[Python-modules-commits] r22805 - in packages/python-django/trunk/debian (3 files)
hertzog at users.alioth.debian.org
hertzog at users.alioth.debian.org
Mon Oct 22 09:08:09 UTC 2012
Date: Monday, October 22, 2012 @ 09:07:56
Author: hertzog
Revision: 22805
* New upstream security and maintenance release. Closes: #691145
Fixes: CVE-2012-4520
* Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
merged upstream.
Modified:
packages/python-django/trunk/debian/changelog
packages/python-django/trunk/debian/patches/series
Deleted:
packages/python-django/trunk/debian/patches/01_use_stdlib_htmlparser_when_possible.diff
Modified: packages/python-django/trunk/debian/changelog
===================================================================
--- packages/python-django/trunk/debian/changelog 2012-10-22 08:48:28 UTC (rev 22804)
+++ packages/python-django/trunk/debian/changelog 2012-10-22 09:07:56 UTC (rev 22805)
@@ -1,3 +1,12 @@
+python-django (1.4.2-1) unstable; urgency=high
+
+ * New upstream security and maintenance release. Closes: #691145
+ Fixes: CVE-2012-4520
+ * Drop 01_use_stdlib_htmlparser_when_possible.diff which has been
+ merged upstream.
+
+ -- Raphaël Hertzog <hertzog at debian.org> Mon, 22 Oct 2012 10:53:30 +0200
+
python-django (1.4.1-2) unstable; urgency=low
* New patch 01_use_stdlib_htmlparser_when_possible.diff to not override
Deleted: packages/python-django/trunk/debian/patches/01_use_stdlib_htmlparser_when_possible.diff
===================================================================
--- packages/python-django/trunk/debian/patches/01_use_stdlib_htmlparser_when_possible.diff 2012-10-22 08:48:28 UTC (rev 22804)
+++ packages/python-django/trunk/debian/patches/01_use_stdlib_htmlparser_when_possible.diff 2012-10-22 09:07:56 UTC (rev 22805)
@@ -1,213 +0,0 @@
-Description: Do not use Django's custom HTMLParser when the stdlib version works
- Django provided its own HTMLParser derived from stdlib's HTMLParser to
- work around a bug (http://bugs.python.org/issue670664). Unfortunately,
- this derived object breaks when the stdlib's HTMLParser is fixed.
- .
- Thus we modify Django to only use the derived objects with Python
- versions which are known to be affected by the problem.
-Author: David Watson <david at planetwatson.co.uk>
-Reviewed-by: Raphaël Hertzog <hertzog at debian.org>
-Origin: upstream, https://github.com/django/django/commit/57d9ccc4aaef0420f6ba60a26e6af4e83b803ae9
-Bug: https://code.djangoproject.com/ticket/18239
-Bug-Debian: http://bugs.debian.org/683648
-
-diff --git a/django/utils/html_parser.py b/django/utils/html_parser.py
-index b280057..4449461 100644
---- a/django/utils/html_parser.py
-+++ b/django/utils/html_parser.py
-@@ -1,98 +1,109 @@
- import HTMLParser as _HTMLParser
- import re
-+import sys
-
-+current_version = sys.version_info
-
--class HTMLParser(_HTMLParser.HTMLParser):
-- """
-- Patched version of stdlib's HTMLParser with patch from:
-- http://bugs.python.org/issue670664
-- """
-- def __init__(self):
-- _HTMLParser.HTMLParser.__init__(self)
-- self.cdata_tag = None
-+use_workaround = (
-+ (current_version < (2, 6, 8)) or
-+ (current_version >= (2, 7) and current_version < (2, 7, 3)) or
-+ (current_version >= (3, 0) and current_version < (3, 2, 3))
-+)
-
-- def set_cdata_mode(self, tag):
-- try:
-- self.interesting = _HTMLParser.interesting_cdata
-- except AttributeError:
-- self.interesting = re.compile(r'</\s*%s\s*>' % tag.lower(), re.I)
-- self.cdata_tag = tag.lower()
-+if not use_workaround:
-+ HTMLParser = _HTMLParser.HTMLParser
-+else:
-+ class HTMLParser(_HTMLParser.HTMLParser):
-+ """
-+ Patched version of stdlib's HTMLParser with patch from:
-+ http://bugs.python.org/issue670664
-+ """
-+ def __init__(self):
-+ _HTMLParser.HTMLParser.__init__(self)
-+ self.cdata_tag = None
-
-- def clear_cdata_mode(self):
-- self.interesting = _HTMLParser.interesting_normal
-- self.cdata_tag = None
-+ def set_cdata_mode(self, tag):
-+ try:
-+ self.interesting = _HTMLParser.interesting_cdata
-+ except AttributeError:
-+ self.interesting = re.compile(r'</\s*%s\s*>' % tag.lower(), re.I)
-+ self.cdata_tag = tag.lower()
-
-- # Internal -- handle starttag, return end or -1 if not terminated
-- def parse_starttag(self, i):
-- self.__starttag_text = None
-- endpos = self.check_for_whole_start_tag(i)
-- if endpos < 0:
-- return endpos
-- rawdata = self.rawdata
-- self.__starttag_text = rawdata[i:endpos]
-+ def clear_cdata_mode(self):
-+ self.interesting = _HTMLParser.interesting_normal
-+ self.cdata_tag = None
-+
-+ # Internal -- handle starttag, return end or -1 if not terminated
-+ def parse_starttag(self, i):
-+ self.__starttag_text = None
-+ endpos = self.check_for_whole_start_tag(i)
-+ if endpos < 0:
-+ return endpos
-+ rawdata = self.rawdata
-+ self.__starttag_text = rawdata[i:endpos]
-
-- # Now parse the data between i+1 and j into a tag and attrs
-- attrs = []
-- match = _HTMLParser.tagfind.match(rawdata, i + 1)
-- assert match, 'unexpected call to parse_starttag()'
-- k = match.end()
-- self.lasttag = tag = rawdata[i + 1:k].lower()
-+ # Now parse the data between i+1 and j into a tag and attrs
-+ attrs = []
-+ match = _HTMLParser.tagfind.match(rawdata, i + 1)
-+ assert match, 'unexpected call to parse_starttag()'
-+ k = match.end()
-+ self.lasttag = tag = rawdata[i + 1:k].lower()
-
-- while k < endpos:
-- m = _HTMLParser.attrfind.match(rawdata, k)
-- if not m:
-- break
-- attrname, rest, attrvalue = m.group(1, 2, 3)
-- if not rest:
-- attrvalue = None
-- elif attrvalue[:1] == '\'' == attrvalue[-1:] or \
-- attrvalue[:1] == '"' == attrvalue[-1:]:
-- attrvalue = attrvalue[1:-1]
-- attrvalue = self.unescape(attrvalue)
-- attrs.append((attrname.lower(), attrvalue))
-- k = m.end()
-+ while k < endpos:
-+ m = _HTMLParser.attrfind.match(rawdata, k)
-+ if not m:
-+ break
-+ attrname, rest, attrvalue = m.group(1, 2, 3)
-+ if not rest:
-+ attrvalue = None
-+ elif attrvalue[:1] == '\'' == attrvalue[-1:] or \
-+ attrvalue[:1] == '"' == attrvalue[-1:]:
-+ attrvalue = attrvalue[1:-1]
-+ attrvalue = self.unescape(attrvalue)
-+ attrs.append((attrname.lower(), attrvalue))
-+ k = m.end()
-
-- end = rawdata[k:endpos].strip()
-- if end not in (">", "/>"):
-- lineno, offset = self.getpos()
-- if "\n" in self.__starttag_text:
-- lineno = lineno + self.__starttag_text.count("\n")
-- offset = len(self.__starttag_text) \
-- - self.__starttag_text.rfind("\n")
-+ end = rawdata[k:endpos].strip()
-+ if end not in (">", "/>"):
-+ lineno, offset = self.getpos()
-+ if "\n" in self.__starttag_text:
-+ lineno = lineno + self.__starttag_text.count("\n")
-+ offset = len(self.__starttag_text) \
-+ - self.__starttag_text.rfind("\n")
-+ else:
-+ offset = offset + len(self.__starttag_text)
-+ self.error("junk characters in start tag: %r"
-+ % (rawdata[k:endpos][:20],))
-+ if end.endswith('/>'):
-+ # XHTML-style empty tag: <span attr="value" />
-+ self.handle_startendtag(tag, attrs)
- else:
-- offset = offset + len(self.__starttag_text)
-- self.error("junk characters in start tag: %r"
-- % (rawdata[k:endpos][:20],))
-- if end.endswith('/>'):
-- # XHTML-style empty tag: <span attr="value" />
-- self.handle_startendtag(tag, attrs)
-- else:
-- self.handle_starttag(tag, attrs)
-- if tag in self.CDATA_CONTENT_ELEMENTS:
-- self.set_cdata_mode(tag) # <--------------------------- Changed
-- return endpos
-+ self.handle_starttag(tag, attrs)
-+ if tag in self.CDATA_CONTENT_ELEMENTS:
-+ self.set_cdata_mode(tag) # <--------------------------- Changed
-+ return endpos
-
-- # Internal -- parse endtag, return end or -1 if incomplete
-- def parse_endtag(self, i):
-- rawdata = self.rawdata
-- assert rawdata[i:i + 2] == "</", "unexpected call to parse_endtag"
-- match = _HTMLParser.endendtag.search(rawdata, i + 1) # >
-- if not match:
-- return -1
-- j = match.end()
-- match = _HTMLParser.endtagfind.match(rawdata, i) # </ + tag + >
-- if not match:
-- if self.cdata_tag is not None: # *** add ***
-- self.handle_data(rawdata[i:j]) # *** add ***
-- return j # *** add ***
-- self.error("bad end tag: %r" % (rawdata[i:j],))
-- # --- changed start ---------------------------------------------------
-- tag = match.group(1).strip()
-- if self.cdata_tag is not None:
-- if tag.lower() != self.cdata_tag:
-- self.handle_data(rawdata[i:j])
-- return j
-- # --- changed end -----------------------------------------------------
-- self.handle_endtag(tag.lower())
-- self.clear_cdata_mode()
-- return j
-+ # Internal -- parse endtag, return end or -1 if incomplete
-+ def parse_endtag(self, i):
-+ rawdata = self.rawdata
-+ assert rawdata[i:i + 2] == "</", "unexpected call to parse_endtag"
-+ match = _HTMLParser.endendtag.search(rawdata, i + 1) # >
-+ if not match:
-+ return -1
-+ j = match.end()
-+ match = _HTMLParser.endtagfind.match(rawdata, i) # </ + tag + >
-+ if not match:
-+ if self.cdata_tag is not None: # *** add ***
-+ self.handle_data(rawdata[i:j]) # *** add ***
-+ return j # *** add ***
-+ self.error("bad end tag: %r" % (rawdata[i:j],))
-+ # --- changed start ---------------------------------------------------
-+ tag = match.group(1).strip()
-+ if self.cdata_tag is not None:
-+ if tag.lower() != self.cdata_tag:
-+ self.handle_data(rawdata[i:j])
-+ return j
-+ # --- changed end -----------------------------------------------------
-+ self.handle_endtag(tag.lower())
-+ self.clear_cdata_mode()
-+ return j
Modified: packages/python-django/trunk/debian/patches/series
===================================================================
--- packages/python-django/trunk/debian/patches/series 2012-10-22 08:48:28 UTC (rev 22804)
+++ packages/python-django/trunk/debian/patches/series 2012-10-22 09:07:56 UTC (rev 22805)
@@ -1,4 +1,3 @@
-01_use_stdlib_htmlparser_when_possible.diff
02_disable-sources-in-sphinxdoc.diff
03_manpage.diff
06_use_debian_geoip_database_as_default.diff
More information about the Python-modules-commits
mailing list