Skip to content

Commit

Permalink
Pullup ticket #6074 - requested by taca
Browse files Browse the repository at this point in the history 
www/ruby-loofah: seucurity fix

Revisions pulled up:
- www/ruby-loofah/Makefile                                      1.6
- www/ruby-loofah/PLIST                                         1.5
- www/ruby-loofah/distinfo                                      1.6

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Oct 22 16:24:20 UTC 2019

   Modified Files:
   	pkgsrc/www/ruby-loofah: Makefile PLIST distinfo

   Log Message:
   www/ruby-loofah: update to 2.3.1

   ## 2.3.1 / 2019-10-22

   ### Security

   Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

   This CVE's public notice is at flavorjones/loofah#171

   ## 2.3.0 / unreleased

   ### Features

   * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
   * Expand set of allowed CSS functions. [related to #122]
   * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
   * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
   * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
   * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

   ### Bug fixes

   * CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

   ### Deprecations / Name Changes

   The following method and constants are hereby deprecated, and will be completely removed in a future release:

   * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
   * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
   * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

   Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
  • Loading branch information
@bsiegert
bsiegert committed Oct 23, 2019
1 parent 02c66b7 commit 5062b37
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 9 deletions.
4 changes: 2 additions & 2 deletions www/ruby-loofah/Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.5 2018/11/01 16:11:45 taca Exp $
# $NetBSD: Makefile,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $

DISTNAME= loofah-2.2.3
DISTNAME= loofah-2.3.1
CATEGORIES= www

MAINTAINER= [email protected]
Expand Down
5 changes: 3 additions & 2 deletions www/ruby-loofah/PLIST
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.4 2018/11/01 16:11:45 taca Exp $
@comment $NetBSD: PLIST,v 1.4.8.1 2019/10/23 11:33:38 bsiegert Exp $
${GEM_HOME}/cache/${GEM_NAME}.gem
${GEM_LIBDIR}/.gemtest
${GEM_LIBDIR}/CHANGELOG.md
Expand All @@ -18,8 +18,8 @@ ${GEM_LIBDIR}/lib/loofah/helpers.rb
${GEM_LIBDIR}/lib/loofah/html/document.rb
${GEM_LIBDIR}/lib/loofah/html/document_fragment.rb
${GEM_LIBDIR}/lib/loofah/html5/libxml2_workarounds.rb
${GEM_LIBDIR}/lib/loofah/html5/safelist.rb
${GEM_LIBDIR}/lib/loofah/html5/scrub.rb
${GEM_LIBDIR}/lib/loofah/html5/whitelist.rb
${GEM_LIBDIR}/lib/loofah/instance_methods.rb
${GEM_LIBDIR}/lib/loofah/metahelpers.rb
${GEM_LIBDIR}/lib/loofah/scrubber.rb
Expand All @@ -30,6 +30,7 @@ ${GEM_LIBDIR}/test/assets/msword.html
${GEM_LIBDIR}/test/assets/testdata_sanitizer_tests1.dat
${GEM_LIBDIR}/test/helper.rb
${GEM_LIBDIR}/test/html5/test_sanitizer.rb
${GEM_LIBDIR}/test/html5/test_scrub.rb
${GEM_LIBDIR}/test/integration/test_ad_hoc.rb
${GEM_LIBDIR}/test/integration/test_helpers.rb
${GEM_LIBDIR}/test/integration/test_html.rb
Expand Down
10 changes: 5 additions & 5 deletions www/ruby-loofah/distinfo
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.5 2018/11/01 16:11:45 taca Exp $
$NetBSD: distinfo,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $

SHA1 (loofah-2.2.3.gem) = b907029ec05b39a8f239a83c443e5cf94baecfad
RMD160 (loofah-2.2.3.gem) = 7da4488ecc2a3c341a3716e0286e556b20bde270
SHA512 (loofah-2.2.3.gem) = 8e63e1d4e3719c2ffcc8cf3208dbdfa3eb6e328bb91fc8dc6de88c472aac47f1a22771928b08f3c6816c159c6a9672299823f5d48177ae543358e73444b8ac56
Size (loofah-2.2.3.gem) = 65536 bytes
SHA1 (loofah-2.3.1.gem) = 732be438c5a2a3c7e63a8f173b24b05f78df1ff2
RMD160 (loofah-2.3.1.gem) = 382991856327a36978f2c47ccda2b1185338f412
SHA512 (loofah-2.3.1.gem) = 188e84818abc3a3eed39afd66a75e7fa3c0a29f8ec957441f43f4cbfd962c8c3ea848e83f435a3d61ffc667273b5ff006df39d718b7631a11b62ae2d3f78b6ba
Size (loofah-2.3.1.gem) = 68096 bytes

0 comments on commit 5062b37

Please sign in to comment.