[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#964792: marked as done (buster-pu: package gist/5.0.0-2+deb10u1)

Your message dated Sat, 01 Aug 2020 12:51:28 +0100
with message-id <43535efb498a168cf81452ca0c326f004f46adc6.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 10.5 point release
has caused the Debian Bug report #964792,
regarding buster-pu: package gist/5.0.0-2+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
964792: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964792
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Stable Release Managers,

in #964544 it was pointed out that gist relies on a deprecated API on
github.com to submit pastes to gist.github.com, and will stop working no
later than May 5, 2021.

I've applied the patch from upstream and tested on buster, and it seems
all nice now.

Please consider this for the next buster stable update.

Thanks,
Chris


gist_5.0.0-2+deb10u1.debdiff:

diff -Nru gist-5.0.0/debian/changelog gist-5.0.0/debian/changelog
--- gist-5.0.0/debian/changelog	2018-08-01 20:00:47.000000000 +0000
+++ gist-5.0.0/debian/changelog	2020-07-09 15:27:56.000000000 +0000
@@ -1,3 +1,9 @@
+gist (5.0.0-2+deb10u1) buster; urgency=medium
+
+  * Avoid deprecated authorization API (Closes: #964544)
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Thu, 09 Jul 2020 15:27:56 +0000
+
 gist (5.0.0-2) unstable; urgency=medium
 
   * Depend on sensible-utils as we use sensible-browser
diff -Nru gist-5.0.0/debian/patches/635b1437a513e9a13367827ee3f74fbbdaa54aa8.patch gist-5.0.0/debian/patches/635b1437a513e9a13367827ee3f74fbbdaa54aa8.patch
--- gist-5.0.0/debian/patches/635b1437a513e9a13367827ee3f74fbbdaa54aa8.patch	1970-01-01 00:00:00.000000000 +0000
+++ gist-5.0.0/debian/patches/635b1437a513e9a13367827ee3f74fbbdaa54aa8.patch	2020-07-09 15:27:56.000000000 +0000
@@ -0,0 +1,217 @@
+From 635b1437a513e9a13367827ee3f74fbbdaa54aa8 Mon Sep 17 00:00:00 2001
+From: Andrew Mayorov <encube.ul@gmail.com>
+Date: Tue, 4 Feb 2020 14:25:54 +0300
+Subject: [PATCH] Supply access token through Authorization header
+
+Instead of through query parameter, since that method is being actively
+deprecated.
+
+* https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters
+* https://developer.github.com/v3/#oauth2-token-sent-in-a-header
+---
+ build/gist  | 29 ++++++++++++++---------------
+ lib/gist.rb | 21 ++++++++++-----------
+ 2 files changed, 24 insertions(+), 26 deletions(-)
+
+diff --git a/build/gist b/build/gist
+index 3f32dcd..6f59dd3 100755
+--- a/build/gist
++++ b/build/gist
+@@ -1416,7 +1416,7 @@ module Gist
+   def multi_gist(files, options={})
+     if options[:anonymous]
+       raise 'Anonymous gists are no longer supported. Please log in with `gist --login`. ' \
+-        '(Github now requires credentials to gist https://bit.ly/2GBBxKw)'
++        '(GitHub now requires credentials to gist https://bit.ly/2GBBxKw)'
+     else
+       access_token = (options[:access_token] || auth_token())
+     end
+@@ -1442,9 +1442,9 @@ module Gist
+ 
+     url = "#{base_path}/gists"
+     url << "/" << CGI.escape(existing_gist) if existing_gist.to_s != ''
+-    url << "?access_token=" << CGI.escape(access_token) if access_token.to_s != ''
+ 
+     request = Net::HTTP::Post.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     request.body = JSON.dump(json)
+     request.content_type = 'application/json'
+ 
+@@ -1480,9 +1480,10 @@ module Gist
+     if user == ""
+       access_token = auth_token()
+       if access_token.to_s != ''
+-        url << "/gists?access_token=" << CGI.escape(access_token)
++        url << "/gists"
+ 
+         request = Net::HTTP::Get.new(url)
++        request['Authorization'] = "token #{access_token}"
+         response = http(api_url, request)
+ 
+         pretty_gist(response)
+@@ -1507,8 +1508,8 @@ module Gist
+     if user == ""
+       access_token = auth_token()
+       if access_token.to_s != ''
+-        url << "/gists?per_page=100&access_token=" << CGI.escape(access_token)
+-        get_gist_pages(url)
++        url << "/gists?per_page=100"
++        get_gist_pages(url, access_token)
+       else
+         raise Error, "Not authenticated. Use 'gist --login' to login or 'gist -l username' to view public gists."
+       end
+@@ -1524,11 +1525,9 @@ module Gist
+     url = "#{base_path}/gists/#{id}"
+ 
+     access_token = auth_token()
+-    if access_token.to_s != ''
+-      url << "?access_token=" << CGI.escape(access_token)
+-    end
+ 
+     request = Net::HTTP::Get.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     response = http(api_url, request)
+ 
+     if response.code == '200'
+@@ -1554,9 +1553,8 @@ module Gist
+ 
+     access_token = auth_token()
+     if access_token.to_s != ''
+-      url << "?access_token=" << CGI.escape(access_token)
+-
+       request = Net::HTTP::Delete.new(url)
++      request["Authorization"] = "token #{access_token}"
+       response = http(api_url, request)
+     else
+       raise Error, "Not authenticated. Use 'gist --login' to login."
+@@ -1569,9 +1567,10 @@ module Gist
+     end
+   end
+ 
+-  def get_gist_pages(url)
++  def get_gist_pages(url, access_token = "")
+ 
+     request = Net::HTTP::Get.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     response = http(api_url, request)
+     pretty_gist(response)
+ 
+@@ -1579,7 +1578,7 @@ module Gist
+ 
+     if link_header
+       links = Hash[ link_header.gsub(/(<|>|")/, "").split(',').map { |link| link.split('; rel=') } ].invert
+-      get_gist_pages(links['next']) if links['next']
++      get_gist_pages(links['next'], access_token) if links['next']
+     end
+ 
+   end
+@@ -1652,7 +1651,7 @@ module Gist
+   # @option credentials [String] :password
+   # @see http://developer.github.com/v3/oauth/
+   def login!(credentials={})
+-    puts "Obtaining OAuth2 access_token from github."
++    puts "Obtaining OAuth2 access_token from GitHub."
+     loop do
+       print "GitHub username: "
+       username = credentials[:username] || $stdin.gets.strip
+@@ -1906,7 +1905,7 @@ filenames can be overridden by repeating the "-f" flag. The most useful reason
+ to do this is to change the syntax highlighting.
+ 
+ All gists must to be associated with a GitHub account, so you will need to login with
+-`gist --login` to obtain an Oauth2 access token. This is stored and used by gist in the future.
++`gist --login` to obtain an OAuth2 access token. This is stored and used by gist in the future.
+ 
+ Private gists do not have guessable URLs and can be created with "-p", you can
+ also set the description at the top of the gist by passing "-d".
+@@ -2023,7 +2022,7 @@ end.parse!
+ begin
+   if Gist.auth_token.nil?
+     puts 'Please log in with `gist --login`. ' \
+-      '(Github now requires credentials to gist https://bit.ly/2GBBxKw)'
++      '(GitHub now requires credentials to gist https://bit.ly/2GBBxKw)'
+     exit(1)
+   end
+ 
+diff --git a/lib/gist.rb b/lib/gist.rb
+index c49b1dd..848a87e 100644
+--- a/lib/gist.rb
++++ b/lib/gist.rb
+@@ -136,9 +136,9 @@ def multi_gist(files, options={})
+ 
+     url = "#{base_path}/gists"
+     url << "/" << CGI.escape(existing_gist) if existing_gist.to_s != ''
+-    url << "?access_token=" << CGI.escape(access_token) if access_token.to_s != ''
+ 
+     request = Net::HTTP::Post.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     request.body = JSON.dump(json)
+     request.content_type = 'application/json'
+ 
+@@ -174,9 +174,10 @@ def list_gists(user = "")
+     if user == ""
+       access_token = auth_token()
+       if access_token.to_s != ''
+-        url << "/gists?access_token=" << CGI.escape(access_token)
++        url << "/gists"
+ 
+         request = Net::HTTP::Get.new(url)
++        request['Authorization'] = "token #{access_token}"
+         response = http(api_url, request)
+ 
+         pretty_gist(response)
+@@ -201,8 +202,8 @@ def list_all_gists(user = "")
+     if user == ""
+       access_token = auth_token()
+       if access_token.to_s != ''
+-        url << "/gists?per_page=100&access_token=" << CGI.escape(access_token)
+-        get_gist_pages(url)
++        url << "/gists?per_page=100"
++        get_gist_pages(url, access_token)
+       else
+         raise Error, "Not authenticated. Use 'gist --login' to login or 'gist -l username' to view public gists."
+       end
+@@ -218,11 +219,9 @@ def read_gist(id, file_name=nil)
+     url = "#{base_path}/gists/#{id}"
+ 
+     access_token = auth_token()
+-    if access_token.to_s != ''
+-      url << "?access_token=" << CGI.escape(access_token)
+-    end
+ 
+     request = Net::HTTP::Get.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     response = http(api_url, request)
+ 
+     if response.code == '200'
+@@ -248,9 +247,8 @@ def delete_gist(id)
+ 
+     access_token = auth_token()
+     if access_token.to_s != ''
+-      url << "?access_token=" << CGI.escape(access_token)
+-
+       request = Net::HTTP::Delete.new(url)
++      request["Authorization"] = "token #{access_token}"
+       response = http(api_url, request)
+     else
+       raise Error, "Not authenticated. Use 'gist --login' to login."
+@@ -263,9 +261,10 @@ def delete_gist(id)
+     end
+   end
+ 
+-  def get_gist_pages(url)
++  def get_gist_pages(url, access_token = "")
+ 
+     request = Net::HTTP::Get.new(url)
++    request['Authorization'] = "token #{access_token}" if access_token.to_s != ''
+     response = http(api_url, request)
+     pretty_gist(response)
+ 
+@@ -273,7 +272,7 @@ def get_gist_pages(url)
+ 
+     if link_header
+       links = Hash[ link_header.gsub(/(<|>|")/, "").split(',').map { |link| link.split('; rel=') } ].invert
+-      get_gist_pages(links['next']) if links['next']
++      get_gist_pages(links['next'], access_token) if links['next']
+     end
+ 
+   end
diff -Nru gist-5.0.0/debian/patches/series gist-5.0.0/debian/patches/series
--- gist-5.0.0/debian/patches/series	2018-08-01 20:00:47.000000000 +0000
+++ gist-5.0.0/debian/patches/series	2020-07-09 15:27:56.000000000 +0000
@@ -1,3 +1,4 @@
 rename
 webmock
 gemspec-no-git
+635b1437a513e9a13367827ee3f74fbbdaa54aa8.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.5

Hi,

Each of these bugs relates to an update that was included in today's
stable point release.

Regards,

Adam

--- End Message ---
Reply to: