Bug#515563: Please remove package mped
Package: mped Version: 3.3.17-1 Severity: critical Tags: lenny (Note: I'm upstream author for the mped package). Lenny has been released containing a version of the Minimum Profit text editor that is from 2005 and that can cause severe information lossage due to an incorrect handling of UTF-8 encoding. An RC bug was filed (#514096) against lenny to suggest a package update or deletion, but it was ignored and this dangerous version entered the stable release. As there is nothing that can be done by now, I urge the archive masters to delete this +4 year old, dangerous package. Regards, -- Angel Ortega signature.asc Description: Digital signature
Bug#515563: Please remove package mped
Thanks for the quick response. Luk Claes (l...@debian.org) wrote: > It could be fixed in a point release, though only with a targeted fix > (no new upstream version). Though I understand the reasoning, this does not change the truth: the über-old version in Lenny can break things. This may cause user frustration or even liability issues. Thanks, -- Angel Ortega signature.asc Description: Digital signature
Bug#515563: Please remove package mped
Luk Claes (l...@debian.org) wrote: > Well, stable won't be touched till the point release so until the point > release it will stay this broken I'm afraid. At the point release we can > choose to either remove the package or fix the package (small targeted > diff). Do you think the latter is not possible and we should just remove > it at that point? There is no way a small diff could fix that bug, changes should be huge, they were the main reason to jump to the current source branch many years ago. The source branch in Debian is a dead end. So it seems that lenny will never have a working version. I'm afraid the damage is done, so why bother. Thank you very much, -- Angel Ortega signature.asc Description: Digital signature
Bug#517866: closed by Marco Rodrigues (mped has been removed from Debian, closing #517866)
On Tue, Apr 28, 2009 at 02:46:03PM +0100, E Taylor wrote: > Anyway, this new version has made its way into unstable and testing and > I can report that it does indeed fix this bug, #517866. I haven't found > a way to force mped to use the ncurses interface if the GTK one is > available, but again this would be a separate bug or feature request. You can force mped to ncurses mode just by unsetting the DISPLAY value or setting it to something unusable, as in DISPLAY=none mped Hope it helps. -- Angel Ortega signature.asc Description: Digital signature
Bug#517866: closed by Marco Rodrigues (mped has been removed from Debian, closing #517866)
On Tue, Apr 28, 2009 at 04:35:34PM +0100, E Taylor wrote: > It's such an honour to have my "bug" report answered by the author > himself. I was actually thinking of emailing you about the program, but > I wasn't sure if that was the correct procedure. Hopefully you don't > mind me responding to your email directly like this. I think it's an author's duty to follow and reply to bugs or queries. > Firstly thank you for creating such an amazing program, it really will > help me abandon the six-legged freak of "vi", and I will encourage > everyone who is new to Debian and Ubuntu to use this fantastic editor. I'm glad to know you find it useful. > Secondly, thank you for giving me this workaround for forcing the > interface. I had thought there must be a way to trick mped, but I > thought that it would require resetting the DISPLAY variable after you > exit mped. Is there any chance you could make the interface choice a > command line argument, though? mped -i curses or mped -i gtk The 3.x branch have an option like that, but I never reimplemented it on 5.x, just because overriding DISPLAY is enough and nobody cared. If you think it's really important, I will reconsider it. > so the NAME section should probably be something like: > mped - Minimum Profit EDitor, a text editor for programmers That's fine, I've changed that header line in the man page source. The inconsistency about the binary name in the man page is because 'mp-5' is the original name, but Debian renamed it (for historical reasons, I suppose) to mped. I added an option to config.sh to ease this transition. But sadly, the Debian package has always been in flux. I made some suggestions to the (then) maintainer, and though he is/was a fine person, it seems Debian packaging was not too high in his priorities' list. For example, I always wanted to have two binary packages, one ncursesw-only, and the other GTK+ncursesw, but my prayers were never heard. Now, the editor also has a KDE4 interface, but being things like they are (and remember, mped has *no* maintainer other than the QA Team), I never even bothered to suggest it. Just take a look at README.Debian; it's just *my* document about Debian and it says it's 'unofficial' (I don't know if that is fixed now, but didn't was last time I checked). Back to the man page binary name inconsistency, I think the proper thing is to add an inline sed oneliner to replace 'mp-5' with 'mped' inside mped.1 in the Debian package build or install scripts and everything would be fine. > Finally, do you think there is a problem with your build script that > makes it check for one package and then, if it finds it, it uses a > completely different package? I'm not sure to understand you fully here. The config.sh script just searches for ncursesw and uses ncursesw (no mention about plain ncurses, other than including curses.h), the problem was on Debian dependencies. Remember I have no control on that. > Thank you again for writing such a great text editor, and I hope you > don't mind this email. You're welcome. > P.S. How do you access the Easter Egg? There is no longer an easter egg, that was from the 3.x branch many years ago (this is another mark of the package's state of abandonment, the list of features is from 2004 or so. Take note that it does not mention important things as undo levels and Unicode support). The easter egg was there as a contest, and I always said it was meant to be there until someone found it. A user found it, and I deleted it from the code. If you are curious, it was the following: if you wrote (as an exact full string of keystrokes, no editing nor cursor moving) [Fear the Triceratops], a crappy, ASCII-art dinosaur was inserted into the text. Regards, -- Angel Ortega signature.asc Description: Digital signature
Bug#517866: closed by Marco Rodrigues (mped has been removed from Debian, closing #517866)
On Fri, May 01, 2009 at 07:39:59PM +0100, E Taylor wrote: > I'm not sure to understand you fully here. The config.sh script just > searches for ncursesw and uses ncursesw (no mention about plain ncurses, > other than including curses.h), the problem was on Debian dependencies. > Remember I have no control on that. > >When I was talking with Barry deFreese about it, he said that isn't wasn't >enough to have ncursesw in the build dependencies, he also had to add >ncurses for it to work. He thought that the build was checking for the >existence of the curses.h from the ncurses package, and then, if it found >it, using the curses.h from the ncursesw package. Someone else in IRC >commented "hmm ideally you should use the curses.h header from the >ncursesw dir to match the library used" and Barry replied "Aye, that's an >upstream bug". I hope that makes sense. Well, certainly this can be considered a bug; I've already fixed it for the 5.1.2 release. >As I'm writing this email, I would like to take this opportunity to ask >whether MP supports highlighting multiple language syntaxes in one file. >For example, could it highlight JavaScript syntax inside an HTML document >where the tags were also correctly highlighted? There could also be CSS >and PHP in the same file. It sounds like a non-trivial change, but I'll think about it. > As a work around, or as an extra feature, you >could have an option in the menus for selecting which highlighting to use >on the current file. As an even dirtier workaround :-D, you can force the syntax highlighting to the active document (to PHP, say) by executing the following MPSL snippet: local l = mp.active(); l.syntax = mp.syntax.php; You can execute MPSL code by hitting Escape (escape+escape, if under curses), or from the Edit menu. By the way, there are currently no JavaScript nor CSS syntax definitions. >Thanks again for your help getting this package to as high a standard as >possible. You're welcome. -- Angel Ortega signature.asc Description: Digital signature
Bug#514096: Minimum Profit text editor version 3.x can destroy UTF-8 files
Package: mped Version: 3.3.17-1 Severity: critical Tags: lenny If you open and save files in an UTF-8 environment (the default in lenny and any other modern system), non-ascii characters can be incorrectly saved as question marks or simply deleted. This bug is fixed in unstable (version 5.1.1-1). Thanks, -- Angel Ortega signature.asc Description: Digital signature
