pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q3]: pkgsrc/www/ruby-loofah Pullup ticket #6074 - requeste...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1710a4518cd4
branches:  pkgsrc-2019Q3
changeset: 408105:1710a4518cd4
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Oct 23 11:33:38 2019 +0000

description:
Pullup ticket #6074 - requested by taca
www/ruby-loofah: seucurity fix

Revisions pulled up:
- www/ruby-loofah/Makefile                                      1.6
- www/ruby-loofah/PLIST                                         1.5
- www/ruby-loofah/distinfo                                      1.6

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Oct 22 16:24:20 UTC 2019

   Modified Files:
        pkgsrc/www/ruby-loofah: Makefile PLIST distinfo

   Log Message:
   www/ruby-loofah: update to 2.3.1

   ## 2.3.1 / 2019-10-22

   ### Security

   Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

   This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

   ## 2.3.0 / unreleased

   ### Features

   * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
   * Expand set of allowed CSS functions. [related to #122]
   * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
   * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
   * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
   * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

   ### Bug fixes

   * CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

   ### Deprecations / Name Changes

   The following method and constants are hereby deprecated, and will be completely removed in a future release:

   * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
   * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
   * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

   Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.

diffstat:

 www/ruby-loofah/Makefile |   4 ++--
 www/ruby-loofah/PLIST    |   5 +++--
 www/ruby-loofah/distinfo |  10 +++++-----
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (54 lines):

diff -r 0b619566bd9e -r 1710a4518cd4 www/ruby-loofah/Makefile
--- a/www/ruby-loofah/Makefile  Tue Oct 22 11:08:17 2019 +0000
+++ b/www/ruby-loofah/Makefile  Wed Oct 23 11:33:38 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2018/11/01 16:11:45 taca Exp $
+# $NetBSD: Makefile,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $
 
-DISTNAME=      loofah-2.2.3
+DISTNAME=      loofah-2.3.1
 CATEGORIES=    www
 
 MAINTAINER=    minskim%NetBSD.org@localhost
diff -r 0b619566bd9e -r 1710a4518cd4 www/ruby-loofah/PLIST
--- a/www/ruby-loofah/PLIST     Tue Oct 22 11:08:17 2019 +0000
+++ b/www/ruby-loofah/PLIST     Wed Oct 23 11:33:38 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2018/11/01 16:11:45 taca Exp $
+@comment $NetBSD: PLIST,v 1.4.8.1 2019/10/23 11:33:38 bsiegert Exp $
 ${GEM_HOME}/cache/${GEM_NAME}.gem
 ${GEM_LIBDIR}/.gemtest
 ${GEM_LIBDIR}/CHANGELOG.md
@@ -18,8 +18,8 @@
 ${GEM_LIBDIR}/lib/loofah/html/document.rb
 ${GEM_LIBDIR}/lib/loofah/html/document_fragment.rb
 ${GEM_LIBDIR}/lib/loofah/html5/libxml2_workarounds.rb
+${GEM_LIBDIR}/lib/loofah/html5/safelist.rb
 ${GEM_LIBDIR}/lib/loofah/html5/scrub.rb
-${GEM_LIBDIR}/lib/loofah/html5/whitelist.rb
 ${GEM_LIBDIR}/lib/loofah/instance_methods.rb
 ${GEM_LIBDIR}/lib/loofah/metahelpers.rb
 ${GEM_LIBDIR}/lib/loofah/scrubber.rb
@@ -30,6 +30,7 @@
 ${GEM_LIBDIR}/test/assets/testdata_sanitizer_tests1.dat
 ${GEM_LIBDIR}/test/helper.rb
 ${GEM_LIBDIR}/test/html5/test_sanitizer.rb
+${GEM_LIBDIR}/test/html5/test_scrub.rb
 ${GEM_LIBDIR}/test/integration/test_ad_hoc.rb
 ${GEM_LIBDIR}/test/integration/test_helpers.rb
 ${GEM_LIBDIR}/test/integration/test_html.rb
diff -r 0b619566bd9e -r 1710a4518cd4 www/ruby-loofah/distinfo
--- a/www/ruby-loofah/distinfo  Tue Oct 22 11:08:17 2019 +0000
+++ b/www/ruby-loofah/distinfo  Wed Oct 23 11:33:38 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.5 2018/11/01 16:11:45 taca Exp $
+$NetBSD: distinfo,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $
 
-SHA1 (loofah-2.2.3.gem) = b907029ec05b39a8f239a83c443e5cf94baecfad
-RMD160 (loofah-2.2.3.gem) = 7da4488ecc2a3c341a3716e0286e556b20bde270
-SHA512 (loofah-2.2.3.gem) = 8e63e1d4e3719c2ffcc8cf3208dbdfa3eb6e328bb91fc8dc6de88c472aac47f1a22771928b08f3c6816c159c6a9672299823f5d48177ae543358e73444b8ac56
-Size (loofah-2.2.3.gem) = 65536 bytes
+SHA1 (loofah-2.3.1.gem) = 732be438c5a2a3c7e63a8f173b24b05f78df1ff2
+RMD160 (loofah-2.3.1.gem) = 382991856327a36978f2c47ccda2b1185338f412
+SHA512 (loofah-2.3.1.gem) = 188e84818abc3a3eed39afd66a75e7fa3c0a29f8ec957441f43f4cbfd962c8c3ea848e83f435a3d61ffc667273b5ff006df39d718b7631a11b62ae2d3f78b6ba
+Size (loofah-2.3.1.gem) = 68096 bytes



Home | Main Index | Thread Index | Old Index