[DRE-commits] [ruby-redcloth] 03/04: remove patches already applied
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Tue Sep 13 09:57:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository ruby-redcloth.
commit a613bb870f744a9dece02af97add2d2e4a5a514e
Author: Pirate Praveen <praveen at debian.org>
Date: Tue Sep 13 14:53:33 2016 +0530
remove patches already applied
---
debian/changelog | 5 +-
...javascript-links-when-using-filter_html-o.patch | 53 ----------------------
debian/patches/rspec3-test-fix | 29 ------------
debian/patches/series | 2 -
4 files changed, 3 insertions(+), 86 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e6acb67..bb2782e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-ruby-redcloth (4.3.2-1) UNRELEASED; urgency=medium
+ruby-redcloth (4.3.2-1) unstable; urgency=medium
* Team upload
* New upstream release
+ * Remove patches (already applied upstream)
- -- Pirate Praveen <praveen at debian.org> Tue, 13 Sep 2016 14:05:39 +0530
+ -- Pirate Praveen <praveen at debian.org> Tue, 13 Sep 2016 14:52:56 +0530
ruby-redcloth (4.2.9-5) unstable; urgency=medium
diff --git a/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch b/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch
deleted file mode 100644
index ddd1a9f..0000000
--- a/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001
-From: Antonio Terceiro <terceiro at debian.org>
-Date: Sat, 7 Feb 2015 23:27:39 -0200
-Subject: [PATCH] Filter out 'javascript:' links when using filter_html or
- sanitize_html
-
-This is a fix for CVE-2012-6684
----
- lib/redcloth/formatters/html.rb | 6 +++++-
- spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
- create mode 100644 spec/security/CVE-2012-6684_spec.rb
-
-diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
-index bfadfb7..b8793b2 100644
---- a/lib/redcloth/formatters/html.rb
-+++ b/lib/redcloth/formatters/html.rb
-@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML
- end
-
- def link(opts)
-- "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+ if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/
-+ opts[:name]
-+ else
-+ "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+ end
- end
-
- def image(opts)
-diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb
-new file mode 100644
-index 0000000..05219fd
---- /dev/null
-+++ b/spec/security/CVE-2012-6684_spec.rb
-@@ -0,0 +1,14 @@
-+# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
-+
-+require 'redcloth'
-+
-+describe 'CVE-2012-6684' do
-+
-+ it 'should not let javascript links pass through' do
-+ # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
-+ output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
-+ expect(output).to_not match(/href=.javascript:alert/)
-+ end
-+
-+
-+end
---
-2.1.4
-
diff --git a/debian/patches/rspec3-test-fix b/debian/patches/rspec3-test-fix
deleted file mode 100644
index fb676d7..0000000
--- a/debian/patches/rspec3-test-fix
+++ /dev/null
@@ -1,29 +0,0 @@
-Description: Fix tests to run with RSpec 3.x
- RSpec 3.x redefined the matchers like be_true and be_false to be_truthy and
- be_falsey respectively. Fixing the tests to follow those modifications.
-Author: Balasankar C <balasankarc at autistici.org>
-Last-Update: 2015-07-08
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/spec/parser_spec.rb
-+++ b/spec/parser_spec.rb
-@@ -11,8 +11,8 @@
- end
-
- it "should have a VERSION" do
-- RedCloth.const_defined?("VERSION").should be_true
-- RedCloth::VERSION.const_defined?("STRING").should be_true
-+ RedCloth.const_defined?("VERSION").should be_truthy
-+ RedCloth::VERSION.const_defined?("STRING").should be_truthy
- end
-
- it "should show the version as a string" do
-@@ -21,7 +21,7 @@
- end
-
- it "should have EXTENSION_LANGUAGE" do
-- RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_true
-+ RedCloth.const_defined?("EXTENSION_LANGUAGE").should be_truthy
- RedCloth::EXTENSION_LANGUAGE.should_not be_empty
- RedCloth::DESCRIPTION.should include(RedCloth::EXTENSION_LANGUAGE)
- end
diff --git a/debian/patches/series b/debian/patches/series
index 92d21c3..fb58cc7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1 @@
-rspec3-test-fix
0001-restore-extconf.rb.patch
-0001-Filter-out-javascript-links-when-using-filter_html-o.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-redcloth.git
More information about the Pkg-ruby-extras-commits
mailing list