RubyGems - RedCloth - Versions diffs - 4.2.9 → 4.3.4 - Mend

RedCloth 4.2.9 → 4.3.4

Files changed (31) hide show

checksums.yaml +7 -0
data/CHANGELOG +40 -3
data/Gemfile +3 -3
data/README.rdoc +29 -36
data/Rakefile +1 -2
data/ext/redcloth_scan/extconf.rb +0 -1
data/ext/redcloth_scan/redcloth_inline.c +4 -4
data/ext/redcloth_scan/redcloth_scan.c +77 -77
data/lib/redcloth/formatters/base.rb +1 -1
data/lib/redcloth/formatters/html.rb +15 -7
data/lib/redcloth/formatters/latex.rb +6 -4
data/lib/redcloth/version.rb +7 -7
data/lib/redcloth.rb +5 -0
data/redcloth.gemspec +22 -28
data/spec/custom_tags_spec.rb +7 -7
data/spec/erb_spec.rb +1 -1
data/spec/extension_spec.rb +1 -1
data/spec/fixtures/threshold.yml +1 -1
data/spec/formatters/html_spec.rb +2 -2
data/spec/formatters/latex_spec.rb +2 -2
data/spec/parser_spec.rb +8 -7
data/spec/security/CVE-2012-6684_spec.rb +33 -0
data/spec/security/CVE-2023-31606_spec.rb +49 -0
data/spec/spec_helper.rb +4 -4
data/tasks/compile.rake +7 -16
data/tasks/ragel_extension_task.rb +1 -12
data/tasks/release.rake +11 -11
data/tasks/rvm.rake +5 -3
metadata +101 -151
data/lib/redcloth_scan.jar +0 -0
data/tasks/gems.rake +0 -37

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3bf6223596d141287ffe67bb0321d0cb329110cf056730a6a88072123e61eb23
+  data.tar.gz: 66e55aa28a5fd6d69e9140fc822e9b299bd8fd8b68747cbb61b1322e1686774d
+SHA512:
+  metadata.gz: 330980e516cd9966d6860e92ca917d102c9957635bdf76869774a8b8893d372da7aeca4f5d69da3a8db6d98b3c2d8f97f5628f9c96309e34ea424503fbcdb40a
+  data.tar.gz: c1614dce1f131bed42fed09cef9e4679ef0d7f49868548d355ce1ee5d2753dd64f9c7e172e70d90a838464f70653c78f9e91e149f22909a6eadd63305969593e

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,40 @@
+== 4.3.4 / Mar 13th, 2024
+* A round of cleanups [Helio Cola]
+* Stop checking for main function in libc [Jean byroot Boussier]
+* Update maintainer, scrub redcloth.org [Jason Garber]
+* Add GitHub action [Anton Maminov]
+== 4.3.3 / Nov 2nd, 2023
+* Add tests for CVE-2023-31606 [Helio Cola]
+* Fix rake compile [Helio Cola and Faria Education Group]
+* Fix CVE-2023-31606 (ReDOS possible in the sanitize_html function) [Kornelius Kalnbach and Merbin Russel]
+* Immutable strings [Matijs van Zuijlen]
+== 4.3.2 / May 23rd, 2016
+* Fix additional case for CVE-2012-6684 [Joshua Siler]
+== 4.3.1 / May 17th, 2016
+* Fix additional case for CVE-2012-6684 [Joshua Siler]
+== 4.3.0 / April 29th, 2016
+* Remove JRuby and Windows cross compilation and support
+* Add Ruby 2.2.3 testing and support
+* include CVE-2012-6684 fix [Tomas Pospisek]
+  * fix by [Antonio Terceiro]
+    * see http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/
+  * vulnerability reported by [Kousuke Ebihara]
+    * see http://co3k.org/blog/redcloth-unfixed-xss-en
+== 4.2.9.1 / February 24, 2015
+* Lazy-load latex_entities.yml [Charlie Somerville]
 == 4.2.9 / November 25, 2011
 * Fix RbConfig / Config warning in Ruby 1.9.3. [Steve Purcell, Robert Gleeson, and unclaimedbaggage]
@@ -82,7 +119,7 @@
 * Accept multiline content in table cells. [Jason Garber]
 * Change to list attributes so you can give style/class to list items (taken from PyTextile).  Breaks backwards compatibility.
   Before, the style applied to the first list item applied to the entire list.  Now, class/id/style placed
   before the list applies to the list element and after the hash or asterisk applies to the list item.  For
   example:
@@ -163,7 +200,7 @@
   To compile the jruby version of the gem: jruby -S rake compile
 * Added textilize ERB utility method. [edraut]
-  Use it in an ERB template like this: <%=t my_textile_string %> or
+  Use it in an ERB template like this: <%=t my_textile_string %> or
   <%=r %{Some *textile* if you please!} %>
 * Fix extended blockcode stripping whitespace following blank line. #78
@@ -258,4 +295,4 @@
 * Over 500 tests prevent regression
-* It's 40 times faster than the previous version.
+* It's 40 times faster than the previous version.

data/Gemfile CHANGED Viewed

@@ -1,7 +1,7 @@
-source :rubygems
+source 'https://rubygems.org'
 gemspec
 group :compilation do
-  gem 'rvm', '~> 1.2.6'
+  gem 'rvm', '~> 1.11.3.9'
   gem 'rake-compiler', '~> 0.7.1'
-end
+end

data/README.rdoc CHANGED Viewed

@@ -1,59 +1,47 @@
 = RedCloth - Textile parser for Ruby
-Homepage::  http://redcloth.org
+Homepage::  https://github.com/jgarber/redcloth
+Maintainer:: Helio Cola https://github.com/heliocola
 Author::    Jason Garber
 Copyright:: (c) 2011 Jason Garber
 License::   MIT
-(See http://redcloth.org/textile/ for a Textile reference.)
+{rdoc-image:https://codeclimate.com/github/jgarber/redcloth/badges/gpa.svg}[https://codeclimate.com/github/jgarber/redcloth]
 = RedCloth
 RedCloth is a Ruby library for converting Textile into HTML.
+== Attention - Deprecating JRuby and Windows support in version 4.3
+In order to prioritize merging a fix for the long standing vulnerability *CVE-2012-6684*, our {new maintainer}[https://github.com/joshuasiler] has elected to stop maintaining the precompiled versions for Windows and JRuby.
 == Installing
 RedCloth can be installed via RubyGems:
   gem install RedCloth
-It will install the appropriate Ruby, JRuby, or Win32 gem. If using JRuby,
-version 1.1.5 or greater is required.
 == Compiling
 If you just want to use RedCloth, you do NOT need to build/compile it. It is
 compiled from C sources automatically when you install the gem on the ruby
-platform. Precompiled binary gems are provided for JRuby and Win32 platforms.
+platform. Precompiled binary gems are provided for JRuby and Win32 platforms prior to version 4.3.
 RedCloth can be compiled with <tt>rake compile</tt>. Ragel 6.3 or greater is
 required. Again, Ragel is NOT needed to simply use RedCloth.
 === Supported platforms
-By default, the rake compile task builds a native C extension (MRI 1.8 or 1.9)
-or Java extension (JRuby 1.3). A pure Ruby version can also be generated, but
-it's super slow and Ruby 1.8-only. The JRuby and pure-Ruby extensions don't
-support multi-byte characters. Cross-compiling for win32 uses rake-compiler.
+By default, the rake compile task builds a native C extension (MRI 1.8 or 1.9). A pure Ruby version can also be generated, but it's super slow and Ruby 1.8-only, and doesn't
+support multi-byte characters.
 The RedCloth::EXTENSION_LANGUAGE constant indicates in which language your
 copy of RedCloth is compiled.
-=== Compiling gems
-To compile MRI, JRuby, and win32 gems, you need rvm and rake-compiler. These
-and other dependencies can be installed with bundler. Then rake build:all
-takes care of compiling and packaging all gems.
-  1. gem install bundler
-  2. bundle install
-  3. rake-compiler cross-ruby VERSION=1.8.6-p398
-  4. rake-compiler cross-ruby VERSION=1.9.1-p243
-  5. rake build:all
 == Bugs
-Please submit bugs to http://jgarber.lighthouseapp.com/projects/13054-redcloth/overview
+Please submit bugs as issues to this repo.
 == Using RedCloth
@@ -69,7 +57,7 @@ Multi-line example:
  doc = RedCloth.new <<EOD
  h2. Test document
  Just a simple test.
  EOD
  puts doc.to_html
@@ -122,11 +110,11 @@ of small portions of text within a paragraph.
 == Links
-To make a hypertext link, put the link text in "quotation
+To make a hypertext link, put the link text in "quotation
 marks" followed immediately by a colon and the URL of the link.
-Optional: text in (parentheses) following the link text,
-but before the closing quotation mark, will become a title
+Optional: text in (parentheses) following the link text,
+but before the closing quotation mark, will become a title
 attribute for the link, visible as a tool tip when a cursor is above it.
 Example:
@@ -141,12 +129,12 @@ Will become:
 To insert an image, put the URL for the image inside exclamation marks.
-Optional: text that immediately follows the URL in (parentheses) will
-be used as the Alt text for the image. Images on the web should always
-have descriptive Alt text for the benefit of readers using non-graphical
+Optional: text that immediately follows the URL in (parentheses) will
+be used as the Alt text for the image. Images on the web should always
+have descriptive Alt text for the benefit of readers using non-graphical
 browsers.
-Optional: place a colon followed by a URL immediately after the
+Optional: place a colon followed by a URL immediately after the
 closing ! to make the image into a link.
 Example:
@@ -167,11 +155,11 @@ Will become:
 == Defining Acronyms
-HTML allows authors to define acronyms via the tag. The definition appears as a
-tool tip when a cursor hovers over the acronym. A crucial aid to clear writing,
+HTML allows authors to define acronyms via the tag. The definition appears as a
+tool tip when a cursor hovers over the acronym. A crucial aid to clear writing,
 this should be used at least once for each acronym in documents where they appear.
-To quickly define an acronym in Textile, place the full text in (parentheses)
+To quickly define an acronym in Textile, place the full text in (parentheses)
 immediately following the acronym.
 Example:
@@ -181,6 +169,13 @@ Example:
 Will become:
  <acronym title="American Civil Liberties Union">ACLU</acronym>
+== Filtering HTML
+RedCloth doesn't filter unsafe html tags by default, do to this use the following syntax:
+  RedCloth.new("<script>alert(1)</script>", [:filter_html]).to_html
+which will filter the script tags from the HTML resulting in:
+  "&lt;script&gt;alert(1)&lt;/script&gt;"
 == Adding Tables
@@ -194,5 +189,3 @@ Styles are applied with curly braces.
     table{border:1px solid black}.
     {background:#ddd;color:red}. |a|red|row|

data/Rakefile CHANGED Viewed

@@ -1,7 +1,6 @@
 # encoding: utf-8
 require 'rubygems'
 require 'bundler'
-ENV['RUBYOPT'] = nil # Necessary to prevent Bundler from *&^%$#ing up rake-compiler.
 require 'rake/clean'
@@ -15,4 +14,4 @@ else
   Bundler.settings.without = [:compilation]
   Bundler.setup(:default, :development)
   load 'tasks/rspec.rake'
-end
+end

data/ext/redcloth_scan/extconf.rb CHANGED Viewed

@@ -2,5 +2,4 @@ require 'mkmf'
 CONFIG['warnflags'].gsub!(/-Wshorten-64-to-32/, '') if CONFIG['warnflags']
 $CFLAGS << ' -O0 -Wall ' if CONFIG['CC'] =~ /gcc/
 dir_config("redcloth_scan")
-have_library("c", "main")
 create_makefile("redcloth_scan")

data/ext/redcloth_scan/redcloth_inline.c CHANGED Viewed

@@ -7491,7 +7491,7 @@ _eof_trans:
 	break;
 	case 24:
 #line 103 "ragel/redcloth_inline.rl"
-	{te = p+1;{ CAT(block); {cs = 1270; goto _again;} }}
+	{te = p+1;{ CAT(block); {cs = 1270;goto _again;} }}
 	break;
 	case 25:
 #line 6 "ragel/redcloth_common.c.rl"
@@ -7591,7 +7591,7 @@ _eof_trans:
 	break;
 	case 49:
 #line 116 "ragel/redcloth_inline.rl"
-	{te = p+1;{ CAT(block); {cs = 1516; goto _again;} }}
+	{te = p+1;{ CAT(block); {cs = 1516;goto _again;} }}
 	break;
 	case 50:
 #line 117 "ragel/redcloth_inline.rl"
@@ -7735,7 +7735,7 @@ _eof_trans:
 	break;
 	case 85:
 #line 116 "ragel/redcloth_inline.rl"
-	{te = p;p--;{ CAT(block); {cs = 1516; goto _again;} }}
+	{te = p;p--;{ CAT(block); {cs = 1516;goto _again;} }}
 	break;
 	case 86:
 #line 118 "ragel/redcloth_inline.rl"
@@ -7866,7 +7866,7 @@ _eof_trans:
 	{{p = ((te))-1;} PASS_CODE(block, "text", "code"); }
 	break;
 	case 8:
-	{{p = ((te))-1;} CAT(block); {cs = 1516; goto _again;} }
+	{{p = ((te))-1;} CAT(block); {cs = 1516;goto _again;} }
 	break;
 	case 10:
 	{{p = ((te))-1;} PARSE_ATTR("text"); PASS(block, "text", "strong"); }