summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
patchbomb-ambiguous-address
# HG changeset patch
# User Raphaël Gomès <rgomes@octobus.net>
# Date
1729684194 -7200
# Wed Oct 23 13:49:54 2024 +0200
# Branch stable
# Node ID
d906406658a947ab64b34302df15be21e928ba24
# Parent
e760a36a601336f75016e5c2bbc5a53da2ea7182
patchbomb: don't test ambiguous address
This is a bug in Python's `email` package and shouldn't be relied on.
Python 3.12 has fixed this problem¹ and raises an exception. We keep the
multiple `-t` because this is still relevant for testing.
[1] https://github.com/python/cpython/issues/102988
[2] https://docs.python.org/3/whatsnew/changelog.html
Gbp-Pq: Name patchbomb-ambiguous-address.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
CVE-2025-2361
# HG changeset patch
# User Raphaël Gomès <rgomes@octobus.net>
# Date
1742340720 -3600
# Wed Mar 19 00:32:00 2025 +0100
# Branch stable
# Node ID
a5c72ed2929341d97b11968211c880854803f003
# Parent
74439d1cbebaa9ff8f8300e37e93b42e6d381be4
hgweb: fix XSS vulnerability in hgweb (CVE-2025-2361)
818598f5bc8b91 is the change that introduced the vulnerability (in 2006!)
that was disclosed to us, but I found a similar pattern in other places
in the code.
Since XSS escaping is actually hard and that would mean vendoring some
better sanitation tool, I decided to simply remove user input from any
HTML output in hgweb, hopefully in all places.
Gbp-Pq: Name CVE-2025-2361.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
cgitb
https://bz.mercurial-scm.org/show_bug.cgi?id=6784
Gbp-Pq: Name cgitb.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
test-hghave-testrepo
https://bz.mercurial-scm.org/show_bug.cgi?id=6762
Gbp-Pq: Name test-hghave-testrepo.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
openssl_3_cipher_tlsv1
Tweak cipher selection further to make tls < 1.2 work with openssl 3
Ref: https://bugs.debian.org/
1011076
Gbp-Pq: Name openssl_3_cipher_tlsv1.patch
Tristan Seligmann [Mon, 17 Aug 2020 08:30:26 +0000 (10:30 +0200)]
Tolerate SIGINT getting the kill in test-stdio.py.
Forwarded: https://bz.mercurial-scm.org/show_bug.cgi?id=6402
Gbp-Pq: Name 0005-Tolerate-SIGINT-getting-the-kill-in-test-stdio.py.patch
Stefano Rivera [Sun, 16 Aug 2020 09:03:07 +0000 (11:03 +0200)]
Disabled hginstallscripts @LIBDIR@ replacement in setup.py.
Bug-Debian: http://bugs.debian.org/620087
Bug-Ubuntu: https://bugs.launchpad.net/bugs/745250
Forwarded: not-needed
setup.py replaces @LIBDIR@ in the hg script, with a path that differs between
Python versions.
libdir in hg doesn't need to be set if mercurial is available in the public
namespace, as it is in Debian.
hg doesn't alter sys.paths if this replacement hasn't happened.
Gbp-Pq: Name deb_specific__disable_libdir_replacement.patch
Python Applications Packaging Team [Sun, 16 Aug 2020 09:03:07 +0000 (11:03 +0200)]
deb_specific__optional-dependencies
Suggest Debian packages for some optional dependencies.
Gbp-Pq: Name deb_specific__optional-dependencies
Python Applications Packaging Team [Sun, 16 Aug 2020 09:03:07 +0000 (11:03 +0200)]
deb_specific__hgk.py
Set default hgk path for hgk outside bin.
Gbp-Pq: Name deb_specific__hgk.py.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
proposed_upstream__doctest.path
# HG changeset patch
# User Julien Cristau <jcristau@debian.org>
# Date
1589916203 -7200
# Tue May 19 21:23:23 2020 +0200
# Node ID
de789b6b188b62cf38c5c5cfe760cff9a48c52f5
# Parent
3b7aabd02e11fcfc015b3a90a0c52d971a7b8a83
test: make test-doctest.py work when it's not run from a mercurial repo
This assumption fails when building and running tests from a source
tarball, e.g.
Differential Revision: https://phab.mercurial-scm.org/D8571
Gbp-Pq: Name proposed_upstream__doctest.path
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
_tests__silence_asyncore_smtpd_deprecation_warnings
# HG changeset patch
# User Julien Cristau <jcristau@debian.org>
# Date
1649671433 -7200
# Mon Apr 11 12:03:53 2022 +0200
# Node ID
d3df32e12246208fc8bb9507ff921099348c6783
# Parent
5005928cac60a43d98d88523713983efdc204d50
tests: silence asyncore/smtpd deprecation warnings
Gbp-Pq: Topic py310
Gbp-Pq: Name 9_tests__silence_asyncore_smtpd_deprecation_warnings.patch
Debian Python Team [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
from_upstream_stable
Gbp-Pq: Name from_upstream_stable.patch
Julien Cristau [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high
* CVE-2025-2361: reflected XSS in hgweb (closes: #
1100899)
* patchbomb: don't test ambiguous address (fixes FTBFS after python's
fix for CVE-2023-27043).
[dgit import unpatched mercurial 6.3.2-1+deb12u1]
Julien Cristau [Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)]
Import mercurial_6.3.2-1+deb12u1.debian.tar.xz
[dgit import tarball mercurial 6.3.2-1+deb12u1 mercurial_6.3.2-1+deb12u1.debian.tar.xz]
Julien Cristau [Mon, 20 Feb 2023 17:44:46 +0000 (18:44 +0100)]
Import mercurial_6.3.2.orig.tar.gz
[dgit import orig mercurial_6.3.2.orig.tar.gz]
projects / mercurial.git / log