debian/0000755000000000000000000000000013420171134007162 5ustar debian/changelog0000644000000000000000000001364713420171134011047 0ustar archmage (1:0.2.4-4build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Mike Salvatore Thu, 17 Jan 2019 16:23:40 -0500 archmage (1:0.2.4-4) unstable; urgency=high [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. [ Mikhail Gusarov ] * Fix directory traversal bug (Closes: #776164). -- Mikhail Gusarov Mon, 02 Feb 2015 09:54:13 +0100 archmage (1:0.2.4-3) unstable; urgency=low * Convert package to use dh_python2 (Closes: #631395) * Drop preinst, it was only necessary for pycentral -> pysupport conversion, happened in Squeeze. * Bump Standards-Version, no changes required. -- Mikhail Gusarov Sun, 14 Aug 2011 23:17:02 +0200 archmage (1:0.2.4-2) unstable; urgency=low * Convert package to 3.0 (quilt). * Use debhelper 7 instead of cdbs. * Install upstream NEWS file as changelog. * Bump Standards-Version, no changes required. * Remove debian/pycompat, it is not useful anymore. * Make debian/copyright machine readable. * Demote links, elinks and htmldoc Recommends to Suggests (Closes: #587035). -- Mikhail Gusarov Tue, 29 Jun 2010 15:32:54 +0700 archmage (1:0.2.4-1) unstable; urgency=low * New upstream release - Fixes bug with improper unpacking of CHM files containing index.html (Closes: #534616). * Standards-Version bumped to 3.8.2, no changes required. * Added python-beautifulsoup to Depends, required upstream. * Added elinks | links to Recommends, enables convertion to plain text. * Added htmldoc to Recommends, enables convertion to pdf. -- Mikhail Gusarov Thu, 06 Aug 2009 00:05:12 +0700 archmage (1:0.2.3-1) unstable; urgency=low * New upstream release. -- Mikhail Gusarov Sun, 14 Jun 2009 17:40:51 +0700 archmage (1:0.2-1) unstable; urgency=low * New upstream release. - Fixes traceback on error path if destination directory already exists (Closes: #521042). - Removed html_to_text.py-is-not-executable.diff patch, no longer relevant. * Standards-Version bumped to 3.8.1, no changes required. * Switched to python-support. - added preinst script to de-register from pycentral. * python-all-dev build-dependency relaxed to python, as no binary modules are built. -- Mikhail Gusarov Thu, 02 Apr 2009 15:55:49 +0700 archmage (1:0.1.9-3) unstable; urgency=low [ Mikhail Gusarov ] * Added description to patches (lintian warning): - debian/patches/python-interpreter.diff - debian/patches/html_to_text.py-is-not-executable.diff * debian/control: - More detailed description (lintian warning). - Standards-Version bumped to 3.8.0: + debian/README.source added. [ Sandro Tosi ] * debian/control - switch Vcs-Browser field to viewsvn [ Marco Rodrigues ] * debian/control: + Add ${misc:Depends} to Depends to remove lintian warning. -- Mikhail Gusarov Tue, 17 Feb 2009 00:20:21 +0600 archmage (1:0.1.9-2) unstable; urgency=low [ Mikhail Gusarov ] * Package is now maintained in PAPT: - PAPT added to Uploaders. * python-central dependency bumped to >= 0.6, fixing spurious empty /usr/lib in package. * Standards-Version bumped to 3.7.3, no changes needed. * Watchfile updated: 0.1.9beta1 < 0.1.9 according to upstream developer. [ Piotr Ożarowski ] * Vcs-Svn, Vcs-Browser and Homepage fields added. -- Mikhail Gusarov Thu, 01 May 2008 23:18:00 +0700 archmage (1:0.1.9-1) unstable; urgency=low * New upstream release. * Epoch 1, because 0.1.9beta1 > 0.1.9. Shame on me :( * New patch: html_to_text.py-is-not-executable.diff, removing useless #! on python module. -- Mikhail Gusarov Thu, 12 Jul 2007 00:53:38 +0700 archmage (0.1.9beta1-1) unstable; urgency=low * New upstream release (yes, it's named 'beta', but this is regular release, author just targets 1.0 soon): * Copyright file updated. * toc-extension-case-insensitive.diff patch dropped: applied upstream. * python-interpreter.diff patch refreshed. * manpage moved from debian/archmage.1 to archmage.1. * libapache-mod-python removed from Suggests: Apache 1 is no longer in sid (Closes: #429714). -- Mikhail Gusarov Wed, 04 Jul 2007 15:04:45 +0700 archmage (0.0.8-2) unstable; urgency=low * Added patch fixing problem with uppercase extensions of table-of-contents files, taken from upstream (Ubuntu: #99758). * Description updated: irrelevant parts removed (Closes: #429241). * Copyright updated (Closes: 429240). -- Mikhail Gusarov Sun, 17 Jun 2007 00:33:13 +0700 archmage (0.0.8-1) unstable; urgency=low * New upstream release * Using quilt to manage patches * Debhelper compatibilty level bumped to 5. No changes required. * Added watch file. -- Mikhail Gusarov Sun, 21 Jan 2007 18:44:45 +0600 archmage (0.0.7-2) unstable; urgency=low * First upload to unstable (Closes: #204606) * Added libapache2-mod-python to Suggests * Converted to use python-central * Policy bumped to 3.7.2. No changes required * Build-Depends adjusted as lintian suggests * Updated FSF address * Fixed syntax in archmage.1 manpage * /usr/bin/archmage uses #!/usr/bin/python -- Mikhail Gusarov Sat, 7 Oct 2006 01:10:54 +0700 archmage (0.0.7-1) unstable; urgency=low * New upstream release -- Basil Shubin Fri, 24 Feb 2006 16:49:20 +0600 archmage (0.0.7-pre2-1) unstable; urgency=low * New upstream release * Fixed: debian/archmage.1 -- Basil Shubin Mon, 22 Aug 2005 20:19:51 +0700 archmage (0.0.7-pre1-1) unstable; urgency=low * Initial Release (Closes: #313203, #204606). -- Basil Shubin Fri, 19 Aug 2005 08:01:55 +0700 debian/compat0000644000000000000000000000000211252134632010363 0ustar 7 debian/rules0000755000000000000000000000014711622036543010252 0ustar #!/usr/bin/make -f %: dh $@ --with python2 override_dh_installchangelogs: dh_installchangelogs NEWS debian/patches/0000755000000000000000000000000012463635533010627 5ustar debian/patches/series0000644000000000000000000000006612463635361012045 0ustar python-interpreter.diff fix-directory-traversal.patch debian/patches/fix-directory-traversal.patch0000644000000000000000000000174512463635361016447 0ustar From 51e60c8eaef774cab152a54a87329a15530cd6eb Mon Sep 17 00:00:00 2001 From: Mikhail Gusarov Date: Sun, 25 Jan 2015 17:22:30 +0100 Subject: [PATCH] Fix directory traversal bug (Debian #776164) --- archmod/CHM.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/archmod/CHM.py b/archmod/CHM.py index 78d6e5f..44113a5 100644 --- a/archmod/CHM.py +++ b/archmod/CHM.py @@ -26,6 +26,7 @@ except ImportError, msg: from archmod.chmtotext import chmtotext from archmod.htmldoc import htmldoc +PARENT_RE = re.compile(r'(^|/|\\)\.\.(/|\\|$)') class CHMDir(Cached): """Class that represent CHM content from directory""" @@ -222,6 +223,8 @@ class CHMDir(Cached): # if entry is auxiliary file, than skip it if re.match(self.aux_re, e): continue + if PARENT_RE.search(e): + raise RuntimeError('Giving up on malicious name: %s' % e) self.extract_entry(e, output_file=e, destdir=destdir, correct=correct) def extract(self, destdir): -- 2.2.1 debian/patches/python-interpreter.diff0000644000000000000000000000074511146327164015344 0ustar Debian default Python interpreter is /usr/bin/python (Python Policy 1.3.2). Index: archmage-0.1.9beta1/archmage =================================================================== --- archmage-0.1.9beta1.orig/archmage 2007-06-17 19:03:23.000000000 +0700 +++ archmage-0.1.9beta1/archmage 2007-07-04 15:12:37.000000000 +0700 @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/python # -*- coding: utf-8 -*- # arCHMage -- extensible reader and decompiler for files in the CHM format. debian/control0000644000000000000000000000213012141504300010553 0ustar Source: archmage Section: utils Priority: optional Maintainer: Mikhail Gusarov Uploaders: Python Applications Packaging Team Build-Depends: debhelper (>= 7.0.50), python (>= 2.6.6-3~) Standards-Version: 3.9.2 Vcs-Svn: svn://anonscm.debian.org/python-apps/packages/archmage/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/python-apps/packages/archmage/trunk/ Homepage: http://archmage.sf.net Package: archmage Architecture: all Depends: ${python:Depends}, ${misc:Depends}, python-chm, python-beautifulsoup Suggests: libapache2-mod-python, elinks | links, htmldoc Description: CHM(Compiled HTML) Decompressor arCHMage is a reader and decompiler for files in the CHM format. This is the format used by Microsoft HTML Help, and is also known as Compiled HTML. . arCHMage provides the following features: - Extracting CHM content to set of HTML, CSS files and images - Dumping HTML data from CHM as a plain text - Serving CHM contents as a standalone HTTP server - Serving CHM content with Apache by providing Apache module mod_chm. debian/source/0000755000000000000000000000000012463635533010500 5ustar debian/source/format0000644000000000000000000000001511412327212011670 0ustar 3.0 (quilt) debian/copyright0000644000000000000000000000210511252136725011123 0ustar Format-Specification: http://wiki.debian.org/Proposals/CopyrightFormat?action=recall&rev=196 Upstream-Maintainer: Basil Shubin Upstream-Source: http://archmage.sf.net/ Upstream-Name: archmage Files: * Copyright: (c) 2003 Eugeny Korekin Copyright: (c) 2005-2009 Basil Shubin License: GPL-2+ Files: archmod/chmtotext.py Copyright: (c) 2005-2009 Basil Shubin License: GPL-2+ Files: archmod/htmldoc.py Copyright: (c) 2009 Basil Shubin License: GPL-2+ Files: debian/* Copyright: (c) 2008-2009 Mikhail Gusarov License: GPL-2+ License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. debian/manpages0000644000000000000000000000001611006365527010706 0ustar archmage.1.gz debian/watch0000644000000000000000000000013411007013220010177 0ustar version=3 opts="uversionmangle=s/beta/~beta/" http://sf.net/archmage/archmage-(.*)\.tar\.gz debian/docs0000644000000000000000000000000711006365527010043 0ustar README