[Pkg-javascript-devel] Bug#591199: yui: diff for NMU version 2.9.0.dfsg.0.1-0.1

Dominic Hargreaves Sun, 03 Feb 2013 04:06:18 -0800

tags 591199 + patch
tags 591199 + pending
thanks

Dear maintainer,


I've prepared an NMU for yui (versioned as 2.9.0.dfsg.0.1-0.1) and
uploaded it to DELAYED/4. Please feel free to tell me if I
should delay it longer.

Regards,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Binary files /tmp/Sbpf4o4V29/yui-2.9.0/build/charts/assets/charts.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/build/charts/assets/charts.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/build/connection/connection.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/build/connection/connection.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/build/swfstore/swfstore.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/build/swfstore/swfstore.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/build/uploader/assets/uploader.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/build/uploader/assets/uploader.swf differ
diff -Nru yui-2.9.0/debian/changelog yui-2.9.0.dfsg.0.1/debian/changelog
--- yui-2.9.0/debian/changelog	2012-06-29 20:47:34.000000000 +0100
+++ yui-2.9.0.dfsg.0.1/debian/changelog	2013-02-03 11:54:21.000000000 +0000
@@ -1,3 +1,13 @@
+yui (2.9.0.dfsg.0.1-0.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Disable installation of uploader.swf and swfstore.swf as examples
+    owing to unfixed security issues (Closes: #692434)
+  * Repack orig.tar.gz to remove all SWF files, including those
+    without source (Closes: #591199)
+
+ -- Dominic Hargreaves <d...@earth.li>  Sun, 03 Feb 2013 11:54:19 +0000
+
 yui (2.9.0-1) unstable; urgency=low
 
   * New upstream version.
diff -Nru yui-2.9.0/debian/rules yui-2.9.0.dfsg.0.1/debian/rules
--- yui-2.9.0/debian/rules	2012-06-29 22:09:11.000000000 +0100
+++ yui-2.9.0.dfsg.0.1/debian/rules	2013-02-03 11:56:52.000000000 +0000
@@ -20,24 +20,27 @@
 	as3compile com/yui/util/connection.as -M connection -R -o connection.swf && \
 	mv connection.swf ../../../build/connection
 
-	cd src/uploader/as && \
-	as3compile Uploader.as -M Uploader -R -o uploader.swf && \
-	cp uploader.swf ../../../examples/uploader/assets && \
-	mv uploader.swf ../../../build/uploader/assets
+	# Disable installation of uploader.swf and swfstore.swf due to
+	# known security issues without published source code fixes
+	# (CVE-2012-5882 and CVE-2012-5883 respectively)
+	#cd src/uploader/as && \
+	#as3compile Uploader.as -M Uploader -R -o uploader.swf && \
+	#cp uploader.swf ../../../examples/uploader/assets && \
+	#mv uploader.swf ../../../build/uploader/assets
           
-	cd src/swfstore/as && \
-	as3compile SWFStore.as -M SWFStore -R -o swfstore.swf && \
-	cp  swfstore.swf ../../../examples/storage && \
-	cp  swfstore.swf ../../../examples/swfstore && \
-	mv swfstore.swf ../../../build/swfstore
+	#cd src/swfstore/as && \
+	#as3compile SWFStore.as -M SWFStore -R -o swfstore.swf && \
+	#cp  swfstore.swf ../../../examples/storage && \
+	#cp  swfstore.swf ../../../examples/swfstore && \
+	#mv swfstore.swf ../../../build/swfstore
 
 override_dh_clean:
 	-rm -rf as-docs/Charts.html as-docs/com/yahoo/astra/fl/charts \
 	    as-docs/com/yahoo/yui/charts build/charts examples/charts examples/swf \
 	    examples/treeview/assets/css/default/tree.css.orig \
 	    releasenotes/README.charts
-	-find build -name "*.swf" | xargs rm
-	-find examples -name "*.swf" | xargs rm
+	-find build -name "*.swf" | xargs --no-run-if-empty rm
+	-find examples -name "*.swf" | xargs --no-run-if-empty rm
 	dh_clean
 
 override_dh_compress:
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/charts/assets/expressinstall.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/charts/assets/expressinstall.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/storage/swfstore.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/storage/swfstore.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/swf/assets/SWFExampleAdvanced.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/swf/assets/SWFExampleAdvanced.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/swf/assets/SWFExampleSimple.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/swf/assets/SWFExampleSimple.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/swfstore/swfstore.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/swfstore/swfstore.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/examples/uploader/assets/uploader.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/examples/uploader/assets/uploader.swf differ
Binary files /tmp/Sbpf4o4V29/yui-2.9.0/tests/swf/tests/YUIBridgeProject.swf and /tmp/Pd7IXB7SLS/yui-2.9.0.dfsg.0.1/tests/swf/tests/YUIBridgeProject.swf differ

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#591199: yui: diff for NMU version 2.9.0.dfsg.0.1-0.1

Reply via email to