~ruther/guix-local

f362b53c40b166b6e1fae1c38b00023d88e0cedd — Marius Bakke 6 years ago 2e366b0
gnu: ruby-sanitize: Update to 5.1.0.

* gnu/packages/patches/ruby-sanitize-system-libxml.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/ruby.scm (ruby-sanitize): Update to 5.1.0.
[source]: Change to GIT-FETCH.  Add patch.
[native-inputs]: Remove BUNDLER, RUBY-REDCARPET, and RUBY-YARD.
3 files changed, 51 insertions(+), 13 deletions(-)

M gnu/local.mk
A gnu/packages/patches/ruby-sanitize-system-libxml.patch
M gnu/packages/ruby.scm
M gnu/local.mk => gnu/local.mk +2 -1
@@ 1464,7 1464,8 @@ dist_patch_DATA =						\
  %D%/packages/patches/rtags-separate-rct.patch			\
  %D%/packages/patches/racket-store-checksum-override.patch	\
  %D%/packages/patches/retroarch-disable-online-updater.patch	\
  %D%/packages/patches/ruby-rack-ignore-failing-test.patch      \
  %D%/packages/patches/ruby-rack-ignore-failing-test.patch	\
  %D%/packages/patches/ruby-sanitize-system-libxml.patch	\
  %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
  %D%/packages/patches/runc-CVE-2019-5736.patch			\
  %D%/packages/patches/rust-1.19-mrustc.patch			\

A gnu/packages/patches/ruby-sanitize-system-libxml.patch => gnu/packages/patches/ruby-sanitize-system-libxml.patch +38 -0
@@ 0,0 1,38 @@
Fix test failures that occur when nokogiri is using system libxml:

  https://github.com/rgrove/sanitize/issues/198

Taken from upstream:
https://github.com/rgrove/sanitize/commit/21da9b62baf9ea659811d92e6b574130aee57eba

diff --git a/test/test_malicious_html.rb b/test/test_malicious_html.rb
index 2c23074..0756de0 100644
--- a/test/test_malicious_html.rb
+++ b/test/test_malicious_html.rb
@@ -135,6 +135,8 @@
   # The relevant libxml2 code is here:
   # <https://github.com/GNOME/libxml2/commit/960f0e275616cadc29671a218d7fb9b69eb35588>
   describe 'unsafe libxml2 server-side includes in attributes' do
+    using_unpatched_libxml2 = Nokogiri::VersionInfo.instance.libxml2_using_system?
+
     tag_configs = [
       {
         tag_name: 'a',
@@ -166,6 +168,8 @@
         input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
 
         it 'should escape unsafe characters in attributes' do
+          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
+
           # This uses Nokogumbo's HTML-compliant serializer rather than
           # libxml2's.
           @s.fragment(input).
@@ -191,6 +195,8 @@
         input = %[<#{tag_name} #{attr_name}='examp<!--" onmouseover=alert(1)>-->le.com'>foo</#{tag_name}>]
 
         it 'should not escape characters unnecessarily' do
+          skip "behavior should only exist in nokogiri's patched libxml" if using_unpatched_libxml2
+
           # This uses Nokogumbo's HTML-compliant serializer rather than
           # libxml2's.
           @s.fragment(input).

M gnu/packages/ruby.scm => gnu/packages/ruby.scm +11 -12
@@ 5319,33 5319,32 @@ access the result as a Nokogiri parsed document.")
(define-public ruby-sanitize
  (package
    (name "ruby-sanitize")
    (version "4.6.3")
    (version "5.1.0")
    (home-page "https://github.com/rgrove/sanitize")
    (source (origin
              (method url-fetch)
              (method git-fetch)
              ;; The gem does not include the Rakefile, so we download the
              ;; release tarball from Github.
              (uri (string-append "https://github.com/rgrove/"
                                  "sanitize/archive/v" version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              ;; source from Github.
              (uri (git-reference
                    (url home-page)
                    (commit (string-append "v" version))))
              (file-name (git-file-name name version))
              (patches (search-patches "ruby-sanitize-system-libxml.patch"))
              (sha256
               (base32
                "1fmqppwif3cm8h79006jfzkdnlxxzlry9kzk03psk0d5xpg55ycc"))))
                "0lj0q9yhjp0q0in5majkshnki07mw8m2vxgndx4m5na6232aszl0"))))
    (build-system ruby-build-system)
    (propagated-inputs
     `(("ruby-crass" ,ruby-crass)
       ("ruby-nokogiri" ,ruby-nokogiri)
       ("ruby-nokogumbo" ,ruby-nokogumbo)))
    (native-inputs
     `(("bundler" ,bundler)
       ("ruby-minitest" ,ruby-minitest)
       ("ruby-redcarpet" ,ruby-redcarpet)
       ("ruby-yard" ,ruby-yard)))
     `(("ruby-minitest" ,ruby-minitest)))
    (synopsis "Whitelist-based HTML and CSS sanitizer")
    (description
     "Sanitize is a whitelist-based HTML and CSS sanitizer.  Given a list of
acceptable elements, attributes, and CSS properties, Sanitize will remove all
unacceptable HTML and/or CSS from a string.")
    (home-page "https://github.com/rgrove/sanitize/")
    (license license:expat)))

(define-public ruby-oj