[Python-apps-commits] r11642 - in packages/mercurial/branches/jessie/debian/patches (3 files)

vicho at users.alioth.debian.org vicho at users.alioth.debian.org
Tue Dec 23 09:33:37 UTC 2014 

    Date: Tuesday, December 23, 2014 @ 09:33:36
  Author: vicho
Revision: 11642

Drop patches not needed for CVE-2014-9390

Matt Mackall said in an email to mercurial-packaging that the minimal set is:
   - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
   - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
   - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a

Modified:
  packages/mercurial/branches/jessie/debian/patches/series
Deleted:
  packages/mercurial/branches/jessie/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
  packages/mercurial/branches/jessie/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch

Deleted: packages/mercurial/branches/jessie/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
===================================================================
--- packages/mercurial/branches/jessie/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch	2014-12-22 10:37:17 UTC (rev 11641)
+++ packages/mercurial/branches/jessie/debian/patches/from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch	2014-12-23 09:33:36 UTC (rev 11642)
@@ -1,46 +0,0 @@
-Origin: http://selenic.com/repo/hg-stable/rev/7a5bcd471f2e
-Description: darwin: omit ignorable codepoints when normcase()ing a file path
- This lets us avoid some nasty case collision problems in OS X with
- invisible codepoints.
- .
- This is a fix for CVE-2014-9390
-Applied-Upstream: 3.2.3
-
---- a/mercurial/posix.py
-+++ b/mercurial/posix.py
-@@ -204,6 +204,7 @@ if sys.platform == 'darwin':
-         - escape-encode invalid characters
-         - decompose to NFD
-         - lowercase
-+        - omit ignored characters [200c-200f, 202a-202e, 206a-206f,feff]
- 
-         >>> normcase('UPPER')
-         'upper'
-@@ -262,7 +263,9 @@ if sys.platform == 'darwin':
-             u = s.decode('utf-8')
- 
-         # Decompose then lowercase (HFS+ technote specifies lower)
--        return unicodedata.normalize('NFD', u).lower().encode('utf-8')
-+        enc = unicodedata.normalize('NFD', u).lower().encode('utf-8')
-+        # drop HFS+ ignored characters
-+        return encoding.hfsignoreclean(enc)
- 
- if sys.platform == 'cygwin':
-     # workaround for cygwin, in which mount point part of path is
---- a/tests/test-casefolding.t
-+++ b/tests/test-casefolding.t
-@@ -200,12 +200,11 @@ case changes.
- We assume anyone running the tests on a case-insensitive volume on OS
- X will be using HFS+. If that's not true, this test will fail.
- 
--Bug: some codepoints are to be ignored on HFS+:
--
-   $ rm A
-   >>> open(u'a\u200c'.encode('utf-8'), 'w').write('unicode is fun')
-   $ hg status
-   M A
--  ? a\xe2\x80\x8c (esc)
-+
- #endif
-+
-   $ cd ..

Deleted: packages/mercurial/branches/jessie/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch
===================================================================
--- packages/mercurial/branches/jessie/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch	2014-12-22 10:37:17 UTC (rev 11641)
+++ packages/mercurial/branches/jessie/debian/patches/from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch	2014-12-23 09:33:36 UTC (rev 11642)
@@ -1,26 +0,0 @@
-Origin: http://selenic.com/repo/hg-stable/rev/035434b407be
-Description: test-casefolding.t: demonstrate a bug with HFS+ ignoring some codepoints
- This is a fix for CVE-2014-9390
-Applied-Upstream: 3.2.3
-
-diff --git a/tests/test-casefolding.t b/tests/test-casefolding.t
---- a/tests/test-casefolding.t
-+++ b/tests/test-casefolding.t
-@@ -195,4 +195,17 @@ case changes.
-   $ hg qrefresh a # issue 3271, qrefresh with file handled case wrong
-   $ hg status # empty status means the qrefresh worked
- 
-+#if osx
-+
-+We assume anyone running the tests on a case-insensitive volume on OS
-+X will be using HFS+. If that's not true, this test will fail.
-+
-+Bug: some codepoints are to be ignored on HFS+:
-+
-+  $ rm A
-+  >>> open(u'a\u200c'.encode('utf-8'), 'w').write('unicode is fun')
-+  $ hg status
-+  M A
-+  ? a\xe2\x80\x8c (esc)
-+#endif
-   $ cd ..

Modified: packages/mercurial/branches/jessie/debian/patches/series
===================================================================
--- packages/mercurial/branches/jessie/debian/patches/series	2014-12-22 10:37:17 UTC (rev 11641)
+++ packages/mercurial/branches/jessie/debian/patches/series	2014-12-23 09:33:36 UTC (rev 11642)
@@ -9,8 +9,6 @@
 for_upstream__dont_rm_usr_bin_python_when_running_testsuite.patch
 for_upstream__lenient_test-shelve.patch
 from_upstream__test-patchbomb_t_work_around_Python_change_d579866d6419_issue4188.patch
-from_upstream__test-casefolding_t_demonstrate_a_bug_with_HFS_ignoring_some_codepoints.patch
 from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch
 from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch
-from_upstream__darwin_omit_ignorable_codepoints_when_normcaseing_a_file_path.patch
 from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch

More information about the Python-apps-commits mailing list