[DRE-commits] [ruby-pg] 05/06: prevent loading remote uncontrolled data from the HTML documentation

Cédric Boutillier boutil at moszumanska.debian.org
Thu Aug 21 11:04:52 UTC 2014


This is an automated email from the git hooks/post-receive script.

boutil pushed a commit to branch master
in repository ruby-pg.

commit f7ecc6074b0f2f81f1c55c0b535efcd5dadfab94
Author: Cédric Boutillier <boutil at debian.org>
Date:   Thu Aug 21 12:56:35 2014 +0200

    prevent loading remote uncontrolled data from the HTML documentation
---
 debian/changelog                         |  2 ++
 debian/patches/0003-privacy-breach.patch | 20 ++++++++++++++++++++
 debian/patches/series                    |  1 +
 3 files changed, 23 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 7808a5d..9f03b41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ ruby-pg (0.17.1-2) UNRELEASED; urgency=medium
   * Build-depend on ruby-hoe and rake-compiler to be able to run rake tasks
     from the upstream Rakefile
   * Update the rule to generate the documentation and register it in doc-base
+    - Add 0003-privacy-breach.patch to prevent loading remote uncontrolled
+      data from the HTML documentation
 
  -- Cédric Boutillier <boutil at debian.org>  Thu, 21 Aug 2014 11:49:38 +0200
 
diff --git a/debian/patches/0003-privacy-breach.patch b/debian/patches/0003-privacy-breach.patch
new file mode 100644
index 0000000..134cf77
--- /dev/null
+++ b/debian/patches/0003-privacy-breach.patch
@@ -0,0 +1,20 @@
+Description: remove reference to travis-ci.org service from README
+ once converted to HTML, this would load uncontrolled remote data, which could
+ lead to a privacy breach.
+Author: Cédric Boutillier <boutil at debian.org>
+Last-Update: 2014-08-21
+
+--- a/README.rdoc
++++ b/README.rdoc
+@@ -27,11 +27,6 @@
+     end
+   end
+ 
+-== Build Status
+-
+-{<img src="https://travis-ci.org/ged/ruby-pg.png?branch=master" alt="Build Status" />}[https://travis-ci.org/ged/ruby-pg]
+-
+-
+ == Requirements
+ 
+ * Ruby 1.9.3-p392, or 2.0.0-p0.
diff --git a/debian/patches/series b/debian/patches/series
index bd9f667..89bb9c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 0002-fix-license-gemspec.patch
 0001-do-not-set-rpath.patch
+0003-privacy-breach.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-pg.git



More information about the Pkg-ruby-extras-commits mailing list