diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 3 | ||||
-rw-r--r-- | gnu/packages/patches/ruby-sanitize-system-libxml.patch | 38 | ||||
-rw-r--r-- | gnu/packages/ruby.scm | 11 |
3 files changed, 5 insertions, 47 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 325bdd570a..eba4fc2d01 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -19,7 +19,7 @@ # Copyright © 2018 Amirouche Boubekki <amirouche@hypermove.net> # Copyright © 2018, 2019, 2020, 2021, 2022 Oleg Pykhalov <go.wigust@gmail.com> # Copyright © 2018 Stefan Stefanović <stefanx2ovic@gmail.com> -# Copyright © 2018, 2020, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com> +# Copyright © 2018, 2020, 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com> # Copyright © 2019, 2020, 2021, 2022 Guillaume Le Vaillant <glv@posteo.net> # Copyright © 2019, 2020 John Soo <jsoo1@asu.edu> # Copyright © 2019 Jonathan Brielmaier <jonathan.brielmaier@web.de> @@ -1813,7 +1813,6 @@ dist_patch_DATA = \ %D%/packages/patches/ruby-anystyle-fix-dictionary-populate.patch \ %D%/packages/patches/ruby-latex-decode-fix-test.patch \ %D%/packages/patches/ruby-mustache-1.1.1-fix-race-condition-tests.patch \ - %D%/packages/patches/ruby-sanitize-system-libxml.patch \ %D%/packages/patches/rustc-1.54.0-src.patch \ %D%/packages/patches/rust-1.64-fix-riscv64-bootstrap.patch \ %D%/packages/patches/rust-adblock-ignore-live-tests.patch \ diff --git a/gnu/packages/patches/ruby-sanitize-system-libxml.patch b/gnu/packages/patches/ruby-sanitize-system-libxml.patch deleted file mode 100644 index d19eb07294..0000000000 --- a/gnu/packages/patches/ruby-sanitize-system-libxml.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix test failures that occur when nokogiri is using system libxml: - - https://github.com/rgrove/sanitize/issues/198 - -Taken from upstream: -https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba - -diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb -index 2c23074..0756de0 100644 ---- a/test/test_malicious_html.rb -+++ b/test/test_malicious_html.rb -@@ -135,6 +135,8 @@ - # The relevant libxml2 code is here: - # <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588> - describe 'unsafe libxml2 server-side includes in attributes' do -+ using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system? -+ - tag_configs = [ - { - tag_name: 'a', -@@ -166,6 +168,8 @@ - input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>] - - it 'should escape unsafe characters in attributes' do -+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2 -+ - # This uses Nokogumbo's HTML-compliant serializer rather than - # libxml2's. - @s.fragment(input). -@@ -191,6 +195,8 @@ - input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>] - - it 'should not escape characters unnecessarily' do -+ skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2 -+ - # This uses Nokogumbo's HTML-compliant serializer rather than - # libxml2's. - @s.fragment(input). diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index f52503f70e..540aab23af 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -6365,7 +6365,7 @@ multibyte strings, internationalization, time zones, and testing.") (define-public ruby-sanitize (package (name "ruby-sanitize") - (version "5.1.0") + (version "6.0.0") (home-page "https://github.com/rgrove/sanitize") (source (origin (method git-fetch) @@ -6375,15 +6375,12 @@ multibyte strings, internationalization, time zones, and testing.") (url home-page) (commit (string-append "v" version)))) (file-name (git-file-name name version)) - (patches (search-patches "ruby-sanitize-system-libxml.patch")) (sha256 (base32 - "0lj0q9yhjp0q0in5majkshnki07mw8m2vxgndx4m5na6232aszl0")))) + "0p1a28vx95vscy9xzzyyddzgb9496x42a5i2ka39cpxbl5f3gkl0")))) (build-system ruby-build-system) - (propagated-inputs - (list ruby-crass ruby-nokogiri ruby-nokogumbo)) - (native-inputs - (list ruby-minitest)) + (propagated-inputs (list ruby-crass ruby-nokogiri)) + (native-inputs (list ruby-minitest)) (synopsis "Whitelist-based HTML and CSS sanitizer") (description "Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of |