diff options
Diffstat (limited to 'gnu/packages/ruby.scm')
| -rw-r--r-- | gnu/packages/ruby.scm | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 73bf85241c..2753403834 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -1349,7 +1349,7 @@ Prawn module.") (origin (method git-fetch) (uri (git-reference - (url "https://github.com/prawnpdf/prawn-templates.git") + (url "https://github.com/prawnpdf/prawn-templates") (commit version))) (file-name (git-file-name name version)) (sha256 @@ -1411,7 +1411,7 @@ loader for the file type associated with a filename extension, and it augments (origin (method git-fetch) ;no test suite in distributed gem (uri (git-reference - (url "https://github.com/cjheath/treetop.git") + (url "https://github.com/cjheath/treetop") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -1474,7 +1474,7 @@ for performance optimizations in Ruby code.") (origin (method git-fetch) (uri (git-reference - (url "https://github.com/searls/gimme.git") + (url "https://github.com/searls/gimme") (commit commit))) (file-name (git-file-name name version)) (sha256 @@ -1535,7 +1535,7 @@ only what they care about.") (origin (method git-fetch) ;no test suite in distributed gem (uri (git-reference - (url "https://github.com/testdouble/standard.git") + (url "https://github.com/testdouble/standard") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -1582,17 +1582,16 @@ to save time in the following ways: (define-public ruby-chunky-png (package (name "ruby-chunky-png") - (version "1.3.12") + (version "1.3.14") (source (origin (method git-fetch) (uri (git-reference - (url "https://github.com/wvanbergen/chunky_png.git") + (url "https://github.com/wvanbergen/chunky_png") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 - (base32 - "0hn8ap7iib47qkqdp0awmxgma11z0lmk1ca3lp7c97ykhv7ij1zs")))) + (base32 "1m7y11ix38h5a2pj5v81qdmvqh980ql9hp62hk2dxwkwsa4nh22h")))) (build-system ruby-build-system) (arguments `(#:test-target "spec" @@ -1639,7 +1638,12 @@ pixel, depending on the hardware). Performance: ChunkyPNG is reasonably fast for Ruby standards, by only using integer math and a highly optimized saving routine. @item Interoperability with RMagick. -@end itemize") +@end itemize + +ChunkyPNG is vulnerable to decompression bombs and can run out of memory when +loading a specifically crafted PNG file. This is hard to fix in pure Ruby. +Deal with untrusted images in a separate process, e.g., by using @code{fork} +or a background processing library.") (home-page "https://github.com/wvanbergen/chunky_png/wiki") (license license:expat))) @@ -1701,7 +1705,7 @@ web pages.") (origin (method git-fetch) ;no test suite in the distributed gem (uri (git-reference - (url "https://github.com/asciidoctor/asciidoctor-pdf.git") + (url "https://github.com/asciidoctor/asciidoctor-pdf") (commit commit))) (file-name (git-file-name name version)) (sha256 @@ -6821,7 +6825,7 @@ inspired by the Sinatra microframework style of specifying actions: (origin (method git-fetch) ;no test suite in distributed gem (uri (git-reference - (url "https://github.com/rubocop-hq/rubocop-ast.git") + (url "https://github.com/rubocop-hq/rubocop-ast") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -6865,7 +6869,7 @@ by RuboCop to deal with Ruby's Abstract Syntax Tree (AST), in particular: (origin (method git-fetch) ;no tests in distributed gem (uri (git-reference - (url "https://github.com/ruby/rexml.git") + (url "https://github.com/ruby/rexml") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -6916,7 +6920,7 @@ better performance than @code{Regexp} and @code{String} methods from the (origin (method git-fetch) (uri (git-reference - (url "https://github.com/janosch-x/range_compressor.git") + (url "https://github.com/janosch-x/range_compressor") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -6949,7 +6953,7 @@ following: @code{[1, 2, 3, 4, 6, 8, 9, 10]} into @code{[1..4, 6..6, 8..10]}.") (origin (method git-fetch) (uri (git-reference ;no test suite in distributed gem - (url "https://github.com/jaynetics/regexp_property_values.git") + (url "https://github.com/jaynetics/regexp_property_values") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -6980,7 +6984,7 @@ they match.") (origin (method git-fetch) ;bin/test missing from gem (uri (git-reference - (url "https://github.com/ammar/regexp_parser.git") + (url "https://github.com/ammar/regexp_parser") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -7053,7 +7057,7 @@ run.") (origin (method git-fetch) ;no tests in distributed gem (uri (git-reference - (url "https://github.com/rubocop-hq/rubocop.git") + (url "https://github.com/rubocop-hq/rubocop") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -10533,7 +10537,7 @@ custom checks. This gem provides a set of additional checks.") (source (origin (method git-fetch) ;no test in distributed gem archive (uri (git-reference - (url "https://github.com/yob/pdf-reader.git") + (url "https://github.com/yob/pdf-reader") (commit (string-append "v" version)))) (file-name (git-file-name name version)) (sha256 @@ -10573,7 +10577,7 @@ access to the contents of a PDF file with a high degree of flexibility.") (source (origin (method git-fetch) (uri (git-reference - (url "https://github.com/prawnpdf/pdf-inspector.git") + (url "https://github.com/prawnpdf/pdf-inspector") (commit commit))) (file-name (git-file-name name version)) (sha256 @@ -10636,7 +10640,7 @@ functionality from Prawn.") (source (origin (method git-fetch) (uri (git-reference - (url "https://github.com/prawnpdf/prawn.git") + (url "https://github.com/prawnpdf/prawn") (commit commit))) (file-name (git-file-name name version)) (sha256 |