2.3.0
Speficy rouge version dependency for test suite
This commit is contained in:
parent
2597a1058d
commit
eaab3a571b
1
.gitignore
vendored
1
.gitignore
vendored
@ -22,3 +22,4 @@
|
|||||||
/kramdown-1.17.0.gem
|
/kramdown-1.17.0.gem
|
||||||
/kramdown-2.1.0.gem
|
/kramdown-2.1.0.gem
|
||||||
/kramdown-2.2.1.gem
|
/kramdown-2.2.1.gem
|
||||||
|
/kramdown-2.3.0.gem
|
||||||
|
@ -1,67 +0,0 @@
|
|||||||
From 1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Leitner <t_leitner@gmx.at>
|
|
||||||
Date: Sat, 27 Jun 2020 14:47:21 +0200
|
|
||||||
Subject: [PATCH 1/2] Add option forbidden_inline_options
|
|
||||||
|
|
||||||
It is sometimes necessary to restrict the options that can be set
|
|
||||||
inline, ie. using the {::options ...} extensions.
|
|
||||||
|
|
||||||
By default, the template option is now forbidden to avoid possible
|
|
||||||
security problems. This addresses CVE-2020-14001.
|
|
||||||
---
|
|
||||||
lib/kramdown/options.rb | 10 ++++++++++
|
|
||||||
lib/kramdown/parser/kramdown/extensions.rb | 6 ++++++
|
|
||||||
test/testcases/block/12_extension/options.text | 2 ++
|
|
||||||
3 files changed, 18 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/kramdown/options.rb b/lib/kramdown/options.rb
|
|
||||||
index ea67913..0214e28 100644
|
|
||||||
--- a/lib/kramdown/options.rb
|
|
||||||
+++ b/lib/kramdown/options.rb
|
|
||||||
@@ -589,6 +589,16 @@ module Kramdown
|
|
||||||
Used by: HTML converter
|
|
||||||
EOF
|
|
||||||
|
|
||||||
+ define(:forbidden_inline_options, Object, %w[template], <<~EOF) do |val|
|
|
||||||
+ Defines the options that may not be set using the {::options} extension
|
|
||||||
+
|
|
||||||
+ Default: template
|
|
||||||
+ Used by: HTML converter
|
|
||||||
+ EOF
|
|
||||||
+ val.map! {|item| item.kind_of?(String) ? str_to_sym(item) : item }
|
|
||||||
+ simple_array_validator(val, :forbidden_inline_options)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
end
|
|
||||||
|
|
||||||
end
|
|
||||||
diff --git a/lib/kramdown/parser/kramdown/extensions.rb b/lib/kramdown/parser/kramdown/extensions.rb
|
|
||||||
index 493dcf7..637d0fa 100644
|
|
||||||
--- a/lib/kramdown/parser/kramdown/extensions.rb
|
|
||||||
+++ b/lib/kramdown/parser/kramdown/extensions.rb
|
|
||||||
@@ -110,6 +110,12 @@ module Kramdown
|
|
||||||
opts.select do |k, v|
|
|
||||||
k = k.to_sym
|
|
||||||
if Kramdown::Options.defined?(k)
|
|
||||||
+ if @options[:forbidden_inline_options].include?(k) ||
|
|
||||||
+ k == :forbidden_inline_options
|
|
||||||
+ warning("Option #{k} may not be set inline")
|
|
||||||
+ next false
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
begin
|
|
||||||
val = Kramdown::Options.parse(k, v)
|
|
||||||
@options[k] = val
|
|
||||||
diff --git a/test/testcases/block/12_extension/options.text b/test/testcases/block/12_extension/options.text
|
|
||||||
index 5991ab7..b63f34b 100644
|
|
||||||
--- a/test/testcases/block/12_extension/options.text
|
|
||||||
+++ b/test/testcases/block/12_extension/options.text
|
|
||||||
@@ -19,3 +19,5 @@ some <span>*para*</span>
|
|
||||||
Some text[^ab].
|
|
||||||
|
|
||||||
[^ab]: Some text.
|
|
||||||
+
|
|
||||||
+{::options template="/etc/passwd" /}
|
|
||||||
--
|
|
||||||
2.26.2
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
|||||||
From dd1bab4ee32324db3a11f5712718792164bd38c8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Thomas Leitner <t_leitner@gmx.at>
|
|
||||||
Date: Sat, 27 Jun 2020 11:35:15 +0200
|
|
||||||
Subject: [PATCH] Use assert_equal instead of .must_equal in test cases
|
|
||||||
|
|
||||||
---
|
|
||||||
test/test_location.rb | 4 ++--
|
|
||||||
test/test_string_scanner_kramdown.rb | 2 +-
|
|
||||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/test/test_location.rb b/test/test_location.rb
|
|
||||||
index 41295dc4..d2642c78 100644
|
|
||||||
--- a/test/test_location.rb
|
|
||||||
+++ b/test/test_location.rb
|
|
||||||
@@ -18,7 +18,7 @@
|
|
||||||
def check_element_for_location(element)
|
|
||||||
if (match = /^line-(\d+)/.match(element.attr['class'] || ''))
|
|
||||||
expected_line = match[1].to_i
|
|
||||||
- element.options[:location].must_equal(expected_line)
|
|
||||||
+ assert_equal(expected_line, element.options[:location])
|
|
||||||
end
|
|
||||||
element.children.each do |child|
|
|
||||||
check_element_for_location(child)
|
|
||||||
@@ -187,7 +187,7 @@ def check_element_for_location(element)
|
|
||||||
*[duplicate]: The second definition
|
|
||||||
)
|
|
||||||
doc = Kramdown::Document.new(test_string.strip)
|
|
||||||
- doc.warnings.must_equal ["Duplicate abbreviation ID 'duplicate' on line 4 - overwriting"]
|
|
||||||
+ assert_equal(["Duplicate abbreviation ID 'duplicate' on line 4 - overwriting"], doc.warnings)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'handles abbreviations' do
|
|
||||||
diff --git a/test/test_string_scanner_kramdown.rb b/test/test_string_scanner_kramdown.rb
|
|
||||||
index a2c91ebc..713c03c4 100644
|
|
||||||
--- a/test/test_string_scanner_kramdown.rb
|
|
||||||
+++ b/test/test_string_scanner_kramdown.rb
|
|
||||||
@@ -21,7 +21,7 @@
|
|
||||||
it "computes the correct current_line_number for example ##{i + 1}" do
|
|
||||||
str_sc = Kramdown::Utils::StringScanner.new(test_string)
|
|
||||||
scan_regexes.each {|scan_re| str_sc.scan_until(scan_re) }
|
|
||||||
- str_sc.current_line_number.must_equal expect
|
|
||||||
+ assert_equal(expect, str_sc.current_line_number)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
@ -2,28 +2,20 @@
|
|||||||
%global gem_name kramdown
|
%global gem_name kramdown
|
||||||
|
|
||||||
Name: rubygem-%{gem_name}
|
Name: rubygem-%{gem_name}
|
||||||
Version: 2.2.1
|
Version: 2.3.0
|
||||||
Release: 9%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Fast, pure-Ruby Markdown-superset converter
|
Summary: Fast, pure-Ruby Markdown-superset converter
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://kramdown.rubyforge.org
|
URL: http://kramdown.rubyforge.org
|
||||||
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1858395
|
|
||||||
# https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
|
|
||||||
# CVE-2020-14001
|
|
||||||
Patch1: rubygem-kramdown-2.2.1-0001-Add-option-forbidden_inline_options.patch
|
|
||||||
# https://github.com/gettalong/kramdown/commit/e1beb51af7fe4ecb85dbab7328f47a23c86c7df2
|
# https://github.com/gettalong/kramdown/commit/e1beb51af7fe4ecb85dbab7328f47a23c86c7df2
|
||||||
Patch2: rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch
|
Patch2: rubygem-kramdown-2.2.1-rouge-3_26_0-testsuite.patch
|
||||||
# https://github.com/gettalong/kramdown/commit/dd1bab4ee32324db3a11f5712718792164bd38c8
|
|
||||||
Patch3: rubygem-kramdown-2.2.1-minitest-warning-must_equal.patch
|
|
||||||
BuildRequires: ruby(release)
|
BuildRequires: ruby(release)
|
||||||
BuildRequires: rubygems-devel
|
BuildRequires: rubygems-devel
|
||||||
BuildRequires: rubygem(minitest) >= 5
|
BuildRequires: rubygem(minitest) >= 5
|
||||||
%if 0%{?fedora} >= 34
|
|
||||||
BuildRequires: rubygem(rexml)
|
BuildRequires: rubygem(rexml)
|
||||||
%endif
|
BuildRequires: rubygem(rouge) >= 3.26.0
|
||||||
BuildRequires: rubygem(rouge)
|
|
||||||
BuildRequires: rubygem(test-unit)
|
BuildRequires: rubygem(test-unit)
|
||||||
BuildRequires: rubygem(stringex)
|
BuildRequires: rubygem(stringex)
|
||||||
# Recommends: rubygem(stringex)
|
# Recommends: rubygem(stringex)
|
||||||
@ -58,16 +50,8 @@ Documentation for %{name}
|
|||||||
%prep
|
%prep
|
||||||
gem unpack %{SOURCE0}
|
gem unpack %{SOURCE0}
|
||||||
%setup -q -D -T -n %{gem_name}-%{version}
|
%setup -q -D -T -n %{gem_name}-%{version}
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
|
||||||
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
||||||
# 2.2.1 explicily adds rexml runtime dependency, which is actually required from
|
|
||||||
# ruby 3.0
|
|
||||||
# for ruby < 3.0, see bug 1838185
|
|
||||||
%if 0%{?fedora} < 34
|
|
||||||
sed -i %{gem_name}.gemspec -e '\@rexml@d'
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
gem build %{gem_name}.gemspec
|
gem build %{gem_name}.gemspec
|
||||||
@ -99,10 +83,9 @@ LANG=C.UTF-8
|
|||||||
|
|
||||||
pushd .%{gem_instdir}
|
pushd .%{gem_instdir}
|
||||||
|
|
||||||
# Test suite is now failing, need investigating
|
|
||||||
export RUBYLIB=$(pwd)/lib
|
export RUBYLIB=$(pwd)/lib
|
||||||
ruby -e 'Dir.glob "./test/test_*.rb", &method(:require)' \
|
ruby -e 'Dir.glob "./test/test_*.rb", &method(:require)'
|
||||||
|| false
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
%files
|
%files
|
||||||
@ -127,6 +110,10 @@ popd
|
|||||||
%doc %{gem_docdir}
|
%doc %{gem_docdir}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 1 2021 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2.3.0-1
|
||||||
|
- 2.3.0
|
||||||
|
- Speficy rouge version dependency for test suite
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-9
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-9
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (kramdown-2.2.1.gem) = 7c322010a8a418706c48d5a1011354aba215d50be94354fff93a636ff3453906bb381cf5669560a6bd10ecaf3bab7b04f446efa0a4b85322865b879f74de4c43
|
SHA512 (kramdown-2.3.0.gem) = a3ed8360de9208d5ce658d198763737826db943d23dda7ca9cfd507a4656c39f2b19ece78af87981b1177fe01690d6647c854092b230cf3a8a7d2823dc83d276
|
||||||
|
Loading…
Reference in New Issue
Block a user