CVS commit: pkgsrc/textproc/cmark-gfm

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/cmark-gfm
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Sat, 4 Feb 2023 13:23:06 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Sat Feb  4 13:23:05 UTC 2023

Modified Files:
        pkgsrc/textproc/cmark-gfm: Makefile PLIST distinfo

Log Message:
textproc/cmark-gfm: update to 0.29.0.gfm.9

pkgsrc change: remove pkglint warning.

0.29.0.gfm.1 (2021-09-14)

* Fixed denial of service bug in GFM's table extension per
  GHSA-7gc6-9qr5-hc85

0.29.0.gfm.2 (2021-09-16)

* Fixed issues with footnote rendering when used with the autolinker (#121),
  and when footnotes are adjacent (#139).

* We now allow footnotes to be referenced from inside a footnote definition,
  we use the footnote label for the fnref href text when rendering html, and
  we insert multiple backrefs when a footnote has been referenced multiple
  times (#229, #230)

* We added new data- attributes to footnote html rendering to make them
  easier to style (#234)

0.29.0.gfm.3 (2022-03-03)

* Fixed heap memory corruption vulnerabiliy via integer overflow per
  GHSA-mc3g-88wq-6f4x

0.29.0.gfm.4 (2022-05-31)

* Remove source from list of HTML block elements per
  commonmark/commonmark-spec#710

0.29.0.gfm.5 (2022-08-25)

* Added xmpp: and mailto: support to the autolink extension

0.29.0.gfm.6 (2022-09-15)

* Fixed polynomial time complexity DoS vulnerability in autolink extension
  per GHSA-cgh3-p57x-9q7q

0.29.0.gfm.7 (2023-01-23)

* Fixed CVE-2023-22486, a polynomial time complexity issue in cmark-gfm
  which may lead to unbounded resource exhaustion and subsequent denial of
  service.

* Fixed CVE-2023-22485, in which a crafted markdown document could trigger
  an out-of-bounds read in the validate_protocol function.

* Fixed CVE-2023-22484, a polynomial time complexity issue in cmark-gfm
  which may lead to unbounded resource exhaustion and subsequent denial of
  service.

* Fixed CVE-2023-22483, several polynomial time complexity issues in
  cmark-gfm which may lead to unbounded resource exhaustion and subsequent
  denial of service.

* We removed an unneeded .DS_Store file (#291)

* We added a test for domains with underscores and fix roundtrip behavior
  (#292)

* We now use an up-to-date clang-format (#294)

* We made a variety of implicit integer truncations explicit by moving to
  size_t as our standard size integer type (#302)

* We introduced a new flag mechanism that is used in cmark node state
  management, which requires clients call the cmark_init_standard_node_flags
  function at program startup (420c20a)

The security issues were reported and resolved by @kevinbackhouse and
@philipturnbull of the GitHub Security Lab

0.29.0.gfm.8 (2023-01-25)

* We restored backwards compatibility by deprecating the
  cmark_init_standard_node_flags() requirement, which is now a noop (#305)

* We added a quadratic complexity fuzzing target (#304)

0.29.0.gfm.9 Latest (2023-01-31)

Code was tidied:

* Use of a private header was cleaned up #248
* Man page was update #255
* Warnings for -Wstrict-prototypes were cleaned up #285
* We avoid header duplication #289

New functionality:

* We now store positioning info for url_match #201
* We now expose cmark_parent_footnote_def for non-C renderers #254
* Footnote aria-label text now reference the specific footnote backref, and
  we include a data-footnote-backref-idx attribute so the label can be
  internationalized in a downstream filter #307


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/textproc/cmark-gfm/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/textproc/cmark-gfm/PLIST
cvs rdiff -u -r1.3 -r1.4 pkgsrc/textproc/cmark-gfm/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/cmark-gfm/Makefile
diff -u pkgsrc/textproc/cmark-gfm/Makefile:1.2 pkgsrc/textproc/cmark-gfm/Makefile:1.3
--- pkgsrc/textproc/cmark-gfm/Makefile:1.2      Mon Jul 25 11:12:29 2022
+++ pkgsrc/textproc/cmark-gfm/Makefile  Sat Feb  4 13:23:05 2023
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.2 2022/07/25 11:12:29 wiz Exp $
+# $NetBSD: Makefile,v 1.3 2023/02/04 13:23:05 taca Exp $
 
-GITHUB_PROJECT=        cmark-gfm
-GITHUB_TAG=    ${DISTNAME}
-DISTNAME=      0.29.0.gfm.0
+DISTNAME=      0.29.0.gfm.9
 PKGNAME=       ${GITHUB_PROJECT}-${DISTNAME}
 CATEGORIES=    textproc
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=github/}
+GITHUB_PROJECT=        cmark-gfm
+GITHUB_TAG=    ${DISTNAME}
 DIST_SUBDIR=   ${GITHUB_PROJECT}
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost

Index: pkgsrc/textproc/cmark-gfm/PLIST
diff -u pkgsrc/textproc/cmark-gfm/PLIST:1.1 pkgsrc/textproc/cmark-gfm/PLIST:1.2
--- pkgsrc/textproc/cmark-gfm/PLIST:1.1 Wed Jan 15 06:29:58 2020
+++ pkgsrc/textproc/cmark-gfm/PLIST     Sat Feb  4 13:23:05 2023
@@ -1,8 +1,7 @@
-@comment $NetBSD: PLIST,v 1.1 2020/01/15 06:29:58 pho Exp $
+@comment $NetBSD: PLIST,v 1.2 2023/02/04 13:23:05 taca Exp $
 bin/cmark-gfm
 include/cmark-gfm-core-extensions.h
 include/cmark-gfm-extension_api.h
-include/cmark-gfm-extensions_export.h
 include/cmark-gfm.h
 include/cmark-gfm_export.h
 include/cmark-gfm_version.h
@@ -12,10 +11,10 @@ lib/cmake/cmark-gfm-release.cmake
 lib/cmake/cmark-gfm.cmake
 lib/libcmark-gfm-extensions.a
 lib/libcmark-gfm-extensions.so
-lib/libcmark-gfm-extensions.so.${PKGVERSION}
+lib/libcmark-gfm-extensions.so.0.29.0.gfm.6
 lib/libcmark-gfm.a
 lib/libcmark-gfm.so
-lib/libcmark-gfm.so.${PKGVERSION}
+lib/libcmark-gfm.so.0.29.0.gfm.6
 lib/pkgconfig/libcmark-gfm.pc
 man/man1/cmark-gfm.1
 man/man3/cmark-gfm.3

Index: pkgsrc/textproc/cmark-gfm/distinfo
diff -u pkgsrc/textproc/cmark-gfm/distinfo:1.3 pkgsrc/textproc/cmark-gfm/distinfo:1.4
--- pkgsrc/textproc/cmark-gfm/distinfo:1.3      Tue Oct 26 11:21:47 2021
+++ pkgsrc/textproc/cmark-gfm/distinfo  Sat Feb  4 13:23:05 2023
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.3 2021/10/26 11:21:47 nia Exp $
+$NetBSD: distinfo,v 1.4 2023/02/04 13:23:05 taca Exp $
 
-BLAKE2s (cmark-gfm/0.29.0.gfm.0.tar.gz) = c965c4b7c5d7ddb01d10995297ef0b1226f97da69ce578e706b1fda30f84ec83
-SHA512 (cmark-gfm/0.29.0.gfm.0.tar.gz) = 54e396e035a43e4d0c86fa7f1c48a6a1283c0caaabdbc56dfcecee92e89e69f6d2e016ae2d9cf4f40258a6455fba7b813c1c6e6d37e53d33a381088ccbc5673e
-Size (cmark-gfm/0.29.0.gfm.0.tar.gz) = 284071 bytes
+BLAKE2s (cmark-gfm/0.29.0.gfm.9.tar.gz) = c2d08bc16f1ef43a1a9d473d4d76ccf42908129bb537eb99baf89e16338138be
+SHA512 (cmark-gfm/0.29.0.gfm.9.tar.gz) = 532ad45c50aad85181a7121f4a36571b4a5795cfce0e528008bedb2ade0678432a317471be13813d38841235ea1312ae02c876e4fd965de4b5d54b00eb0f3a70
+Size (cmark-gfm/0.29.0.gfm.9.tar.gz) = 297003 bytes
 SHA1 (patch-CMakeLists.txt) = 902d8299234ec0bf2a7a15aaa79cdbbfc49e148f

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index