From a0bfc70f6d408279aa6b02b13b2336013c252ed7 Mon Sep 17 00:00:00 2001
From: bsiegert <bsiegert@pkgsrc.org>
Date: Wed, 23 Oct 2019 11:33:38 +0000
Subject: [PATCH] Pullup ticket #6074 - requested by taca www/ruby-loofah:
 seucurity fix

Revisions pulled up:
- www/ruby-loofah/Makefile                                      1.6
- www/ruby-loofah/PLIST                                         1.5
- www/ruby-loofah/distinfo                                      1.6

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Oct 22 16:24:20 UTC 2019

   Modified Files:
   	pkgsrc/www/ruby-loofah: Makefile PLIST distinfo

   Log Message:
   www/ruby-loofah: update to 2.3.1

   ## 2.3.1 / 2019-10-22

   ### Security

   Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

   This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

   ## 2.3.0 / unreleased

   ### Features

   * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
   * Expand set of allowed CSS functions. [related to #122]
   * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
   * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
   * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
   * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

   ### Bug fixes

   * CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

   ### Deprecations / Name Changes

   The following method and constants are hereby deprecated, and will be completely removed in a future release:

   * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
   * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
   * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

   Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
---
 www/ruby-loofah/Makefile |  4 ++--
 www/ruby-loofah/PLIST    |  5 +++--
 www/ruby-loofah/distinfo | 10 +++++-----
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/www/ruby-loofah/Makefile b/www/ruby-loofah/Makefile
index 9fde1f1afae4..6cec2d5e7a3a 100644
--- a/www/ruby-loofah/Makefile
+++ b/www/ruby-loofah/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.5 2018/11/01 16:11:45 taca Exp $
+# $NetBSD: Makefile,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $
 
-DISTNAME=	loofah-2.2.3
+DISTNAME=	loofah-2.3.1
 CATEGORIES=	www
 
 MAINTAINER=	minskim@NetBSD.org
diff --git a/www/ruby-loofah/PLIST b/www/ruby-loofah/PLIST
index c5234f7d105d..d253add90055 100644
--- a/www/ruby-loofah/PLIST
+++ b/www/ruby-loofah/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2018/11/01 16:11:45 taca Exp $
+@comment $NetBSD: PLIST,v 1.4.8.1 2019/10/23 11:33:38 bsiegert Exp $
 ${GEM_HOME}/cache/${GEM_NAME}.gem
 ${GEM_LIBDIR}/.gemtest
 ${GEM_LIBDIR}/CHANGELOG.md
@@ -18,8 +18,8 @@ ${GEM_LIBDIR}/lib/loofah/helpers.rb
 ${GEM_LIBDIR}/lib/loofah/html/document.rb
 ${GEM_LIBDIR}/lib/loofah/html/document_fragment.rb
 ${GEM_LIBDIR}/lib/loofah/html5/libxml2_workarounds.rb
+${GEM_LIBDIR}/lib/loofah/html5/safelist.rb
 ${GEM_LIBDIR}/lib/loofah/html5/scrub.rb
-${GEM_LIBDIR}/lib/loofah/html5/whitelist.rb
 ${GEM_LIBDIR}/lib/loofah/instance_methods.rb
 ${GEM_LIBDIR}/lib/loofah/metahelpers.rb
 ${GEM_LIBDIR}/lib/loofah/scrubber.rb
@@ -30,6 +30,7 @@ ${GEM_LIBDIR}/test/assets/msword.html
 ${GEM_LIBDIR}/test/assets/testdata_sanitizer_tests1.dat
 ${GEM_LIBDIR}/test/helper.rb
 ${GEM_LIBDIR}/test/html5/test_sanitizer.rb
+${GEM_LIBDIR}/test/html5/test_scrub.rb
 ${GEM_LIBDIR}/test/integration/test_ad_hoc.rb
 ${GEM_LIBDIR}/test/integration/test_helpers.rb
 ${GEM_LIBDIR}/test/integration/test_html.rb
diff --git a/www/ruby-loofah/distinfo b/www/ruby-loofah/distinfo
index 9d5771c0f530..51945a0602bb 100644
--- a/www/ruby-loofah/distinfo
+++ b/www/ruby-loofah/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.5 2018/11/01 16:11:45 taca Exp $
+$NetBSD: distinfo,v 1.5.8.1 2019/10/23 11:33:38 bsiegert Exp $
 
-SHA1 (loofah-2.2.3.gem) = b907029ec05b39a8f239a83c443e5cf94baecfad
-RMD160 (loofah-2.2.3.gem) = 7da4488ecc2a3c341a3716e0286e556b20bde270
-SHA512 (loofah-2.2.3.gem) = 8e63e1d4e3719c2ffcc8cf3208dbdfa3eb6e328bb91fc8dc6de88c472aac47f1a22771928b08f3c6816c159c6a9672299823f5d48177ae543358e73444b8ac56
-Size (loofah-2.2.3.gem) = 65536 bytes
+SHA1 (loofah-2.3.1.gem) = 732be438c5a2a3c7e63a8f173b24b05f78df1ff2
+RMD160 (loofah-2.3.1.gem) = 382991856327a36978f2c47ccda2b1185338f412
+SHA512 (loofah-2.3.1.gem) = 188e84818abc3a3eed39afd66a75e7fa3c0a29f8ec957441f43f4cbfd962c8c3ea848e83f435a3d61ffc667273b5ff006df39d718b7631a11b62ae2d3f78b6ba
+Size (loofah-2.3.1.gem) = 68096 bytes