Bug#772756: marked as done (unblock: pylint/1.3.1-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 10 Dec 2014 23:50:44 +0100
with message-id <20141210225044.GA14607@ugent.be>
and subject line Re: Bug#772756: unblock: pylint/1.3.1-2
has caused the Debian Bug report #772756,
regarding unblock: pylint/1.3.1-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
772756: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772756
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: pylint/1.3.1-2
• From: Sandro Tosi <morph@debian.org>
• Date: Wed, 10 Dec 2014 19:53:52 +0000
• Message-id: <[🔎] 20141210195352.19531.45855.reportbug@oracle.matrix.int>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pylint

As pre-approved in #772038 I just uploaded pylint with the backport of an
upstream patch to allow users to inspect third-party extensions too, in addition
to standard library ones.

The diff contains also:

- a tightened dep on astroid, needed to select the proper patch (they are "twin"
  packages)
- an explict depends on quilt (+ rules) as I thought it would be better than
  switching the source format at this stage.

unblock pylint/1.3.1-2

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -u pylint-1.3.1/debian/changelog pylint-1.3.1/debian/changelog
--- pylint-1.3.1/debian/changelog
+++ pylint-1.3.1/debian/changelog
@@ -1,3 +1,17 @@
+pylint (1.3.1-2) unstable; urgency=medium
+
+  * debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
+    - backport of --unsafe-load-any-extension and --extension-pkg-whitelist to
+      be able to run pylint even on third-party extensions (and not only on
+      Standard Library ones); Closes: #772018
+  * debian/{control,rules}
+    - add quilt to apply the patch
+  * debian/control
+    - tighten dep on python-astroid to select the version with the changes
+      needed to fix #772018
+
+ -- Sandro Tosi <morph@debian.org>  Wed, 10 Dec 2014 19:42:55 +0000
+
 pylint (1.3.1-1) unstable; urgency=medium
 
   * New upstream release
diff -u pylint-1.3.1/debian/control pylint-1.3.1/debian/control
--- pylint-1.3.1/debian/control
+++ pylint-1.3.1/debian/control
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Sandro Tosi <morph@debian.org>
 Uploaders: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
-Build-Depends: debhelper (>= 9), python (>= 2.6.6-3~), dh-python
+Build-Depends: debhelper (>= 9), python (>= 2.6.6-3~), dh-python, quilt
 Build-Depends-Indep: python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1), python-unittest2
 Standards-Version: 3.9.6
 XS-Python-Version: >= 2.6
@@ -13,7 +13,7 @@
 
 Package: pylint
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends}, python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1)
+Depends: ${python:Depends}, ${misc:Depends}, python-logilab-common (>= 0.53.0), python-astroid (>= 1.2.1-3~)
 Recommends: python-tk
 Description: Python code static checker and UML diagram generator
  Pylint is a Python source code analyzer which looks for programming
diff -u pylint-1.3.1/debian/rules pylint-1.3.1/debian/rules
--- pylint-1.3.1/debian/rules
+++ pylint-1.3.1/debian/rules
@@ -6,7 +6,7 @@
 PYVERS := $(shell pyversions -s -v)
 
 %:
-	dh $@ --with python2
+	dh $@ --with python2,quilt
 
 override_dh_auto_build:
 	dh_auto_build
only in patch2:
unchanged:
--- pylint-1.3.1.orig/debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
+++ pylint-1.3.1/debian/patches/5733254372edb1df9f72f72c6733608405a99a40.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User Torsten Marek <shlomme@gmail.com>
+# Date 1416661887 -3600
+# Node ID 5733254372edb1df9f72f72c6733608405a99a40
+# Parent  f8fa8f2bd2bbe88a2c4f6d87d3cab200ca0160c6
+Add options to control extension loading in astroid.
+
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,13 @@
+ ChangeLog for Pylint
+ ====================
+ 
++    * Added new options for controlling the loading of C extensions.
++      By default, only C extensions from the stdlib will be loaded
++      into the active Python interpreter for inspection, because they
++      can run arbitrary code on import. The option 
++      `--extension-pkg-whitelist` can be used to specify modules
++      or packages that are safe to load.
++
+ 2014-08-24 -- 1.3.1
+ 
+     * Fix a false positive with string formatting checker, when
+--- a/lint.py
++++ b/lint.py
+@@ -275,6 +275,20 @@ class PyLinter(OptionsManagerMixIn, Mess
+ 
+                 ('include-ids', _deprecated_option('i', 'yn')),
+                 ('symbols', _deprecated_option('s', 'yn')),
++
++                ('unsafe-load-any-extension',
++                 {'type': 'yn', 'metavar': '<yn>', 'default': False, 'hide': True,
++                  'help': ('Allow loading of arbitrary C extensions. Extensions'
++                           ' are imported into the active Python interpreter and'
++                           ' may run arbitrary code.')}),
++
++                ('extension-pkg-whitelist',
++                  {'type': 'csv', 'metavar': '<pkg[,pkg]>', 'default': [],
++                   'help': ('A comma-separated list of package or module names'
++                            ' from where C extensions may be loaded. Extensions are'
++                            ' loading into the active Python interpreter and may run'
++                            ' arbitrary code')}
++                  ),
+                )
+ 
+     option_groups = (
+@@ -669,6 +683,8 @@ class PyLinter(OptionsManagerMixIn, Mess
+         self.stats = {'by_module' : {},
+                       'by_msg' : {},
+                      }
++        MANAGER.always_load_extensions = self.config.unsafe_load_any_extension
++        MANAGER.extension_package_whitelist.update(self.config.extension_pkg_whitelist)
+         for msg_cat in MSG_TYPES.itervalues():
+             self.stats[msg_cat] = 0
+ 
only in patch2:
unchanged:
--- pylint-1.3.1.orig/debian/patches/series
+++ pylint-1.3.1/debian/patches/series
@@ -0,0 +1 @@
+5733254372edb1df9f72f72c6733608405a99a40.patch

--- End Message ---

--- Begin Message ---

• To: Sandro Tosi <morph@debian.org>, 772756-done@bugs.debian.org
• Subject: Re: Bug#772756: unblock: pylint/1.3.1-2
• From: Ivo De Decker <ivodd@debian.org>
• Date: Wed, 10 Dec 2014 23:50:44 +0100
• Message-id: <20141210225044.GA14607@ugent.be>
• In-reply-to: <[🔎] 20141210195352.19531.45855.reportbug@oracle.matrix.int>
• References: <[🔎] 20141210195352.19531.45855.reportbug@oracle.matrix.int>

Hi,

On Wed, Dec 10, 2014 at 07:53:52PM +0000, Sandro Tosi wrote:
> Please unblock package pylint

Unblocked.

Cheers,

Ivo

--- End Message ---