[Python-apps-commits] r11708 - in packages/archmage/tags (6 files)
dottedmag at users.alioth.debian.org
dottedmag at users.alioth.debian.org
Mon Feb 2 08:56:01 UTC 2015
Date: Monday, February 2, 2015 @ 08:56:00
Author: dottedmag
Revision: 11708
[svn-buildpackage] Tagging archmage 1:0.2.4-4
Added:
packages/archmage/tags/1:0.2.4-4/
packages/archmage/tags/1:0.2.4-4/debian/changelog
(from rev 11707, packages/archmage/trunk/debian/changelog)
packages/archmage/tags/1:0.2.4-4/debian/patches/fix-directory-traversal.patch
(from rev 11706, packages/archmage/trunk/debian/patches/fix-directory-traversal.patch)
packages/archmage/tags/1:0.2.4-4/debian/patches/series
(from rev 11706, packages/archmage/trunk/debian/patches/series)
Deleted:
packages/archmage/tags/1:0.2.4-4/debian/changelog
packages/archmage/tags/1:0.2.4-4/debian/patches/series
Deleted: packages/archmage/tags/1:0.2.4-4/debian/changelog
===================================================================
--- packages/archmage/trunk/debian/changelog 2015-02-02 00:54:45 UTC (rev 11705)
+++ packages/archmage/tags/1:0.2.4-4/debian/changelog 2015-02-02 08:56:00 UTC (rev 11708)
@@ -1,169 +0,0 @@
-archmage (1:0.2.4-4) UNRELEASED; urgency=low
-
- * Use canonical URIs for Vcs-* fields.
-
- -- Jakub Wilk <jwilk at debian.org> Sun, 05 May 2013 18:04:51 +0200
-
-archmage (1:0.2.4-3) unstable; urgency=low
-
- * Convert package to use dh_python2 (Closes: #631395)
- * Drop preinst, it was only necessary for pycentral -> pysupport
- conversion, happened in Squeeze.
- * Bump Standards-Version, no changes required.
-
- -- Mikhail Gusarov <dottedmag at debian.org> Sun, 14 Aug 2011 23:17:02 +0200
-
-archmage (1:0.2.4-2) unstable; urgency=low
-
- * Convert package to 3.0 (quilt).
- * Use debhelper 7 instead of cdbs.
- * Install upstream NEWS file as changelog.
- * Bump Standards-Version, no changes required.
- * Remove debian/pycompat, it is not useful anymore.
- * Make debian/copyright machine readable.
- * Demote links, elinks and htmldoc Recommends to Suggests (Closes: #587035).
-
- -- Mikhail Gusarov <dottedmag at debian.org> Tue, 29 Jun 2010 15:32:54 +0700
-
-archmage (1:0.2.4-1) unstable; urgency=low
-
- * New upstream release
- - Fixes bug with improper unpacking of CHM files containing index.html
- (Closes: #534616).
- * Standards-Version bumped to 3.8.2, no changes required.
- * Added python-beautifulsoup to Depends, required upstream.
- * Added elinks | links to Recommends, enables convertion to plain text.
- * Added htmldoc to Recommends, enables convertion to pdf.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 06 Aug 2009 00:05:12 +0700
-
-archmage (1:0.2.3-1) unstable; urgency=low
-
- * New upstream release.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 14 Jun 2009 17:40:51 +0700
-
-archmage (1:0.2-1) unstable; urgency=low
-
- * New upstream release.
- - Fixes traceback on error path if destination directory already
- exists (Closes: #521042).
- - Removed html_to_text.py-is-not-executable.diff patch, no longer
- relevant.
- * Standards-Version bumped to 3.8.1, no changes required.
- * Switched to python-support.
- - added preinst script to de-register from pycentral.
- * python-all-dev build-dependency relaxed to python, as no binary
- modules are built.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 02 Apr 2009 15:55:49 +0700
-
-archmage (1:0.1.9-3) unstable; urgency=low
-
- [ Mikhail Gusarov ]
- * Added description to patches (lintian warning):
- - debian/patches/python-interpreter.diff
- - debian/patches/html_to_text.py-is-not-executable.diff
- * debian/control:
- - More detailed description (lintian warning).
- - Standards-Version bumped to 3.8.0:
- + debian/README.source added.
-
- [ Sandro Tosi ]
- * debian/control
- - switch Vcs-Browser field to viewsvn
-
- [ Marco Rodrigues ]
- * debian/control:
- + Add ${misc:Depends} to Depends to remove
- lintian warning.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Tue, 17 Feb 2009 00:20:21 +0600
-
-archmage (1:0.1.9-2) unstable; urgency=low
-
- [ Mikhail Gusarov ]
- * Package is now maintained in PAPT:
- - PAPT added to Uploaders.
- * python-central dependency bumped to >= 0.6, fixing spurious empty
- /usr/lib in package.
- * Standards-Version bumped to 3.7.3, no changes needed.
- * Watchfile updated: 0.1.9beta1 < 0.1.9 according to upstream developer.
-
- [ Piotr Ożarowski ]
- * Vcs-Svn, Vcs-Browser and Homepage fields added.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 01 May 2008 23:18:00 +0700
-
-archmage (1:0.1.9-1) unstable; urgency=low
-
- * New upstream release.
- * Epoch 1, because 0.1.9beta1 > 0.1.9. Shame on me :(
- * New patch: html_to_text.py-is-not-executable.diff, removing useless #!
- on python module.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 12 Jul 2007 00:53:38 +0700
-
-archmage (0.1.9beta1-1) unstable; urgency=low
-
- * New upstream release (yes, it's named 'beta', but this is
- regular release, author just targets 1.0 soon):
- * Copyright file updated.
- * toc-extension-case-insensitive.diff patch dropped: applied upstream.
- * python-interpreter.diff patch refreshed.
- * manpage moved from debian/archmage.1 to archmage.1.
- * libapache-mod-python removed from Suggests: Apache 1 is no longer in
- sid (Closes: #429714).
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Wed, 04 Jul 2007 15:04:45 +0700
-
-archmage (0.0.8-2) unstable; urgency=low
-
- * Added patch fixing problem with uppercase extensions of
- table-of-contents files, taken from upstream (Ubuntu: #99758).
- * Description updated: irrelevant parts removed (Closes: #429241).
- * Copyright updated (Closes: 429240).
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 17 Jun 2007 00:33:13 +0700
-
-archmage (0.0.8-1) unstable; urgency=low
-
- * New upstream release
- * Using quilt to manage patches
- * Debhelper compatibilty level bumped to 5. No changes required.
- * Added watch file.
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 21 Jan 2007 18:44:45 +0600
-
-archmage (0.0.7-2) unstable; urgency=low
-
- * First upload to unstable (Closes: #204606)
-
- * Added libapache2-mod-python to Suggests
- * Converted to use python-central
- * Policy bumped to 3.7.2. No changes required
- * Build-Depends adjusted as lintian suggests
- * Updated FSF address
- * Fixed syntax in archmage.1 manpage
- * /usr/bin/archmage uses #!/usr/bin/python
-
- -- Mikhail Gusarov <dottedmag at dottedmag.net> Sat, 7 Oct 2006 01:10:54 +0700
-
-archmage (0.0.7-1) unstable; urgency=low
-
- * New upstream release
-
- -- Basil Shubin <bashu at users.sourceforge.net> Fri, 24 Feb 2006 16:49:20 +0600
-
-archmage (0.0.7-pre2-1) unstable; urgency=low
-
- * New upstream release
- * Fixed: debian/archmage.1
-
- -- Basil Shubin <bashu at surgut.ru> Mon, 22 Aug 2005 20:19:51 +0700
-
-archmage (0.0.7-pre1-1) unstable; urgency=low
-
- * Initial Release (Closes: #313203, #204606).
-
- -- Basil Shubin <bashu at surgut.ru> Fri, 19 Aug 2005 08:01:55 +0700
Copied: packages/archmage/tags/1:0.2.4-4/debian/changelog (from rev 11707, packages/archmage/trunk/debian/changelog)
===================================================================
--- packages/archmage/tags/1:0.2.4-4/debian/changelog (rev 0)
+++ packages/archmage/tags/1:0.2.4-4/debian/changelog 2015-02-02 08:56:00 UTC (rev 11708)
@@ -0,0 +1,173 @@
+archmage (1:0.2.4-4) unstable; urgency=high
+
+ [ Jakub Wilk ]
+ * Use canonical URIs for Vcs-* fields.
+
+ [ Mikhail Gusarov ]
+ * Fix directory traversal bug (Closes: #776164).
+
+ -- Mikhail Gusarov <dottedmag at debian.org> Mon, 02 Feb 2015 09:54:13 +0100
+
+archmage (1:0.2.4-3) unstable; urgency=low
+
+ * Convert package to use dh_python2 (Closes: #631395)
+ * Drop preinst, it was only necessary for pycentral -> pysupport
+ conversion, happened in Squeeze.
+ * Bump Standards-Version, no changes required.
+
+ -- Mikhail Gusarov <dottedmag at debian.org> Sun, 14 Aug 2011 23:17:02 +0200
+
+archmage (1:0.2.4-2) unstable; urgency=low
+
+ * Convert package to 3.0 (quilt).
+ * Use debhelper 7 instead of cdbs.
+ * Install upstream NEWS file as changelog.
+ * Bump Standards-Version, no changes required.
+ * Remove debian/pycompat, it is not useful anymore.
+ * Make debian/copyright machine readable.
+ * Demote links, elinks and htmldoc Recommends to Suggests (Closes: #587035).
+
+ -- Mikhail Gusarov <dottedmag at debian.org> Tue, 29 Jun 2010 15:32:54 +0700
+
+archmage (1:0.2.4-1) unstable; urgency=low
+
+ * New upstream release
+ - Fixes bug with improper unpacking of CHM files containing index.html
+ (Closes: #534616).
+ * Standards-Version bumped to 3.8.2, no changes required.
+ * Added python-beautifulsoup to Depends, required upstream.
+ * Added elinks | links to Recommends, enables convertion to plain text.
+ * Added htmldoc to Recommends, enables convertion to pdf.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 06 Aug 2009 00:05:12 +0700
+
+archmage (1:0.2.3-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 14 Jun 2009 17:40:51 +0700
+
+archmage (1:0.2-1) unstable; urgency=low
+
+ * New upstream release.
+ - Fixes traceback on error path if destination directory already
+ exists (Closes: #521042).
+ - Removed html_to_text.py-is-not-executable.diff patch, no longer
+ relevant.
+ * Standards-Version bumped to 3.8.1, no changes required.
+ * Switched to python-support.
+ - added preinst script to de-register from pycentral.
+ * python-all-dev build-dependency relaxed to python, as no binary
+ modules are built.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 02 Apr 2009 15:55:49 +0700
+
+archmage (1:0.1.9-3) unstable; urgency=low
+
+ [ Mikhail Gusarov ]
+ * Added description to patches (lintian warning):
+ - debian/patches/python-interpreter.diff
+ - debian/patches/html_to_text.py-is-not-executable.diff
+ * debian/control:
+ - More detailed description (lintian warning).
+ - Standards-Version bumped to 3.8.0:
+ + debian/README.source added.
+
+ [ Sandro Tosi ]
+ * debian/control
+ - switch Vcs-Browser field to viewsvn
+
+ [ Marco Rodrigues ]
+ * debian/control:
+ + Add ${misc:Depends} to Depends to remove
+ lintian warning.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Tue, 17 Feb 2009 00:20:21 +0600
+
+archmage (1:0.1.9-2) unstable; urgency=low
+
+ [ Mikhail Gusarov ]
+ * Package is now maintained in PAPT:
+ - PAPT added to Uploaders.
+ * python-central dependency bumped to >= 0.6, fixing spurious empty
+ /usr/lib in package.
+ * Standards-Version bumped to 3.7.3, no changes needed.
+ * Watchfile updated: 0.1.9beta1 < 0.1.9 according to upstream developer.
+
+ [ Piotr Ożarowski ]
+ * Vcs-Svn, Vcs-Browser and Homepage fields added.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 01 May 2008 23:18:00 +0700
+
+archmage (1:0.1.9-1) unstable; urgency=low
+
+ * New upstream release.
+ * Epoch 1, because 0.1.9beta1 > 0.1.9. Shame on me :(
+ * New patch: html_to_text.py-is-not-executable.diff, removing useless #!
+ on python module.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Thu, 12 Jul 2007 00:53:38 +0700
+
+archmage (0.1.9beta1-1) unstable; urgency=low
+
+ * New upstream release (yes, it's named 'beta', but this is
+ regular release, author just targets 1.0 soon):
+ * Copyright file updated.
+ * toc-extension-case-insensitive.diff patch dropped: applied upstream.
+ * python-interpreter.diff patch refreshed.
+ * manpage moved from debian/archmage.1 to archmage.1.
+ * libapache-mod-python removed from Suggests: Apache 1 is no longer in
+ sid (Closes: #429714).
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Wed, 04 Jul 2007 15:04:45 +0700
+
+archmage (0.0.8-2) unstable; urgency=low
+
+ * Added patch fixing problem with uppercase extensions of
+ table-of-contents files, taken from upstream (Ubuntu: #99758).
+ * Description updated: irrelevant parts removed (Closes: #429241).
+ * Copyright updated (Closes: 429240).
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 17 Jun 2007 00:33:13 +0700
+
+archmage (0.0.8-1) unstable; urgency=low
+
+ * New upstream release
+ * Using quilt to manage patches
+ * Debhelper compatibilty level bumped to 5. No changes required.
+ * Added watch file.
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Sun, 21 Jan 2007 18:44:45 +0600
+
+archmage (0.0.7-2) unstable; urgency=low
+
+ * First upload to unstable (Closes: #204606)
+
+ * Added libapache2-mod-python to Suggests
+ * Converted to use python-central
+ * Policy bumped to 3.7.2. No changes required
+ * Build-Depends adjusted as lintian suggests
+ * Updated FSF address
+ * Fixed syntax in archmage.1 manpage
+ * /usr/bin/archmage uses #!/usr/bin/python
+
+ -- Mikhail Gusarov <dottedmag at dottedmag.net> Sat, 7 Oct 2006 01:10:54 +0700
+
+archmage (0.0.7-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Basil Shubin <bashu at users.sourceforge.net> Fri, 24 Feb 2006 16:49:20 +0600
+
+archmage (0.0.7-pre2-1) unstable; urgency=low
+
+ * New upstream release
+ * Fixed: debian/archmage.1
+
+ -- Basil Shubin <bashu at surgut.ru> Mon, 22 Aug 2005 20:19:51 +0700
+
+archmage (0.0.7-pre1-1) unstable; urgency=low
+
+ * Initial Release (Closes: #313203, #204606).
+
+ -- Basil Shubin <bashu at surgut.ru> Fri, 19 Aug 2005 08:01:55 +0700
Copied: packages/archmage/tags/1:0.2.4-4/debian/patches/fix-directory-traversal.patch (from rev 11706, packages/archmage/trunk/debian/patches/fix-directory-traversal.patch)
===================================================================
--- packages/archmage/tags/1:0.2.4-4/debian/patches/fix-directory-traversal.patch (rev 0)
+++ packages/archmage/tags/1:0.2.4-4/debian/patches/fix-directory-traversal.patch 2015-02-02 08:56:00 UTC (rev 11708)
@@ -0,0 +1,33 @@
+From 51e60c8eaef774cab152a54a87329a15530cd6eb Mon Sep 17 00:00:00 2001
+From: Mikhail Gusarov <dottedmag at dottedmag.net>
+Date: Sun, 25 Jan 2015 17:22:30 +0100
+Subject: [PATCH] Fix directory traversal bug (Debian #776164)
+
+---
+ archmod/CHM.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/archmod/CHM.py b/archmod/CHM.py
+index 78d6e5f..44113a5 100644
+--- a/archmod/CHM.py
++++ b/archmod/CHM.py
+@@ -26,6 +26,7 @@ except ImportError, msg:
+ from archmod.chmtotext import chmtotext
+ from archmod.htmldoc import htmldoc
+
++PARENT_RE = re.compile(r'(^|/|\\)\.\.(/|\\|$)')
+
+ class CHMDir(Cached):
+ """Class that represent CHM content from directory"""
+@@ -222,6 +223,8 @@ class CHMDir(Cached):
+ # if entry is auxiliary file, than skip it
+ if re.match(self.aux_re, e):
+ continue
++ if PARENT_RE.search(e):
++ raise RuntimeError('Giving up on malicious name: %s' % e)
+ self.extract_entry(e, output_file=e, destdir=destdir, correct=correct)
+
+ def extract(self, destdir):
+--
+2.2.1
+
Deleted: packages/archmage/tags/1:0.2.4-4/debian/patches/series
===================================================================
--- packages/archmage/trunk/debian/patches/series 2015-02-02 00:54:45 UTC (rev 11705)
+++ packages/archmage/tags/1:0.2.4-4/debian/patches/series 2015-02-02 08:56:00 UTC (rev 11708)
@@ -1 +0,0 @@
-python-interpreter.diff
Copied: packages/archmage/tags/1:0.2.4-4/debian/patches/series (from rev 11706, packages/archmage/trunk/debian/patches/series)
===================================================================
--- packages/archmage/tags/1:0.2.4-4/debian/patches/series (rev 0)
+++ packages/archmage/tags/1:0.2.4-4/debian/patches/series 2015-02-02 08:56:00 UTC (rev 11708)
@@ -0,0 +1,2 @@
+python-interpreter.diff
+fix-directory-traversal.patch
More information about the Python-apps-commits
mailing list