From adcbc21b4242fe9b9a42c56173b53e218571c307 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Wed, 3 Feb 2021 20:02:26 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/rubygem-kramdown.git#eaab3a571ba273bd44958c2ffb57aef4769eb72c --- .gitignore | 1 + ...-Add-option-forbidden_inline_options.patch | 67 ------------------- ...ramdown-2.2.1-rouge-3_26_0-testsuite.patch | 35 ++++++++++ rubygem-kramdown.spec | 35 ++++++---- sources | 2 +- 5 files changed, 60 insertions(+), 80 deletions(-) delete mode 100644 rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch create mode 100644 rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch diff --git a/.gitignore b/.gitignore index 27e01ec..1614bcb 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /kramdown-1.17.0.gem /kramdown-2.1.0.gem /kramdown-2.2.1.gem +/kramdown-2.3.0.gem diff --git a/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch b/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch deleted file mode 100644 index 316a3f9..0000000 --- a/rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde Mon Sep 17 00:00:00 2001 -From: Thomas Leitner -Date: Sat, 27 Jun 2020 14:47:21 +0200 -Subject: [PATCH 1/2] Add option forbidden_inline_options - -It is sometimes necessary to restrict the options that can be set -inline, ie. using the {::options ...} extensions. - -By default, the template option is now forbidden to avoid possible -security problems. This addresses CVE-2020-14001. ---- - lib/kramdown/options.rb | 10 ++++++++++ - lib/kramdown/parser/kramdown/extensions.rb | 6 ++++++ - test/testcases/block/12_extension/options.text | 2 ++ - 3 files changed, 18 insertions(+) - -diff --git a/lib/kramdown/options.rb b/lib/kramdown/options.rb -index ea67913..0214e28 100644 ---- a/lib/kramdown/options.rb -+++ b/lib/kramdown/options.rb -@@ -589,6 +589,16 @@ module Kramdown - Used by: HTML converter - EOF - -+ define(:forbidden_inline_options, Object, %w[template], <<~EOF) do |val| -+ Defines the options that may not be set using the {::options} extension -+ -+ Default: template -+ Used by: HTML converter -+ EOF -+ val.map! {|item| item.kind_of?(String) ? str_to_sym(item) : item } -+ simple_array_validator(val, :forbidden_inline_options) -+ end -+ - end - - end -diff --git a/lib/kramdown/parser/kramdown/extensions.rb b/lib/kramdown/parser/kramdown/extensions.rb -index 493dcf7..637d0fa 100644 ---- a/lib/kramdown/parser/kramdown/extensions.rb -+++ b/lib/kramdown/parser/kramdown/extensions.rb -@@ -110,6 +110,12 @@ module Kramdown - opts.select do |k, v| - k = k.to_sym - if Kramdown::Options.defined?(k) -+ if @options[:forbidden_inline_options].include?(k) || -+ k == :forbidden_inline_options -+ warning("Option #{k} may not be set inline") -+ next false -+ end -+ - begin - val = Kramdown::Options.parse(k, v) - @options[k] = val -diff --git a/test/testcases/block/12_extension/options.text b/test/testcases/block/12_extension/options.text -index 5991ab7..b63f34b 100644 ---- a/test/testcases/block/12_extension/options.text -+++ b/test/testcases/block/12_extension/options.text -@@ -19,3 +19,5 @@ some *para* - Some text[^ab]. - - [^ab]: Some text. -+ -+{::options template="/etc/passwd" /} --- -2.26.2 - diff --git a/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch b/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch new file mode 100644 index 0000000..ebc8bf1 --- /dev/null +++ b/rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch @@ -0,0 +1,35 @@ +From e1beb51af7fe4ecb85dbab7328f47a23c86c7df2 Mon Sep 17 00:00:00 2001 +From: Thomas Leitner +Date: Wed, 6 Jan 2021 16:05:10 +0100 +Subject: [PATCH] Fix failing tests due to changes in rouge + +--- + Rakefile | 2 +- + test/testcases/block/06_codeblock/rouge/multiple.html | 2 +- + test/testcases/block/06_codeblock/rouge/simple.html | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/test/testcases/block/06_codeblock/rouge/multiple.html b/test/testcases/block/06_codeblock/rouge/multiple.html +index 03eddb47..6ece5432 100644 +--- a/test/testcases/block/06_codeblock/rouge/multiple.html ++++ b/test/testcases/block/06_codeblock/rouge/multiple.html +@@ -6,6 +6,6 @@ + + + +-
$foo = new Bar;
++
$foo = new Bar;
+ 

+ 

+diff --git a/test/testcases/block/06_codeblock/rouge/simple.html b/test/testcases/block/06_codeblock/rouge/simple.html
+index 10f280a3..1c2259af 100644
+--- a/test/testcases/block/06_codeblock/rouge/simple.html
++++ b/test/testcases/block/06_codeblock/rouge/simple.html
+@@ -5,6 +5,6 @@
+
+
+ +-
$foo = new Bar;
++
$foo = new Bar;
+ 

+ 

diff --git a/rubygem-kramdown.spec b/rubygem-kramdown.spec
index 4ff3ef6..7ef35b7 100644
--- a/rubygem-kramdown.spec
+++ b/rubygem-kramdown.spec
@@ -2,21 +2,20 @@
 %global gem_name kramdown
 
 Name: rubygem-%{gem_name}
-Version: 2.2.1
-Release: 7%{?dist}
+Version: 2.3.0
+Release: 1%{?dist}
 Summary: Fast, pure-Ruby Markdown-superset converter
 
 License:	MIT
 URL:		http://kramdown.rubyforge.org
 Source0:	https://rubygems.org/gems/%{gem_name}-%{version}.gem
-# https://bugzilla.redhat.com/show_bug.cgi?id=1858395
-# https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
-# CVE-2020-14001
-Patch1:	rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch
+# https://github.com/gettalong/kramdown/commit/e1beb51af7fe4ecb85dbab7328f47a23c86c7df2
+Patch2:	rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch
 BuildRequires:	ruby(release)
 BuildRequires:	rubygems-devel
 BuildRequires:	rubygem(minitest) >= 5
-BuildRequires:	rubygem(rouge)
+BuildRequires:	rubygem(rexml)
+BuildRequires:	rubygem(rouge) >= 3.26.0
 BuildRequires:	rubygem(test-unit)
 BuildRequires:	rubygem(stringex)
 # Recommends:	rubygem(stringex)
@@ -51,7 +50,7 @@ Documentation for %{name}
 %prep
 gem unpack %{SOURCE0}
 %setup -q -D -T -n  %{gem_name}-%{version}
-%patch1 -p1
+%patch2 -p1
 gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
 
 %build
@@ -84,9 +83,9 @@ LANG=C.UTF-8
 
 pushd .%{gem_instdir}
 
-# Test suite is now failing, need investigating
-ruby -Ilib -e 'Dir.glob "./test/test_*.rb", &method(:require)' \
-	|| echo "Needs investigating"
+export RUBYLIB=$(pwd)/lib
+ruby -e 'Dir.glob "./test/test_*.rb", &method(:require)'
+
 popd
 
 %files
@@ -111,13 +110,25 @@ popd
 %doc	%{gem_docdir}
 
 %changelog
+* Mon Feb  1 2021 Mamoru TASAKA  - 2.3.0-1
+- 2.3.0
+- Speficy rouge version dependency for test suite
+
+* Wed Jan 27 2021 Fedora Release Engineering  - 2.2.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sat Jan 23 2021 Mamoru TASAKA  - 2.2.1-8
+- Wrap rexml depedency with fedora release
+- Add upstream patch for rouge change
+- Add upstream patch to silence warnings from minitest
+
 * Wed Jan 13 2021 Igor Raits  - 2.2.1-7
 - Re-add rexml dependency
 
 * Fri Oct  2 2020 Mamoru TASAKA  - 2.2.1-6
 - Test suite now failing, rescuing now
 
-* Tue Aug 10 2020 Mamoru TASAKA  - 2.2.1-5
+* Tue Aug 11 2020 Mamoru TASAKA  - 2.2.1-5
 - Release bump
 
 * Mon Aug 10 2020 Mamoru TASAKA  - 2.2.1-4
diff --git a/sources b/sources
index 2803f8e..7e24ab4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (kramdown-2.2.1.gem) = 7c322010a8a418706c48d5a1011354aba215d50be94354fff93a636ff3453906bb381cf5669560a6bd10ecaf3bab7b04f446efa0a4b85322865b879f74de4c43
+SHA512 (kramdown-2.3.0.gem) = a3ed8360de9208d5ce658d198763737826db943d23dda7ca9cfd507a4656c39f2b19ece78af87981b1177fe01690d6647c854092b230cf3a8a7d2823dc83d276