Bug#772756: unblock: pylint/1.3.1-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package pylint
As pre-approved in #772038 I just uploaded pylint with the backport of an
upstream patch to allow users to inspect third-party extensions too, in addition
to standard library ones.
The diff contains also:
- a tightened dep on astroid, needed to select the proper patch (they are "twin"
packages)
- an explict depends on quilt (+ rules) as I thought it would be better than
switching the source format at this stage.
unblock pylint/1.3.1-2
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -u pylint-1.3.1/debian/changelog pylint-1.3.1/debian/changelog
--- pylint-1.3.1/debian/changelog
+++ pylint-1.3.1/debian/changelog
@@ -1,3 +1,17 @@
+pylint (1.3.1-2) unstable; urgency=medium
+
+ * debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
+ - backport of --unsafe-load-any-extension and --extension-pkg-whitelist to
+ be able to run pylint even on third-party extensions (and not only on
+ Standard Library ones); Closes: #772018
+ * debian/{control,rules}
+ - add quilt to apply the patch
+ * debian/control
+ - tighten dep on python-astroid to select the version with the changes
+ needed to fix #772018
+
+ -- Sandro Tosi <morph@debian.org> Wed, 10 Dec 2014 19:42:55 +0000
+
pylint (1.3.1-1) unstable; urgency=medium
* New upstream release
diff -u pylint-1.3.1/debian/control pylint-1.3.1/debian/control
--- pylint-1.3.1/debian/control
+++ pylint-1.3.1/debian/control
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Sandro Tosi <morph@debian.org>
Uploaders: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
-Build-Depends: debhelper (>= 9), python (>= 2.6.6-3~), dh-python
+Build-Depends: debhelper (>= 9), python (>= 2.6.6-3~), dh-python, quilt
Build-Depends-Indep: python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1), python-unittest2
Standards-Version: 3.9.6
XS-Python-Version: >= 2.6
@@ -13,7 +13,7 @@
Package: pylint
Architecture: all
-Depends: ${python:Depends}, ${misc:Depends}, python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1)
+Depends: ${python:Depends}, ${misc:Depends}, python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1-3~)
Recommends: python-tk
Description: Python code static checker and UML diagram generator
Pylint is a Python source code analyzer which looks for programming
diff -u pylint-1.3.1/debian/rules pylint-1.3.1/debian/rules
--- pylint-1.3.1/debian/rules
+++ pylint-1.3.1/debian/rules
@@ -6,7 +6,7 @@
PYVERS := $(shell pyversions -s -v)
%:
- dh $@ --with python2
+ dh $@ --with python2,quilt
override_dh_auto_build:
dh_auto_build
only in patch2:
unchanged:
--- pylint-1.3.1.orig/debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
+++ pylint-1.3.1/debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User Torsten Marek <shlomme@gmail.com>
+# Date 1416661887 -3600
+# Node ID 5733254372edb1df9f72f72c6733608405a99a40
+# Parent f8fa8f2bd2bbe88a2c4f6d87d3cab200ca0160c6
+Add options to control extension loading in astroid.
+
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,13 @@
+ ChangeLog for Pylint
+ ====================
+
++ * Added new options for controlling the loading of C extensions.
++ By default, only C extensions from the stdlib will be loaded
++ into the active Python interpreter for inspection, because they
++ can run arbitrary code on import. The option
++ `--extension-pkg-whitelist` can be used to specify modules
++ or packages that are safe to load.
++
+ 2014-08-24 -- 1.3.1
+
+ * Fix a false positive with string formatting checker, when
+--- a/lint.py
++++ b/lint.py
+@@ -275,6 +275,20 @@ class PyLinter(OptionsManagerMixIn, Mess
+
+ ('include-ids', _deprecated_option('i', 'yn')),
+ ('symbols', _deprecated_option('s', 'yn')),
++
++ ('unsafe-load-any-extension',
++ {'type': 'yn', 'metavar': '<yn>', 'default': False, 'hide': True,
++ 'help': ('Allow loading of arbitrary C extensions. Extensions'
++ ' are imported into the active Python interpreter and'
++ ' may run arbitrary code.')}),
++
++ ('extension-pkg-whitelist',
++ {'type': 'csv', 'metavar': '<pkg[,pkg]>', 'default': [],
++ 'help': ('A comma-separated list of package or module names'
++ ' from where C extensions may be loaded. Extensions are'
++ ' loading into the active Python interpreter and may run'
++ ' arbitrary code')}
++ ),
+ )
+
+ option_groups = (
+@@ -669,6 +683,8 @@ class PyLinter(OptionsManagerMixIn, Mess
+ self.stats = {'by_module' : {},
+ 'by_msg' : {},
+ }
++ MANAGER.always_load_extensions = self.config.unsafe_load_any_extension
++ MANAGER.extension_package_whitelist.update(self.config.extension_pkg_whitelist)
+ for msg_cat in MSG_TYPES.itervalues():
+ self.stats[msg_cat] = 0
+
only in patch2:
unchanged:
--- pylint-1.3.1.orig/debian/patches/series
+++ pylint-1.3.1/debian/patches/series
@@ -0,0 +1 @@
+5733254372edb1df9f72f72c6733608405a99a40.patch
Reply to: