Received: by mail.netbsd.org (Postfix, from userid 605) id C65BC84DB2; Sat, 4 Feb 2023 13:23:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 0167384D9B for ; Sat, 4 Feb 2023 13:23:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id BTvuyoH-HZYR for ; Sat, 4 Feb 2023 13:23:06 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 180C984D05 for ; Sat, 4 Feb 2023 13:23:06 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 0BB17FA90; Sat, 4 Feb 2023 13:23:06 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1675516986158820" MIME-Version: 1.0 Date: Sat, 4 Feb 2023 13:23:06 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/textproc/cmark-gfm To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20230204132306.0BB17FA90@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1675516986158820 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sat Feb 4 13:23:05 UTC 2023 Modified Files: pkgsrc/textproc/cmark-gfm: Makefile PLIST distinfo Log Message: textproc/cmark-gfm: update to 0.29.0.gfm.9 pkgsrc change: remove pkglint warning. 0.29.0.gfm.1 (2021-09-14) * Fixed denial of service bug in GFM's table extension per GHSA-7gc6-9qr5-hc85 0.29.0.gfm.2 (2021-09-16) * Fixed issues with footnote rendering when used with the autolinker (#121), and when footnotes are adjacent (#139). * We now allow footnotes to be referenced from inside a footnote definition, we use the footnote label for the fnref href text when rendering html, and we insert multiple backrefs when a footnote has been referenced multiple times (#229, #230) * We added new data- attributes to footnote html rendering to make them easier to style (#234) 0.29.0.gfm.3 (2022-03-03) * Fixed heap memory corruption vulnerabiliy via integer overflow per GHSA-mc3g-88wq-6f4x 0.29.0.gfm.4 (2022-05-31) * Remove source from list of HTML block elements per commonmark/commonmark-spec#710 0.29.0.gfm.5 (2022-08-25) * Added xmpp: and mailto: support to the autolink extension 0.29.0.gfm.6 (2022-09-15) * Fixed polynomial time complexity DoS vulnerability in autolink extension per GHSA-cgh3-p57x-9q7q 0.29.0.gfm.7 (2023-01-23) * Fixed CVE-2023-22486, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * Fixed CVE-2023-22485, in which a crafted markdown document could trigger an out-of-bounds read in the validate_protocol function. * Fixed CVE-2023-22484, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * Fixed CVE-2023-22483, several polynomial time complexity issues in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * We removed an unneeded .DS_Store file (#291) * We added a test for domains with underscores and fix roundtrip behavior (#292) * We now use an up-to-date clang-format (#294) * We made a variety of implicit integer truncations explicit by moving to size_t as our standard size integer type (#302) * We introduced a new flag mechanism that is used in cmark node state management, which requires clients call the cmark_init_standard_node_flags function at program startup (420c20a) The security issues were reported and resolved by @kevinbackhouse and @philipturnbull of the GitHub Security Lab 0.29.0.gfm.8 (2023-01-25) * We restored backwards compatibility by deprecating the cmark_init_standard_node_flags() requirement, which is now a noop (#305) * We added a quadratic complexity fuzzing target (#304) 0.29.0.gfm.9 Latest (2023-01-31) Code was tidied: * Use of a private header was cleaned up #248 * Man page was update #255 * Warnings for -Wstrict-prototypes were cleaned up #285 * We avoid header duplication #289 New functionality: * We now store positioning info for url_match #201 * We now expose cmark_parent_footnote_def for non-C renderers #254 * Footnote aria-label text now reference the specific footnote backref, and we include a data-footnote-backref-idx attribute so the label can be internationalized in a downstream filter #307 To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/textproc/cmark-gfm/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/cmark-gfm/PLIST cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/cmark-gfm/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1675516986158820 Content-Disposition: inline Content-Length: 2879 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/textproc/cmark-gfm/Makefile diff -u pkgsrc/textproc/cmark-gfm/Makefile:1.2 pkgsrc/textproc/cmark-gfm/Makefile:1.3 --- pkgsrc/textproc/cmark-gfm/Makefile:1.2 Mon Jul 25 11:12:29 2022 +++ pkgsrc/textproc/cmark-gfm/Makefile Sat Feb 4 13:23:05 2023 @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.2 2022/07/25 11:12:29 wiz Exp $ +# $NetBSD: Makefile,v 1.3 2023/02/04 13:23:05 taca Exp $ -GITHUB_PROJECT= cmark-gfm -GITHUB_TAG= ${DISTNAME} -DISTNAME= 0.29.0.gfm.0 +DISTNAME= 0.29.0.gfm.9 PKGNAME= ${GITHUB_PROJECT}-${DISTNAME} CATEGORIES= textproc MASTER_SITES= ${MASTER_SITE_GITHUB:=github/} +GITHUB_PROJECT= cmark-gfm +GITHUB_TAG= ${DISTNAME} DIST_SUBDIR= ${GITHUB_PROJECT} MAINTAINER= pkgsrc-users@NetBSD.org Index: pkgsrc/textproc/cmark-gfm/PLIST diff -u pkgsrc/textproc/cmark-gfm/PLIST:1.1 pkgsrc/textproc/cmark-gfm/PLIST:1.2 --- pkgsrc/textproc/cmark-gfm/PLIST:1.1 Wed Jan 15 06:29:58 2020 +++ pkgsrc/textproc/cmark-gfm/PLIST Sat Feb 4 13:23:05 2023 @@ -1,8 +1,7 @@ -@comment $NetBSD: PLIST,v 1.1 2020/01/15 06:29:58 pho Exp $ +@comment $NetBSD: PLIST,v 1.2 2023/02/04 13:23:05 taca Exp $ bin/cmark-gfm include/cmark-gfm-core-extensions.h include/cmark-gfm-extension_api.h -include/cmark-gfm-extensions_export.h include/cmark-gfm.h include/cmark-gfm_export.h include/cmark-gfm_version.h @@ -12,10 +11,10 @@ lib/cmake/cmark-gfm-release.cmake lib/cmake/cmark-gfm.cmake lib/libcmark-gfm-extensions.a lib/libcmark-gfm-extensions.so -lib/libcmark-gfm-extensions.so.${PKGVERSION} +lib/libcmark-gfm-extensions.so.0.29.0.gfm.6 lib/libcmark-gfm.a lib/libcmark-gfm.so -lib/libcmark-gfm.so.${PKGVERSION} +lib/libcmark-gfm.so.0.29.0.gfm.6 lib/pkgconfig/libcmark-gfm.pc man/man1/cmark-gfm.1 man/man3/cmark-gfm.3 Index: pkgsrc/textproc/cmark-gfm/distinfo diff -u pkgsrc/textproc/cmark-gfm/distinfo:1.3 pkgsrc/textproc/cmark-gfm/distinfo:1.4 --- pkgsrc/textproc/cmark-gfm/distinfo:1.3 Tue Oct 26 11:21:47 2021 +++ pkgsrc/textproc/cmark-gfm/distinfo Sat Feb 4 13:23:05 2023 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.3 2021/10/26 11:21:47 nia Exp $ +$NetBSD: distinfo,v 1.4 2023/02/04 13:23:05 taca Exp $ -BLAKE2s (cmark-gfm/0.29.0.gfm.0.tar.gz) = c965c4b7c5d7ddb01d10995297ef0b1226f97da69ce578e706b1fda30f84ec83 -SHA512 (cmark-gfm/0.29.0.gfm.0.tar.gz) = 54e396e035a43e4d0c86fa7f1c48a6a1283c0caaabdbc56dfcecee92e89e69f6d2e016ae2d9cf4f40258a6455fba7b813c1c6e6d37e53d33a381088ccbc5673e -Size (cmark-gfm/0.29.0.gfm.0.tar.gz) = 284071 bytes +BLAKE2s (cmark-gfm/0.29.0.gfm.9.tar.gz) = c2d08bc16f1ef43a1a9d473d4d76ccf42908129bb537eb99baf89e16338138be +SHA512 (cmark-gfm/0.29.0.gfm.9.tar.gz) = 532ad45c50aad85181a7121f4a36571b4a5795cfce0e528008bedb2ade0678432a317471be13813d38841235ea1312ae02c876e4fd965de4b5d54b00eb0f3a70 +Size (cmark-gfm/0.29.0.gfm.9.tar.gz) = 297003 bytes SHA1 (patch-CMakeLists.txt) = 902d8299234ec0bf2a7a15aaa79cdbbfc49e148f --_----------=_1675516986158820--