gentoo auto-resync : 21:07:2023 - 20:47:34

4 files changed, 104 insertions, 0 deletions

diff --git a/dev-ruby/redcloth/Manifest b/dev-ruby/redcloth/Manifest
index 9cf4671248bf..1d0254ad4620 100644
--- a/dev-ruby/redcloth/Manifest
+++ b/dev-ruby/redcloth/Manifest
@@ -1,4 +1,7 @@
+AUX redcloth-4.3.2-cve-2023-31606-1.patch 869 BLAKE2B ca648a75300628168a2672efd622084362e2ee9f62062051610ec3641275cc17c17cbd41b862347b11dfd897d37896528c07d89f00acd0f75ce44f873749be85 SHA512 b040b0acba0fa3a2fc7a853b2fed483cc1a56e6ef32c0c076b642d0639749adb075f8ce8c871669b2d0b64247906960512c83610aa980af6cc3b3a5617503ce5
+AUX redcloth-4.3.2-cve-2023-31606-2.patch 844 BLAKE2B 070c76abc03d1b66f35b82079b1a7703a34fec6315d9a4026c472d145ee26ad3287046dc0e32a9c3ac9e4cb30763deab2be328d3cedbaa7f10bcd32fdd3de9e9 SHA512 85de784726bbc05992411fc1c89475d146fa774127e4e6f5a659c217b53c47d60c055e81632fafe61750777a519403dd7f548678dc092a0e4066dab47a8ed757
 AUX redcloth-4.3.2-load-documents.patch 988 BLAKE2B 75e2a385abaf14caef523ae418e87b000900c93d3afe4491300335dd9d5a26fef28a34b3318fada0625e91cafba42a82fb05a2d8acfd6c5afcff4e8ac491890f SHA512 cce18ba0c30d6820020d71dd032d1b193976eaa103ca7bb294a7b1cfb0e61b82aa31e0d8bd8b8d9305e8c087a4109563897a7cd77ec9c020b453c8dc97d48003
 DIST RedCloth-4.3.2.tar.gz 91880 BLAKE2B 0feac1ec59e23fcff39e2fdf9beff896be7949764e53a5a834c5f4e7d18813dc59bf354103d4fab82a709341a0f1b6919bbd3a463fd601564888672dbe73d343 SHA512 377fef21e646beb1658a4b8b8d0228e9730c6c8f33075a14137afcf80e8d37501ede8c05b720d0dfb36a680017f4dedd01565fe9b326ae06ead77afee6f122ca
 EBUILD redcloth-4.3.2-r4.ebuild 1339 BLAKE2B 094f1ab7b4d674f09be9bca0acc5f6fef8b41a05ced6edafc70b9b66319d4c5f8db2c7f2cf7336f33b1e87ad83d834a71642189948bfc35cea373e94e9409417 SHA512 1ca59108bb58d8104c88af54eb9fea8e99fff328a5c752946e52df64940fb993845bbe16c38878757e712ee11218fc9667ac5bd83b469739f332eb46ab3176ff
+EBUILD redcloth-4.3.2-r5.ebuild 1412 BLAKE2B eedf183a3135dd8ee6cb8eee90fb88758be6304333ba567a17215c5a0f52462c1094053102638664f1f0192dd5e90fa9f8ed5bd7a6adf3222c55f3f1ef947e9a SHA512 6906dc38ea3c6b2a38e53e074568eaa2e996e7473c0171298a3cbc2175367cee0f3fb9ad3ab5d9cf07334bb275d4c42bd9498e1e1f35e98151cf3e4bb1d504f2
 MISC metadata.xml 343 BLAKE2B bc8d08f10a63e9472843d4dacf05c70f08fdf9587b6811e062360185ad66f9d144f0f871369f6a4f049a51a292965b902a3ba346e649671a4a283cf93fbbaa7e SHA512 89848472f2bf75c4286766d4aa62799db98fc22aa2be9cd2c05453e0e6c1868fe61c46b7bc0e83ab97ec85f959826699eef36215c4fcd6186e70ee975ec878ac
diff --git a/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch
new file mode 100644
index 000000000000..f5de833dafb3
--- /dev/null
+++ b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch
@@ -0,0 +1,22 @@
+From 8d3b5c730596d254d0bbcfbab52f4158f03397b3 Mon Sep 17 00:00:00 2001
+From: Kornelius Kalnbach <murphy@rubychan.de>
+Date: Wed, 28 Jun 2023 17:24:55 +0200
+Subject: [PATCH] make regex faster with Atomic Grouping
+
+---
+ lib/redcloth/formatters/html.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
+index b241c99..aaeae34 100644
+--- a/lib/redcloth/formatters/html.rb
++++ b/lib/redcloth/formatters/html.rb
+@@ -324,7 +324,7 @@ def before_transform(text)
+   # Clean unauthorized tags.
+   def clean_html( text, allowed_tags = BASIC_TAGS )
+     text.gsub!( /<!\[CDATA\[/, '' )
+-    text.gsub!( /<(\/*)([A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
++    text.gsub!( /<(\/*)(?>[A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
+       raw = $~
+       tag = raw[2].downcase
+       if allowed_tags.has_key? tag
diff --git a/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch
new file mode 100644
index 000000000000..fd8de28f0e71
--- /dev/null
+++ b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch
@@ -0,0 +1,22 @@
+From 7429f32bdac4fccf9f5ab702afc9c47092a7b3df Mon Sep 17 00:00:00 2001
+From: Kornelius Kalnbach <murphy@rubychan.de>
+Date: Thu, 29 Jun 2023 00:31:50 +0200
+Subject: [PATCH] simplify fix
+
+---
+ lib/redcloth/formatters/html.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
+index aaeae34..396c2d0 100644
+--- a/lib/redcloth/formatters/html.rb
++++ b/lib/redcloth/formatters/html.rb
+@@ -324,7 +324,7 @@ def before_transform(text)
+   # Clean unauthorized tags.
+   def clean_html( text, allowed_tags = BASIC_TAGS )
+     text.gsub!( /<!\[CDATA\[/, '' )
+-    text.gsub!( /<(\/*)(?>[A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m|
++    text.gsub!( /<(\/*)([A-Za-z]\w*+)([^>]*?)(\s?\/?)>/ ) do |m|
+       raw = $~
+       tag = raw[2].downcase
+       if allowed_tags.has_key? tag
diff --git a/dev-ruby/redcloth/redcloth-4.3.2-r5.ebuild b/dev-ruby/redcloth/redcloth-4.3.2-r5.ebuild
new file mode 100644
index 000000000000..b43a51c4804f
--- /dev/null
+++ b/dev-ruby/redcloth/redcloth-4.3.2-r5.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+USE_RUBY="ruby30 ruby31 ruby32"
+
+RUBY_FAKEGEM_NAME="RedCloth"
+
+RUBY_FAKEGEM_RECIPE_TEST="rspec3"
+RUBY_FAKEGEM_TASK_DOC=""
+
+RUBY_FAKEGEM_DOCDIR="doc"
+
+RUBY_FAKEGEM_EXTRADOC="README.rdoc CHANGELOG"
+
+RUBY_FAKEGEM_REQUIRE_PATHS="lib/case_sensitive_require"
+
+RUBY_FAKEGEM_GEMSPEC=redcloth.gemspec
+
+RUBY_FAKEGEM_EXTENSIONS=(ext/redcloth_scan/extconf.rb)
+
+inherit ruby-fakegem
+
+DESCRIPTION="A module for using Textile in Ruby"
+HOMEPAGE="https://github.com/jgarber/redcloth"
+SRC_URI="https://github.com/jgarber/redcloth/archive/v${PV}.tar.gz -> ${RUBY_FAKEGEM_NAME}-${PV}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE=""
+
+DEPEND+=" =dev-util/ragel-6*"
+
+PATCHES=(
+	"${FILESDIR}/${P}-load-documents.patch"
+	"${FILESDIR}/${P}-cve-2023-31606-1.patch"
+	"${FILESDIR}/${P}-cve-2023-31606-2.patch"
+)
+
+ruby_add_bdepend "
+	>=dev-ruby/rake-0.8.7
+	>=dev-ruby/rake-compiler-0.7.1
+	test? ( >=dev-ruby/diff-lcs-1.1.2 )"
+
+all_ruby_prepare() {
+	sed -i -e '/[Bb]undler/d' Rakefile ${PN}.gemspec || die
+	rm -f tasks/{release,rspec,rvm}.rake || die
+
+	# Fix version
+	sed -i -e '/TINY/ s/1/2/' lib/redcloth/version.rb || die
+}
+
+each_ruby_prepare() {
+	${RUBY} -S rake ext/redcloth_scan/extconf.rb || die
+}