Merge lp:~barry/ubuntu/quantal/genshi/lp935516 into lp:ubuntu/quantal/genshi

Proposed by Barry Warsaw
Status: Merged
Merge reported by: Barry Warsaw
Merged at revision: not available
Proposed branch: lp:~barry/ubuntu/quantal/genshi/lp935516
Merge into: lp:ubuntu/quantal/genshi
Diff against target: 98 lines (+56/-2)
5 files modified
debian/changelog (+12/-0)
debian/control (+2/-1)
debian/patches/lp935516.patch (+40/-0)
debian/patches/series (+1/-0)
debian/rules (+1/-1)
To merge this branch: bzr merge lp:~barry/ubuntu/quantal/genshi/lp935516
Reviewer Review Type Date Requested Status
Stefano Rivera Pending
Ubuntu branches Pending
Review via email: mp+127596@code.launchpad.net

Description of the change

I'm not entirely sure I like this patch, although it does fix the FTBFS. The problem I have is that I'm not sure what the semantics of HTMLSanitizer() should be on the bogus SCRIPT tags. Should genshi strip the whole thing? I think upstream will have to decide, and if you follow the links to the upstream tracker issue, there has yet to be any comments.

So without upstream's guidance, perhaps we should just fix the FTBFS now, and watch upstream to apply any patch there once it's available. If nothing's forthcoming until a new version is released, we can resync through Debian for 13.04.

Thoughts?

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2011-08-23 11:58:39 +0000
3+++ debian/changelog 2012-10-02 21:22:20 +0000
4@@ -1,3 +1,15 @@
5+genshi (0.6-2ubuntu1) quantal; urgency=low
6+
7+ * genshi/filters/tests/html.py: Adjust some tests which used to fail
8+ before changes in upstream Python 2.7.3. These now succeed. While
9+ this change is appropriate for the FTBFS in Ubuntu 12.04 which has
10+ Python 2.7.3, they may not be appropriate as a general fix, so keep an
11+ eye on the upstream bug reports. (LP: #935516)
12+ * debian/rules: As suggested in the linked Debian bug, use `set -e` on
13+ the test invocation line to force the build to fail when tests fail.
14+
15+ -- Barry Warsaw <barry@ubuntu.com> Tue, 02 Oct 2012 16:48:23 -0400
16+
17 genshi (0.6-2) unstable; urgency=low
18
19 * Switch to dh_python2. Thanks to Julian Taylor. Closes: #637383.
20
21=== modified file 'debian/control'
22--- debian/control 2011-08-23 11:58:39 +0000
23+++ debian/control 2012-10-02 21:22:20 +0000
24@@ -1,7 +1,8 @@
25 Source: genshi
26 Section: python
27 Priority: optional
28-Maintainer: Arnaud Fontaine <arnau@debian.org>
29+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
30+XSBC-Original-Maintainer: Arnaud Fontaine <arnau@debian.org>
31 Uploaders: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
32 Build-Depends: debhelper (>= 5.0.37.2),
33 cdbs (>= 0.4.90~),
34
35=== added directory 'debian/patches'
36=== added file 'debian/patches/lp935516.patch'
37--- debian/patches/lp935516.patch 1970-01-01 00:00:00 +0000
38+++ debian/patches/lp935516.patch 2012-10-02 21:22:20 +0000
39@@ -0,0 +1,40 @@
40+Description: Two tests which used to fail in earlier Pythons, now succeed in
41+ Python 2.7.3. Adjust the tests to check for success in order to fix a FTBFS
42+ in Ubuntu 12.10.
43+Author: Barry Warsaw <barry@ubuntu.com>
44+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/genshi/+bug/935516
45+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661441
46+Bug: http://genshi.edgewall.org/ticket/500
47+Bug: http://genshi.edgewall.org/ticket/501
48+
49+--- a/genshi/filters/tests/html.py
50++++ b/genshi/filters/tests/html.py
51+@@ -365,9 +365,12 @@
52+ self.assertEquals('', (html | HTMLSanitizer()).render())
53+ html = HTML('<SCRIPT SRC="http://example.com/"></SCRIPT>')
54+ self.assertEquals('', (html | HTMLSanitizer()).render())
55+- self.assertRaises(ParseError, HTML, '<SCR\0IPT>alert("foo")</SCR\0IPT>')
56+- self.assertRaises(ParseError, HTML,
57+- '<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>')
58++ html = HTML('<SCR\0IPT>alert("foo")</SCR\0IPT>')
59++ self.assertEquals('&lt;SCR\x00IPT&gt;alert("foo")',
60++ (html | HTMLSanitizer()).render())
61++ html = HTML('<SCRIPT&XYZ SRC="http://example.com/"></SCRIPT>')
62++ self.assertEquals('&lt;SCRIPT&amp;XYZ; SRC="http://example.com/"&gt;',
63++ (html | HTMLSanitizer()).render())
64+
65+ def test_sanitize_remove_onclick_attr(self):
66+ html = HTML('<div onclick=\'alert("foo")\' />')
67+@@ -437,9 +440,9 @@
68+ # Case-insensitive protocol matching
69+ html = HTML('<IMG SRC=\'JaVaScRiPt:alert("foo")\'>')
70+ self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
71+- # Grave accents (not parsed)
72+- self.assertRaises(ParseError, HTML,
73+- '<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
74++ # Grave accents.
75++ html = HTML('<IMG SRC=`javascript:alert("RSnake says, \'foo\'")`>')
76++ self.assertEquals('<img/>', (html | HTMLSanitizer()).render())
77+ # Protocol encoded using UTF-8 numeric entities
78+ html = HTML('<IMG SRC=\'&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;'
79+ '&#112;&#116;&#58;alert("foo")\'>')
80
81=== added file 'debian/patches/series'
82--- debian/patches/series 1970-01-01 00:00:00 +0000
83+++ debian/patches/series 2012-10-02 21:22:20 +0000
84@@ -0,0 +1,1 @@
85+lp935516.patch
86
87=== modified file 'debian/rules'
88--- debian/rules 2011-08-23 11:58:39 +0000
89+++ debian/rules 2012-10-02 21:22:20 +0000
90@@ -16,7 +16,7 @@
91
92 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
93 binary-install/python-genshi::
94- for py in $(shell pyversions -vr); do \
95+ set -e; for py in $(shell pyversions -vr); do \
96 PYTHONPATH=$(cdbs_python_destdir)/usr/lib/python$$py/site-packages \
97 python$$py setup.py test; \
98 done;

Subscribers

People subscribed via source and target branches

to all changes: