summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/TODO3
-rw-r--r--debian/changelog73
-rw-r--r--debian/control38
-rw-r--r--debian/copyright38
-rw-r--r--debian/gbp.conf3
-rw-r--r--debian/patches/0001-fix-unnecessary-asserts-leading-to-crashes.patch116
-rw-r--r--debian/patches/0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch47
-rw-r--r--debian/patches/series2
-rwxr-xr-xdebian/rules23
-rw-r--r--debian/salsa-ci.yml5
-rw-r--r--debian/source/format1
-rw-r--r--debian/source/options1
-rw-r--r--debian/tests/control11
-rw-r--r--debian/tests/unittests20
-rw-r--r--debian/upstream/metadata4
-rw-r--r--debian/watch3
16 files changed, 388 insertions, 0 deletions
diff --git a/debian/TODO b/debian/TODO
new file mode 100644
index 0000000..b83310b
--- /dev/null
+++ b/debian/TODO
@@ -0,0 +1,3 @@
+* Package myst-nb to build the python-markdown-it-py-doc package.
+* Package linkify and activate the tests that depends on linkify
+ (see #997970).
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..0442b28
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,73 @@
+markdown-it-py (2.1.0-5) unstable; urgency=high
+
+ * d/paches: Add patches from upstream to fix CVE-2023-26302 and
+ CVE-2023-26303 (Closes: #1031764).
+ - The patches added are:
+ 0001-fix-unnecessary-asserts-leading-to-crashes.patch and
+ 0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch.
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Fri, 31 Mar 2023 07:50:42 -0300
+
+markdown-it-py (2.1.0-4) unstable; urgency=medium
+
+ * Team upload.
+ * Source-only upload to allow testing migration.
+
+ [ Debian Janitor ]
+ * Trim trailing whitespace.
+
+ -- Boyuan Yang <byang@debian.org> Sat, 01 Oct 2022 10:49:00 -0400
+
+markdown-it-py (2.1.0-3) unstable; urgency=medium
+
+ * d/control: Version flit in build depends to be according to
+ pyproject.toml (Closes: #1013204).
+ - Patch provided by David Paul <davidpaul@librem.one>.
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Thu, 21 Jul 2022 11:38:34 -0300
+
+markdown-it-py (2.1.0-2) unstable; urgency=medium
+
+ * source-only upload
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Sun, 22 May 2022 11:05:59 -0300
+
+markdown-it-py (2.1.0-1) unstable; urgency=medium
+
+ * New upstream version.
+ * d/control: Build with pybuild's pyproject plugin. Add
+ pybuild-plugin-pyproject as Build Depends.
+ - Add flit as Build Dependency. Remove setuptools, it's not longer used.
+ * d/copyright: Update Copyright year for debian/* files.
+ * d/salsa-ci.yml: Re-introduce the salsa-ci file.
+ * d/control: Bump Standards-Version to 4.6.1 (from 4.6.0.1; no changes
+ needed).
+ * d/control: Remove trivial autopkgtest-pkg-python.
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Thu, 19 May 2022 11:22:59 -0300
+
+markdown-it-py (2.0.1-1) unstable; urgency=medium
+
+ * New upstream version.
+ * d/control: Add python3-mdurl as dependency.
+ * d/copyright: Add copyright entry for markdown_it/_punycode.py file.
+ * d/control: Remove python3-pytest-cov package as build deps.
+ - It's not used during build.
+ * d/tests/control: Stop using @builddeps@. Add python3-all,
+ python3-commonmark, python3-markdown, python3-mistletoe,
+ python3-mistune, python3-psutil, python3-pytest,
+ python3-pytest-benchmark, python3-pytest-regressions as Depends.
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Sat, 26 Mar 2022 13:55:59 -0300
+
+markdown-it-py (1.1.0-2) unstable; urgency=medium
+
+ * source-only upload
+
+ -- Sandro Tosi <morph@debian.org> Sun, 02 Jan 2022 12:30:49 -0500
+
+markdown-it-py (1.1.0-1) unstable; urgency=low
+
+ * Initial release (Closes: 997044).
+
+ -- Emmanuel Arias <eamanu@yaerobi.com> Mon, 25 Oct 2021 16:07:05 +0000
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..6e9be6f
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,38 @@
+Source: markdown-it-py
+Section: python
+Priority: optional
+Maintainer: Debian Python Team <team+python@tracker.debian.org>
+Uploaders: Emmanuel Arias <eamanu@yaerobi.com>,
+Build-Depends: debhelper-compat (= 13),
+ flit (<< 4),
+ flit (>= 3.2),
+ pybuild-plugin-pyproject,
+ python3-all,
+ python3-attr,
+ python3-commonmark <!nocheck>,
+ python3-markdown <!nocheck>,
+ python3-mdurl,
+ python3-mistletoe <!nocheck>,
+ python3-mistune <!nocheck>,
+ python3-psutil <!nocheck>,
+ python3-pytest <!nocheck>,
+ python3-pytest-benchmark <!nocheck>,
+ python3-pytest-regressions <!nocheck>,
+ python3-sphinx,
+Standards-Version: 4.6.1
+Rules-Requires-Root: no
+Homepage: https://github.com/executablebooks/markdown-it-py
+Vcs-Git: https://salsa.debian.org/python-team/packages/markdown-it-py.git
+Vcs-Browser: https://salsa.debian.org/python-team/packages/markdown-it-py
+
+Package: python3-markdown-it
+Architecture: all
+Depends: ${misc:Depends},
+ ${python3:Depends},
+Recommends: ${python3:Recommends},
+Suggests: ${python3:Suggests},
+Description: Python port of markdown-it and some its associated plugins
+ High speed Python markdown parser based in markdown-it. markdown-it-py
+ follows the CommonMark spec for baseline parsing. Also, new syntax
+ rules can be added and even replace existing ones. New syntax extensions
+ can be added to extend the parser.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..5203b00
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,38 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: markdown-it-py
+Upstream-Contact: Chris Sewell <chrisj_sewell@hotmail.com>
+Source: https://github.com/executablebooks/markdown-it-py
+
+Files: *
+Copyright: 2020 Chris Sewell <chrisj_sewell@hotmail.com>
+ 2020 ExecutableBookProject
+ 2014 Vitaly Puzrin, Alex Kocharin
+License: expat
+
+Files: markdown_it/_punycode.py
+Copyright: 2014 Mathias Bynens <https://mathiasbynens.be/>
+ 2021 Taneli Hukkinen
+License: expat
+
+Files: debian/*
+Copyright: 2021-2022 Emmanuel Arias <eamanu@yaerobi.com>
+License: expat
+
+License: expat
+ Permission is hereby granted, free of charge, to any person obtaining
+ a copy of this software and associated documentation files (the "Software"),
+ to deal in the Software without restriction, including without limitation
+ the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ and/or sell copies of the Software, and to permit persons to whom the
+ Software is furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included
+ in all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+ DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
+ OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..47fe321
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,3 @@
+[DEFAULT]
+pristine-tar = True
+debian-branch = debian/master
diff --git a/debian/patches/0001-fix-unnecessary-asserts-leading-to-crashes.patch b/debian/patches/0001-fix-unnecessary-asserts-leading-to-crashes.patch
new file mode 100644
index 0000000..ded7e70
--- /dev/null
+++ b/debian/patches/0001-fix-unnecessary-asserts-leading-to-crashes.patch
@@ -0,0 +1,116 @@
+From ae03c6107dfa18e648f6fdd1280f5b89092d5d49 Mon Sep 17 00:00:00 2001
+From: Chris Sewell <chrisj_sewell@hotmail.com>
+Date: Wed, 22 Feb 2023 05:56:39 +0100
+Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20CVE-2023-26303=20(#246)?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Bug-Debian: https://bugs.debian.org/1031764
+
+Fix unnecessary asserts, leading to crashes
+---
+ markdown_it/renderer.py | 20 ++++++++------------
+ markdown_it/rules_core/replacements.py | 3 ++-
+ markdown_it/rules_core/smartquotes.py | 4 ++--
+ tests/test_port/fixtures/issue-fixes.md | 9 +++++++++
+ tests/test_port/test_fixtures.py | 1 +
+ 5 files changed, 22 insertions(+), 15 deletions(-)
+
+Index: markdown-it-py-2.1.0/markdown_it/renderer.py
+===================================================================
+--- markdown-it-py-2.1.0.orig/markdown_it/renderer.py 2023-03-31 07:50:21.639213371 -0300
++++ markdown-it-py-2.1.0/markdown_it/renderer.py 2023-03-31 07:50:21.635213318 -0300
+@@ -84,8 +84,8 @@
+ for i, token in enumerate(tokens):
+
+ if token.type == "inline":
+- assert token.children is not None
+- result += self.renderInline(token.children, options, env)
++ if token.children:
++ result += self.renderInline(token.children, options, env)
+ elif token.type in self.rules:
+ result += self.rules[token.type](tokens, i, options, env)
+ else:
+@@ -207,8 +207,8 @@
+ if token.type == "text":
+ result += token.content
+ elif token.type == "image":
+- assert token.children is not None
+- result += self.renderInlineAsText(token.children, options, env)
++ if token.children:
++ result += self.renderInlineAsText(token.children, options, env)
+ elif token.type == "softbreak":
+ result += "\n"
+
+@@ -306,14 +306,10 @@
+
+ # "alt" attr MUST be set, even if empty. Because it's mandatory and
+ # should be placed on proper position for tests.
+-
+- assert (
+- token.attrs and "alt" in token.attrs
+- ), '"image" token\'s attrs must contain `alt`'
+-
+- # Replace content with actual value
+-
+- token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
++ if token.children:
++ token.attrSet("alt", self.renderInlineAsText(token.children, options, env))
++ else:
++ token.attrSet("alt", "")
+
+ return self.renderToken(tokens, idx, options, env)
+
+Index: markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py
+===================================================================
+--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/replacements.py 2023-03-31 07:50:21.639213371 -0300
++++ markdown-it-py-2.1.0/markdown_it/rules_core/replacements.py 2023-03-31 07:50:21.635213318 -0300
+@@ -116,7 +116,8 @@
+ for token in state.tokens:
+ if token.type != "inline":
+ continue
+- assert token.children is not None
++ if token.children is None:
++ continue
+
+ if SCOPED_ABBR_RE.search(token.content):
+ replace_scoped(token.children)
+Index: markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py
+===================================================================
+--- markdown-it-py-2.1.0.orig/markdown_it/rules_core/smartquotes.py 2023-03-31 07:50:21.639213371 -0300
++++ markdown-it-py-2.1.0/markdown_it/rules_core/smartquotes.py 2023-03-31 07:50:21.635213318 -0300
+@@ -198,5 +198,5 @@
+
+ if token.type != "inline" or not QUOTE_RE.search(token.content):
+ continue
+- assert token.children is not None
+- process_inlines(token.children, state)
++ if token.children is not None:
++ process_inlines(token.children, state)
+Index: markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md
+===================================================================
+--- markdown-it-py-2.1.0.orig/tests/test_port/fixtures/issue-fixes.md 2023-03-31 07:50:21.639213371 -0300
++++ markdown-it-py-2.1.0/tests/test_port/fixtures/issue-fixes.md 2023-03-31 07:50:21.635213318 -0300
+@@ -36,3 +36,12 @@
+ .
+ <p>💬</p>
+ .
++
++Fix CVE-2023-26303
++.
++![![]()
++]([)
++.
++<p><img src="%5B" alt="
++" /></p>
++.
+Index: markdown-it-py-2.1.0/tests/test_port/test_fixtures.py
+===================================================================
+--- markdown-it-py-2.1.0.orig/tests/test_port/test_fixtures.py 2023-03-31 07:50:21.639213371 -0300
++++ markdown-it-py-2.1.0/tests/test_port/test_fixtures.py 2023-03-31 07:50:21.635213318 -0300
+@@ -111,4 +111,5 @@
+ def test_issue_fixes(line, title, input, expected):
+ md = MarkdownIt()
+ text = md.render(input)
++ print(text)
+ assert text.rstrip() == expected.rstrip()
diff --git a/debian/patches/0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch b/debian/patches/0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch
new file mode 100644
index 0000000..f244847
--- /dev/null
+++ b/debian/patches/0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch
@@ -0,0 +1,47 @@
+From e711074fe79be7ff257a41d15969b79edfaa7c8e Mon Sep 17 00:00:00 2001
+From: Chris Sewell <chrisj_sewell@hotmail.com>
+Date: Wed, 22 Feb 2023 06:19:13 +0100
+Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20FIX:=20CLI=20crash=20on=20non-ut?=
+ =?UTF-8?q?f8=20character?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Bug-Debian: https://bugs.debian.org/1031764
+
+---
+ markdown_it/cli/parse.py | 2 +-
+ tests/test_cli.py | 7 +++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/markdown_it/cli/parse.py b/markdown_it/cli/parse.py
+index 2d74f55a..890d5de3 100644
+--- a/markdown_it/cli/parse.py
++++ b/markdown_it/cli/parse.py
+@@ -35,7 +35,7 @@ def convert_file(filename: str) -> None:
+ Parse a Markdown file and dump the output to stdout.
+ """
+ try:
+- with open(filename, "r") as fin:
++ with open(filename, "r", encoding="utf8", errors="ignore") as fin:
+ rendered = MarkdownIt().render(fin.read())
+ print(rendered, end="")
+ except OSError:
+diff --git a/tests/test_cli.py b/tests/test_cli.py
+index 57d6b938..c38e24fd 100644
+--- a/tests/test_cli.py
++++ b/tests/test_cli.py
+@@ -20,6 +20,13 @@ def test_parse_fail():
+ assert exc_info.value.code == 1
+
+
++def test_non_utf8():
++ with tempfile.TemporaryDirectory() as tempdir:
++ path = pathlib.Path(tempdir).joinpath("test.md")
++ path.write_bytes(b"\x80abc")
++ assert parse.main([str(path)]) == 0
++
++
+ def test_print_heading():
+ with patch("builtins.print") as patched:
+ parse.print_heading()
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..70e99b6
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+0001-fix-unnecessary-asserts-leading-to-crashes.patch
+0002-fix-dos-casued-by-invalid-utf-8-char-as-input.patch
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..4e9559e
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,23 @@
+#! /usr/bin/make -f
+
+
+# ignore linkify tests until linkify is package in Debian #997970
+export PYBUILD_TEST_ARGS=--ignore tests/test_linkify.py \
+ --ignore tests/test_port/test_fixtures.py \
+ -k 'not test_linkify'
+export PYBUILD_NAME=markdown-it-py
+
+
+PYTHON3S:=$(shell py3versions -vr)
+
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
+
+override_dh_auto_test:
+ifeq (,$(filter nocheck, $(DEB_BUILD_OPTIONS)))
+ dh_auto_test
+ set -e ; for pyvers in $(PYTHON3S); do \
+ PYTHONPATH=. python$$pyvers -m pytest benchmarking/bench_core.py benchmarking/bench_packages.py ;\
+ done
+endif
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 0000000..5e6658d
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,5 @@
+---
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/source/options b/debian/source/options
new file mode 100644
index 0000000..d81db3f
--- /dev/null
+++ b/debian/source/options
@@ -0,0 +1 @@
+extend-diff-ignore="^[^/]+.egg-info/"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..610303a
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,11 @@
+Tests: unittests
+Depends: python3-all,
+ python3-commonmark,
+ python3-markdown,
+ python3-mistletoe,
+ python3-mistune,
+ python3-psutil,
+ python3-pytest,
+ python3-pytest-benchmark,
+ python3-pytest-regressions,
+ @,
diff --git a/debian/tests/unittests b/debian/tests/unittests
new file mode 100644
index 0000000..bd75661
--- /dev/null
+++ b/debian/tests/unittests
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -efu
+
+pys="$(py3versions -s 2> /dev/null)"
+
+
+cp -a tests "$AUTOPKGTEST_TMP"
+cp -a benchmarking "$AUTOPKGTEST_TMP"
+
+cd "$AUTOPKGTEST_TMP"
+
+
+for py in $pys; do
+ echo "=== $py ==="
+ # ignore linkify tests until linkify is package in Debian #997970
+ $py -m pytest --ignore tests/test_linkify.py \
+ --ignore tests/test_port/test_fixtures.py \
+ -k 'not test_linkify' 2>&1
+ $py -m pytest benchmarking/bench_core.py benchmarking/bench_packages.py 2>&1
+done
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..7c34832
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,4 @@
+Bug-Database: https://github.com/executablebooks/markdown-it-py/issues
+Bug-Submit: https://github.com/executablebooks/markdown-it-py/issues/new
+Repository: https://github.com/executablebooks/markdown-it-py.git
+Repository-Browse: https://github.com/executablebooks/markdown-it-py
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..7c76c12
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=4
+opts="pgpmode=none, filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%@myst-parser@-$1.tar.gz%" \
+https://github.com/executablebooks/markdown-it-py/tags (?:.*?/)?v?(\d[\d.]*)\.tar\.gz