diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /dev-ruby/redcloth |
reinit the tree, so we can have metadata
Diffstat (limited to 'dev-ruby/redcloth')
-rw-r--r-- | dev-ruby/redcloth/Manifest | 8 | ||||
-rw-r--r-- | dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch | 58 | ||||
-rw-r--r-- | dev-ruby/redcloth/metadata.xml | 11 | ||||
-rw-r--r-- | dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild | 60 | ||||
-rw-r--r-- | dev-ruby/redcloth/redcloth-4.3.2.ebuild | 57 |
5 files changed, 194 insertions, 0 deletions
diff --git a/dev-ruby/redcloth/Manifest b/dev-ruby/redcloth/Manifest new file mode 100644 index 000000000000..f743cd7191cc --- /dev/null +++ b/dev-ruby/redcloth/Manifest @@ -0,0 +1,8 @@ +AUX redcloth-4.2.9-cve-2012-6684.patch 1996 SHA256 5a0473add0af2158675a8b68c8832f08e3e127297b33ba8d5902109257a37640 SHA512 17ea6052abf651c41091df3a1799bb33ad2161abd5a78f2d6db4629eb57a0413f4341ad87ca065391e5cc3e083bd65000d3d68d1fa53d0d15e5a73f5962a1498 WHIRLPOOL 28b67c831e42037546e2d14c48a9256bd043660e21c9265432c7011ff0166cc16ac3909c2a54b830365393f35d14befe735a9888463e9f4c454a09ae030cbe27 +DIST RedCloth-4.3.2.tar.gz 91880 SHA256 fbfc709ef742f962896e1cd063b8bd828bdc0ddce36755edbe493cd3231ea850 SHA512 377fef21e646beb1658a4b8b8d0228e9730c6c8f33075a14137afcf80e8d37501ede8c05b720d0dfb36a680017f4dedd01565fe9b326ae06ead77afee6f122ca WHIRLPOOL 5ad0dc82805495e7a47053499d9e1301b557199b4850556192a9238bd06076470be7a6837d3547dd115d3d5f849f8662f7e4dfc1de2d7fe102da9c499a25fdb9 +DIST RedCloth-git-4.2.9.tgz 96897 SHA256 e649f46a58b949c6d229714c25b747f331b4a5b887eaa65ac43eab1f39067e6c SHA512 646f7a1a88ab9b3ff078016df706a1c9d991bf21d86ef1dd4c0a0ee6b946f94276b52499218bca222461eb003510e84b81f44b08899c5b36ac115137193e968a WHIRLPOOL 4276714eb34ec2571544ff271698f1e6540ac62d51704c4216d19452be0b59d1da3014b7c290204b9ca42d5edd88094f1de79618d3bbf8d4f8ae5fb214ecca63 +EBUILD redcloth-4.2.9-r4.ebuild 1527 SHA256 d3bacb946ec4390681da54480ac3b90719dedffef6e4b4fca9fe58651ab18cc7 SHA512 fc62194dd52dc3369068ccbfd2702505bd8449dce2e5ca6d52fd06266d6f1b4a55d166eee60732de75879e7ecb2fa20b913ca4a31882481a306d5fc93a91e9e7 WHIRLPOOL 2358647aaaaae62a3971b7eb6efdef0dc1b5a17a9146d1f89f67561517a2fa7d4ad7533394a5c9fc2a0c08df0bd8c5e8cca77c35856d867b2acb8fbc5b2259c5 +EBUILD redcloth-4.3.2.ebuild 1482 SHA256 1a11ca83c37876f193802716dab2e129bac688807a271966f837ad5e5a58a321 SHA512 5faa89e0105517293dac8f68cc052ca394abba43adedc02c30f53d259c5025c65dff29a9c54f02a357eb7482388b16bf50d0de33fa4a06af8126b872901d6490 WHIRLPOOL 3442c7432c6fbd048f5f260a0896f06ed21b6841d97836599eb63445104e4459dc7e69e3c2254ac35b30df9c9611e87028d8a6bf95ef188a54f50c629dc2189c +MISC ChangeLog 5023 SHA256 ba46c690af38ccd468f7d7779f50d151c2b3c77701565db8f927f2bb79e98ebd SHA512 a927ebb3d1b32357867a3fef333481fc63a827e600cf88d27f0423c6229fa4e14141a3dda6702f14764f2117b9f93df12eea7652a0bfffa2dfcda160a04a9f5d WHIRLPOOL 929ebbe54b070e354d2c98a6f58a2f4857db604af23b006ba0fd1c4a0f7265bfb89f7b71148be6885acee237781a6b8fa803837a9c0b216f7fdf13d3d827353a +MISC ChangeLog-2015 14233 SHA256 8fc368e6d227481d29b86f7b7a11843c20fbbfcd8f3d2e27e10350b136b0b62c SHA512 09dcb41ab153597e0ffa8f8cb64509a8dc0328df42a730c631e41d2f597e2add99203dbb6897c11ed78b24fbc14efc39676becfdde680e56c38152040325e509 WHIRLPOOL 3965e83b722584c435515e45cff85edb9a84e3c42b8ca0840ea0f0183e6201fb6f826528dfff03ce4d56eec74e9f9de7a227c4c4ed34db2fc57b55a6d148869c +MISC metadata.xml 342 SHA256 ee440f9485581df66fa7dc69c2131cbac81b160edc4a7ccbf3f330ce7044e24c SHA512 7a6f73a77cda62ea21a2d2fdfcf0bf848ffdd90e7272e0b06aef67a8147e5a6ae14e871d216750ce20d12e18823d3e3d36e60a99972019fde7195a2350480791 WHIRLPOOL 107854ebcc2169dece970febc77acd1af218127033191256fc6ee918098a8f9f76f44132ef750317ff397214eff26231ead2b2cf0bcc8db5f4f496695e5cd586 diff --git a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch new file mode 100644 index 000000000000..ec36340f8aad --- /dev/null +++ b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch @@ -0,0 +1,58 @@ +Patch taken from Debian (via upstream pull request that is still pending) + +http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/ +https://github.com/jgarber/redcloth/pull/20/commits + +From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001 +From: Antonio Terceiro <terceiro@debian.org> +Date: Sat, 7 Feb 2015 23:27:39 -0200 +Subject: [PATCH] Filter out 'javascript:' links when using filter_html or + sanitize_html + +This is a fix for CVE-2012-6684 +--- + lib/redcloth/formatters/html.rb | 6 +++++- + spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++ + 2 files changed, 19 insertions(+), 1 deletion(-) + create mode 100644 spec/security/CVE-2012-6684_spec.rb + +diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb +index bfadfb7..b8793b2 100644 +--- a/lib/redcloth/formatters/html.rb ++++ b/lib/redcloth/formatters/html.rb +@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML + end + + def link(opts) +- "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" ++ if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/ ++ opts[:name] ++ else ++ "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>" ++ end + end + + def image(opts) +diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb +new file mode 100644 +index 0000000..05219fd +--- /dev/null ++++ b/spec/security/CVE-2012-6684_spec.rb +@@ -0,0 +1,14 @@ ++# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684 ++ ++require 'redcloth' ++ ++describe 'CVE-2012-6684' do ++ ++ it 'should not let javascript links pass through' do ++ # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en ++ output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html ++ expect(output).to_not match(/href=.javascript:alert/) ++ end ++ ++ ++end +-- +2.1.4 + diff --git a/dev-ruby/redcloth/metadata.xml b/dev-ruby/redcloth/metadata.xml new file mode 100644 index 000000000000..1246bb351a87 --- /dev/null +++ b/dev-ruby/redcloth/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="project"> + <email>ruby@gentoo.org</email> + <name>Gentoo Ruby Project</name> + </maintainer> + <upstream> + <remote-id type="github">jgarber/redcloth</remote-id> + </upstream> +</pkgmetadata> diff --git a/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild b/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild new file mode 100644 index 000000000000..350ea61be175 --- /dev/null +++ b/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +USE_RUBY="ruby20 ruby21 ruby22" + +RUBY_FAKEGEM_NAME="RedCloth" + +RUBY_FAKEGEM_RECIPE_TEST="rspec" +RUBY_FAKEGEM_TASK_DOC="" + +RUBY_FAKEGEM_DOCDIR="doc" + +RUBY_FAKEGEM_EXTRADOC="README.rdoc CHANGELOG" + +RUBY_FAKEGEM_REQUIRE_PATHS="lib/case_sensitive_require" + +inherit ruby-fakegem versionator + +DESCRIPTION="A module for using Textile in Ruby" +HOMEPAGE="http://redcloth.org/" + +GITHUB_USER=jgarber +SRC_URI="https://github.com/${GITHUB_USER}/redcloth/tarball/v${PV} -> ${RUBY_FAKEGEM_NAME}-git-${PV}.tgz" +RUBY_S="${GITHUB_USER}-${PN}-*" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="" + +DEPEND+=" =dev-util/ragel-6*" + +ruby_add_bdepend " + >=dev-ruby/rake-0.8.7 + >=dev-ruby/rake-compiler-0.7.1 + test? ( >=dev-ruby/diff-lcs-1.1.2 )" + +pkg_setup() { + ruby-ng_pkg_setup + + # Export the VERBOSE variable to avoid remapping of stdout and + # stderr, and that breaks because of bad interactions between + # echoe, Ruby and Gentoo. + export VERBOSE=1 +} + +RUBY_PATCHES=( ${P}-cve-2012-6684.patch ) + +all_ruby_prepare() { + sed -i -e '/[Bb]undler/d' Rakefile ${PN}.gemspec || die + rm tasks/{release,gems,rspec}.rake || die +} + +each_ruby_compile() { + # We cannot run this manually easily, because Ragel re-generation + # is a mess + ${RUBY} -S rake compile || die "rake compile failed" +} diff --git a/dev-ruby/redcloth/redcloth-4.3.2.ebuild b/dev-ruby/redcloth/redcloth-4.3.2.ebuild new file mode 100644 index 000000000000..680fbe1910d1 --- /dev/null +++ b/dev-ruby/redcloth/redcloth-4.3.2.ebuild @@ -0,0 +1,57 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +USE_RUBY="ruby21 ruby22 ruby23 ruby24" + +RUBY_FAKEGEM_NAME="RedCloth" + +RUBY_FAKEGEM_RECIPE_TEST="rspec" +RUBY_FAKEGEM_TASK_DOC="" + +RUBY_FAKEGEM_DOCDIR="doc" + +RUBY_FAKEGEM_EXTRADOC="README.rdoc CHANGELOG" + +RUBY_FAKEGEM_REQUIRE_PATHS="lib/case_sensitive_require" + +inherit ruby-fakegem versionator + +DESCRIPTION="A module for using Textile in Ruby" +HOMEPAGE="http://redcloth.org/" + +GITHUB_USER=jgarber +SRC_URI="https://github.com/${GITHUB_USER}/redcloth/archive/v${PV}.tar.gz -> ${RUBY_FAKEGEM_NAME}-${PV}.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="" + +DEPEND+=" =dev-util/ragel-6*" + +ruby_add_bdepend " + >=dev-ruby/rake-0.8.7 + >=dev-ruby/rake-compiler-0.7.1 + test? ( >=dev-ruby/diff-lcs-1.1.2 )" + +pkg_setup() { + ruby-ng_pkg_setup + + # Export the VERBOSE variable to avoid remapping of stdout and + # stderr, and that breaks because of bad interactions between + # echoe, Ruby and Gentoo. + export VERBOSE=1 +} + +all_ruby_prepare() { + sed -i -e '/[Bb]undler/d' Rakefile ${PN}.gemspec || die + rm -f tasks/{release,rspec,rvm}.rake || die +} + +each_ruby_compile() { + # We cannot run this manually easily, because Ragel re-generation + # is a mess + ${RUBY} -S rake compile || die "rake compile failed" +} |