From 469566454e7bc20bedd25cd945af5e3787831159 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 10 Jan 2024 04:23:43 +0300 Subject: [PATCH] import rubygem-redcarpet-3.3.2-26.el9 --- .gitignore | 1 + .rubygem-redcarpet.metadata | 1 + SOURCES/redcarpet-3.3.2-CVE-2020-26298.patch | 56 +++++ SPECS/rubygem-redcarpet.spec | 219 +++++++++++++++++++ 4 files changed, 277 insertions(+) create mode 100644 .gitignore create mode 100644 .rubygem-redcarpet.metadata create mode 100644 SOURCES/redcarpet-3.3.2-CVE-2020-26298.patch create mode 100644 SPECS/rubygem-redcarpet.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a306a93 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/redcarpet-3.3.2.gem diff --git a/.rubygem-redcarpet.metadata b/.rubygem-redcarpet.metadata new file mode 100644 index 0000000..36b89b0 --- /dev/null +++ b/.rubygem-redcarpet.metadata @@ -0,0 +1 @@ +9cbcde68bec1a3a6d87eef96a86aaca8f90c5a5e SOURCES/redcarpet-3.3.2.gem diff --git a/SOURCES/redcarpet-3.3.2-CVE-2020-26298.patch b/SOURCES/redcarpet-3.3.2-CVE-2020-26298.patch new file mode 100644 index 0000000..a497676 --- /dev/null +++ b/SOURCES/redcarpet-3.3.2-CVE-2020-26298.patch @@ -0,0 +1,56 @@ +From a699c82292b17c8e6a62e1914d5eccc252272793 Mon Sep 17 00:00:00 2001 +From: Robin Dupret +Date: Tue, 15 Dec 2020 20:57:32 +0100 +Subject: [PATCH] Fix a security issue using `:quote` with `:escape_html` + +Reported by @johan-smits. +--- + CHANGELOG.md | 7 +++++++ + ext/redcarpet/html.c | 9 ++++++++- + lib/redcarpet.rb | 2 +- + redcarpet.gemspec | 4 ++-- + test/markdown_test.rb | 10 ++++++++++ + 5 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/ext/redcarpet/html.c b/ext/redcarpet/html.c +index 805ddd8e..785f780f 100644 +--- a/ext/redcarpet/html.c ++++ b/ext/redcarpet/html.c +@@ -255,8 +255,15 @@ rndr_quote(struct buf *ob, const struct buf *text, void *opaque) + if (!text || !text->size) + return 0; + ++ struct html_renderopt *options = opaque; ++ + BUFPUTSL(ob, ""); +- bufput(ob, text->data, text->size); ++ ++ if (options->flags & HTML_ESCAPE) ++ escape_html(ob, text->data, text->size); ++ else ++ bufput(ob, text->data, text->size); ++ + BUFPUTSL(ob, ""); + + return 1; +diff --git a/test/markdown_test.rb b/test/markdown_test.rb +index 4347be9b..68de1255 100644 +--- a/test/markdown_test.rb ++++ b/test/markdown_test.rb +@@ -220,6 +220,16 @@ def test_quote_flag_works + assert output.include? 'quote' + end + ++ def test_quote_flag_honors_escape_html ++ text = 'We are not ""' ++ ++ output_enabled = render(text, with: [:quote, :escape_html]) ++ output_disabled = render(text, with: [:quote]) ++ ++ assert_equal "

We are not <svg/onload=pwned>

\n", output_enabled ++ assert_equal "

We are not

\n", output_disabled ++ end ++ + def test_that_fenced_flag_works + text = < - 3.3.2-26 +- Rebuilt for MSVSphere 9.3 + +* Sun Apr 30 2023 Mamoru TASAKA - 3.3.2-26 +- Bacckport upstream patch for CVE-2020-26298 (bug 1915370) + +* Fri Jan 20 2023 Fedora Release Engineering - 3.3.2-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 04 2023 Mamoru TASAKA - 3.3.2-24 +- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2 + +* Sat Jul 23 2022 Fedora Release Engineering - 3.3.2-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 26 2022 Mamoru TASAKA - 3.3.2-22 +- F-36: rebuild against ruby31 +- modernize spec file, especially move %%gem_install to %%build + to fix FTBFS with package_notes + +* Fri Jan 21 2022 Fedora Release Engineering - 3.3.2-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 3.3.2-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jan 27 2021 Fedora Release Engineering - 3.3.2-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 6 2021 Vít Ondruch - 3.3.2-18 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.0 + +* Wed Jul 29 2020 Fedora Release Engineering - 3.3.2-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jan 30 2020 Fedora Release Engineering - 3.3.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 17 2020 Mamoru TASAKA - 3.3.2-15 +- F-32: rebuild against ruby27 + +* Fri Jul 26 2019 Fedora Release Engineering - 3.3.2-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Feb 02 2019 Fedora Release Engineering - 3.3.2-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Jan 17 2019 Vít Ondruch - 3.3.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.6 + +* Sat Jul 14 2018 Fedora Release Engineering - 3.3.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 3.3.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 20 2018 Björn Esser - 3.3.2-9 +- Rebuilt for switch to libxcrypt + +* Thu Jan 04 2018 Mamoru TASAKA - 3.3.2-8 +- F-28: rebuild for ruby25 + +* Thu Aug 03 2017 Fedora Release Engineering - 3.3.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 3.3.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 3.3.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Jan 11 2017 Vít Ondruch - 3.3.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 + +* Thu Feb 04 2016 Fedora Release Engineering - 3.3.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Jan 11 2016 Vít Ondruch - 3.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 + +* Wed Jul 08 2015 Vít Ondruch - 3.3.2-1 +- Update to Redcarpet 3.3.2. + +* Thu Jun 18 2015 Fedora Release Engineering - 2.1.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jan 16 2015 Vít Ondruch - 2.1.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.2 + +* Mon Aug 18 2014 Fedora Release Engineering - 2.1.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 2.1.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Apr 17 2014 Vít Ondruch - 2.1.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 + +* Sun Aug 04 2013 Fedora Release Engineering - 2.1.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Mar 14 2013 Josef Stribny - 2.1.1-7 +- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0 + +* Thu Feb 14 2013 Fedora Release Engineering - 2.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jul 21 2012 Fedora Release Engineering - 2.1.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon May 21 2012 Matt Hicks - 2.1.1-4 +- Removing conditionals + +* Mon May 21 2012 Matt Hicks - 2.1.1-3 +- Adding newer rdoc build requires to fix rpmdiff issue + +* Fri May 18 2012 Matt Hicks - 2.1.1-2 +- Cleaning up spec to remove patch and rake testing dependency + +* Thu Apr 26 2012 Matt Hicks - 2.1.1-1 +- Initial package