RubyGems - RedCloth - Versions diffs - 4.2.9 → 4.3.4 - Mend

RedCloth 4.2.9 → 4.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

checksums.yaml +7 -0
data/CHANGELOG +40 -3
data/Gemfile +3 -3
data/README.rdoc +29 -36
data/Rakefile +1 -2
data/ext/redcloth_scan/extconf.rb +0 -1
data/ext/redcloth_scan/redcloth_inline.c +4 -4
data/ext/redcloth_scan/redcloth_scan.c +77 -77
data/lib/redcloth/formatters/base.rb +1 -1
data/lib/redcloth/formatters/html.rb +15 -7
data/lib/redcloth/formatters/latex.rb +6 -4
data/lib/redcloth/version.rb +7 -7
data/lib/redcloth.rb +5 -0
data/redcloth.gemspec +22 -28
data/spec/custom_tags_spec.rb +7 -7
data/spec/erb_spec.rb +1 -1
data/spec/extension_spec.rb +1 -1
data/spec/fixtures/threshold.yml +1 -1
data/spec/formatters/html_spec.rb +2 -2
data/spec/formatters/latex_spec.rb +2 -2
data/spec/parser_spec.rb +8 -7
data/spec/security/CVE-2012-6684_spec.rb +33 -0
data/spec/security/CVE-2023-31606_spec.rb +49 -0
data/spec/spec_helper.rb +4 -4
data/tasks/compile.rake +7 -16
data/tasks/ragel_extension_task.rb +1 -12
data/tasks/release.rake +11 -11
data/tasks/rvm.rake +5 -3
metadata +101 -151
data/lib/redcloth_scan.jar +0 -0
data/tasks/gems.rake +0 -37

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3bf6223596d141287ffe67bb0321d0cb329110cf056730a6a88072123e61eb23
+  data.tar.gz: 66e55aa28a5fd6d69e9140fc822e9b299bd8fd8b68747cbb61b1322e1686774d
+SHA512:
+  metadata.gz: 330980e516cd9966d6860e92ca917d102c9957635bdf76869774a8b8893d372da7aeca4f5d69da3a8db6d98b3c2d8f97f5628f9c96309e34ea424503fbcdb40a
+  data.tar.gz: c1614dce1f131bed42fed09cef9e4679ef0d7f49868548d355ce1ee5d2753dd64f9c7e172e70d90a838464f70653c78f9e91e149f22909a6eadd63305969593e

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,40 @@
+== 4.3.4 / Mar 13th, 2024
+* A round of cleanups [Helio Cola]
+* Stop checking for main function in libc [Jean byroot Boussier]
+* Update maintainer, scrub redcloth.org [Jason Garber]
+* Add GitHub action [Anton Maminov]
+== 4.3.3 / Nov 2nd, 2023
+* Add tests for CVE-2023-31606 [Helio Cola]
+* Fix rake compile [Helio Cola and Faria Education Group]
+* Fix CVE-2023-31606 (ReDOS possible in the sanitize_html function) [Kornelius Kalnbach and Merbin Russel]
+* Immutable strings [Matijs van Zuijlen]
+== 4.3.2 / May 23rd, 2016
+* Fix additional case for CVE-2012-6684 [Joshua Siler]
+== 4.3.1 / May 17th, 2016
+* Fix additional case for CVE-2012-6684 [Joshua Siler]
+== 4.3.0 / April 29th, 2016
+* Remove JRuby and Windows cross compilation and support
+* Add Ruby 2.2.3 testing and support
+* include CVE-2012-6684 fix [Tomas Pospisek]
+  * fix by [Antonio Terceiro]
+    * see http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/
+  * vulnerability reported by [Kousuke Ebihara]
+    * see http://co3k.org/blog/redcloth-unfixed-xss-en
+== 4.2.9.1 / February 24, 2015
+* Lazy-load latex_entities.yml [Charlie Somerville]
 == 4.2.9 / November 25, 2011
 * Fix RbConfig / Config warning in Ruby 1.9.3. [Steve Purcell, Robert Gleeson, and unclaimedbaggage]
@@ -82,7 +119,7 @@
 * Accept multiline content in table cells. [Jason Garber]
 * Change to list attributes so you can give style/class to list items (taken from PyTextile).  Breaks backwards compatibility.
   Before, the style applied to the first list item applied to the entire list.  Now, class/id/style placed
   before the list applies to the list element and after the hash or asterisk applies to the list item.  For
   example:
@@ -163,7 +200,7 @@
   To compile the jruby version of the gem: jruby -S rake compile
 * Added textilize ERB utility method. [edraut]
-  Use it in an ERB template like this: <%=t my_textile_string %> or
+  Use it in an ERB template like this: <%=t my_textile_string %> or
   <%=r %{Some *textile* if you please!} %>
 * Fix extended blockcode stripping whitespace following blank line. #78
@@ -258,4 +295,4 @@
 * Over 500 tests prevent regression
-* It's 40 times faster than the previous version.
+* It's 40 times faster than the previous version.

data/Gemfile CHANGED Viewed

@@ -1,7 +1,7 @@
-source :rubygems
+source 'https://rubygems.org'
 gemspec
 group :compilation do
-  gem 'rvm', '~> 1.2.6'
+  gem 'rvm', '~> 1.11.3.9'
   gem 'rake-compiler', '~> 0.7.1'
-end
+end

data/README.rdoc CHANGED Viewed

@@ -1,59 +1,47 @@
 = RedCloth - Textile parser for Ruby
-Homepage::  http://redcloth.org
+Homepage::  https://github.com/jgarber/redcloth
+Maintainer:: Helio Cola https://github.com/heliocola
 Author::    Jason Garber
 Copyright:: (c) 2011 Jason Garber
 License::   MIT
-(See http://redcloth.org/textile/ for a Textile reference.)
+{rdoc-image:https://codeclimate.com/github/jgarber/redcloth/badges/gpa.svg}[https://codeclimate.com/github/jgarber/redcloth]
 = RedCloth
 RedCloth is a Ruby library for converting Textile into HTML.
+== Attention - Deprecating JRuby and Windows support in version 4.3
+In order to prioritize merging a fix for the long standing vulnerability *CVE-2012-6684*, our {new maintainer}[https://github.com/joshuasiler] has elected to stop maintaining the precompiled versions for Windows and JRuby.
 == Installing
 RedCloth can be installed via RubyGems:
   gem install RedCloth
-It will install the appropriate Ruby, JRuby, or Win32 gem. If using JRuby,
-version 1.1.5 or greater is required.
 == Compiling
 If you just want to use RedCloth, you do NOT need to build/compile it. It is
 compiled from C sources automatically when you install the gem on the ruby
-platform. Precompiled binary gems are provided for JRuby and Win32 platforms.
+platform. Precompiled binary gems are provided for JRuby and Win32 platforms prior to version 4.3.
 RedCloth can be compiled with <tt>rake compile</tt>. Ragel 6.3 or greater is
 required. Again, Ragel is NOT needed to simply use RedCloth.
 === Supported platforms
-By default, the rake compile task builds a native C extension (MRI 1.8 or 1.9)
-or Java extension (JRuby 1.3). A pure Ruby version can also be generated, but
-it's super slow and Ruby 1.8-only. The JRuby and pure-Ruby extensions don't
-support multi-byte characters. Cross-compiling for win32 uses rake-compiler.
+By default, the rake compile task builds a native C extension (MRI 1.8 or 1.9). A pure Ruby version can also be generated, but it's super slow and Ruby 1.8-only, and doesn't
+support multi-byte characters.
 The RedCloth::EXTENSION_LANGUAGE constant indicates in which language your
 copy of RedCloth is compiled.
-=== Compiling gems
-To compile MRI, JRuby, and win32 gems, you need rvm and rake-compiler. These
-and other dependencies can be installed with bundler. Then rake build:all
-takes care of compiling and packaging all gems.
-  1. gem install bundler
-  2. bundle install
-  3. rake-compiler cross-ruby VERSION=1.8.6-p398
-  4. rake-compiler cross-ruby VERSION=1.9.1-p243
-  5. rake build:all
 == Bugs
-Please submit bugs to http://jgarber.lighthouseapp.com/projects/13054-redcloth/overview
+Please submit bugs as issues to this repo.
 == Using RedCloth
@@ -69,7 +57,7 @@ Multi-line example:
  doc = RedCloth.new <<EOD
  h2. Test document
  Just a simple test.
  EOD
  puts doc.to_html
@@ -122,11 +110,11 @@ of small portions of text within a paragraph.
 == Links
-To make a hypertext link, put the link text in "quotation
+To make a hypertext link, put the link text in "quotation
 marks" followed immediately by a colon and the URL of the link.
-Optional: text in (parentheses) following the link text,
-but before the closing quotation mark, will become a title
+Optional: text in (parentheses) following the link text,
+but before the closing quotation mark, will become a title
 attribute for the link, visible as a tool tip when a cursor is above it.
 Example:
@@ -141,12 +129,12 @@ Will become:
 To insert an image, put the URL for the image inside exclamation marks.
-Optional: text that immediately follows the URL in (parentheses) will
-be used as the Alt text for the image. Images on the web should always
-have descriptive Alt text for the benefit of readers using non-graphical
+Optional: text that immediately follows the URL in (parentheses) will
+be used as the Alt text for the image. Images on the web should always
+have descriptive Alt text for the benefit of readers using non-graphical
 browsers.
-Optional: place a colon followed by a URL immediately after the
+Optional: place a colon followed by a URL immediately after the
 closing ! to make the image into a link.
 Example:
@@ -167,11 +155,11 @@ Will become:
 == Defining Acronyms
-HTML allows authors to define acronyms via the tag. The definition appears as a
-tool tip when a cursor hovers over the acronym. A crucial aid to clear writing,
+HTML allows authors to define acronyms via the tag. The definition appears as a
+tool tip when a cursor hovers over the acronym. A crucial aid to clear writing,
 this should be used at least once for each acronym in documents where they appear.
-To quickly define an acronym in Textile, place the full text in (parentheses)
+To quickly define an acronym in Textile, place the full text in (parentheses)
 immediately following the acronym.
 Example:
@@ -181,6 +169,13 @@ Example:
 Will become:
  <acronym title="American Civil Liberties Union">ACLU</acronym>
+== Filtering HTML
+RedCloth doesn't filter unsafe html tags by default, do to this use the following syntax:
+  RedCloth.new("<script>alert(1)</script>", [:filter_html]).to_html
+which will filter the script tags from the HTML resulting in:
+  "&lt;script&gt;alert(1)&lt;/script&gt;"
 == Adding Tables
@@ -194,5 +189,3 @@ Styles are applied with curly braces.
     table{border:1px solid black}.
     {background:#ddd;color:red}. |a|red|row|

data/Rakefile CHANGED Viewed

@@ -1,7 +1,6 @@
 # encoding: utf-8
 require 'rubygems'
 require 'bundler'
-ENV['RUBYOPT'] = nil # Necessary to prevent Bundler from *&^%$#ing up rake-compiler.
 require 'rake/clean'
@@ -15,4 +14,4 @@ else
   Bundler.settings.without = [:compilation]
   Bundler.setup(:default, :development)
   load 'tasks/rspec.rake'
-end
+end

data/ext/redcloth_scan/extconf.rb CHANGED Viewed

@@ -2,5 +2,4 @@ require 'mkmf'
 CONFIG['warnflags'].gsub!(/-Wshorten-64-to-32/, '') if CONFIG['warnflags']
 $CFLAGS << ' -O0 -Wall ' if CONFIG['CC'] =~ /gcc/
 dir_config("redcloth_scan")
-have_library("c", "main")
 create_makefile("redcloth_scan")

data/ext/redcloth_scan/redcloth_inline.c CHANGED Viewed

@@ -7491,7 +7491,7 @@ _eof_trans:
 	break;
 	case 24:
 #line 103 "ragel/redcloth_inline.rl"
-	{te = p+1;{ CAT(block); {cs = 1270; goto _again;} }}
+	{te = p+1;{ CAT(block); {cs = 1270;goto _again;} }}
 	break;
 	case 25:
 #line 6 "ragel/redcloth_common.c.rl"
@@ -7591,7 +7591,7 @@ _eof_trans:
 	break;
 	case 49:
 #line 116 "ragel/redcloth_inline.rl"
-	{te = p+1;{ CAT(block); {cs = 1516; goto _again;} }}
+	{te = p+1;{ CAT(block); {cs = 1516;goto _again;} }}
 	break;
 	case 50:
 #line 117 "ragel/redcloth_inline.rl"
@@ -7735,7 +7735,7 @@ _eof_trans:
 	break;
 	case 85:
 #line 116 "ragel/redcloth_inline.rl"
-	{te = p;p--;{ CAT(block); {cs = 1516; goto _again;} }}
+	{te = p;p--;{ CAT(block); {cs = 1516;goto _again;} }}
 	break;
 	case 86:
 #line 118 "ragel/redcloth_inline.rl"
@@ -7866,7 +7866,7 @@ _eof_trans:
 	{{p = ((te))-1;} PASS_CODE(block, "text", "code"); }
 	break;
 	case 8:
-	{{p = ((te))-1;} CAT(block); {cs = 1516; goto _again;} }
+	{{p = ((te))-1;} CAT(block); {cs = 1516;goto _again;} }
 	break;
 	case 10:
 	{{p = ((te))-1;} PARSE_ATTR("text"); PASS(block, "text", "strong"); }