[DRE-commits] [ruby-redcloth] 03/04: remove patches already applied

Praveen Arimbrathodiyil praveen at moszumanska.debian.org
Tue Sep 13 09:57:07 UTC 2016 

This is an automated email from the git hooks/post-receive script.

praveen pushed a commit to branch master
in repository ruby-redcloth.

commit a613bb870f744a9dece02af97add2d2e4a5a514e
Author: Pirate Praveen <praveen at debian.org>
Date:   Tue Sep 13 14:53:33 2016 +0530

    remove patches already applied
---
 debian/changelog                                   |  5 +-
 ...javascript-links-when-using-filter_html-o.patch | 53 ----------------------
 debian/patches/rspec3-test-fix                     | 29 ------------
 debian/patches/series                              |  2 -
 4 files changed, 3 insertions(+), 86 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e6acb67..bb2782e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-ruby-redcloth (4.3.2-1) UNRELEASED; urgency=medium
+ruby-redcloth (4.3.2-1) unstable; urgency=medium
 
   * Team upload
   * New upstream release
+  * Remove patches (already applied upstream)
 
- -- Pirate Praveen <praveen at debian.org>  Tue, 13 Sep 2016 14:05:39 +0530
+ -- Pirate Praveen <praveen at debian.org>  Tue, 13 Sep 2016 14:52:56 +0530
 
 ruby-redcloth (4.2.9-5) unstable; urgency=medium
 
diff --git a/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch b/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch
deleted file mode 100644
index ddd1a9f..0000000
--- a/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001
-From: Antonio Terceiro <terceiro at debian.org>
-Date: Sat, 7 Feb 2015 23:27:39 -0200
-Subject: [PATCH] Filter out 'javascript:' links when using filter_html or
- sanitize_html
-
-This is a fix for CVE-2012-6684
----
- lib/redcloth/formatters/html.rb     |  6 +++++-
- spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
- create mode 100644 spec/security/CVE-2012-6684_spec.rb
-
-diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
-index bfadfb7..b8793b2 100644
---- a/lib/redcloth/formatters/html.rb
-+++ b/lib/redcloth/formatters/html.rb
-@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML
-   end
-   
-   def link(opts)
--    "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+    if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/
-+      opts[:name]
-+    else
-+      "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+    end
-   end
-   
-   def image(opts)
-diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb
-new file mode 100644
-index 0000000..05219fd
---- /dev/null
-+++ b/spec/security/CVE-2012-6684_spec.rb
-@@ -0,0 +1,14 @@
-+# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
-+
-+require 'redcloth'
-+
-+describe 'CVE-2012-6684' do
-+
-+  it 'should not let javascript links pass through' do
-+    # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
-+    output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
-+    expect(output).to_not match(/href=.javascript:alert/)
-+  end
-+
-+
-+end
--- 
-2.1.4
-
diff --git a/debian/patches/rspec3-test-fix b/debian/patches/rspec3-test-fix
deleted file mode 100644
index fb676d7..0000000
--- a/debian/patches/rspec3-test-fix
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Fix tests to run with RSpec 3.x
- RSpec 3.x redefined the matchers like be_true and be_false to be_truthy and 
- be_falsey respectively. Fixing the tests to follow those modifications.
-Author: Balasankar C <balasankarc at autistici.org>
-Last-Update: 2015-07-08
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/spec/parser_spec.rb
-+++ b/spec/parser_spec.rb
-@@ -11,8 +11,8 @@
-   end
-   
-   it "should have a VERSION" do
--    RedCloth.const_defined?("VERSION").should be_true
--    RedCloth::VERSION.const_defined?("STRING").should be_true
-+    RedCloth.const_defined?("VERSION").should be_truthy
-+    RedCloth::VERSION.const_defined?("STRING").should be_truthy
-   end
-   
-   it "should show the version as a string" do
-@@ -21,7 +21,7 @@
-   end
-   
-   it "should have EXTENSION_LANGUAGE" do
--    RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_true
-+    RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_truthy
-     RedCloth::EXTENSION_LANGUAGE.should_not be_empty
-     RedCloth::DESCRIPTION.should include(RedCloth::EXTENSION_LANGUAGE)
-   end
diff --git a/debian/patches/series b/debian/patches/series
index 92d21c3..fb58cc7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1 @@
-rspec3-test-fix
 0001-restore-extconf.rb.patch
-0001-Filter-out-javascript-links-when-using-filter_html-o.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-redcloth.git

More information about the Pkg-ruby-extras-commits mailing list