[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
11/13: gnu: ruby-sanitize: Update to 5.1.0.
From: |
guix-commits |
Subject: |
11/13: gnu: ruby-sanitize: Update to 5.1.0. |
Date: |
Fri, 29 May 2020 09:42:28 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit f362b53c40b166b6e1fae1c38b00023d88e0cedd
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Fri May 29 14:31:29 2020 +0200
gnu: ruby-sanitize: Update to 5.1.0.
* gnu/packages/patches/ruby-sanitize-system-libxml.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ruby.scm (ruby-sanitize): Update to 5.1.0.
[source]: Change to GIT-FETCH. Add patch.
[native-inputs]: Remove BUNDLER, RUBY-REDCARPET, and RUBY-YARD.
---
gnu/local.mk | 3 +-
.../patches/ruby-sanitize-system-libxml.patch | 38 ++++++++++++++++++++++
gnu/packages/ruby.scm | 23 +++++++------
3 files changed, 51 insertions(+), 13 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index de51c21..663e687 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1464,7 +1464,8 @@ dist_patch_DATA =
\
%D%/packages/patches/rtags-separate-rct.patch \
%D%/packages/patches/racket-store-checksum-override.patch \
%D%/packages/patches/retroarch-disable-online-updater.patch \
- %D%/packages/patches/ruby-rack-ignore-failing-test.patch \
+ %D%/packages/patches/ruby-rack-ignore-failing-test.patch \
+ %D%/packages/patches/ruby-sanitize-system-libxml.patch \
%D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
%D%/packages/patches/runc-CVE-2019-5736.patch \
%D%/packages/patches/rust-1.19-mrustc.patch \
diff --git a/gnu/packages/patches/ruby-sanitize-system-libxml.patch
b/gnu/packages/patches/ruby-sanitize-system-libxml.patch
new file mode 100644
index 0000000..d19eb07
--- /dev/null
+++ b/gnu/packages/patches/ruby-sanitize-system-libxml.patch
@@ -0,0 +1,38 @@
+Fix test failures that occur when nokogiri is using system libxml:
+
+ https://github.com/rgrove/sanitize/issues/198
+
+Taken from upstream:
+https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
+
+diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
+index 2c23074..0756de0 100644
+--- a/test/test_malicious_html.rb
++++ b/test/test_malicious_html.rb
+@@ -135,6 +135,8 @@
+ # The relevant libxml2 code is here:
+ #
<https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
+ describe 'unsafe libxml2 server-side includes in attributes' do
++ using_unpatched_libxml2 =
Nokogiri::VersionInfo.instance.libxml2_using_system?
++
+ tag_configs = [
+ {
+ tag_name: 'a',
+@@ -166,6 +168,8 @@
+ input = %[<#{tag_name} #{attr_name}='examp<!--"
onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
+
+ it 'should escape unsafe characters in attributes' do
++ skip "behavior should only exist in nokogiri's patched libxml" if
using_unpatched_libxml2
++
+ # This uses Nokogumbo's HTML-compliant serializer rather than
+ # libxml2's.
+ @s.fragment(input).
+@@ -191,6 +195,8 @@
+ input = %[<#{tag_name} #{attr_name}='examp<!--"
onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
+
+ it 'should not escape characters unnecessarily' do
++ skip "behavior should only exist in nokogiri's patched libxml" if
using_unpatched_libxml2
++
+ # This uses Nokogumbo's HTML-compliant serializer rather than
+ # libxml2's.
+ @s.fragment(input).
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 396d4a0..08c55e4 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -5319,33 +5319,32 @@ access the result as a Nokogiri parsed document.")
(define-public ruby-sanitize
(package
(name "ruby-sanitize")
- (version "4.6.3")
+ (version "5.1.0")
+ (home-page "https://github.com/rgrove/sanitize")
(source (origin
- (method url-fetch)
+ (method git-fetch)
;; The gem does not include the Rakefile, so we download the
- ;; release tarball from Github.
- (uri (string-append "https://github.com/rgrove/"
- "sanitize/archive/v" version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
+ ;; source from Github.
+ (uri (git-reference
+ (url home-page)
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (patches (search-patches "ruby-sanitize-system-libxml.patch"))
(sha256
(base32
- "1fmqppwif3cm8h79006jfzkdnlxxzlry9kzk03psk0d5xpg55ycc"))))
+ "0lj0q9yhjp0q0in5majkshnki07mw8m2vxgndx4m5na6232aszl0"))))
(build-system ruby-build-system)
(propagated-inputs
`(("ruby-crass" ,ruby-crass)
("ruby-nokogiri" ,ruby-nokogiri)
("ruby-nokogumbo" ,ruby-nokogumbo)))
(native-inputs
- `(("bundler" ,bundler)
- ("ruby-minitest" ,ruby-minitest)
- ("ruby-redcarpet" ,ruby-redcarpet)
- ("ruby-yard" ,ruby-yard)))
+ `(("ruby-minitest" ,ruby-minitest)))
(synopsis "Whitelist-based HTML and CSS sanitizer")
(description
"Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of
acceptable elements, attributes, and CSS properties, Sanitize will remove all
unacceptable HTML and/or CSS from a string.")
- (home-page "https://github.com/rgrove/sanitize/")
(license license:expat)))
(define-public ruby-oj
- branch master updated (ebfe0e6 -> 1ca44ae), guix-commits, 2020/05/29
- 01/13: gnu: love: Remove unused input., guix-commits, 2020/05/29
- 02/13: gnu: physfs: Do not build the static library., guix-commits, 2020/05/29
- 04/13: gnu: ruby-ffi: Update to 1.12.2., guix-commits, 2020/05/29
- 03/13: gnu: ruby-spec-its: Accept any version of ruby-ffi., guix-commits, 2020/05/29
- 07/13: gnu: ruby-libffi: Enable tests and unbundle LibFFI., guix-commits, 2020/05/29
- 06/13: gnu: ruby-rubygems-tasks: Update to 0.2.5., guix-commits, 2020/05/29
- 08/13: gnu: ruby-crass: Update to 1.0.6., guix-commits, 2020/05/29
- 09/13: gnu: ruby-nokogiri: Update to 1.10.9., guix-commits, 2020/05/29
- 10/13: gnu: ruby-nokogumbo: Update to 2.0.2., guix-commits, 2020/05/29
- 11/13: gnu: ruby-sanitize: Update to 5.1.0.,
guix-commits <=
- 12/13: utils: Add 'cc-for-target'., guix-commits, 2020/05/29
- 05/13: gnu: ruby-rake-compiler: Update to 1.1.0., guix-commits, 2020/05/29
- 13/13: gnu: Use 'cc-for-target' instead of custom implementations., guix-commits, 2020/05/29