gentoo resync : 17.02.2018

2 files changed, 0 insertions, 59 deletions

diff --git a/dev-ruby/redcloth/Manifest b/dev-ruby/redcloth/Manifest
index 630db77158ec..6897d0760984 100644
--- a/dev-ruby/redcloth/Manifest
+++ b/dev-ruby/redcloth/Manifest
@@ -1,4 +1,3 @@
-AUX redcloth-4.2.9-cve-2012-6684.patch 1996 BLAKE2B 1f5a41654fb270de4769991c911c9a66c74fea59b55faff50216ea0d0c3b40050d57ce9484a564c40074bc43b56f70a3c451acef9381cdb1550879160cb7c395 SHA512 17ea6052abf651c41091df3a1799bb33ad2161abd5a78f2d6db4629eb57a0413f4341ad87ca065391e5cc3e083bd65000d3d68d1fa53d0d15e5a73f5962a1498
 DIST RedCloth-4.3.2.tar.gz 91880 BLAKE2B 0feac1ec59e23fcff39e2fdf9beff896be7949764e53a5a834c5f4e7d18813dc59bf354103d4fab82a709341a0f1b6919bbd3a463fd601564888672dbe73d343 SHA512 377fef21e646beb1658a4b8b8d0228e9730c6c8f33075a14137afcf80e8d37501ede8c05b720d0dfb36a680017f4dedd01565fe9b326ae06ead77afee6f122ca
 EBUILD redcloth-4.3.2.ebuild 1474 BLAKE2B 43418d646ecfd7b5e7e3fb20339fe60dc5190bd9c140602ae29ab7286089d91aa59ff6dfcb72f0881359fe8dea104134b762ae571a7dc81f61a33132edd1bbe1 SHA512 f3318341074ecca90684f87ad8163952c8e0d12d96d66b5ceefe3380cbea8fe8fadc3e0d448c24cb6c0b14b2777ca03edcfea54976aab65518d3893e824bdb4b
 MISC metadata.xml 342 BLAKE2B f28d0e6234cfbeb3d398315b38e8dcc614b32aed150b047e61e7d99b2f6083abbabc36515de2cd2aa4d451dd3372dfc15018c1d8ad02cf64ff8e87b147a441da SHA512 7a6f73a77cda62ea21a2d2fdfcf0bf848ffdd90e7272e0b06aef67a8147e5a6ae14e871d216750ce20d12e18823d3e3d36e60a99972019fde7195a2350480791
diff --git a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch
deleted file mode 100644
index ec36340f8aad..000000000000
--- a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-Patch taken from Debian (via upstream pull request that is still pending)
-
-http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/
-https://github.com/jgarber/redcloth/pull/20/commits
-
-From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001
-From: Antonio Terceiro <terceiro@debian.org>
-Date: Sat, 7 Feb 2015 23:27:39 -0200
-Subject: [PATCH] Filter out 'javascript:' links when using filter_html or
- sanitize_html
-
-This is a fix for CVE-2012-6684
----
- lib/redcloth/formatters/html.rb     |  6 +++++-
- spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
- create mode 100644 spec/security/CVE-2012-6684_spec.rb
-
-diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
-index bfadfb7..b8793b2 100644
---- a/lib/redcloth/formatters/html.rb
-+++ b/lib/redcloth/formatters/html.rb
-@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML
-   end
-   
-   def link(opts)
--    "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+    if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/
-+      opts[:name]
-+    else
-+      "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
-+    end
-   end
-   
-   def image(opts)
-diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb
-new file mode 100644
-index 0000000..05219fd
---- /dev/null
-+++ b/spec/security/CVE-2012-6684_spec.rb
-@@ -0,0 +1,14 @@
-+# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
-+
-+require 'redcloth'
-+
-+describe 'CVE-2012-6684' do
-+
-+  it 'should not let javascript links pass through' do
-+    # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
-+    output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
-+    expect(output).to_not match(/href=.javascript:alert/)
-+  end
-+
-+
-+end
--- 
-2.1.4
-