--- tidy-20091223cvs.orig/debian/README.Debian +++ tidy-20091223cvs/debian/README.Debian @@ -0,0 +1,11 @@ +tidy documentation can be found in the tidy-doc package. +also see tidy manpage. + +more documentation can be found at the following links: +* Tidy - http://tidy.sourceforge.net/#docs +* Accessibility - http://www.aprompt.ca/Tidy/ + +config file is /etc/tidy.conf or ~/.tidyrc + +-- +Jason Thomas --- tidy-20091223cvs.orig/debian/README.source +++ tidy-20091223cvs/debian/README.source @@ -0,0 +1,23 @@ +Building a new tarball from upstream cvs +---------------------------------------- + +* update tidy from cvs +cd tidy +cvs update +cd .. + +* make a copy +cp -a tidy tidy-YYYYMMDDcvs + +* setup the autoconf scripts +cd tidy-YYYYMMDDcvs +/bin/sh build/gnuauto/setup.sh + +* clean up the source directory +rm -rf build +rm -rf autom4te.cache +find -name "CVS*" -exec rm -rf {} \; +cd .. + +* build the tarball +tar czf tidy_YYYYMMDDcvs.orig.tar.gz tidy-YYYYMMDDcvs --- tidy-20091223cvs.orig/debian/changelog +++ tidy-20091223cvs/debian/changelog @@ -0,0 +1,403 @@ +tidy (20091223cvs-1.5) unstable; urgency=high + + [ Alessandro Ghedini ] + * Fix heap buffer overflow and memory saturation on invalid HTML input + as per CVE-2015-5522 and CVE-2015-5523 (Closes: #792571) + + -- Salvatore Bonaccorso Mon, 20 Jul 2015 16:33:00 +0200 + +tidy (20091223cvs-1.4) unstable; urgency=medium + + * Non-maintainer upload. + * Build using dh-autoreconf. + + -- Matthias Klose Fri, 08 Aug 2014 13:26:56 +0200 + +tidy (20091223cvs-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * Drop unnecessary build dep on automake1.9 and autoconf. (Closes: + #724441) + + -- Eric Dorland Sat, 08 Mar 2014 21:16:26 -0500 + +tidy (20091223cvs-1.2) unstable; urgency=low + + * Non-maintainer upload. + * For some reasons 20091223cvs-1.1 always gets rejected, probably due to + the special character in Loics name, but the upload get's rejected even + if I fix the previous changelog entry. So let's see if creating a new + one fixes the issue. + + -- Alexander Reichle-Schmehl Tue, 13 Dec 2011 15:19:30 +0100 + +tidy (20091223cvs-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Apply patch by Loic Minier: + * New patch, 10format-warnings, fixes FTBFS with -Werror=format-security; + essentially calls to messageNode() declared printf-alike with a variable + fmt string, but no subsequent argument; the patch passes "%s" as format + and fmt as the only argument; this merely protects this class of calls, + but not the ones with e.g. always one argument or always two arguments. + Tested by running tidy on some text and HTML files; warnings still seem to + be output correctly; (Closes: #645300). + * Use CURDIR instead of CURDUR in rules. + * rules: only append to LD_LIBRARY_PATH, don't reset it, as fakeroot relies + on it. + * Set urgenceny to medium due to rc bug fix + + -- Alexander Reichle-Schmehl Sat, 03 Dec 2011 10:57:47 +0100 + +tidy (20091223cvs-1) unstable; urgency=low + + * New cvs snapshot + * debian/compat: increased from 4 to 7 + * debian/control: + - updated standards-version from 3.8.0.0 to 3.8.3.0 + - updated build-depends on debhelper from 4 to 7 + - libtidy-dev, added binary version for dependency on libtidy, + (>= ${binary:Version}) + - tidy, updated binary version for dependency on libtidy, + (= ${binary:Version}) + + -- Jason Thomas Wed, 23 Dec 2009 12:19:13 +1100 + +tidy (20081224cvs-1) unstable; urgency=low + + * New cvs snapshot + * debian/control: add debhelper ${misc:Depends} to all packages + - add versioned depend on libtidy-0.99-0 (>= 20081224cvs-1) for tidy + (closes: #470764) + - add Homepage field + - update standards-version from 3.7.3.0 to 3.8.0.0 + * debian/tidy-doc.doc-base: change section from App/Text to Web Development + * debian/tidy.postinst + tidy.preinst: set the -e flag + * debian/README.source: new, how to build source tarball from upstream + * debian/README.Debian: add urls to more documentation + (closes: #353912) + * debian/patches/03overview-tab-size.patch: add patch to fix tab-size + (closes: #353907) + * tidy doc has been built from same source as tidy for a while + (closes: #364960) + * debian/rules: + - add -xml-config to generated manpage + - clean up generated files + (closes: #471107) + * manpage: -latin0 options has correct info as of 20080116cvs-1 + (closes: #506394 ) + + -- Jason Thomas Wed, 24 Dec 2008 13:25:54 +1100 + +tidy (20080116cvs-2) unstable; urgency=low + + * debian/control: build depends on xsltproc + (closes: #461608) + * debian/tidy.preinst,postinst: add code to move old config file + (closes: #461623) + + -- Jason Thomas Sun, 20 Jan 2008 21:46:03 +1100 + +tidy (20080116cvs-1) unstable; urgency=low + + * New cvs snapshot + (closes: #364961, #435101) + * Re-generate patches + - 01config_file.patch + - tidy_20040811-1.diff renamed to 02FTBS_kfreebsd-gnu.patch + * We now generate the tidy manpage from the tidy binary. + (closes: #379464, #364963) + * Updated standards-version from 3.6.2.0 to 3.7.3.0 + * debian/tidy.install - moved tidy.conf /etc/ + (closes: #407833) + * sample tidy.conf now contains no entries, see manpage for examples + + -- Jason Thomas Sat, 19 Jan 2008 19:27:58 +1100 + +tidy (20051018-1) unstable; urgency=low + + * New upstream release + (closes: #333444) + * debian/tidy.install: added debian/tidy.conf /etc/tidy/ + (closes: #308883) + * debian/control: changed libtidy0 to libtidy-0.99-0 + * updated manpage + (closes: #224427) + + -- Jason Thomas Thu, 20 Oct 2005 10:26:07 +1000 + +tidy (20050415-1) unstable; urgency=low + + * New upstream release + + -- Jason Thomas Wed, 20 Apr 2005 11:22:49 +1000 + +tidy (20040811-2) unstable; urgency=low + + * debian/patches/tidy_20040811-1.diff: fixes FTBS on kfreebsd-gnu + (closes: #269524) + + -- Jason Thomas Thu, 2 Sep 2004 10:32:22 +1000 + +tidy (20040811-1) unstable; urgency=low + + * New upstream release + + -- Jason Thomas Thu, 19 Aug 2004 14:42:01 +1000 + +tidy (20040720-1) unstable; urgency=low + + * New upstream release + (closes: #259925) + + -- Jason Thomas Thu, 22 Jul 2004 17:21:09 +1000 + +tidy (20040312-2) unstable; urgency=low + + * debian/libtidy0.install: add debian/tmp/usr/lib/libtidy.so symlink + (closes: #247488) + + -- Jason Thomas Sat, 15 May 2004 14:47:54 +1000 + +tidy (20040312-1) unstable; urgency=low + + * New upstream release + * debian/rules: changed to use cdbs + * debian/control: build depends cdbs + * debian/makeclean: removed this as we now setup up the autoconf build + system before packaging. + + -- Jason Thomas Wed, 14 Apr 2004 23:55:38 +1000 + +tidy (20031001-3) unstable; urgency=low + + * debian/control: corrected sections for libtidy-dev and libtidy0 + + -- Jason Thomas Wed, 10 Dec 2003 10:22:25 +1100 + +tidy (20031001-2) unstable; urgency=low + + * FTBS, added missing build-depends, autoconf, automake, libtool, perl + (closes: #221378) + * debian/rules: changed debian/automake to 'perl debian/automake' + + -- Jason Thomas Tue, 18 Nov 2003 10:08:53 +1100 + +tidy (20031001-1) unstable; urgency=low + + * New upstream release. + * Updated standards-version + * Created seperate libtidy0 and libtidy-dev package. + (closes: #183089) + * Changed the way we build to use autotools so we can get the shared libs + + -- Jason Thomas Fri, 14 Nov 2003 16:51:01 +1100 + +tidy (20030716-3) unstable; urgency=low + + * debian/control: Suggests tidy-doc + (closes: #204069) + + -- Jason Thomas Mon, 25 Aug 2003 10:35:18 +1000 + +tidy (20030716-2) unstable; urgency=low + + * updated manpage + (closes: #194965, #196053, #200148) + + -- Jason Thomas Thu, 31 Jul 2003 13:27:52 +1000 + +tidy (20030716-1) unstable; urgency=low + + * New upstream release. + * Move docs to tidy-docs package. + * Removed unneeded patches 03copyright.patch 04indent.patch + * Updated config patch + * Added mention of tidy-doc package to man page, and README.Debian + + -- Jason Thomas Wed, 30 Jul 2003 11:16:18 +1000 + +tidy (20030305-1) unstable; urgency=low + + * New upstream release. + + -- Jason Thomas Fri, 7 Mar 2003 11:53:16 +1100 + +tidy (20030208-2) unstable; urgency=low + + * Added temporary patch to fix indentation problem + + -- Jason Thomas Tue, 18 Feb 2003 09:58:35 +1100 + +tidy (20030208-1) unstable; urgency=low + + * New upstream version. + * removed manpage patch as upstream no longer includes manpage. + * created own manpage using help2man. + * updated standards version to 3.5.8 + * increase debhelper build-depends to 4 + * cleaned up debian/rules. + * removed unneeded tidy.conffiles + * fixed up lintian errors. + + -- Jason Thomas Mon, 17 Feb 2003 12:28:29 +1100 + +tidy (20020301-1) unstable; urgency=low + + * New upstream version. + * fix '--add-xml-decl yes --add-xml-space yes' crash bug + thanks to Cesar Eduardo Barros + and upstream. + (closes: #137124) + + -- Jason Thomas Fri, 8 Mar 2002 10:58:30 +1100 + +tidy (20020202-1) unstable; urgency=low + + * New upstream version. + (closes: #131908, #111026, #75554) + * changed to apply and remove patches at build time + + -- Jason Thomas Mon, 4 Feb 2002 19:03:42 +1100 + +tidy (20000804-5) unstable; urgency=low + + * forgot to uncomment #define in platform.h which allows the use of + ~/.tidyrc + (closes: #105355) + + -- Jason Thomas Thu, 16 Aug 2001 17:12:11 +1000 + +tidy (20000804-4) unstable; urgency=low + + * removed mention of GPL from debian/copyright + (closes: #106681) + + -- Jason Thomas Fri, 27 Jul 2001 10:41:49 +1000 + +tidy (20000804-3) unstable; urgency=low + + * New maintainer + * Enabled default configuration file /etc/tidy.conf + and added default configuration file /etc/tidy.conf + and modified manpage to mention default configuration + ( closes: #95218 ) + * configuration file supports '#' and '//' as comment. + * changed to use dh_installman + * remove debuging option from rules file, if anyone actually uses this let me + know + * changed to standards-version 3.5.5 + * changed the copyright file + * changed debian rules file so it's more like the other packages I maintain. + + -- Jason Thomas Thu, 14 Jun 2001 15:16:19 +1000 + +tidy (20000804-2) unstable; urgency=low + + * Orphaning. + * Moved to debhelper 3. + * Conforms to Standards version 3.5.4. + + -- Matej Vela Wed, 2 May 2001 07:53:08 +0200 + +tidy (20000804-1) unstable; urgency=low + + * New upstream version. Closes: Bug#79626. + * Conforms to Standards version 3.2.1: + * debian/rules: Supports `debug' and `nostrip' build options. + * debian/control: No longer suggests lynx because it doesn't seem + relevant. (Feel free to contact me if you disagree.) + + -- Matej Vela Mon, 18 Dec 2000 04:25:16 +0100 + +tidy (20000430-1) unstable; urgency=low + + * New upstream version. + * Overview.html: Link to tidy.c changed to point to copyright. + Closes: Bug#63647. + * debian/copyright: Updated. + + -- Matej Vela Sat, 6 May 2000 12:05:22 +0200 + +tidy (20000113-1) unstable; urgency=low + + * New upstream version. + + -- Matej Vela Thu, 13 Jan 2000 19:15:52 +0100 + +tidy (20000112-1) unstable; urgency=low + + * New upstream version. + * Makefile: Corrected the clean target. + + -- Matej Vela Thu, 13 Jan 2000 12:20:21 +0100 + +tidy (19991130-1) unstable; urgency=low + + * New upstream version. + * Conforms to Standards version 3.1.1. + + -- Matej Vela Wed, 1 Dec 1999 07:50:50 +0100 + +tidy (19991124-1) unstable; urgency=low + + * New upstream version. + * Updated the manual page. + * Conforms to Standards version 3.1.0: + * debian/control: Added build dependancies. + + -- Matej Vela Thu, 25 Nov 1999 18:36:31 +0100 + +tidy (19991022-1) unstable; urgency=low + + * New upstream version. Closes: Bug#47241. + * Overview.html, release-notes.html: Removed references to grid.gif + and tidy.gif which are no longer included in the pristine source. + + -- Matej Vela Sat, 23 Oct 1999 19:51:08 +0200 + +tidy (19990927-1) unstable; urgency=low + + * New upstream version. + + -- Matej Vela Wed, 29 Sep 1999 20:06:12 +0200 + +tidy (19990726-3) unstable; urgency=low + + * New maintainer. + * Wrote tidy(1). Closes: Bug#41445. + * Using `-O2 -g -Wall' for CFLAGS as mandated by Policy. + * Added doc-base support. + * Makefile: Corrected the clean target. + + -- Matej Vela Wed, 22 Sep 1999 12:38:30 +0200 + +tidy (19990726-2) unstable; urgency=low + + * Updated to Standards-Version: 3.0.1.1. + + -- Johnie Ingram Sat, 18 Sep 1999 04:26:04 -0500 + +tidy (19990726-1) unstable; urgency=low + + * New upstream version, closes: #41114. + * Corrected URL in copyright file, closes: #41102. + * Updated to Standards-Version 3.0.1.0. + + -- Johnie Ingram Thu, 5 Aug 1999 03:47:07 -0500 + +tidy (19990415-1) unstable; urgency=low + + * New upstream version, closes: #39020. + + -- Johnie Ingram Wed, 9 Jun 1999 12:54:06 -0400 + +tidy (19981113-1) unstable; urgency=low + + * Initial Release. + + -- Johnie Ingram Fri, 11 Dec 1998 01:01:32 -0500 + +Local variables: +mode: debian-changelog +End: --- tidy-20091223cvs.orig/debian/compat +++ tidy-20091223cvs/debian/compat @@ -0,0 +1 @@ +7 --- tidy-20091223cvs.orig/debian/control +++ tidy-20091223cvs/debian/control @@ -0,0 +1,87 @@ +Source: tidy +Section: web +Priority: optional +Maintainer: Jason Thomas +Build-Depends: debhelper (>= 7), cdbs, libtool, perl, xsltproc, dh-autoreconf +Standards-Version: 3.8.3.0 +Homepage: http://tidy.sourceforge.net/ + +Package: tidy +Section: web +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends}, libtidy-0.99-0 (>= ${binary:Version}) +Suggests: tidy-doc +Description: HTML syntax checker and reformatter + Corrects markup in a way compliant with the latest standards, and + optimal for the popular browsers. It has a comprehensive knowledge + of the attributes defined in the HTML 4.0 recommendation from W3C, + and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 + family of 7-bit encodings. In the output: + . + * HTML entity names for characters are used when appropriate. + * Missing attribute quotes are added, and mismatched quotes found. + * Tags lacking a terminating '>' are spotted. + * Proprietary elements are recognized and reported as such. + * The page is reformatted, from a choice of indentation styles. + . + Tidy is a product of the World Wide Web Consortium. + +Package: libtidy-0.99-0 +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Conflicts: libtidy0 +Description: HTML syntax checker and reformatter - library + Corrects markup in a way compliant with the latest standards, and + optimal for the popular browsers. It has a comprehensive knowledge + of the attributes defined in the HTML 4.0 recommendation from W3C, + and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 + family of 7-bit encodings. In the output: + . + * HTML entity names for characters are used when appropriate. + * Missing attribute quotes are added, and mismatched quotes found. + * Tags lacking a terminating '>' are spotted. + * Proprietary elements are recognized and reported as such. + * The page is reformatted, from a choice of indentation styles. + . + Tidy is a product of the World Wide Web Consortium. + +Package: libtidy-dev +Section: libdevel +Architecture: any +Depends: libtidy-0.99-0 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Description: HTML syntax checker and reformatter - development + Corrects markup in a way compliant with the latest standards, and + optimal for the popular browsers. It has a comprehensive knowledge + of the attributes defined in the HTML 4.0 recommendation from W3C, + and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 + family of 7-bit encodings. In the output: + . + * HTML entity names for characters are used when appropriate. + * Missing attribute quotes are added, and mismatched quotes found. + * Tags lacking a terminating '>' are spotted. + * Proprietary elements are recognized and reported as such. + * The page is reformatted, from a choice of indentation styles. + . + Tidy is a product of the World Wide Web Consortium. + +Package: tidy-doc +Section: doc +Architecture: all +Depends: ${misc:Depends}, ${shlibs:Depends} +Conflicts: tidy (<< 20030716-1) +Suggests: tidy +Description: HTML syntax checker and reformatter - documentation + Corrects markup in a way compliant with the latest standards, and + optimal for the popular browsers. It has a comprehensive knowledge + of the attributes defined in the HTML 4.0 recommendation from W3C, + and understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 + family of 7-bit encodings. In the output: + . + * HTML entity names for characters are used when appropriate. + * Missing attribute quotes are added, and mismatched quotes found. + * Tags lacking a terminating '>' are spotted. + * Proprietary elements are recognized and reported as such. + * The page is reformatted, from a choice of indentation styles. + . + Tidy is a product of the World Wide Web Consortium. --- tidy-20091223cvs.orig/debian/copyright +++ tidy-20091223cvs/debian/copyright @@ -0,0 +1,51 @@ +This package was redebianized by Jason Thomas on + +It was downloaded from http://tidy.sourceforge.net/ + +Upstream Author: Dave Raggett + +Copyright: + + Copyright (c) 1998-2007 World Wide Web Consortium + (Massachusetts Institute of Technology, European Research + Consortium for Informatics and Mathematics, Keio University). + All Rights Reserved. + + Contributing Author(s): + + Dave Raggett + + The contributing author(s) would like to thank all those who + helped with testing, bug fixes and suggestions for improvements. + This wouldn't have been possible without your help. + + COPYRIGHT NOTICE: + + This software and documentation is provided "as is," and + the copyright holders and contributing author(s) make no + representations or warranties, express or implied, including + but not limited to, warranties of merchantability or fitness + for any particular purpose or that the use of the software or + documentation will not infringe any third party patents, + copyrights, trademarks or other rights. + + The copyright holders and contributing author(s) will not be held + liable for any direct, indirect, special or consequential damages + arising out of any use of the software or documentation, even if + advised of the possibility of such damage. + + Permission is hereby granted to use, copy, modify, and distribute + this source code, or portions hereof, documentation and executables, + for any purpose, without fee, subject to the following restrictions: + + 1. The origin of this source code must not be misrepresented. + 2. Altered versions must be plainly marked as such and must + not be misrepresented as being the original source. + 3. This Copyright notice may not be removed or altered from any + source or altered source distribution. + + The copyright holders and contributing author(s) specifically + permit, without fee, and encourage the use of this source code + as a component for supporting the Hypertext Markup Language in + commercial products. If you use this source code in a product, + acknowledgment is not required but would be appreciated. --- tidy-20091223cvs.orig/debian/libtidy-0.99-0.install +++ tidy-20091223cvs/debian/libtidy-0.99-0.install @@ -0,0 +1,2 @@ +debian/tmp/usr/lib/libtidy-0.99.so.* +debian/tmp/usr/lib/libtidy.so --- tidy-20091223cvs.orig/debian/libtidy-dev.install +++ tidy-20091223cvs/debian/libtidy-dev.install @@ -0,0 +1,3 @@ +debian/tmp/usr/include/* usr/include/tidy +debian/tmp/usr/lib/libtidy.a +debian/tmp/usr/lib/libtidy.la --- tidy-20091223cvs.orig/debian/patches/01config_file.patch +++ tidy-20091223cvs/debian/patches/01config_file.patch @@ -0,0 +1,27 @@ +diff -Naur tidy-cvs20080116.orig/include/platform.h tidy-cvs20080116/include/platform.h +--- tidy-cvs20080116.orig/include/platform.h 2007-02-11 20:45:52.000000000 +1100 ++++ tidy-cvs20080116/include/platform.h 2008-01-16 13:29:23.000000000 +1100 +@@ -26,6 +26,7 @@ + /* #define TIDY_CONFIG_FILE "/etc/tidy_config.txt" */ /* original */ + /* #define TIDY_CONFIG_FILE "/etc/tidyrc" */ + /* #define TIDY_CONFIG_FILE "/etc/tidy.conf" */ ++#define TIDY_CONFIG_FILE "/etc/tidy.conf" + + /* + Uncomment the following #define if you are on a system +@@ -34,6 +35,7 @@ + the HTML_TIDY environment variable is not set. + */ + /* #define TIDY_USER_CONFIG_FILE "~/.tidyrc" */ ++#define TIDY_USER_CONFIG_FILE "~/.tidyrc" + + /* + Uncomment the following #define if your +@@ -49,6 +51,7 @@ + */ + + /* #define SUPPORT_GETPWNAM */ ++#define SUPPORT_GETPWNAM + + + /* Enable/disable support for Big5 and Shift_JIS character encodings */ --- tidy-20091223cvs.orig/debian/patches/02FTBS_kfreebsd-gnu.patch +++ tidy-20091223cvs/debian/patches/02FTBS_kfreebsd-gnu.patch @@ -0,0 +1,12 @@ +diff -Naur tidy-cvs20080116.orig/include/platform.h tidy-cvs20080116/include/platform.h +--- tidy-cvs20080116.orig/include/platform.h 2007-02-11 20:45:52.000000000 +1100 ++++ tidy-cvs20080116/include/platform.h 2008-01-16 13:33:33.000000000 +1100 +@@ -215,7 +215,7 @@ + + #endif + +-#elif defined(linux) || defined(__linux__) ++#elif defined(linux) || defined(__linux__) || defined(__GNU__) || defined(__GLIBC__) + /* generic Linux */ + #define LINUX_OS + #ifndef PLATFORM_NAME --- tidy-20091223cvs.orig/debian/patches/03overview-tab-size.patch +++ tidy-20091223cvs/debian/patches/03overview-tab-size.patch @@ -0,0 +1,12 @@ +diff -Naur tidy-20081224cvs.orig/htmldoc/Overview.html tidy-20081224cvs/htmldoc/Overview.html +--- tidy-20081224cvs.orig/htmldoc/Overview.html 2007-01-02 04:52:20.000000000 +1100 ++++ tidy-20081224cvs/htmldoc/Overview.html 2008-12-24 11:17:28.000000000 +1100 +@@ -758,7 +758,7 @@ +
tab-size: number
+ +
Sets the number of columns between successive tab stops. The +-default is 4. It is used to map tabs to spaces when reading ++default is 8. It is used to map tabs to spaces when reading + files. Tidy never outputs files with tabs.
+ +
indent: no, yes or auto
--- tidy-20091223cvs.orig/debian/patches/10format-warnings.patch +++ tidy-20091223cvs/debian/patches/10format-warnings.patch @@ -0,0 +1,57 @@ +diff --git a/src/localize.c b/src/localize.c +index b832c23..e8c8027 100644 +--- a/src/localize.c ++++ b/src/localize.c +@@ -1373,14 +1373,14 @@ void TY_(ReportAccessWarning)( TidyDocImpl* doc, Node* node, uint code ) + { + ctmbstr fmt = GetFormatFromCode(code); + doc->badAccess |= BA_WAI; +- messageNode( doc, TidyAccess, node, fmt ); ++ messageNode( doc, TidyAccess, node, "%s", fmt ); + } + + void TY_(ReportAccessError)( TidyDocImpl* doc, Node* node, uint code ) + { + ctmbstr fmt = GetFormatFromCode(code); + doc->badAccess |= BA_WAI; +- messageNode( doc, TidyAccess, node, fmt ); ++ messageNode( doc, TidyAccess, node, "%s", fmt ); + } + + #endif /* SUPPORT_ACCESSIBILITY_CHECKS */ +@@ -1399,7 +1399,7 @@ void TY_(ReportWarning)(TidyDocImpl* doc, Node *element, Node *node, uint code) + switch (code) + { + case NESTED_QUOTATION: +- messageNode(doc, TidyWarning, rpt, fmt); ++ messageNode(doc, TidyWarning, rpt, "%s", fmt); + break; + + case OBSOLETE_ELEMENT: +@@ -1480,7 +1480,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code) + case INCONSISTENT_NAMESPACE: + case DOCTYPE_AFTER_TAGS: + case DTYPE_NOT_UPPER_CASE: +- messageNode(doc, TidyWarning, rpt, fmt); ++ messageNode(doc, TidyWarning, rpt, "%s", fmt); + break; + + case COERCE_TO_ENDTAG: +@@ -1499,7 +1499,7 @@ void TY_(ReportError)(TidyDocImpl* doc, Node *element, Node *node, uint code) + case ENCODING_IO_CONFLICT: + case MISSING_DOCTYPE: + case SPACE_PRECEDING_XMLDECL: +- messageNode(doc, TidyWarning, node, fmt); ++ messageNode(doc, TidyWarning, node, "%s", fmt); + break; + + case TRIM_EMPTY_ELEMENT: +@@ -1548,7 +1548,7 @@ void TY_(ReportFatal)( TidyDocImpl* doc, Node *element, Node *node, uint code) + { + case SUSPECTED_MISSING_QUOTE: + case DUPLICATE_FRAMESET: +- messageNode(doc, TidyError, rpt, fmt); ++ messageNode(doc, TidyError, rpt, "%s", fmt); + break; + + case UNKNOWN_ELEMENT: --- tidy-20091223cvs.orig/debian/patches/11CVE-2015-5522.patch +++ tidy-20091223cvs/debian/patches/11CVE-2015-5522.patch @@ -0,0 +1,34 @@ +From c18f27a58792f7fbd0b30a0ff50d6b40a82f940d Mon Sep 17 00:00:00 2001 +From: Geoff McLane +Date: Wed, 3 Jun 2015 20:26:03 +0200 +Subject: [PATCH] Issue #217 - avoid len going negative, ever... + +--- + src/lexer.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/lexer.c b/src/lexer.c +index 376a3d8..664f806 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -3739,16 +3740,17 @@ static tmbstr ParseValue( TidyDocImpl* doc, ctmbstr name, + /* and prompts attributes unless --literal-attributes is set to yes */ + /* #994841 - Whitespace is removed from value attributes */ + +- if (munge && ++ /* Issue #217 - Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */ ++ if ((len > 0) && munge && + TY_(tmbstrcasecmp)(name, "alt") && + TY_(tmbstrcasecmp)(name, "title") && + TY_(tmbstrcasecmp)(name, "value") && + TY_(tmbstrcasecmp)(name, "prompt")) + { +- while (TY_(IsWhite)(lexer->lexbuf[start+len-1])) ++ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0)) + --len; + +- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len) ++ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0)) + { + ++start; + --len; --- tidy-20091223cvs.orig/debian/rules +++ tidy-20091223cvs/debian/rules @@ -0,0 +1,29 @@ +#! /usr/bin/make -f + +export AUTOMAKE=automake --foreign + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/autoreconf.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk + + +DOCDIR=htmldoc +HELPXML=$(DOCDIR)/tidy-help.xml +CONFIGXML=$(DOCDIR)/tidy-config.xml +MANXSL=$(DOCDIR)/tidy1.xsl +MANPAGE=debian/tidy.1 + +build/tidy:: + ## Generate manpage from tidy output + LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \ + $(CURDIR)/console/tidy -xml-help > $(HELPXML) + LD_LIBRARY_PATH=$${LD_LIBRARY_PATH:+$$LD_LIBRARY_PATH:}$(CURDIR)/src/.libs/ \ + $(CURDIR)/console/tidy -xml-config > $(CONFIGXML) + /usr/bin/xsltproc -o $(MANPAGE) $(MANXSL) $(HELPXML) + +clean:: + ## Clean up generated files + rm -f $(MANPAGE) + rm -f $(HELPXML) + rm -f $(CONFIGXML) --- tidy-20091223cvs.orig/debian/tidy-doc.doc-base +++ tidy-20091223cvs/debian/tidy-doc.doc-base @@ -0,0 +1,14 @@ +Document: tidy +Title: Clean up your Web pages with HTML TIDY +Author: Dave Raggett +Abstract: HTML TIDY validates, corrects, and pretty-prints HTML files + Tidy corrects markup in a way compliant with the latest standards, and + optimal for the popular browsers. It has a comprehensive knowledge of + the attributes defined in the HTML 4.0 recommendation from W3C, and + understands the US ASCII, ISO Latin-1, UTF-8 and the ISO 2022 family of + 7-bit encodings. +Section: Web Development + +Format: HTML +Index: /usr/share/doc/tidy-doc/htmldoc/Overview.html +Files: /usr/share/doc/tidy-doc/htmldoc/*.html --- tidy-20091223cvs.orig/debian/tidy-doc.docs +++ tidy-20091223cvs/debian/tidy-doc.docs @@ -0,0 +1 @@ +htmldoc/ --- tidy-20091223cvs.orig/debian/tidy.conf +++ tidy-20091223cvs/debian/tidy.conf @@ -0,0 +1,6 @@ +# This file is the default tidy configuration file +# /etc/tidy.conf + +# tidy - validate, correct, and pretty-print HTML files + +# see tidy manpage for config examples --- tidy-20091223cvs.orig/debian/tidy.install +++ tidy-20091223cvs/debian/tidy.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/tidy +debian/tidy.conf /etc/ --- tidy-20091223cvs.orig/debian/tidy.manpages +++ tidy-20091223cvs/debian/tidy.manpages @@ -0,0 +1 @@ +debian/tidy.1 --- tidy-20091223cvs.orig/debian/tidy.postinst +++ tidy-20091223cvs/debian/tidy.postinst @@ -0,0 +1,24 @@ +#!/bin/sh -e + +# Move a conffile without triggering a dpkg question +mv_conffile() { + OLDCONFFILE="$1" + NEWCONFFILE="$2" + + if [ -e "$OLDCONFFILE" ]; then + echo "Preserving user changes to $NEWCONFFILE ..." + mv -f "$NEWCONFFILE" "$NEWCONFFILE".dpkg-new + mv -f "$OLDCONFFILE" "$NEWCONFFILE" + fi +} + +case "$1" in +configure) + if dpkg --compare-versions "$2" le "$LASTVERSION"; then + mv_conffile "/etc/tidy/tidy.conf" "/etc/tidy.conf" + fi +esac + +#DEBHELPER# + +exit 0 --- tidy-20091223cvs.orig/debian/tidy.preinst +++ tidy-20091223cvs/debian/tidy.preinst @@ -0,0 +1,28 @@ +#!/bin/sh -e + +# Prepare to move a conffile without triggering a dpkg question +prep_mv_conffile() { + PKGNAME="$1" + CONFFILE="$2" + + if [ -e "$CONFFILE" ]; then + md5sum="`md5sum \"$CONFFILE\" | sed -e \"s/ .*//\"`" + old_md5sum="`dpkg-query -W -f='${Conffiles}' $PKGNAME | sed -n -e \"\\\\' $CONFFILE'{s/ obsolete$//;s/.* //p}\"`" + if [ "$md5sum" = "$old_md5sum" ]; then + rm -f "$CONFFILE" + fi + fi +} + +LASTVERSION=20051018-1 + +case "$1" in +install|upgrade) + if dpkg --compare-versions "$2" le "$LASTVERSION"; then + prep_mv_conffile tidy "/etc/tidy/tidy.conf" + fi +esac + +#DEBHELPER# + +exit 0