Control: tags -1 -moreinfo
On Sun, Mar 19 2023 at 01:40:57 PM +01:00:00 +01:00:00, Sebastian Ramacher <sramac...@debian.org> wrote:
Control: tags -1 moreinfo Please provide a debdiff
debdiff attached.
diff -Nru ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec --- ruby-asciidoctor-include-ext-0.3.1/asciidoctor-include-ext.gemspec 2019-08-22 14:40:31.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/asciidoctor-include-ext.gemspec 2022-05-06 12:42:42.000000000 +0530 @@ -1,4 +1,4 @@ -require File.expand_path('../lib/asciidoctor/include_ext/version', __FILE__) +require File.expand_path('lib/asciidoctor/include_ext/version', __dir__) Gem::Specification.new do |s| s.name = 'asciidoctor-include-ext' @@ -9,24 +9,22 @@ s.license = 'MIT' s.summary = "Asciidoctor's standard include::[] processor reimplemented as an extension" - s.description = <<EOF -This is a reimplementation of the Asciidoctor's built-in (pre)processor for the -include::[] directive in extensible and more clean way. It provides the same -features, but you can easily adjust it or extend for your needs. For example, -you can change how it loads included files or add another ways how to select -portions of the document to include. -EOF + s.description = <<~EOF + This is a reimplementation of the Asciidoctor's built-in (pre)processor for the + include::[] directive in extensible and more clean way. It provides the same + features, but you can easily adjust it or extend for your needs. For example, + you can change how it loads included files or add another ways how to select + portions of the document to include. + EOF s.files = Dir['lib/**/*', '*.gemspec', 'LICENSE*', 'README*'] - s.has_rdoc = 'yard' - s.required_ruby_version = '>= 2.1' + s.required_ruby_version = '>= 2.3' s.add_runtime_dependency 'asciidoctor', '>= 1.5.6', '< 3.0.0' - s.add_development_dependency 'corefines', '~> 1.11' - s.add_development_dependency 'kramdown', '~> 1.16' - s.add_development_dependency 'rake', '~> 12.0' + s.add_development_dependency 'kramdown', '~> 2.0' + s.add_development_dependency 'rake', '~> 13.0' s.add_development_dependency 'rspec', '~> 3.7' s.add_development_dependency 'rubocop', '~> 0.51.0' s.add_development_dependency 'simplecov', '~> 0.15' diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/changelog ruby-asciidoctor-include-ext-0.4.0/debian/changelog --- ruby-asciidoctor-include-ext-0.3.1/debian/changelog 2019-09-04 13:58:01.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/changelog 2023-03-19 17:22:18.000000000 +0530 @@ -1,3 +1,36 @@ +ruby-asciidoctor-include-ext (0.4.0-2) unstable; urgency=medium + + * Team Upload + * Reupload to unstable (gitlab is only reverse dependency, which is not in + testing) + * Bump Standards-Version to 4.6.2 (no changes needed) + * Switch to ${ruby:Depends} for ruby dependencies + + -- Pirate Praveen <prav...@debian.org> Sun, 19 Mar 2023 17:22:18 +0530 + +ruby-asciidoctor-include-ext (0.4.0-1) experimental; urgency=medium + + * Team upload + + [ Debian Janitor ] + * Bump debhelper from old 11 to 12. + * Set debhelper-compat version in Build-Depends. + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, + Repository-Browse. + * Update standards version to 4.5.0, no changes needed. + * Update watch file format version to 4. + * Remove constraints unnecessary since buster: + + Build-Depends: Drop versioned constraint on ruby-asciidoctor. + + ruby-asciidoctor-include-ext: Drop versioned constraint on + ruby-asciidoctor in Depends. + + [ Pirate Praveen ] + * New upstream version 0.4.0 + * Bump Standards-Version to 4.6.1 (no changes needed) + * Bump debhelper compatibility level to 13 + + -- Pirate Praveen <prav...@debian.org> Sun, 26 Jun 2022 22:48:20 +0530 + ruby-asciidoctor-include-ext (0.3.1-2) unstable; urgency=medium * Team upload diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/compat ruby-asciidoctor-include-ext-0.4.0/debian/compat --- ruby-asciidoctor-include-ext-0.3.1/debian/compat 2019-09-04 13:58:01.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/compat 1970-01-01 05:30:00.000000000 +0530 @@ -1 +0,0 @@ -11 diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/control ruby-asciidoctor-include-ext-0.4.0/debian/control --- ruby-asciidoctor-include-ext-0.3.1/debian/control 2019-09-04 13:58:01.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/control 2023-03-19 17:22:18.000000000 +0530 @@ -1,13 +1,13 @@ Source: ruby-asciidoctor-include-ext Section: ruby Priority: optional -Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> +Maintainer: Debian Ruby Team <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Uploaders: Sruthi Chandran <s...@debian.org> -Build-Depends: debhelper (>= 11~), +Build-Depends: debhelper-compat (= 13), gem2deb, ruby-asciidoctor (<< 3.0.0), - ruby-asciidoctor (>= 1.5.6) -Standards-Version: 4.3.0 + ruby-asciidoctor +Standards-Version: 4.6.2 Vcs-Git: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext.git Vcs-Browser: https://salsa.debian.org/ruby-team/ruby-asciidoctor-include-ext Homepage: https://github.com/jirutka/asciidoctor-include-ext @@ -18,9 +18,7 @@ Package: ruby-asciidoctor-include-ext Architecture: all XB-Ruby-Versions: ${ruby:Versions} -Depends: ruby | ruby-interpreter, - ruby-asciidoctor (<< 3.0.0), - ruby-asciidoctor (>= 1.5.6), +Depends: ${ruby:Depends}, ${misc:Depends}, ${shlibs:Depends} Description: Asciidoctor's standard include::[] processor reimplemented as an extension diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata --- ruby-asciidoctor-include-ext-0.3.1/debian/upstream/metadata 1970-01-01 05:30:00.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/upstream/metadata 2023-03-19 17:22:18.000000000 +0530 @@ -0,0 +1,5 @@ +--- +Bug-Database: https://github.com/jirutka/asciidoctor-include-ext/issues +Bug-Submit: https://github.com/jirutka/asciidoctor-include-ext/issues/new +Repository: https://github.com/jirutka/asciidoctor-include-ext.git +Repository-Browse: https://github.com/jirutka/asciidoctor-include-ext diff -Nru ruby-asciidoctor-include-ext-0.3.1/debian/watch ruby-asciidoctor-include-ext-0.4.0/debian/watch --- ruby-asciidoctor-include-ext-0.3.1/debian/watch 2019-09-04 13:58:01.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/debian/watch 2023-03-19 17:22:18.000000000 +0530 @@ -1,2 +1,2 @@ -version=3 +version=4 https://gemwatch.debian.net/asciidoctor-include-ext .*/asciidoctor-include-ext-(.*).tar.gz diff -Nru ruby-asciidoctor-include-ext-0.3.1/lib/asciidoctor/include_ext/include_processor.rb ruby-asciidoctor-include-ext-0.4.0/lib/asciidoctor/include_ext/include_processor.rb --- ruby-asciidoctor-include-ext-0.3.1/lib/asciidoctor/include_ext/include_processor.rb 2019-08-22 14:40:31.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/lib/asciidoctor/include_ext/include_processor.rb 2022-05-06 12:42:42.000000000 +0530 @@ -1,6 +1,7 @@ # frozen_string_literal: true require 'logger' require 'open-uri' +require 'uri' require 'asciidoctor/include_ext/version' require 'asciidoctor/include_ext/reader_ext' @@ -86,7 +87,7 @@ return false if doc.safe >= ::Asciidoctor::SafeMode::SECURE return false if doc.attributes.fetch('max-include-depth', 64).to_i < 1 - return false if target_uri?(target) && !doc.attributes.key?('allow-uri-read') + return false if target_http?(target) && !doc.attributes.key?('allow-uri-read') true end @@ -94,7 +95,7 @@ # @param reader (see #process) # @return [String, nil] file path or URI of the *target*, or `nil` if not found. def resolve_target_path(target, reader) - return target if target_uri? target + return target if target_http? target # Include file is resolved relative to dir of the current include, # or base_dir if within original docfile. @@ -106,16 +107,22 @@ # Reads the specified file as individual lines, filters them using the # *selector* (if provided) and returns those lines in an array. # - # @param filename [String] path of the file to be read. + # @param path [String] URL or path of the file to be read. # @param selector [#to_proc, nil] predicate to filter lines that should be # included in the output. It must accept two arguments: line and # the line number. If `nil` is given, all lines are passed. # @return [Array<String>] an array of read lines. - def read_lines(filename, selector) - if selector - IO.foreach(filename).select.with_index(1, &selector) - else - open(filename, &:read) + def read_lines(path, selector) + # IO.open is deliberately not used directly to avoid potential security risks. + # TODO: Get rid of 'open-uri' (URI.open). + io = target_http?(path) ? URI : File + + io.open(path) do |f| + if selector + f.each.select.with_index(1, &selector) + else + f.read + end end end @@ -142,9 +149,13 @@ private # @param target (see #process) - # @return [Boolean] `true` if the *target* is an URI, `false` otherwise. - def target_uri?(target) - ::Asciidoctor::Helpers.uriish?(target) + # @return [Boolean] `true` if the *target* is a valid HTTP(S) URI, `false` otherwise. + def target_http?(target) + # First do a fast test, then try to parse it. + target.downcase.start_with?('http://', 'https://') \ + && URI.parse(target).is_a?(URI::HTTP) + rescue URI::InvalidURIError + false end end end diff -Nru ruby-asciidoctor-include-ext-0.3.1/lib/asciidoctor/include_ext/version.rb ruby-asciidoctor-include-ext-0.4.0/lib/asciidoctor/include_ext/version.rb --- ruby-asciidoctor-include-ext-0.3.1/lib/asciidoctor/include_ext/version.rb 2019-08-22 14:40:31.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/lib/asciidoctor/include_ext/version.rb 2022-05-06 12:42:42.000000000 +0530 @@ -3,6 +3,6 @@ module Asciidoctor module IncludeExt # Version of the asciidoctor-include-ext gem. - VERSION = '0.3.1'.freeze + VERSION = '0.4.0'.freeze end end diff -Nru ruby-asciidoctor-include-ext-0.3.1/LICENSE ruby-asciidoctor-include-ext-0.4.0/LICENSE --- ruby-asciidoctor-include-ext-0.3.1/LICENSE 2019-08-22 14:40:31.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/LICENSE 2022-05-06 12:42:42.000000000 +0530 @@ -1,6 +1,6 @@ The MIT License -Copyright 2017 Jakub Jirutka <ja...@jirutka.cz>. +Copyright 2017-present Jakub Jirutka <ja...@jirutka.cz>. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff -Nru ruby-asciidoctor-include-ext-0.3.1/README.adoc ruby-asciidoctor-include-ext-0.4.0/README.adoc --- ruby-asciidoctor-include-ext-0.3.1/README.adoc 2019-08-22 14:40:31.000000000 +0530 +++ ruby-asciidoctor-include-ext-0.4.0/README.adoc 2022-05-06 12:42:42.000000000 +0530 @@ -7,7 +7,7 @@ :codacy-id: 45320444129044688ef6553821b083f1 ifdef::env-github[] -image:https://travis-ci.org/{gh-name}.svg?branch={gh-branch}[Build Status, link="https://travis-ci.org/{gh-name}"] +image:https://github.com/{gh-name}/workflows/CI/badge.svg[CI Status, link=https://github.com/{gh-name}/actions?query=workflow%3A%22CI%22] image:https://api.codacy.com/project/badge/Coverage/{codacy-id}["Test Coverage", link="https://www.codacy.com/app/{gh-name}"] image:https://api.codacy.com/project/badge/Grade/{codacy-id}["Codacy Code quality", link="https://www.codacy.com/app/{gh-name}"] image:https://img.shields.io/gem/v/{gem-name}.svg?style=flat[Gem Version, link="https://rubygems.org/gems/{gem-name}"] @@ -49,6 +49,9 @@ gem install {gem-name} --pre +WARNING: Versions *prior 0.4.0* are vulnerable for Command Injection (see https://github.com/{gh-name}/commit/c7ea001a597c7033575342c51483dab7b87ae155[c7ea001] for more information). If you use an older version, update to 0.4.0 immediately! + + == Usage Just `require '{gem-name}'`.