Tue Jan 3 15:19:14 2023 UTC ()
www/ruby-rails-html-sanitizer: update to 1.4.4

1.4.4 (2022-12-13)

* Address inefficient regular expression complexity with certain
  configurations of Rails::Html::Sanitizer.

  Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

  Mike Dalessio

* Address improper sanitization of data URIs.

  Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

  Mike Dalessio

* Address possible XSS vulnerability with certain configurations of
  Rails::Html::Sanitizer.

  Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

  Mike Dalessio


(taca)
diff -r1.5 -r1.6 pkgsrc/www/ruby-rails-html-sanitizer/Makefile
diff -r1.7 -r1.8 pkgsrc/www/ruby-rails-html-sanitizer/distinfo
cvs diff -r1.5 -r1.6 pkgsrc/www/ruby-rails-html-sanitizer/Makefile (expand / switch to unified diff)

--- pkgsrc/www/ruby-rails-html-sanitizer/Makefile 2022/06/12 12:20:11 1.5
+++ pkgsrc/www/ruby-rails-html-sanitizer/Makefile 2023/01/03 15:19:13 1.6
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.5 2022/06/12 12:20:11 taca Exp $ 1# $NetBSD: Makefile,v 1.6 2023/01/03 15:19:13 taca Exp $
2 2
3DISTNAME= rails-html-sanitizer-1.4.3 3DISTNAME= rails-html-sanitizer-1.4.4
4CATEGORIES= www 4CATEGORIES= www
5 5
6MAINTAINER= minskim@NetBSD.org 6MAINTAINER= minskim@NetBSD.org
7HOMEPAGE= https://github.com/rails/rails-html-sanitizer 7HOMEPAGE= https://github.com/rails/rails-html-sanitizer
8COMMENT= HTML sanitizer for Rails applications 8COMMENT= HTML sanitizer for Rails applications
9LICENSE= mit 9LICENSE= mit
10 10
11DEPENDS+= ${RUBY_PKGPREFIX}-loofah>=2.3<3:../../www/ruby-loofah 11DEPENDS+= ${RUBY_PKGPREFIX}-loofah>=2.19<3:../../www/ruby-loofah
12 12
13USE_LANGUAGES= # empty 13USE_LANGUAGES= # empty
14 14
15.include "../../lang/ruby/gem.mk" 15.include "../../lang/ruby/gem.mk"
16.include "../../mk/bsd.pkg.mk" 16.include "../../mk/bsd.pkg.mk"
cvs diff -r1.7 -r1.8 pkgsrc/www/ruby-rails-html-sanitizer/distinfo (expand / switch to unified diff)

--- pkgsrc/www/ruby-rails-html-sanitizer/distinfo 2022/06/12 12:20:11 1.7
+++ pkgsrc/www/ruby-rails-html-sanitizer/distinfo 2023/01/03 15:19:13 1.8
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.7 2022/06/12 12:20:11 taca Exp $ 1$NetBSD: distinfo,v 1.8 2023/01/03 15:19:13 taca Exp $
2 2
3BLAKE2s (rails-html-sanitizer-1.4.3.gem) = 110fc5e7b2557d3a8bb7d2424b072e62f7bb9d4dd6d5d6625c4033250a25626a 3BLAKE2s (rails-html-sanitizer-1.4.4.gem) = 36684c6c71abd83aa775f2d14d6ca7e24ac934bf3ca657f06981824b32ce9bf0
4SHA512 (rails-html-sanitizer-1.4.3.gem) = ead339d8ed5aefa737298d886a0db3c353254cfa57bdee7d2011f596ed2871dcad3bd16561728da2447e239fcaa908256bb6436493462bca6310a17a3812ffd9 4SHA512 (rails-html-sanitizer-1.4.4.gem) = 9a6671334967078f744296ca273a8b44c0071d04c841fe626333bbb62c252b6688b5559079a47cda540f06bd35c924ede8d9ef092c775dfab55e2673137fc05b
5Size (rails-html-sanitizer-1.4.3.gem) = 17920 bytes 5Size (rails-html-sanitizer-1.4.4.gem) = 18432 bytes