblock: tryton-proteus/2.2.2-3 (Sat, 28 Jul 2012 11:15:41 +0200): On Wed, Jul 11, 2012 at 12:11:14 +0200, Mathias Behrle wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-proteus. The -3 upload fixes the #680817 FTBFS, revealed by a Lucas-powered rebuild. Does #680817 affect the version in testing? The BTS doesn't think so, and looking at the changes in proteus/pyson.py and setup.py I guess not. Now on to the changes themselves: --- tryton-proteus-2.2.1/debian/compat 2011-12-26 12:35:55.0 + +++ tryton-proteus-2.2.2/debian/compat 2012-07-11 09:31:06.0 + @@ -1 +1 @@ -8 +9 This is not ok during freeze. --- tryton-proteus-2.2.1/debian/rules 2011-12-26 12:35:55.0 + +++ tryton-proteus-2.2.2/debian/rules 2012-07-11 09:31:06.0 + @@ -7,3 +7,6 @@ dh_auto_clean rm -rf *.egg-info + +override_dh_builddeb: + dh_builddeb -- -Zxz -z9 neither is this, really. So with no RC or important bug fix that I know of in this version, I'm afraid I'm going to have to say no, sorry. Cheers, Julien I now can see, what has happened. tryton-proteus_2.2.2-2 was uploaded and accepted into unstable on 2012-06-30, but didn't make it into testing so far because of a version mismatch [1]. This should be due to a missing upload of 2.2.1-1 on Wed May 9, that I wasn't aware of. Could you please mark 2.2.2-2 for acceptance in testing, because it is a legitimate version uploaded before the freeze? The fix for #680817 is a really simple non-invasive fix and there should be no problem to accept it with 2.2.2-4, once 2.2.2-2 is in testing. [1] http://packages.qa.debian.org/t/tryton-proteus/news/20120630T165055Z.html Thanks, Mathias signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-4
Just to keep up-to-date: Is there anything missing or left to do to promote the issue? Thanks, Mathias signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-3
* Betr.: Re: Bug#681196: unblock: tryton-proteus/2.2.2-3 (Tue, 17 Jul 2012 20:34:31 +0200): tag 681196 moreinfo kthxbye On Wed, Jul 11, 2012 at 12:11:14 +0200, Mathias Behrle wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-proteus. The -3 upload fixes the #680817 FTBFS, revealed by a Lucas-powered rebuild. 680817 is still open. Thx for the hint, 680817 is closed now. Cheers, Mathias signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-proteus. The -3 upload fixes the #680817 FTBFS, revealed by a Lucas-powered rebuild. unblock tryton-proteus/2.2.2-3 debdiff attached tryton-proteus_2.2.2-3.debdiff Description: Binary data signature.asc Description: PGP signature
Bug#681196: unblock: tryton-proteus/2.2.2-3
* Betr.: Bug#681196: unblock: tryton-proteus/2.2.2-3 (Wed, 11 Jul 2012 12:11:14 +0200): Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package tryton-proteus. The -3 upload fixes the #680817 FTBFS, revealed by a Lucas-powered rebuild. unblock tryton-proteus/2.2.2-3 debdiff attached 2.2.2-3 was rejected, because it was built against tar.gz, not the actual tar.xz tarball. This is the only change in 2.2.2-4, which now was accepted by ftp-master. Please unblock 2.2.2-4. signature.asc Description: PGP signature
Bugfix releases for Tryton expected (was: Bits from the Release Team: Freeze approaching!)
* Betr.: Bits from the Release Team: Freeze approaching! (Sun, 13 May 2012 22:45:36 +0200): Hi, Freeze planning === As you might remember, we are aiming at a freeze in June. The exact date has not been determined yet. However, given the large amount of work remaining, we are now targeting a freeze in the *second half of June*. If there is something you really believe should be in Wheezy and you expect that it will not be ready before we freeze, please contact us *now*. We are expecting another of the usual bugfix releases [1] for Tryton, which will happen *after* the second half of June. Those bugfix releases are well tested and should go in either case into wheezy. The Tryton version planned to be in wheezy is 2.2, which is currently in testing. The current stable release 2.4 was uploaded to experimental with regard to the upcoming freeze, because it didn't get any bugifx release so far. Cheers, Mathias [1] http://news.tryton.org/2012/05/maintenance-releases-for-supported.html -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://m9s.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Bug#665810: transition: python-webdav
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: transition The new release 0.9.8 [1] of pywebdav [2] comes with incompatible API changes. The reverse dependencies are: tryton-server tryton-modules-party-vcarddav tryton-modules-calendar tryton-modules-calendar-todo tryton-modules-calendar-scheduling I am planning to upload patched versions of those reverse dependencies with the ability to use any pywebdav version = 0.9.3 before uploading python-webdav 0.9.8. [1] http://code.google.com/p/pywebdav/downloads/detail?name=PyWebDAV-0.9.8.tar.gz [2] http://code.google.com/p/pywebdav/ -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (400, 'unstable'), (300, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120326110701.7212.37063.report...@obelix.mbehrle.de
Re: Permission to upload security fix release of tryton-modules-stock
* Betr.: Re: Permission to upload security fix release of tryton-modules-stock (Wed, 1 Sep 2010 13:29:01 +0100): On Tue, August 31, 2010 21:04, Mathias Behrle wrote: there was just a security fix release for tryton-modules-stock. It provides a security fix to prohibit evaluation of injected code http://hg.tryton.org/1.6/modules/stock/rev/2f6ae3f40ce8 Accessing that URL results in: type 'exceptions.ImportError': No module named mercurial.hgweb.hgwebdir_mod args = ('No module named mercurial.hgweb.hgwebdir_mod',) message = 'No module named mercurial.hgweb.hgwebdir_mod' You hit just a server update, should now work again. Commitdiff of the Debian package is here http://git.debian-maintainers.org/?p=tryton/tryton-modules-stock.git;a=commitdiff;h=fa5de717c3ffc15abf7b1120df056d0d9c42078c Based on that diff, please go ahead and let us know once the package has been accepted. Has been accepted. Thanks, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Permission to upload security fix release of tryton-modules-stock
Hi, there was just a security fix release for tryton-modules-stock. It provides a security fix to prohibit evaluation of injected code http://hg.tryton.org/1.6/modules/stock/rev/2f6ae3f40ce8 and a bug fix for inventory completion http://hg.tryton.org/hgwebdir.cgi/1.6/modules/stock/rev/0af85e7aa35b Commitdiff of the Debian package is here http://git.debian-maintainers.org/?p=tryton/tryton-modules-stock.git;a=commitdiff;h=fa5de717c3ffc15abf7b1120df056d0d9c42078c Thanks, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Unblock request for vatnumber 0.7-1
Sorry for asking for a freeze exception for vatnumber *after* uploading the package to unstable. I misunderstood the notes of the release team in 'Bits from the (chilly) release team' being the first time involved in a Debian release. Anyway I am asking to unblock vatnumber 0.7-1 for the following resons: - It fixes the check of the last char of Albanian VAT numbers (this one being important). - It adds a check for VAT numbers of Croatia (this one being convenient). The diff can be seen at http://git.debian-maintainers.org/?p=tryton/vatnumber.git;a=commitdiff;h=4ac19da0e1be3585e1bd0f322cd1625f34978932 Thanks for looking into it. -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Re: Unblock request for vatnumber 0.7-1
* Betr.: Re: Unblock request for vatnumber 0.7-1 (Thu, 26 Aug 2010 20:37:43 +0200): Done. Regards, Thanks! -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Re: misc unblocks
* Betr.: Re: misc unblocks (Sun, 15 Aug 2010 21:50:32 +0200): * Betr.: Re: misc unblocks (Sat, 14 Aug 2010 21:10:29 +0200): On 08/14/2010 08:47 PM, Adam D. Barratt wrote: tryton-client (1.6.1-1) unstable; urgency=low tryton-server (1.6.1-1) unstable; urgency=low Were there any particular changes which make these upstream versions more release-worthy than those already in testing? There are quick a few changes in the upstream repository and the changelog just says see the hg repo doesn't help identify whether any are particularly important when one doesn't know the software. they fix all sorts of tiny things and glitches, i'll let mathias (upstream and co-maintainer) comment on that in more detail. Generally the Tryton maintainers are very strict with the backport of fixes from trunk into release branches. Which means, that only 'real' bug fixes are merged into a release branch, but never features. Additionally new releases are only done on really important and well tested fixes. So generally it is always in the interest of the user to run the latest release. For the special case of release 1.6.1: Release 1.6 contained some heavy rewrites and cleanup of version 1.4. Unfortunately there was lost just one really important functionality of 1.4 in 1.6.0, which made unluckily this release almost unusable for some special implementations relying on this functionality. This essential fix (besides important others) is included in 1.6.1 and should be contained by all means in the next Debian stable release. Summary: Version 1.6.1 contains essential fixes, that should be included any case in squeeze. Sorry for pinging again, since I don't see any reaction so far and just would not want to miss anything to have tryton client and server unblocked for squeeze. Please let me know, if my mail was not explicit enough and if I can do anything to advance this issue. Thanks for your work, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Re: misc unblocks
* Betr.: Re: misc unblocks (Wed, 18 Aug 2010 20:40:55 +0100): On Sun, 2010-08-15 at 21:50 +0200, Mathias Behrle wrote: For the special case of release 1.6.1: Release 1.6 contained some heavy rewrites and cleanup of version 1.4. Unfortunately there was lost just one really important functionality of 1.4 in 1.6.0, which made unluckily this release almost unusable for some special implementations relying on this functionality. This essential fix (besides important others) is included in 1.6.1 and should be contained by all means in the next Debian stable release. What was the really important functionality which was affected? The most important fix is for https://bugs.tryton.org/roundup/issue1609: Passing values to fields with the python context was broken, thus breaking the functionality of entire modules, because default values were not be set any more. The fixes are in http://hg.tryton.org/hgwebdir.cgi/tryton/rev/6e20571014d2 and http://hg.tryton.org/hgwebdir.cgi/tryton/rev/b57982ac70d2 Other important fixes are https://bugs.tryton.org/roundup/issue1619: Fix of fingerprint check for ssl connections. With python implementations lacking getpeercert functionality (python2.6) secure connections were impossible. Fixed with http://hg.tryton.org/hgwebdir.cgi/tryton/rev/7ce317af1658 https://bugs.tryton.org/roundup/issue1521: Wizard sizes were not stored any more, introducing an important regression in usability, thus making this release almost unusable for implementations making heavy usage of wizards. Fixed with http://hg.tryton.org/hgwebdir.cgi/tryton/rev/dc7b75fd798a https://bugs.tryton.org/roundup/issue1575: Fixing the usage of Decimal and Float for XML-RPC, which was broken for on_change calls via XML-RPC. Fixed with http://hg.tryton.org/trytond/rev/15c673a1072d https://bugs.tryton.org/roundup/issue1507: Enabling the compatibility for the printing of reports with OpenOffice.org 3.2. Without this fix it is impossible to use the OOo contained in squeeze. Fixed with http://hg.tryton.org/trytond/rev/3888542922ca Those are the most important fixes being indeed essential for the usage and functionality of Tryton. From my point of views it is even not advisable to recommend the usage of version 1.6.0 of Tryton. It is really important to get 1.6.1 into squeeze. Regards, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature
Re: misc unblocks
* Betr.: Re: misc unblocks (Sat, 14 Aug 2010 21:10:29 +0200): On 08/14/2010 08:47 PM, Adam D. Barratt wrote: tryton-client (1.6.1-1) unstable; urgency=low tryton-server (1.6.1-1) unstable; urgency=low Were there any particular changes which make these upstream versions more release-worthy than those already in testing? There are quick a few changes in the upstream repository and the changelog just says see the hg repo doesn't help identify whether any are particularly important when one doesn't know the software. they fix all sorts of tiny things and glitches, i'll let mathias (upstream and co-maintainer) comment on that in more detail. Generally the Tryton maintainers are very strict with the backport of fixes from trunk into release branches. Which means, that only 'real' bug fixes are merged into a release branch, but never features. Additionally new releases are only done on really important and well tested fixes. So generally it is always in the interest of the user to run the latest release. For the special case of release 1.6.1: Release 1.6 contained some heavy rewrites and cleanup of version 1.4. Unfortunately there was lost just one really important functionality of 1.4 in 1.6.0, which made unluckily this release almost unusable for some special implementations relying on this functionality. This essential fix (besides important others) is included in 1.6.1 and should be contained by all means in the next Debian stable release. Summary: Version 1.6.1 contains essential fixes, that should be included any case in squeeze. Regards, Mathias -- Mathias Behrle MBSolutions Gilgenmatten 10 A D-79114 Freiburg Tel: +49(761)471023 Fax: +49(761)4770816 http://mbsolutions.selfip.biz UStIdNr: DE 142009020 PGP/GnuPG key availabable from any keyserver, ID: 0x8405BBF6 signature.asc Description: PGP signature