[Git][haskell-team/DHG_packages][master] cmark-gfm: Remove embedded copy of cmark-gfm library
Ilias Tsitsimpis
gitlab at salsa.debian.org
Fri Sep 4 08:57:39 BST 2020
Ilias Tsitsimpis pushed to branch master at Debian Haskell Group / DHG_packages
Commits:
0e1d448b by Ilias Tsitsimpis at 2020-09-04T10:46:16+03:00
cmark-gfm: Remove embedded copy of cmark-gfm library
- - - - -
5 changed files:
- p/haskell-cmark-gfm/debian/changelog
- p/haskell-cmark-gfm/debian/control
- p/haskell-cmark-gfm/debian/copyright
- p/haskell-cmark-gfm/debian/rules
- p/haskell-cmark-gfm/debian/watch
Changes:
=====================================
p/haskell-cmark-gfm/debian/changelog
=====================================
@@ -1,3 +1,10 @@
+haskell-cmark-gfm (0.2.1+ds1-1) unstable; urgency=medium
+
+ * Remove embedded copy of cmark-gfm library, use libcmark-gfm-dev instead
+ (CVE-2020-5238, Closes: #965982)
+
+ -- Ilias Tsitsimpis <iliastsi at debian.org> Fri, 04 Sep 2020 10:45:40 +0300
+
haskell-cmark-gfm (0.2.1-1) unstable; urgency=medium
* New upstream release
=====================================
p/haskell-cmark-gfm/debian/control
=====================================
@@ -11,8 +11,11 @@ Build-Depends: debhelper (>= 10),
ghc-prof,
libghc-hunit-dev (>= 1.2),
libghc-hunit-dev (<< 1.7),
+ libcmark-gfm-dev (>= 0.29.0.gfm.0-6),
+ libcmark-gfm-extensions-dev (>= 0.29.0.gfm.0-6),
+ pkg-config,
Build-Depends-Indep: ghc-doc,
-Standards-Version: 4.1.4
+Standards-Version: 4.5.0
Homepage: https://github.com/kivikakk/cmark-gfm-hs
X-Description: fast, accurate GitHub Flavored Markdown parser and renderer
This package provides Haskell bindings for libcmark-gfm, the reference
@@ -24,6 +27,8 @@ Architecture: any
Depends: ${haskell:Depends},
${misc:Depends},
${shlibs:Depends},
+ libcmark-gfm-dev,
+ libcmark-gfm-extensions-dev,
Recommends: ${haskell:Recommends},
Suggests: ${haskell:Suggests},
Conflicts: ${haskell:Conflicts},
=====================================
p/haskell-cmark-gfm/debian/copyright
=====================================
@@ -2,35 +2,13 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: cmark-gfm
Upstream-Contact: kivikakk at github.com
Source: https://hackage.haskell.org/package/cmark-gfm
+Files-Excluded: cbits
Files: *
Copyright: 2015-2017 John MacFarlane
2017 Yuki Izumi
License: BSD-3-clause
-Files: cbits/*
-Copyright: 2014 John MacFarlane
-License: BSD-2-clause
-
-Files: cbits/houdini_href_e.c
- cbits/houdini_html_u.c
- cbits/houdini_html_e.c
- cbits/houdini.h
- cbits/html_unescape.h
-Copyright: 2012 Vicent MartÃ
- 2015-2017 John MacFarlane
-License: Expat
-
-Files: cbits/buffer.h cbits/buffer.c cbits/chunk.h
-Copyright: 2012 Github, Inc.
- 2015-2017 John MacFarlane
-License: Expat
-
-Files: cbits/utf8.h cbits/utf8.c
-Copyright: 2009 Public Software Group e. V.
- 2015-2017 John MacFarlane
-License: Expat
-
Files: debian/*
Copyright: held by the contributors mentioned in debian/changelog
License: Expat
@@ -64,30 +42,6 @@ License: BSD-3-clause
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.
-License: BSD-2-clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- .
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
License: Expat
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
=====================================
p/haskell-cmark-gfm/debian/rules
=====================================
@@ -5,5 +5,7 @@ DEB_SETUP_BIN_NAME = debian/hlibrary.setup
DEB_CABAL_PACKAGE = cmark-gfm
DEB_DEFAULT_COMPILER = ghc
+DEB_SETUP_GHC_CONFIGURE_ARGS += -fpkgconfig
+
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/class/hlibrary.mk
=====================================
p/haskell-cmark-gfm/debian/watch
=====================================
@@ -1,2 +1,3 @@
version=3
+opts=repacksuffix=+ds1,dversionmangle=s/\+ds\d+$// \
https://hackage.haskell.org/package/cmark-gfm/distro-monitor .*-([0-9\.]+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
View it on GitLab: https://salsa.debian.org/haskell-team/DHG_packages/-/commit/0e1d448bdd7bd62f71fc06d5893cdad1c6f0a447
--
View it on GitLab: https://salsa.debian.org/haskell-team/DHG_packages/-/commit/0e1d448bdd7bd62f71fc06d5893cdad1c6f0a447
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-commits/attachments/20200904/d92ecc6f/attachment-0001.html>
More information about the Pkg-haskell-commits
mailing list