Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
textproc/cmark-gfm: update to 0.29.0.gfm.9
pkgsrc change: remove pkglint warning. 0.29.0.gfm.1 (2021-09-14) * Fixed denial of service bug in GFM's table extension per GHSA-7gc6-9qr5-hc85 0.29.0.gfm.2 (2021-09-16) * Fixed issues with footnote rendering when used with the autolinker (#121), and when footnotes are adjacent (#139). * We now allow footnotes to be referenced from inside a footnote definition, we use the footnote label for the fnref href text when rendering html, and we insert multiple backrefs when a footnote has been referenced multiple times (#229, #230) * We added new data- attributes to footnote html rendering to make them easier to style (#234) 0.29.0.gfm.3 (2022-03-03) * Fixed heap memory corruption vulnerabiliy via integer overflow per GHSA-mc3g-88wq-6f4x 0.29.0.gfm.4 (2022-05-31) * Remove source from list of HTML block elements per commonmark/commonmark-spec#710 0.29.0.gfm.5 (2022-08-25) * Added xmpp: and mailto: support to the autolink extension 0.29.0.gfm.6 (2022-09-15) * Fixed polynomial time complexity DoS vulnerability in autolink extension per GHSA-cgh3-p57x-9q7q 0.29.0.gfm.7 (2023-01-23) * Fixed CVE-2023-22486, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * Fixed CVE-2023-22485, in which a crafted markdown document could trigger an out-of-bounds read in the validate_protocol function. * Fixed CVE-2023-22484, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * Fixed CVE-2023-22483, several polynomial time complexity issues in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service. * We removed an unneeded .DS_Store file (#291) * We added a test for domains with underscores and fix roundtrip behavior (#292) * We now use an up-to-date clang-format (#294) * We made a variety of implicit integer truncations explicit by moving to size_t as our standard size integer type (#302) * We introduced a new flag mechanism that is used in cmark node state management, which requires clients call the cmark_init_standard_node_flags function at program startup (420c20a) The security issues were reported and resolved by @kevinbackhouse and @philipturnbull of the GitHub Security Lab 0.29.0.gfm.8 (2023-01-25) * We restored backwards compatibility by deprecating the cmark_init_standard_node_flags() requirement, which is now a noop (#305) * We added a quadratic complexity fuzzing target (#304) 0.29.0.gfm.9 Latest (2023-01-31) Code was tidied: * Use of a private header was cleaned up #248 * Man page was update #255 * Warnings for -Wstrict-prototypes were cleaned up #285 * We avoid header duplication #289 New functionality: * We now store positioning info for url_match #201 * We now expose cmark_parent_footnote_def for non-C renderers #254 * Footnote aria-label text now reference the specific footnote backref, and we include a data-footnote-backref-idx attribute so the label can be internationalized in a downstream filter #307
- Loading branch information