rebuild with ghc-cmark-gfm-0.2.6 for various security fixes

see https://github.com/github/cmark-gfm/security for the full list
(Sep 2022 to July 2023), including:

Resolves: CVE-2023-24824
Resolves: CVE-2023-26485
Resolves: RHEL-83922
This commit is contained in:
Jens Petersen 2025-03-18 18:37:56 +08:00
parent 4518e04b64
commit a30e31f437
2 changed files with 27 additions and 1 deletions

View File

@ -11,7 +11,7 @@
Name: %{pkg_name}
Version: 2.0.6
Release: 6%{?dist}
Release: 7%{?dist}
Summary: Conversion between markup formats
License: GPLv2+
@ -209,6 +209,14 @@ install -m 0644 -p -D man/pandoc.1 %{buildroot}%{_mandir}/man1/pandoc.1
%changelog
* Mon Mar 17 2025 Jens Petersen <petersen@redhat.com> - 2.0.6-7
- rebuild with ghc-cmark-gfm-0.2.6 for various security fixes,
see https://github.com/github/cmark-gfm/security for the full list
(Sep 2022 to July 2023), including:
- Resolves: CVE-2023-24824
- Resolves: CVE-2023-26485
- Resolves: RHEL-83922
* Thu Apr 14 2022 Jens Petersen <petersen@redhat.com> - 2.0.6-6
- rebuild with ghc-cmark-gfm-0.2.3 for CVE-2022-24724 (#2060667)
- https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x

18
rpminspect.yaml Normal file
View File

@ -0,0 +1,18 @@
---
xml:
# the rendering of libraries source code has anchors with
ignore:
- "/usr/share/pandoc-*/data/templates/*"
elf:
# 14 libs for base, rts, & unix have objects built without -fPIC on x86_64.
# ghc's runtime has this intentionally for performance optimization.
ignore:
- "/usr/lib64/ghc-*/*/libHS*.a"
runpath:
# Technically the /usr/lib64 one should be fixed in the build, but
# the other one should be allowed for the ghc ecosystem.
allowed_paths:
- /usr/lib64
- /usr/lib64/ghc-8.8.4/rts