From 84103c6ae3a4437a28e69a623d51e6688aff39db Mon Sep 17 00:00:00 2001 From: spz Date: Sun, 4 Nov 2018 20:02:38 +0000 Subject: [PATCH] Pullup ticket #5874 - requested by taca www/ruby-loofah: security update Revisions pulled up: - www/ruby-loofah/Makefile 1.5 - www/ruby-loofah/PLIST 1.4 - www/ruby-loofah/distinfo 1.5 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Thu Nov 1 16:11:45 UTC 2018 Modified Files: pkgsrc/www/ruby-loofah: Makefile PLIST distinfo Log Message: www/ruby-loofah: update to 2.2.3 ## 2.2.3 / 2018-10-30 ### Security Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154 ## Meta / 2018-10-27 The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146): * Mail: loofah-talk@googlegroups.com * Archive: https://groups.google.com/forum/#!forum/loofah-talk This change was made because librelist no longer appears to be maintained. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-loofah/Makefile \ pkgsrc/www/ruby-loofah/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-loofah/PLIST --- www/ruby-loofah/Makefile | 6 ++++-- www/ruby-loofah/PLIST | 3 ++- www/ruby-loofah/distinfo | 10 +++++----- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/www/ruby-loofah/Makefile b/www/ruby-loofah/Makefile index cac5e4d0bebc..903c40bcf47a 100644 --- a/www/ruby-loofah/Makefile +++ b/www/ruby-loofah/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.4 2018/03/23 14:33:21 taca Exp $ +# $NetBSD: Makefile,v 1.4.6.1 2018/11/04 20:02:38 spz Exp $ -DISTNAME= loofah-2.2.2 +DISTNAME= loofah-2.2.3 CATEGORIES= www MAINTAINER= minskim@NetBSD.org @@ -11,5 +11,7 @@ LICENSE= mit DEPENDS+= ${RUBY_PKGPREFIX}-nokogiri>=1.5.9:../../textproc/ruby-nokogiri DEPENDS+= ${RUBY_PKGPREFIX}-crass>=1.0.2<1.1:../../www/ruby-crass +USE_LANGUAGES= # none + .include "../../lang/ruby/gem.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/ruby-loofah/PLIST b/www/ruby-loofah/PLIST index b9b74f609f15..23555f604357 100644 --- a/www/ruby-loofah/PLIST +++ b/www/ruby-loofah/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2018/03/21 12:09:39 taca Exp $ +@comment $NetBSD: PLIST,v 1.3.6.1 2018/11/04 20:02:38 spz Exp $ ${GEM_HOME}/cache/${GEM_NAME}.gem ${GEM_LIBDIR}/.gemtest ${GEM_LIBDIR}/CHANGELOG.md @@ -26,6 +26,7 @@ ${GEM_LIBDIR}/lib/loofah/scrubber.rb ${GEM_LIBDIR}/lib/loofah/scrubbers.rb ${GEM_LIBDIR}/lib/loofah/xml/document.rb ${GEM_LIBDIR}/lib/loofah/xml/document_fragment.rb +${GEM_LIBDIR}/test/assets/msword.html ${GEM_LIBDIR}/test/assets/testdata_sanitizer_tests1.dat ${GEM_LIBDIR}/test/helper.rb ${GEM_LIBDIR}/test/html5/test_sanitizer.rb diff --git a/www/ruby-loofah/distinfo b/www/ruby-loofah/distinfo index 6fc222556646..3dedd801020e 100644 --- a/www/ruby-loofah/distinfo +++ b/www/ruby-loofah/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.4 2018/03/23 14:33:21 taca Exp $ +$NetBSD: distinfo,v 1.4.6.1 2018/11/04 20:02:38 spz Exp $ -SHA1 (loofah-2.2.2.gem) = 6673a94800c0b179eb25d16fb0610d632eb87614 -RMD160 (loofah-2.2.2.gem) = 9c3b97665e35a74d2ea838d2a51324a2f4811575 -SHA512 (loofah-2.2.2.gem) = 3c64182f8fdb7d79a5be65969728c4c51a4535f53fdae7c8e5f4d487d43af3efac9d2f3746d8e02564d0979e94a0e63dc5974701c151e31c502cb8ff97f1295e -Size (loofah-2.2.2.gem) = 65024 bytes +SHA1 (loofah-2.2.3.gem) = b907029ec05b39a8f239a83c443e5cf94baecfad +RMD160 (loofah-2.2.3.gem) = 7da4488ecc2a3c341a3716e0286e556b20bde270 +SHA512 (loofah-2.2.3.gem) = 8e63e1d4e3719c2ffcc8cf3208dbdfa3eb6e328bb91fc8dc6de88c472aac47f1a22771928b08f3c6816c159c6a9672299823f5d48177ae543358e73444b8ac56 +Size (loofah-2.2.3.gem) = 65536 bytes