debian/0000755000000000000000000000000013361433372007173 5ustar debian/changelog0000644000000000000000000001135413361433372011051 0ustar discount (2.1.7-1+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Mike Salvatore Tue, 16 Oct 2018 15:07:38 -0400 discount (2.1.7-1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2018-11468, CVE-2018-11503, CVE-2018-11504 and CVE-2018-12495. Several heap-based buffer over-reads were found in discount that allowed remote attackers to cause a denial-of-service via specially crafted files. -- Markus Koschany Sat, 08 Sep 2018 20:31:54 +0200 discount (2.1.7-1) unstable; urgency=low * New upstream release - Fix non-ASCII text handling inside emphasis (Closes: #722305) * Fix license name in d/copyright * Fix copyright for toc.c * Fix lintian vcs-field-not-canonical * Use GitHub URL in watch file for now * Refresh patch * Fix license text in d/copyright -- Alessandro Ghedini Sat, 19 Oct 2013 14:34:54 +0200 discount (2.1.6-2) unstable; urgency=low * Enable both Discount and Extra definition lists (Closes: #705732) -- Alessandro Ghedini Sun, 28 Apr 2013 22:02:02 +0200 discount (2.1.6-1) unstable; urgency=low * New upstream release * Bump Standards-Version to 3.9.4 (no changes needed) * Minor improvements to the packages' descriptions * Change upstream license from BSD 4-clause to BSD 3-clause -- Alessandro Ghedini Sun, 17 Mar 2013 16:49:57 +0100 discount (2.1.5a-1) unstable; urgency=low * New upstream release * Refresh 01_honour-build-flags.patch -- Alessandro Ghedini Thu, 09 Aug 2012 16:01:47 +0200 discount (2.1.5-1) unstable; urgency=low * New upstream release * Refresh 01_honour-build-flags.patch * Update symbols file -- Alessandro Ghedini Wed, 08 Aug 2012 21:38:30 +0200 discount (2.1.3-3) unstable; urgency=low * Install mkdio.h in a Multi-Arch path (Closes: #676240) -- Alessandro Ghedini Tue, 05 Jun 2012 19:30:28 +0200 discount (2.1.3-2) unstable; urgency=low * Update debian/copyright format as in Debian Policy 3.9.3 * Bump Standards-Version to 3.9.3 * Bump debhelper compat level to 9 - Make *.install files executable to generate multi-arch path * Honour the CPPFLAGS variable too during build * Email change: Alessandro Ghedini -> ghedo@debian.org * Add Multi-Arch headers * Add libmarkdown2-dbg package * Do not use GitHub URL in debian/watch * Add 01_honour-build-flags.patch -- Alessandro Ghedini Sun, 03 Jun 2012 16:49:41 +0200 discount (2.1.3-1) unstable; urgency=low * New upstream release -
is not a block-level html element (Closes: #656122) * Use GitHub URL in debian/watch -- Alessandro Ghedini Wed, 18 Jan 2012 20:40:30 +0100 discount (2.1.2-2) unstable; urgency=low * Install correct header file mkdio.h in -dev package -- Alessandro Ghedini Fri, 28 Oct 2011 12:40:27 +0200 discount (2.1.2-1) unstable; urgency=low * New upstream release * Bump debhlper compat level to 8 * Add librarian.sh to debian/clean * Manually enable additional features: id anchor, github tags, fenced code * Do not build custom memory allocation functions (for debug only) -- Alessandro Ghedini Sun, 02 Oct 2011 19:22:10 +0200 discount (2.1.1.3-1) unstable; urgency=low * New upstream release * Update *.symbols file * Add mktags and blocktags to debian/clean * Explicitly list manpages to install -- Alessandro Ghedini Wed, 03 Aug 2011 11:14:34 +0200 discount (2.1.0-1) unstable; urgency=low * New upstream release * Update debian/changelog: - Trim leading './' from files path - Add file pgm_options.c to copyright -- Alessandro Ghedini Wed, 13 Jul 2011 20:54:07 +0200 discount (2.0.9-1) unstable; urgency=low * New upstream release * Drop fix-spelling-error patch (merged upstream) * Bump Standards-Version to 3.9.2 (no changes needed) -- Alessandro Ghedini Wed, 04 May 2011 19:19:50 +0200 discount (2.0.8-1) unstable; urgency=low * New upstream release * Drop fix-manpages-errors patch (merged upstream) * Update symbols file for libmarkdown2 * Add fix-spelling-error patch * Enable all stable optional features -- Alessandro Ghedini Thu, 17 Mar 2011 14:59:57 +0100 discount (2.0.6-1) unstable; urgency=low * New upstream release * Update symbols file for libmarkdown2 -- Alessandro Ghedini Sat, 19 Feb 2011 18:40:54 +0100 discount (2.0.4-1) unstable; urgency=low * Initial release (Closes: #608709) -- Alessandro Ghedini Fri, 14 Jan 2011 17:21:25 +0100 debian/libmarkdown2-dev.manpages0000644000000000000000000000012313345012632014045 0ustar markdown.3 mkd-callbacks.3 mkd-functions.3 mkd-line.3 markdown.7 mkd-extensions.7 debian/compat0000644000000000000000000000000213345012632010363 0ustar 9 debian/rules0000755000000000000000000000060313345012632010244 0ustar #!/usr/bin/make -f #export DH_VERBOSE=1 %: dh $@ CFLAGS += $(dpkg-buildflags --get CPPFLAGS) override_dh_auto_configure: ./configure.sh --shared \ --with-id-anchor \ --with-github-tags \ --with-fenced-code \ --with-dl=both override_dh_auto_install: dh_install override_dh_strip: dh_strip -plibmarkdown2 --dbg-package=libmarkdown2-dbg dh_strip --remaining-packages debian/patches/0000755000000000000000000000000013345012632010614 5ustar debian/patches/series0000644000000000000000000000013413345012632012027 0ustar 01_honour-build-flags.patch CVE-2018-11458-CVE-2018-11503-CVE-2018-11504-CVE-2018-124.patch debian/patches/CVE-2018-11458-CVE-2018-11503-CVE-2018-11504-CVE-2018-124.patch0000644000000000000000000000140213345012632017753 0ustar From: Markus Koschany Date: Sat, 8 Sep 2018 21:36:31 +0200 Subject: CVE-2018-11458-CVE-2018-11503-CVE-2018-11504-CVE-2018-12495 Bug-Debian: https://bugs.debian.org/901912 Bug-Upstream: https://github.com/Orc/discount/issues/189 Origin: https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974 --- markdown.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/markdown.c b/markdown.c index 13c4d66..52ed056 100644 --- a/markdown.c +++ b/markdown.c @@ -170,8 +170,10 @@ splitline(Line *t, int cutpoint) tmp->next = t->next; t->next = tmp; - tmp->dle = t->dle; SUFFIX(tmp->text, T(t->text)+cutpoint, S(t->text)-cutpoint); + EXPAND(tmp->text) = 0; + S(tmp->text)--; + S(t->text) = cutpoint; } } debian/patches/01_honour-build-flags.patch0000644000000000000000000000300713345012632015636 0ustar Description: Always honour CFLAGS, CPPFLAGS and LDFLAGS Origin: vendor Forwarded: no Author: Alessandro Ghedini Reviewed-by: Alessandro Ghedini Last-Update: 2012-06-03 --- a/configure.inc +++ b/configure.inc @@ -407,23 +407,15 @@ if [ "$CFLAGS" ]; then test "$CFLAGS" && echo "validating CFLAGS=${CFLAGS}" - if $AC_CC $CFLAGS -o ngc$$.o ngc$$.c ; then - AC_CFLAGS=${CFLAGS:-"-g"} - test "$CFLAGS" && echo "CFLAGS=\"${CFLAGS}\" are okay" - elif [ "$CFLAGS" ]; then - echo "ignoring bogus CFLAGS=\"${CFLAGS}\"" - fi + AC_CFLAGS=${CFLAGS:-"-g"} + test "$CFLAGS" && echo "CFLAGS=\"${CFLAGS}\" are okay" else AC_CFLAGS=-g fi if [ "$LDFLAGS" ]; then test "$LDFLAGS" && echo "validating LDFLAGS=${LDFLAGS}" - if $AC_CC $LDFLAGS -o ngc$$ ngc$$.o; then - AC_LDFLAGS=${LDFLAGS:-"-g"} - test "$LDFLAGS" && TLOG "LDFLAGS=\"${LDFLAGS}\" are okay" - elif [ "$LDFLAGS" ]; then - TLOG "ignoring bogus LDFLAGS=\"${LDFLAGS}\"" - fi + AC_LDFLAGS=${LDFLAGS:-"-g"} + test "$LDFLAGS" && TLOG "LDFLAGS=\"${LDFLAGS}\" are okay" else AC_LDFLAGS=${CFLAGS:-"-g"} fi @@ -1299,7 +1291,7 @@ FULLNAME=\$LIBNAME.\$VERSION case "\$ACTION" in -make) FLAGS="$AC_CFLAGS -shared" +make) FLAGS="$AC_CFLAGS $AC_LDFLAGS -shared" unset VFLAGS test "$USE_SONAME" && VFLAGS="-Wl,-soname,\$LIBNAME.\$MAJOR" --- a/Makefile.in +++ b/Makefile.in @@ -1,5 +1,5 @@ CC=@CC@ -I. -LFLAGS=-L. +LFLAGS=-L. $(LDFLAGS) CFLAGS=@CFLAGS@ AR=@AR@ RANLIB=@RANLIB@ debian/control0000644000000000000000000000431613345012632010574 0ustar Source: discount Section: text Priority: optional Maintainer: Alessandro Ghedini Build-Depends: debhelper (>= 9) Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/discount.git Vcs-Git: git://anonscm.debian.org/collab-maint/discount.git Homepage: http://www.pell.portland.or.us/~orc/Code/discount/ Package: discount Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libmarkdown2 (= ${binary:Version}) Conflicts: markdown, libtext-markdown-perl Description: implementation of the Markdown markup language in C Discount is an implementation of John Gruber's Markdown markup language. It implements all of the language described in the Markdown syntax document and passes the Markdown 1.0 test suite. . This package provides the discount excutables. Package: libmarkdown2 Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same Description: implementation of the Markdown markup language in C (library) Discount is an implementation of John Gruber's Markdown markup language. It implements all of the language described in the Markdown syntax document and passes the Markdown 1.0 test suite. . This package provides the libmarkdown generated from discount. Package: libmarkdown2-dev Section: libdevel Architecture: any Depends: ${misc:Depends}, libmarkdown2 (= ${binary:Version}) Multi-Arch: same Description: implementation of the Markdown markup language in C (dev files) Discount is an implementation of John Gruber's Markdown markup language. It implements all of the language described in the Markdown syntax document and passes the Markdown 1.0 test suite. . This package provides the development file for libmarkdown. Package: libmarkdown2-dbg Priority: extra Section: debug Architecture: any Depends: ${misc:Depends}, libmarkdown2 (= ${binary:Version}) Multi-Arch: same Description: implementation of Markdown markup language in C (debug) Discount is an implementation of John Gruber's Markdown markup language. It implements all of the language described in the Markdown syntax document and passes the Markdown 1.0 test suite. . This package provide the debugging symbols for discount. debian/libmarkdown2.install0000755000000000000000000000007613345012632013156 0ustar #!/bin/sh echo libmarkdown.so.* usr/lib/$DEB_HOST_MULTIARCH debian/source/0000755000000000000000000000000013345012632010465 5ustar debian/source/format0000644000000000000000000000001413345012632011673 0ustar 3.0 (quilt) debian/clean0000644000000000000000000000005013345012632010165 0ustar cols echo mktags blocktags librarian.sh debian/copyright0000644000000000000000000000436513345012632011130 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Discount Upstream-Contact: David Parsons Source: http://www.pell.portland.or.us/~orc/Code/discount/ Files: * Copyright: 2007, David Loren Parsons License: BSD-2-clause Files: configure.inc Copyright: 1999-2007, David Loren Parsons License: BSD-2-clause Files: css.c Copyright: 2009, David Loren Parsons License: BSD-2-clause Files: emmatch.c Copyright: 2010, David Loren Parsons License: BSD-2-clause Files: pgm_options.c Copyright: 2007-2011, David L Parsons License: BSD-2-clause Files: toc.c Copyright: 2008, Jjgod Jiang, David L Parsons 2011, Stefano D'Angelo License: BSD-2-clause Files: debian/* Copyright: 2011, Alessandro Ghedini License: BSD-2-clause License: BSD-2-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of works must retain the original copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the original copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither my name (David L Parsons) nor the names of contributors to this code may be used to endorse or promote products derived from this work without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/libmarkdown2.symbols0000644000000000000000000000321513345012632013173 0ustar libmarkdown.so.2 libmarkdown2 #MINVER# Csprintf@Base 2.0.6 Csputc@Base 2.0.6 Csreparse@Base 2.0.6 Cswrite@Base 2.0.6 ___mkd_emblock@Base 2.0.6 ___mkd_freeLine@Base 2.0.6 ___mkd_freeLineRange@Base 2.0.6 ___mkd_freeLines@Base 2.0.6 ___mkd_freeParagraph@Base 2.0.6 ___mkd_freefootnote@Base 2.0.6 ___mkd_freefootnotes@Base 2.0.6 ___mkd_freemmiot@Base 2.0.6 ___mkd_initmmiot@Base 2.0.6 ___mkd_reparse@Base 2.0.6 ___mkd_tidy@Base 2.0.6 __mkd_enqueue@Base 2.1.5 __mkd_footsort@Base 2.0.6 __mkd_header_dle@Base 2.1.5 __mkd_io_strget@Base 2.1.5 __mkd_new_Document@Base 2.1.5 extratags@Base 2.1.1.3 gfm_in@Base 2.1.5 gfm_populate@Base 2.1.5 gfm_string@Base 2.1.5 markdown@Base 2.0.6 markdown_version@Base 2.0.6 mkd_basename@Base 2.0.6 mkd_cleanup@Base 2.0.6 mkd_compile@Base 2.0.6 mkd_css@Base 2.0.6 mkd_deallocate_tags@Base 2.0.6 mkd_define_tag@Base 2.0.6 mkd_doc_author@Base 2.0.6 mkd_doc_date@Base 2.0.6 mkd_doc_title@Base 2.0.6 mkd_document@Base 2.0.6 mkd_dump@Base 2.0.6 mkd_e_data@Base 2.0.6 mkd_e_flags@Base 2.0.6 mkd_e_free@Base 2.0.6 mkd_e_url@Base 2.0.6 mkd_firstnonblank@Base 2.0.6 mkd_flags_are@Base 2.0.6 mkd_generatecss@Base 2.0.6 mkd_generatehtml@Base 2.0.6 mkd_generateline@Base 2.0.6 mkd_generatetoc@Base 2.0.6 mkd_generatexml@Base 2.0.6 mkd_in@Base 2.0.6 mkd_initialize@Base 2.0.6 mkd_line@Base 2.0.6 mkd_mmiot_flags@Base 2.0.6 mkd_ref_prefix@Base 2.0.8 mkd_search_tags@Base 2.0.6 mkd_shlib_destructor@Base 2.0.6 mkd_sort_tags@Base 2.0.6 mkd_string@Base 2.0.6 mkd_string_to_anchor@Base 2.0.6 mkd_toc@Base 2.0.6 mkd_with_html5_tags@Base 2.0.6 mkd_xhtmlpage@Base 2.0.6 mkd_xml@Base 2.0.6 populate@Base 2.0.6 debian/discount.install0000644000000000000000000000011113345012632012376 0ustar markdown usr/bin makepage usr/bin mkd2html usr/bin theme usr/bin debian/watch0000644000000000000000000000021213345012632010211 0ustar version=3 opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/discount-$1.tar.gz/ \ https://github.com/Orc/discount/tags .*/v?(\d\S*)\.tar\.gz debian/libmarkdown2-dev.install0000755000000000000000000000015113345012632013724 0ustar #!/bin/sh echo mkdio.h usr/include/$DEB_HOST_MULTIARCH echo libmarkdown.so usr/lib/$DEB_HOST_MULTIARCH debian/discount.manpages0000644000000000000000000000005113345012632012526 0ustar makepage.1 markdown.1 mkd2html.1 theme.1