CVS commit: [pkgsrc-2022Q4] pkgsrc/www/ruby-rails-html-sanitizer

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jan 15 19:57:02 UTC 2023

Modified Files:
        pkgsrc/www/ruby-rails-html-sanitizer [pkgsrc-2022Q4]: Makefile distinfo

Log Message:
Pullup ticket #6722 - requested by taca
www/ruby-rails-html-sanitizer: security fix

Revisions pulled up:
- www/ruby-rails-html-sanitizer/Makefile                        1.6
- www/ruby-rails-html-sanitizer/distinfo                        1.8

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Jan  3 15:19:14 UTC 2023

   Modified Files:
        pkgsrc/www/ruby-rails-html-sanitizer: Makefile distinfo

   Log Message:
   www/ruby-rails-html-sanitizer: update to 1.4.4

   1.4.4 (2022-12-13)

   * Address inefficient regular expression complexity with certain
     configurations of Rails::Html::Sanitizer.

     Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

     Mike Dalessio

   * Address improper sanitization of data URIs.

     Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

     Mike Dalessio

   * Address possible XSS vulnerability with certain configurations of
     Rails::Html::Sanitizer.

     Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

     Mike Dalessio

   * Address possible XSS vulnerability with certain configurations of
     Rails::Html::Sanitizer.

     Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

     Mike Dalessio


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.6.1 pkgsrc/www/ruby-rails-html-sanitizer/Makefile
cvs rdiff -u -r1.7 -r1.7.6.1 pkgsrc/www/ruby-rails-html-sanitizer/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/ruby-rails-html-sanitizer/Makefile
diff -u pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.5 pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.5.6.1
--- pkgsrc/www/ruby-rails-html-sanitizer/Makefile:1.5   Sun Jun 12 12:20:11 2022
+++ pkgsrc/www/ruby-rails-html-sanitizer/Makefile       Sun Jan 15 19:57:02 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2022/06/12 12:20:11 taca Exp $
+# $NetBSD: Makefile,v 1.5.6.1 2023/01/15 19:57:02 bsiegert Exp $
 
-DISTNAME=      rails-html-sanitizer-1.4.3
+DISTNAME=      rails-html-sanitizer-1.4.4
 CATEGORIES=    www
 
 MAINTAINER=    minskim%NetBSD.org@localhost
@@ -8,7 +8,7 @@ HOMEPAGE=       https://github.com/rails/rails
 COMMENT=       HTML sanitizer for Rails applications
 LICENSE=       mit
 
-DEPENDS+=      ${RUBY_PKGPREFIX}-loofah>=2.3<3:../../www/ruby-loofah
+DEPENDS+=      ${RUBY_PKGPREFIX}-loofah>=2.19<3:../../www/ruby-loofah
 
 USE_LANGUAGES= # empty
 

Index: pkgsrc/www/ruby-rails-html-sanitizer/distinfo
diff -u pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.7 pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.7.6.1
--- pkgsrc/www/ruby-rails-html-sanitizer/distinfo:1.7   Sun Jun 12 12:20:11 2022
+++ pkgsrc/www/ruby-rails-html-sanitizer/distinfo       Sun Jan 15 19:57:02 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.7 2022/06/12 12:20:11 taca Exp $
+$NetBSD: distinfo,v 1.7.6.1 2023/01/15 19:57:02 bsiegert Exp $
 
-BLAKE2s (rails-html-sanitizer-1.4.3.gem) = 110fc5e7b2557d3a8bb7d2424b072e62f7bb9d4dd6d5d6625c4033250a25626a
-SHA512 (rails-html-sanitizer-1.4.3.gem) = ead339d8ed5aefa737298d886a0db3c353254cfa57bdee7d2011f596ed2871dcad3bd16561728da2447e239fcaa908256bb6436493462bca6310a17a3812ffd9
-Size (rails-html-sanitizer-1.4.3.gem) = 17920 bytes
+BLAKE2s (rails-html-sanitizer-1.4.4.gem) = 36684c6c71abd83aa775f2d14d6ca7e24ac934bf3ca657f06981824b32ce9bf0
+SHA512 (rails-html-sanitizer-1.4.4.gem) = 9a6671334967078f744296ca273a8b44c0071d04c841fe626333bbb62c252b6688b5559079a47cda540f06bd35c924ede8d9ef092c775dfab55e2673137fc05b
+Size (rails-html-sanitizer-1.4.4.gem) = 18432 bytes