pkgsrc.se | The NetBSD package collection

./textproc/ruby-safe_yaml, Parse YAML safely

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.5, Package name: ruby27-safe_yaml-1.0.5, Maintainer: pkgsrc-users

The SafeYAML gem provides an alternative implementation of `YAML.load`
suitable for accepting user input in Ruby applications. Unlike Ruby's
built-in implementation of `YAML.load`, SafeYAML's version will not expose
apps to arbitrary code execution exploits (such as [the ones
discovered](http://www.reddit.com/r/netsec/comments/167c11/serious_vulnerability_in_ruby_on_rails_allowing/)
[in Rails in early
2013](http://www.h-online.com/open/news/item/Rails-developers-close-another-extremely-critical-flaw-1793511.html)).

If you encounter any issues with SafeYAML, check out the 'Common Issues'
section below. If you don't see anything that addresses the problem you're
experiencing, by all means, [create an
issue](https://github.com/dtao/safe_yaml/issues/new)!

Required to run:
[lang/ruby26-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://rubygems.org/gems/ (Download)

Filesize: 30 KB

Version history: (Expand)

(2021-10-07) Updated to version: ruby27-safe_yaml-1.0.5
(2020-03-24) Updated to version: ruby26-safe_yaml-1.0.5
(2020-01-19) Updated to version: ruby26-safe_yaml-1.0.4nb1
(2018-03-21) Updated to version: ruby24-safe_yaml-1.0.4nb1
(2017-11-23) Package has been reborn
(2017-09-11) Updated to version: ruby23-safe_yaml-1.0.4

CVS history: (Expand)

2021-10-26 13:23:42 by Nia Alarie | Files touched by this commit (1161)

Log message:
textproc: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip

2021-10-07 17:02:49 by Nia Alarie | Files touched by this commit (1162)

Log message:
textproc: Remove SHA1 hashes for distfiles

2020-03-24 18:03:36 by Takahiro Kambe | Files touched by this commit (3) | Package updated

Log message:
textproc/ruby-safe_yaml: update to 1.0.5

Update ruby-safe_yaml to 1.0.5.
pkgsrc change: add "USE_LANGUAGES=	# none".

1.0.5
-----

- fixed [#80](https://github.com/dtao/safe_yaml/issues/80): uninitialized \ 
constant DateTime

2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)

Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.

2018-03-21 14:56:43 by Takahiro Kambe | Files touched by this commit (3)

Log message:
textproc/ruby-safe_yaml: add pkg_alternatives support

Bump PKGREVISION.

2015-11-04 03:00:17 by Alistair G. Crooks | Files touched by this commit (797)

Log message:
Add SHA512 digests for distfiles for textproc category

Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

2015-03-13 17:19:35 by Takahiro Kambe | Files touched by this commit (3)

Log message:
Update ruby-safe_yaml to 1.0.4.

1.0.2
-----

- added warning when using Psych + an older version of libyaml

2014-03-14 19:27:35 by Takahiro Kambe | Files touched by this commit (3)

Log message:
Update ruby-safe_yaml to 1.0.1

0.9.7

* made handling of document frontmatter more robust
* added more descriptive message to the warning for omitting the :safe option

0.9.6

* fixed handling of files with trailing content (after closing ---)

For more detail, please refer \ 
<https://github.com/dtao/safe_yaml/commits/master>.