gnu: ruby-sanitize: Update to 6.0.0.

* gnu/packages/ruby.scm (ruby-sanitize): Update to 6.0.0.  Re-indent inputs.
[source]: Delete patch.
* gnu/packages/patches/ruby-sanitize-system-libxml.patch: Delete patch.
* gnu/local.mk (dist_patch_DATA): De-register it.
This commit is contained in:
Maxim Cournoyer 2023-01-06 15:51:44 -05:00
parent d163a379b9
commit b0f92620d8
No known key found for this signature in database
GPG key ID: 1260E46482E63562
3 changed files with 5 additions and 47 deletions

View file

@ -19,7 +19,7 @@
# Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net>
# Copyright © 2018, 2019, 2020, 2021, 2022 Oleg Pykhalov <go.wigust@gmail.com>
# Copyright © 2018 Stefan Stefanović <stefanx2ovic@gmail.com>
# Copyright © 2018, 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
# Copyright © 2018, 2020, 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
# Copyright © 2019, 2020, 2021, 2022 Guillaume Le Vaillant <glv@posteo.net>
# Copyright © 2019, 2020 John Soo <jsoo1@asu.edu>
# Copyright © 2019 Jonathan Brielmaier <jonathan.brielmaier@web.de>
@ -1813,7 +1813,6 @@ dist_patch_DATA = \
%D%/packages/patches/ruby-anystyle-fix-dictionary-populate.patch \
%D%/packages/patches/ruby-latex-decode-fix-test.patch \
%D%/packages/patches/ruby-mustache-1.1.1-fix-race-condition-tests.patch \
%D%/packages/patches/ruby-sanitize-system-libxml.patch \
%D%/packages/patches/rustc-1.54.0-src.patch \
%D%/packages/patches/rust-1.64-fix-riscv64-bootstrap.patch \
%D%/packages/patches/rust-adblock-ignore-live-tests.patch \

View file

@ -1,38 +0,0 @@
Fix test failures that occur when nokogiri is using system libxml:
https://github.com/rgrove/sanitize/issues/198
Taken from upstream:
https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba
diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
index 2c23074..0756de0 100644
--- a/test/test_malicious_html.rb
+++ b/test/test_malicious_html.rb
@@ -135,6 +135,8 @@
# The relevant libxml2 code is here:
# <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
describe 'unsafe libxml2 server-side includes in attributes' do
+ using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
+
tag_configs = [
{
tag_name: 'a',
@@ -166,6 +168,8 @@
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
it 'should escape unsafe characters in attributes' do
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
+
# This uses Nokogumbo's HTML-compliant serializer rather than
# libxml2's.
@s.fragment(input).
@@ -191,6 +195,8 @@
input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
it 'should not escape characters unnecessarily' do
+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
+
# This uses Nokogumbo's HTML-compliant serializer rather than
# libxml2's.
@s.fragment(input).

View file

@ -6365,7 +6365,7 @@ (define-public ruby-nokogumbo
(define-public ruby-sanitize
(package
(name "ruby-sanitize")
(version "5.1.0")
(version "6.0.0")
(home-page "https://github.com/rgrove/sanitize")
(source (origin
(method git-fetch)
@ -6375,15 +6375,12 @@ (define-public ruby-sanitize
(url home-page)
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(patches (search-patches "ruby-sanitize-system-libxml.patch"))
(sha256
(base32
"0lj0q9yhjp0q0in5majkshnki07mw8m2vxgndx4m5na6232aszl0"))))
"0p1a28vx95vscy9xzzyyddzgb9496x42a5i2ka39cpxbl5f3gkl0"))))
(build-system ruby-build-system)
(propagated-inputs
(list ruby-crass ruby-nokogiri ruby-nokogumbo))
(native-inputs
(list ruby-minitest))
(propagated-inputs (list ruby-crass ruby-nokogiri))
(native-inputs (list ruby-minitest))
(synopsis "Whitelist-based HTML and CSS sanitizer")
(description
"Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of