Hello
I have now restored the plugin-list.json file upstream to prevent
crashes for users with older versions.
Sorry, I haven't thought of this when removing the file. And yes:
pulling stuff from git is
always a bad idea no matter.
Best Regards,
Lars Windolf
On 05.05.25 05:05, Paul Wise wrote:
Package: liferea
Version: 1.15.8-2+b1
Control: found -1 1.12.2-1
Control: fixed -1 1.16~rc3-1
Tags: fixed-upstream
Severity: important
Usertags: crash
User: debian-de...@lists.debian.org
Userags: privacy
When the Tools -> Plugins menu item is selected, it loads the plugin
list from a JSON file hosted on GitHub[1]. This is both a privacy
issue[2] and now it is also broken because the file got removed
in upstream commit a92d3b0e2b5a4a4068308cbb3240b88073d09c49[3],
that causes a crash in plugin-installer.py due to the 404 error.
1.
https://raw.githubusercontent.com/lwindolf/liferea/master/plugins/plugin-list.json
2. https://wiki.debian.org/PrivacyIssues
3.
https://github.com/lwindolf/liferea/commit/a92d3b0e2b5a4a4068308cbb3240b88073d09c49
This issue is fixed in upstream liferea 1.16-RC3 that merged the commit
above, but has been present since 1.12.2-1, which means that both
Debian stable and oldstable liferea need to be fixed too.
Since the freeze is close, I suggest installing the file from the
source package in plugins/plugin-list.json into /usr/share/liferea/
and then patching the plugin-installer.py to use a file:// URL instead.
I have tested this fix by editing the files locally, all of the
functionality of the Plugins dialog works, including downloading
and installing not yet installed plugins.
In addition, the plugin installation just downloads the plugins with
git clone, which seems a bit insecure, but this is dropped in 1.16-RC3,
and it is at least protected by TLS. It might be worth packaging some
of the popular liferea plugin packages from the list for Debian.
This is the crash seen on the console when opening the menu item:
Traceback (most recent call last):
File "/usr/lib/x86_64-linux-gnu/liferea/plugins/plugin-installer.py",
line 63, in _run
self._browser = PluginBrowser()
~~~~~~~~~~~~~^^
File "/usr/lib/x86_64-linux-gnu/liferea/plugins/plugin-installer.py",
line 92, in __init__
self._plugin_list = self.fetch_list()
~~~~~~~~~~~~~~~^^
File "/usr/lib/x86_64-linux-gnu/liferea/plugins/plugin-installer.py",
line 168, in fetch_list
resp = urllib.request.urlopen(req).read()
~~~~~~~~~~~~~~~~~~~~~~^^^^^
File "/usr/lib/python3.13/urllib/request.py", line 189, in urlopen
return opener.open(url, data, timeout)
~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/urllib/request.py", line 495, in open
response = meth(req, response)
File "/usr/lib/python3.13/urllib/request.py", line 604, in http_response
response = self.parent.error(
'http', request, response, code, msg, hdrs)
File "/usr/lib/python3.13/urllib/request.py", line 533, in error
return self._call_chain(*args)
~~~~~~~~~~~~~~~~^^^^^^^
File "/usr/lib/python3.13/urllib/request.py", line 466, in _call_chain
result = func(*args)
File "/usr/lib/python3.13/urllib/request.py", line 613, in
http_error_default
raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 404: Not Found
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800,
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700,
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.25-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages liferea depends on:
ii dbus-user-session [default-dbus-session-bus] 1.16.2-2
ii dbus-x11 [dbus-session-bus] 1.16.2-2
ii gir1.2-freedesktop [gir1.2-libxml2-2.0] 1.84.0-1
ii gir1.2-gtk-3.0 3.24.49-3
ii gir1.2-peas-1.0 1.36.0-3+b4
ii libc6 2.41-7
ii libfribidi0 1.0.16-1
ii libgdk-pixbuf-2.0-0 2.42.12+dfsg-2
ii libgirepository-1.0-1 1.84.0-1
ii libglib2.0-0t64 2.84.1-1
ii libgtk-3-0t64 3.24.49-3
ii libjavascriptcoregtk-4.1-0 2.48.1-2
ii libjson-glib-1.0-0 1.10.6+ds-2
ii libpango-1.0-0 1.56.3-1
ii libpeas-1.0-0 1.36.0-3+b4
ii libsoup-3.0-0 3.6.5-1
ii libsqlite3-0 3.46.1-4
ii libwebkit2gtk-4.1-0 2.48.1-2
ii libxml2 2.12.7+dfsg+really2.9.14-0.4
ii libxslt1.1 1.1.35-1.2
ii liferea-data 1.15.8-2
ii python3 3.13.3-1
ii python3-cairo 1.27.0-2
ii python3-gi 3.50.0-4+b1
ii python3-gi-cairo 3.50.0-4+b1
ii python3-notify2 0.3.1-1
ii python3.13 3.13.3-2
Versions of packages liferea recommends:
ii gir1.2-gstreamer-1.0 1.26.0-3
ii gir1.2-notify-0.7 0.8.6-1
Versions of packages liferea suggests:
ii kget 4:24.12.3-2
ii network-manager 1.52.0-6
-- no debconf information
