./textproc/ruby-safe_yaml, Parse YAML safely

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.0.4, Package name: ruby23-safe_yaml-1.0.4, Maintainer: pkgsrc-users

The SafeYAML gem provides an alternative implementation of `YAML.load`
suitable for accepting user input in Ruby applications. Unlike Ruby's
built-in implementation of `YAML.load`, SafeYAML's version will not expose
apps to arbitrary code execution exploits (such as [the ones
discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)
[in Rails in early
2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).

If you encounter any issues with SafeYAML, check out the 'Common Issues'
section below. If you don't see anything that addresses the problem you're
experiencing, by all means, [create an
issue](https://github.com/dtao/safe_yaml/issues/new)!


Required to run:
[lang/ruby23-base]

Master sites:

SHA1: b42af3b12aca32cc7072694e39c0a54d7d80f9d0
RMD160: a71cc7c1f6b751e35d3093ebfab52a117c73384b
Filesize: 29.5 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797)
Log message:
Add SHA512 digests for distfiles for textproc category

Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-13 17:19:35 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-safe_yaml to 1.0.4.

1.0.2
-----

- added warning when using Psych + an older version of libyaml
   2014-03-14 19:27:35 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-safe_yaml to 1.0.1

0.9.7

* made handling of document frontmatter more robust
* added more descriptive message to the warning for omitting the :safe option

0.9.6

* fixed handling of files with trailing content (after closing ---)

For more detail, please refer \ 
<https://github.com/dtao/safe_yaml/commits/master>.
   2013-09-15 18:31:27 by Takahiro Kambe | Files touched by this commit (4)
Log message:
Add ruby-safe_yaml package version 0.9.5.

The SafeYAML gem provides an alternative implementation of `YAML.load`
suitable for accepting user input in Ruby applications.  Unlike Ruby's
built-in implementation of `YAML.load`, SafeYAML's version will not expose
apps to arbitrary code execution exploits (such as [the ones
discovered](http://www.reddit.com/r/netsec/comments … _allowing/)
[in Rails in early
2013](http://www.h-online.com/open/news/item/ … 93511.html)).

If you encounter any issues with SafeYAML, check out the 'Common Issues'
section below.  If you don't see anything that addresses the problem you're
experiencing, by all means,  [create an
issue](https://github.com/dtao/safe_yaml/issues/new)!