Debian Patches
Status for pagure/5.14.1+dfsg-7
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0005-update-wtform-validator-call.patch | Fix wtforms issue The Required validator is no longer available. This will use DataRequired instead of Required. |
zlopez, Michal Konečný | not-needed | |||
| 0006-use-markupsafe-escape.patch | 'jinja2.escape' is deprecated and will be removed in Jinja 3.1. Import 'markupsafe.escape' instead. | Klaus Koder | not-needed | |||
| 0007-cgi-escape-removed.patch | Python 3.13 removes cgi | Matthieu Moy, Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | debian | based on git-multimail ddc9a1c | |
| 0008-fix-warning-1085764.patch | Avoid invalid escape SyntaxWarning | Ville Skyttä | yes | debian | git-multimail eb590c3 | |
| 0010-dont-crash-on-nameless-test.patch | Don't crash the test suite when _testMethodDoc is None | Rebecca N. Palmer <rebecca_palmer@zoho.com> | invalid | |||
| 0012-chardet5.patch | Accept chardet 5 | Dominik Wombacher | not-needed | upstream eeb9acdc | ||
| 0014-imp-pygit2remote-renamed.patch | they are now called importlib and pygit2.remotes | Dominik Wombacher, Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed | upstream | ||
| 0015-sqlalchemy-relation-renamed.patch | use new name | Dominik Wombacher, Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed | upstream | ||
| 0016-use-markupsafe-markup.patch | flask.Markup no longer exists | Dominik Wombacher, Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed | upstream | ||
| 0017-spelling.patch | Fix typos and grammar | Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0019-create_remote-removed.patch | stop using pygit2 Repository.create_remote Does not exist in 1.14+, replaced by Repository.remotes.create |
Dominik Wombacher | not-needed | upstream 1cf9ec5a298e04acc738f343b29c26b36ba273a3 | ||
| 0036-dont-assume-gitrepo.patch | Don't assume we're building from a git repo read_output used git rev-list on the pagure repo (not a small test repo) as an example of a large output |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | invalid | |||
| 0037-emptystr-vs-None.patch | None is not the empty string | Dominik Wombacher | not-needed | upstream e830f17a + c719bf09 | ||
| 0039-merge-pattern-seconds.patch | Accept merge message with seconds count See 5.14.1+dfsg-3 build log for failure examples |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0040-path-special-characters.patch | Allow building in paths with version-number characters werkzeug.secure_filename (called from add_attachment) strips out most special characters, including some allowed in Debian version numbers |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0041-tokentest-timezone.patch | Don't fail if run in non-UTC or over midnight The default token expiration is set when pagure.forms is loaded, not when the token is created (this is plausibly a bug, but given the risk of introducing other bugs while trying to fix it, I'm leaving it alone for now) It is also today() (local time) not utcnow(). |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0042-plugins-flaskwtfcompat.patch | Avoid CSRF errors on plugins "csrf_enabled" is deprecated since flask-wtf v0.14, removed in v1.0, replaced by "meta={'csrf': }" |
Dominik Wombacher | not-needed | upstream 34faff4927b2427aae6a4b2efd06d87bd642209e | ||
| 0043-pygit2-1p17.patch | parentless commits no longer allowed in nonempty repos | Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0044-missing-Location-header.patch | Allow missing Location header | Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0034-error-messages3.patch | Accept either werkzeug error __version__ is removed in werkzeug 3.1 |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | |||
| 0035-avoid-415-emptyjson.patch | Don't require JSON to be marked as such (in particular, this allows requests where having *any* body data is optional) |
Dominik Wombacher | not-needed | upstream 7235ae9ab0adcbe9def07fe4b6397a8edebb5393 | ||
| 0020-pygit2-hex-oid-removed.patch | Stop using pygit 2 .oid and .hex (they no longer exist) This generates approximately this patch (but isn't exactly what was used as some bugs were fixed afterwards) but needs some manual fixup shopt -s globstar dpkg-source --before-build . # the first one is where we can easily tell where the str( goes - note that ([ not ]) in (1) is intentional, (3) matches either nothing or one of [0], [-1], () # the __str__() form is used where we can't easily tell where the str( goes, and may be manually fixed up afterwards, or in jinja templates (where the builtins aren't available but method calls are) # ($|[^a-z]) is to avoid matching longer names that start with .oid or .hex # peel() is an object, .target and .tree_id are oids # assume the rest are objects (this way round as calling .id on already-an-oid will *immediately* fail) and see what complains for f0 in pagure/templates/**/*.html ; do sed -i -E -e 's/\.(oid|target|tree_id)\.hex($|[^a-z])/.\1.__str__()\2/g' -e 's/\.oid($|[^a-z])/.id\1/g' -e 's/\.hex($|[^a-z])/.id.__str__()\1/g' ${f0} ; done for f0 in pagure/**/*.py tests/**/*.py dev-data.py ; do sed -i -E -e 's/([ =\[\(\{])([0-9a-zA-Z_.]+?)(\[0\]|\[-1\]|\(\)|)\.(oid|target|tree_id)\.hex/\1str(\2\3.\4)/g' -e 's/\.(oid|target|tree_id)\.hex($|[^a-z])/.\1.__str__()\2/g' -e 's/\.oid($|[^a-z])/.id\1/g' -e 's/([ =\[\(\{])([0-9a-zA-Z_.]+?)(\[0\]|\[-1\]|\(\)|)\.hex($|[^a-z])/\1str(\2\3.id)\4/g' -e 's/\.hex($|[^a-z])/.id.__str__()\1/g' ${f0} ; done # this file uses uuid hex, undo whatever we did to that # other places that do were fixed manually git diff pagure/lib/query.py | patch -p1 -R grep -rniE -e "\.oid|\.hex" --exclude-dir=.pc --exclude-dir=debian . dpkg-source --commit . 0020-pygit2-hex-oid-removed.patch |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | |||
| 0021-bleach-now-frozenset.patch | can't add list to frozenset | Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed | |||
| 0022-pygit2-git_obj_commit-removed.patch | Stop trying to use (removed) pygit2.GIT_OBJ_COMMIT | Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | |||
| 0023-celery-no-empty-id.patch | Don't pass empty task_id to Celery fails in celery 5.3.0+ |
Klaus Koder | not-needed | upstream | ||
| 0024-unittest-renames.patch | 'assertEquals' removed, replaced by 'assertEqual' | Dominik Wombacher | not-needed | upstream 8c301083 + d7803cdd | ||
| 0025-no-markdown-etree.patch | Be compatible with newer markdown | Michal Konečný, Dominik Wombacher | no | part of upstream ee9713375e857f054664dc82e14fa86bbd2fe1e6 | ||
| 0026-error-messages.patch | expect new spelling/format of error messages 19d2b27b + f9185cd0 + 061d07ec + 2dfe6da4 + a2b3d943 |
Dominik Wombacher, Michal Konečný | not-needed | upstream 349fe5a9 + efc12ec5 + 1a5c449c + | ||
| 0027-dont-strip-None.patch | Check for None before using string methods, not after (wtforms now returns None instead of an empty string for no input) 83ad40b6 2889d1e9 dcb9b6a9 |
Michal Konečný, Dominik Wombacher | not-needed | upstream d269390c 77a3fbf5 7832b71a 4351d921 dbb90e2c | ||
| 0029-tests-gitolite-path.patch | Don't try to write somewhere that doesn't exist | Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed | |||
| 0030-arrow-timestamp.patch | arrow 'timestamp' property removed in >=v1.0.0 | Dominik Wombacher, Michal Konečný, Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | based on 39b99cc5 + febbf04e + ce28af0f + 5a73e49e | ||
| 0031-chardet-encoding-list.patch | expect newer chardet output | Dominik Wombacher | not-needed | upstream 50c49a5f + 86a42ecd | ||
| 0032-plugin-name-in-error.patch | actually use the name argument Not using it raises an exception |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | |||
| 0033-error-messages2.patch | Accept new error messages | Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | |||
| 0009-security.patch | Fix (probably minor) security issues - Quote non-escaping in HTML highlightjs/highlight.js#1475, highlightjs/highlight.js#2235 Only quotes, not other characters, were left unescaped. - JavaScript prototype pollution lodash/lodash#4336 = CVE-2019-10744, lodash CVE-2018-16487, chartjs/Chart.js#7920, chartjs/Chart.js#7918 These are probably not exploitable from pagure, as the vulnerable merge functions are used for merging configuration objects with their defaults, and pagure only calls chartjs (from static/issues_stats.js) and diff2html (from templates/commit.html) with fixed configs, not configs depending on content supplied by other users (e.g. the commit or pull request being viewed). - Leaks existence/metadata of files outside the repository Zip archiving a repository containing symlinks uses the metadata of the pointed-to file (which may be outside the repository), not the symlink itself, and fails if that file does not exist. (It used to include the file's content as well, CVE-2024-47515, but that has already been fixed by upstream.) |
Kirill Efimov, John-David Dalton, Jukka Kurkela, Evert Timberg, Josh Goebel, Ivan Sagalaev, Rebecca N. Palmer <rebecca_palmer@zoho.com> | yes | mostly upstreams of these Javascript libraries | ||
| 0002-Fix-Python-shebang-for-various-scripts.patch | Fix Python shebang for various scripts Pagure ships with the "/usr/bin/env python" shebang, which doesn't work on Debian because "python" refers to Python 2. This patch replaces every occurrence of this by "/usr/bin/python3". |
Sergio Durigan Junior <sergiodj@sergiodj.net> | invalid | |||
| 0028-alembic-no3suffix.patch | Rename 'alembic-3' to 'alembic' in unit tests | Dominik Wombacher | not-needed | upstream 49be21253ea7ce2e48019a492c44d3f2ff804ccc | ||
| 0003-Adjust-path-of-aclchecker.py.patch | Adjust path of aclchecker.py Pagure's default_config.py file contains a hardcoded path for the aclchecker.py script which doesn't work for us (/usr/libexec, Fedora-specific). This patch adjusts the path to where we actually install the script (/usr/share/pagure). pagure-ev/pagure_ev.service is not similarly patched because we don't install that (we use our pagure-ev-server.service instead) |
Sergio Durigan Junior <sergiodj@sergiodj.net> | not-needed | |||
| 0004-Adjust-flask_app.py-to-locate-template-static-and-th.patch | Adjust flask_app.py to locate template, static and theme files On Debian, we install template, static and theme files under /usr/share/pagure (instead of /usr/lib/python3/dist-packages/pagure, which is upstream's default). For that reason, we have to adjust flask_app.py in order to make it properly locate these files. |
Sergio Durigan Junior <sergiodj@debian.org> | not-needed | |||
| 0018-optional-test-depends.patch | Skip tests with dependencies we don't have | Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | |||
| 0038-remove-mock.patch | Replace mock with unittest.mock #Generated by shopt -s globstar dpkg-source --before-build . for f0 in pagure/**/*.py tests/**/*.py dev-data.py ; do sed -i -E -e 's/import mock$/import unittest.mock as mock/g' -e 's/from mock import/from unittest.mock import/g' ${f0} ; done |
Rebecca N. Palmer <rebecca_palmer@zoho.com> | no | debian | ||
| investigate_test_failures.patch | debug output | Rebecca N. Palmer <rebecca_palmer@zoho.com> | not-needed |
All known versions for source package 'pagure'
- 5.14.1+dfsg-7 (sid, trixie)
- 5.11.3+dfsg-2.1 (bookworm)
- 5.11.3+dfsg-1 (bullseye)