proj/gentoo: Initial commit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed

5 files changed, 189 insertions, 0 deletions

diff --git a/dev-ruby/redcloth/Manifest b/dev-ruby/redcloth/Manifest
new file mode 100644
index 000000000000..d684d714bee5
--- /dev/null
+++ b/dev-ruby/redcloth/Manifest
@@ -0,0 +1 @@
+DIST RedCloth-git-4.2.9.tgz 96897 SHA256 e649f46a58b949c6d229714c25b747f331b4a5b887eaa65ac43eab1f39067e6c SHA512 646f7a1a88ab9b3ff078016df706a1c9d991bf21d86ef1dd4c0a0ee6b946f94276b52499218bca222461eb003510e84b81f44b08899c5b36ac115137193e968a WHIRLPOOL 4276714eb34ec2571544ff271698f1e6540ac62d51704c4216d19452be0b59d1da3014b7c290204b9ca42d5edd88094f1de79618d3bbf8d4f8ae5fb214ecca63
diff --git a/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch
new file mode 100644
index 000000000000..ec36340f8aad
--- /dev/null
+++ b/dev-ruby/redcloth/files/redcloth-4.2.9-cve-2012-6684.patch
@@ -0,0 +1,58 @@
+Patch taken from Debian (via upstream pull request that is still pending)
+
+http://sources.debian.net/src/ruby-redcloth/4.2.9-4/debian/patches/0001-Filter-out-javascript-links-when-using-filter_html-o.patch/
+https://github.com/jgarber/redcloth/pull/20/commits
+
+From b3d82f0c3a354a2f589e1fd43f5f1d7e427b530e Mon Sep 17 00:00:00 2001
+From: Antonio Terceiro <terceiro@debian.org>
+Date: Sat, 7 Feb 2015 23:27:39 -0200
+Subject: [PATCH] Filter out 'javascript:' links when using filter_html or
+ sanitize_html
+
+This is a fix for CVE-2012-6684
+---
+ lib/redcloth/formatters/html.rb     |  6 +++++-
+ spec/security/CVE-2012-6684_spec.rb | 14 ++++++++++++++
+ 2 files changed, 19 insertions(+), 1 deletion(-)
+ create mode 100644 spec/security/CVE-2012-6684_spec.rb
+
+diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb
+index bfadfb7..b8793b2 100644
+--- a/lib/redcloth/formatters/html.rb
++++ b/lib/redcloth/formatters/html.rb
+@@ -111,7 +111,11 @@ module RedCloth::Formatters::HTML
+   end
+   
+   def link(opts)
+-    "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
++    if (filter_html || sanitize_html) && opts[:href] =~ /^\s*javascript:/
++      opts[:name]
++    else
++      "<a href=\"#{escape_attribute opts[:href]}\"#{pba(opts)}>#{opts[:name]}</a>"
++    end
+   end
+   
+   def image(opts)
+diff --git a/spec/security/CVE-2012-6684_spec.rb b/spec/security/CVE-2012-6684_spec.rb
+new file mode 100644
+index 0000000..05219fd
+--- /dev/null
++++ b/spec/security/CVE-2012-6684_spec.rb
+@@ -0,0 +1,14 @@
++# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6684
++
++require 'redcloth'
++
++describe 'CVE-2012-6684' do
++
++  it 'should not let javascript links pass through' do
++    # PoC from http://co3k.org/blog/redcloth-unfixed-xss-en
++    output = RedCloth.new('["clickme":javascript:alert(%27XSS%27)]', [:filter_html, :filter_styles, :filter_classes, :filter_ids]).to_html
++    expect(output).to_not match(/href=.javascript:alert/)
++  end
++
++
++end
+-- 
+2.1.4
+
diff --git a/dev-ruby/redcloth/metadata.xml b/dev-ruby/redcloth/metadata.xml
new file mode 100644
index 000000000000..068994807fdb
--- /dev/null
+++ b/dev-ruby/redcloth/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <herd>ruby</herd>
+  <upstream>
+    <remote-id type="github">jgarber/redcloth</remote-id>
+  </upstream>
+</pkgmetadata>
diff --git a/dev-ruby/redcloth/redcloth-4.2.9-r3.ebuild b/dev-ruby/redcloth/redcloth-4.2.9-r3.ebuild
new file mode 100644
index 000000000000..70473c507e7d
--- /dev/null
+++ b/dev-ruby/redcloth/redcloth-4.2.9-r3.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+USE_RUBY="ruby19 ruby20"
+
+RUBY_FAKEGEM_NAME="RedCloth"
+
+RUBY_FAKEGEM_RECIPE_TEST="rspec"
+RUBY_FAKEGEM_TASK_DOC=""
+
+RUBY_FAKEGEM_DOCDIR="doc"
+
+RUBY_FAKEGEM_EXTRADOC="README.rdoc CHANGELOG"
+
+RUBY_FAKEGEM_REQUIRE_PATHS="lib/case_sensitive_require"
+
+inherit ruby-fakegem versionator
+
+DESCRIPTION="A module for using Textile in Ruby"
+HOMEPAGE="http://redcloth.org/"
+
+GITHUB_USER=jgarber
+SRC_URI="https://github.com/${GITHUB_USER}/redcloth/tarball/v${PV} -> ${RUBY_FAKEGEM_NAME}-git-${PV}.tgz"
+RUBY_S="${GITHUB_USER}-${PN}-*"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+DEPEND+=" dev-util/ragel"
+
+ruby_add_bdepend "
+	>=dev-ruby/rake-0.8.7
+	>=dev-ruby/rake-compiler-0.7.1
+	test? ( >=dev-ruby/diff-lcs-1.1.2 )"
+
+pkg_setup() {
+	ruby-ng_pkg_setup
+
+	# Export the VERBOSE variable to avoid remapping of stdout and
+	# stderr, and that breaks because of bad interactions between
+	# echoe, Ruby and Gentoo.
+	export VERBOSE=1
+}
+
+RUBY_PATCHES=( ${P}-cve-2012-6684.patch )
+
+all_ruby_prepare() {
+	sed -i -e '/[Bb]undler/d' Rakefile ${PN}.gemspec || die
+	rm tasks/{release,gems,rspec}.rake || die
+}
+
+each_ruby_compile() {
+	# We cannot run this manually easily, because Ragel re-generation
+	# is a mess
+	${RUBY} -S rake compile || die "rake compile failed"
+}
diff --git a/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild b/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild
new file mode 100644
index 000000000000..66f86193c045
--- /dev/null
+++ b/dev-ruby/redcloth/redcloth-4.2.9-r4.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+USE_RUBY="ruby19 ruby20 ruby21 ruby22"
+
+RUBY_FAKEGEM_NAME="RedCloth"
+
+RUBY_FAKEGEM_RECIPE_TEST="rspec"
+RUBY_FAKEGEM_TASK_DOC=""
+
+RUBY_FAKEGEM_DOCDIR="doc"
+
+RUBY_FAKEGEM_EXTRADOC="README.rdoc CHANGELOG"
+
+RUBY_FAKEGEM_REQUIRE_PATHS="lib/case_sensitive_require"
+
+inherit ruby-fakegem versionator
+
+DESCRIPTION="A module for using Textile in Ruby"
+HOMEPAGE="http://redcloth.org/"
+
+GITHUB_USER=jgarber
+SRC_URI="https://github.com/${GITHUB_USER}/redcloth/tarball/v${PV} -> ${RUBY_FAKEGEM_NAME}-git-${PV}.tgz"
+RUBY_S="${GITHUB_USER}-${PN}-*"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE=""
+
+DEPEND+=" dev-util/ragel"
+
+ruby_add_bdepend "
+	>=dev-ruby/rake-0.8.7
+	>=dev-ruby/rake-compiler-0.7.1
+	test? ( >=dev-ruby/diff-lcs-1.1.2 )"
+
+pkg_setup() {
+	ruby-ng_pkg_setup
+
+	# Export the VERBOSE variable to avoid remapping of stdout and
+	# stderr, and that breaks because of bad interactions between
+	# echoe, Ruby and Gentoo.
+	export VERBOSE=1
+}
+
+RUBY_PATCHES=( ${P}-cve-2012-6684.patch )
+
+all_ruby_prepare() {
+	sed -i -e '/[Bb]undler/d' Rakefile ${PN}.gemspec || die
+	rm tasks/{release,gems,rspec}.rake || die
+}
+
+each_ruby_compile() {
+	# We cannot run this manually easily, because Ragel re-generation
+	# is a mess
+	${RUBY} -S rake compile || die "rake compile failed"
+}