diff --git a/.gitignore b/.gitignore index 27e01ec..1614bcb 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /kramdown-1.17.0.gem /kramdown-2.1.0.gem /kramdown-2.2.1.gem +/kramdown-2.3.0.gem diff --git a/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch b/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch deleted file mode 100644 index 316a3f9..0000000 --- a/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde Mon Sep 17 00:00:00 2001 -From: Thomas Leitner -Date: Sat, 27 Jun 2020 14:47:21 +0200 -Subject: [PATCH 1/2] Add option forbidden_inline_options - -It is sometimes necessary to restrict the options that can be set -inline, ie. using the {::options ...} extensions. - -By default, the template option is now forbidden to avoid possible -security problems. This addresses CVE-2020-14001. ---- - lib/kramdown/options.rb | 10 ++++++++++ - lib/kramdown/parser/kramdown/extensions.rb | 6 ++++++ - test/testcases/block/12_extension/options.text | 2 ++ - 3 files changed, 18 insertions(+) - -diff --git a/lib/kramdown/options.rb b/lib/kramdown/options.rb -index ea67913..0214e28 100644 ---- a/lib/kramdown/options.rb -+++ b/lib/kramdown/options.rb -@@ -589,6 +589,16 @@ module Kramdown - Used by: HTML converter - EOF - -+ define(:forbidden_inline_options, Object, %w[template], <<~EOF) do |val| -+ Defines the options that may not be set using the {::options} extension -+ -+ Default: template -+ Used by: HTML converter -+ EOF -+ val.map! {|item| item.kind_of?(String) ? str_to_sym(item) : item } -+ simple_array_validator(val, :forbidden_inline_options) -+ end -+ - end - - end -diff --git a/lib/kramdown/parser/kramdown/extensions.rb b/lib/kramdown/parser/kramdown/extensions.rb -index 493dcf7..637d0fa 100644 ---- a/lib/kramdown/parser/kramdown/extensions.rb -+++ b/lib/kramdown/parser/kramdown/extensions.rb -@@ -110,6 +110,12 @@ module Kramdown - opts.select do |k, v| - k = k.to_sym - if Kramdown::Options.defined?(k) -+ if @options[:forbidden_inline_options].include?(k) || -+ k == :forbidden_inline_options -+ warning("Option #{k} may not be set inline") -+ next false -+ end -+ - begin - val = Kramdown::Options.parse(k, v) - @options[k] = val -diff --git a/test/testcases/block/12_extension/options.text b/test/testcases/block/12_extension/options.text -index 5991ab7..b63f34b 100644 ---- a/test/testcases/block/12_extension/options.text -+++ b/test/testcases/block/12_extension/options.text -@@ -19,3 +19,5 @@ some *para* - Some text[^ab]. - - [^ab]: Some text. -+ -+{::options template="/etc/passwd" /} --- -2.26.2 - diff --git a/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch b/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch new file mode 100644 index 0000000..ebc8bf1 --- /dev/null +++ b/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch @@ -0,0 +1,35 @@ +From e1beb51af7fe4ecb85dbab7328f47a23c86c7df2 Mon Sep 17 00:00:00 2001 +From: Thomas Leitner +Date: Wed, 6 Jan 2021 16:05:10 +0100 +Subject: [PATCH] Fix failing tests due to changes in rouge + +--- + Rakefile | 2 +- + test/testcases/block/06_codeblock/rouge/multiple.html | 2 +- + test/testcases/block/06_codeblock/rouge/simple.html | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/testcases/block/06_codeblock/rouge/multiple.html b/test/testcases/block/06_codeblock/rouge/multiple.html +index 03eddb47..6ece5432 100644 +--- a/test/testcases/block/06_codeblock/rouge/multiple.html ++++ b/test/testcases/block/06_codeblock/rouge/multiple.html +@@ -6,6 +6,6 @@ + + + +-
$foo = new Bar;
++
$foo = new Bar;
+ 

+ 

+diff --git a/test/testcases/block/06_codeblock/rouge/simple.html b/test/testcases/block/06_codeblock/rouge/simple.html
+index 10f280a3..1c2259af 100644
+--- a/test/testcases/block/06_codeblock/rouge/simple.html
++++ b/test/testcases/block/06_codeblock/rouge/simple.html
+@@ -5,6 +5,6 @@
+
+
+ +-
$foo = new Bar;
++
$foo = new Bar;
+ 

+ 

diff --git a/rubygem-kramdown.spec b/rubygem-kramdown.spec
index 4ff3ef6..7ef35b7 100644
--- a/rubygem-kramdown.spec
+++ b/rubygem-kramdown.spec
@@ -2,21 +2,20 @@
 %global gem_name kramdown
 
 Name: rubygem-%{gem_name}
-Version: 2.2.1
-Release: 7%{?dist}
+Version: 2.3.0
+Release: 1%{?dist}
 Summary: Fast, pure-Ruby Markdown-superset converter
 
 License:	MIT
 URL:		http://kramdown.rubyforge.org
 Source0:	https://rubygems.org/gems/%{gem_name}-%{version}.gem
-# https://bugzilla.redhat.com/show_bug.cgi?id=1858395
-# https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
-# CVE-2020-14001
-Patch1:	rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch
+# https://github.com/gettalong/kramdown/commit/e1beb51af7fe4ecb85dbab7328f47a23c86c7df2
+Patch2:	rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch
 BuildRequires:	ruby(release)
 BuildRequires:	rubygems-devel
 BuildRequires:	rubygem(minitest) >= 5
-BuildRequires:	rubygem(rouge)
+BuildRequires:	rubygem(rexml)
+BuildRequires:	rubygem(rouge) >= 3.26.0
 BuildRequires:	rubygem(test-unit)
 BuildRequires:	rubygem(stringex)
 # Recommends:	rubygem(stringex)
@@ -51,7 +50,7 @@ Documentation for %{name}
 %prep
 gem unpack %{SOURCE0}
 %setup -q -D -T -n  %{gem_name}-%{version}
-%patch1 -p1
+%patch2 -p1
 gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
 
 %build
@@ -84,9 +83,9 @@ LANG=C.UTF-8
 
 pushd .%{gem_instdir}
 
-# Test suite is now failing, need investigating
-ruby -Ilib -e 'Dir.glob "./test/test_*.rb", &method(:require)' \
-	|| echo "Needs investigating"
+export RUBYLIB=$(pwd)/lib
+ruby -e 'Dir.glob "./test/test_*.rb", &method(:require)'
+
 popd
 
 %files
@@ -111,13 +110,25 @@ popd
 %doc	%{gem_docdir}
 
 %changelog
+* Mon Feb  1 2021 Mamoru TASAKA  - 2.3.0-1
+- 2.3.0
+- Speficy rouge version dependency for test suite
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 2.2.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Jan 23 2021 Mamoru TASAKA  - 2.2.1-8
+- Wrap rexml depedency with fedora release
+- Add upstream patch for rouge change
+- Add upstream patch to silence warnings from minitest
+
 * Wed Jan 13 2021 Igor Raits  - 2.2.1-7
 - Re-add rexml dependency
 
 * Fri Oct  2 2020 Mamoru TASAKA  - 2.2.1-6
 - Test suite now failing, rescuing now
 
-* Tue Aug 10 2020 Mamoru TASAKA  - 2.2.1-5
+* Tue Aug 11 2020 Mamoru TASAKA  - 2.2.1-5
 - Release bump
 
 * Mon Aug 10 2020 Mamoru TASAKA  - 2.2.1-4
diff --git a/sources b/sources
index 2803f8e..7e24ab4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (kramdown-2.2.1.gem) = 7c322010a8a418706c48d5a1011354aba215d50be94354fff93a636ff3453906bb381cf5669560a6bd10ecaf3bab7b04f446efa0a4b85322865b879f74de4c43
+SHA512 (kramdown-2.3.0.gem) = a3ed8360de9208d5ce658d198763737826db943d23dda7ca9cfd507a4656c39f2b19ece78af87981b1177fe01690d6647c854092b230cf3a8a7d2823dc83d276