nokogiri 1.10.4-java → 1.10.5-java

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of nokogiri might be problematic. Click here for more details.

Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/dependencies.yml +28 -26
  3. data/lib/nokogiri/nokogiri.jar +0 -0
  4. data/lib/nokogiri/version.rb +1 -1
  5. metadata +2 -3
  6. data/patches/libxslt/0001-Fix-security-framework-bypass.patch +0 -120
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0797aca98d5ad2099030b9bad08ed85ceb1053aa8b6c6783643e8c4ee2165bb5'
4
- data.tar.gz: 9baf4be0570382077e11a32355072156667bf5a5198f5ab64d8dfbcbbea36f54
3
+ metadata.gz: db9dd50706263400b39bffa662a8f17ce6985dcc26703bd2c05583b647cf03b4
4
+ data.tar.gz: e6a04af92285bedbb11d877c93422aaf382d4b39059815173e9f678f495062c0
5
5
  SHA512:
6
- metadata.gz: ce8981fee41420d318226f6760a8a353b81682f2fc11b4c02fabed8ff7674ebc707cc4b1dbd90d027d4716ae73203a6fcee17e490aaf4c00873846ae5029548c
7
- data.tar.gz: 4026765b017fcda7763c19c2e4c4f88e875c7f4d5cbed5e36096125a72fbc516760638399b40a43f72dd6698eee72a004ae319ae845ab2ef629d572bf9c07d38
6
+ metadata.gz: d2bf182f13f6267aadf73eb5b0c450bd4adcc99c8af39ba63d782822d5e3de99a272c1bf1e9a7ae722a2f8c9fa9c5c930ba96d4bc7a606e5d73c4768fdb9acf0
7
+ data.tar.gz: 123ebc8ad24bcdec9cd839059cf76d33a2b5b1d09163e4ff4f43efe8f8a5bdbc086c5d02e21ad34fc5a54457a82c0db411687f1251fa606251e70356cd64f8c0
data/dependencies.yml CHANGED
@@ -1,11 +1,11 @@
1
1
  libxml2:
2
- version: "2.9.9"
3
- sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
2
+ version: "2.9.10"
3
+ sha256: "aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f"
4
4
  # manually verified checksum:
5
5
  #
6
- # $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
7
- # gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
8
- # gpg: using RSA key 15588B26596BEA5D
6
+ # $ gpg --verify libxml2-2.9.10.tar.gz.asc ports/archives/libxml2-2.9.10.tar.gz
7
+ # gpg: Signature made Wed 30 Oct 2019 03:15:42 PM EDT
8
+ # gpg: using RSA key DB46681BB91ADCEA170FA2D415588B26596BEA5D
9
9
  # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
10
10
  # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
11
11
  # gpg: WARNING: This key is not certified with a trusted signature!
@@ -16,25 +16,26 @@ libxml2:
16
16
  # using this pgp signature:
17
17
  #
18
18
  # -----BEGIN PGP SIGNATURE-----
19
- #
20
- # iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
21
- # YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
22
- # Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
23
- # 9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
24
- # hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
25
- # sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
26
- # =4qWg
19
+ #
20
+ # iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl254V4ACgkQFViLJllr
21
+ # 6l0ldAf6Azt4/oKDfMKRd+xaykUrb+34dr2ZRsjRDS1cnelAtL9TCWhE5lOkLI3c
22
+ # 3FyNRaLhOEOOluZmKTJYyzS42JSSHDhxGj14gIeyafOjvRhHG3h1m5GvMmvgKWkd
23
+ # qzxFrVFSG26iWJxMvxIA88t7M+QHb7ff7xR29ETJscewEmAd3LmZITglK02lWeGz
24
+ # LfxfLuakM6RnCUu0dzacJKO0nMOKju+RL/N9bciI/UOhNYEkWqPnzC0GzbvFLqDu
25
+ # rM+OvCSewSTziiejpdrUwYXkY5Ui2+cxUbacLauEr8iRLg7xXKqv27NORE4yeQcS
26
+ # LgIhxG/qSNfihMS6E1ZO5bK2DbGCZQ==
27
+ # =ZNuc
27
28
  # -----END PGP SIGNATURE-----
28
29
  #
29
30
 
30
31
  libxslt:
31
- version: "1.1.33"
32
- sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
32
+ version: "1.1.34"
33
+ sha256: "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f"
33
34
  # manually verified checksum:
34
35
  #
35
- # $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
36
- # gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
37
- # gpg: using RSA key 15588B26596BEA5D
36
+ # $ gpg --verify ~/Downloads/libxslt-1.1.34.tar.gz.asc ports/archives/libxslt-1.1.34.tar.gz
37
+ # gpg: Signature made Wed 30 Oct 2019 04:02:48 PM EDT
38
+ # gpg: using RSA key DB46681BB91ADCEA170FA2D415588B26596BEA5D
38
39
  # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
39
40
  # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
40
41
  # gpg: WARNING: This key is not certified with a trusted signature!
@@ -45,14 +46,15 @@ libxslt:
45
46
  # using this pgp signature:
46
47
  #
47
48
  # -----BEGIN PGP SIGNATURE-----
48
- #
49
- # iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
50
- # 407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
51
- # mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
52
- # BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
53
- # QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
54
- # sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
55
- # =iAm8
49
+ #
50
+ # iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl257GgACgkQFViLJllr
51
+ # 6l2vVggAjJEHmASiS56SxhPOsGqbfBihM66gQFoIymQfMu2430N1GSTkLsfbkJO8
52
+ # 8yBX11NjzK/m9uxwshMW3rVCU7EpL3PUimN3reXdPiQj9hAOAWF1V3BZNevbQC2E
53
+ # FCIraioukaidf8sjUG4/sGpK/gOcP/3hYoN0HUoBigCNJjDqhijxM3M3GJJtCASp
54
+ # jL4CQbs2OmxW8ixOZbuWEESvFFHUgYRsdZjRVN+GRfSOvJjxypurmYwQ3RjO7JxL
55
+ # 2FY8qKQ+xpeID8NV8F5OUEvWBjk1QS133VTqBZNlONdnEtV/og6jNu5k0O/Kvhup
56
+ # caR+8TMErOcLr9OgDklO6DoYyAsf9Q==
57
+ # =g4i4
56
58
  # -----END PGP SIGNATURE-----
57
59
  #
58
60
 
data/lib/nokogiri/nokogiri.jar CHANGED
Binary file
data/lib/nokogiri/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.4"
3
+ VERSION = "1.10.5"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.4
4
+ version: 1.10.5
5
5
  platform: java
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-08-11 00:00:00.000000000 Z
17
+ date: 2019-10-31 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  requirement: !ruby/object:Gem::Requirement
@@ -525,7 +525,6 @@ files:
525
525
  - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
526
526
  - patches/libxml2/0002-Remove-script-macro-support.patch
527
527
  - patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
528
- - patches/libxslt/0001-Fix-security-framework-bypass.patch
529
528
  homepage:
530
529
  licenses:
531
530
  - MIT
data/patches/libxslt/0001-Fix-security-framework-bypass.patch DELETED
@@ -1,120 +0,0 @@
1
- From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Sun, 24 Mar 2019 09:51:39 +0100
4
- Subject: [PATCH] Fix security framework bypass
5
-
6
- xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
7
- don't check for this condition and allow access. With a specially
8
- crafted URL, xsltCheckRead could be tricked into returning an error
9
- because of a supposedly invalid URL that would still be loaded
10
- succesfully later on.
11
-
12
- Fixes #12.
13
-
14
- Thanks to Felix Wilhelm for the report.
15
- ---
16
- libxslt/documents.c | 18 ++++++++++--------
17
- libxslt/imports.c | 9 +++++----
18
- libxslt/transform.c | 9 +++++----
19
- libxslt/xslt.c | 9 +++++----
20
- 4 files changed, 25 insertions(+), 20 deletions(-)
21
-
22
- diff --git a/libxslt/documents.c b/libxslt/documents.c
23
- index 3f3a731..4aad11b 100644
24
- --- a/libxslt/documents.c
25
- +++ b/libxslt/documents.c
26
- @@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
27
- int res;
28
-
29
- res = xsltCheckRead(ctxt->sec, ctxt, URI);
30
- - if (res == 0) {
31
- - xsltTransformError(ctxt, NULL, NULL,
32
- - "xsltLoadDocument: read rights for %s denied\n",
33
- - URI);
34
- + if (res <= 0) {
35
- + if (res == 0)
36
- + xsltTransformError(ctxt, NULL, NULL,
37
- + "xsltLoadDocument: read rights for %s denied\n",
38
- + URI);
39
- return(NULL);
40
- }
41
- }
42
- @@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
43
- int res;
44
-
45
- res = xsltCheckRead(sec, NULL, URI);
46
- - if (res == 0) {
47
- - xsltTransformError(NULL, NULL, NULL,
48
- - "xsltLoadStyleDocument: read rights for %s denied\n",
49
- - URI);
50
- + if (res <= 0) {
51
- + if (res == 0)
52
- + xsltTransformError(NULL, NULL, NULL,
53
- + "xsltLoadStyleDocument: read rights for %s denied\n",
54
- + URI);
55
- return(NULL);
56
- }
57
- }
58
- diff --git a/libxslt/imports.c b/libxslt/imports.c
59
- index 874870c..3783b24 100644
60
- --- a/libxslt/imports.c
61
- +++ b/libxslt/imports.c
62
- @@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
63
- int secres;
64
-
65
- secres = xsltCheckRead(sec, NULL, URI);
66
- - if (secres == 0) {
67
- - xsltTransformError(NULL, NULL, NULL,
68
- - "xsl:import: read rights for %s denied\n",
69
- - URI);
70
- + if (secres <= 0) {
71
- + if (secres == 0)
72
- + xsltTransformError(NULL, NULL, NULL,
73
- + "xsl:import: read rights for %s denied\n",
74
- + URI);
75
- goto error;
76
- }
77
- }
78
- diff --git a/libxslt/transform.c b/libxslt/transform.c
79
- index 1379391..0636dbd 100644
80
- --- a/libxslt/transform.c
81
- +++ b/libxslt/transform.c
82
- @@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
83
- */
84
- if (ctxt->sec != NULL) {
85
- ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
86
- - if (ret == 0) {
87
- - xsltTransformError(ctxt, NULL, inst,
88
- - "xsltDocumentElem: write rights for %s denied\n",
89
- - filename);
90
- + if (ret <= 0) {
91
- + if (ret == 0)
92
- + xsltTransformError(ctxt, NULL, inst,
93
- + "xsltDocumentElem: write rights for %s denied\n",
94
- + filename);
95
- xmlFree(URL);
96
- xmlFree(filename);
97
- return;
98
- diff --git a/libxslt/xslt.c b/libxslt/xslt.c
99
- index 780a5ad..a234eb7 100644
100
- --- a/libxslt/xslt.c
101
- +++ b/libxslt/xslt.c
102
- @@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
103
- int res;
104
-
105
- res = xsltCheckRead(sec, NULL, filename);
106
- - if (res == 0) {
107
- - xsltTransformError(NULL, NULL, NULL,
108
- - "xsltParseStylesheetFile: read rights for %s denied\n",
109
- - filename);
110
- + if (res <= 0) {
111
- + if (res == 0)
112
- + xsltTransformError(NULL, NULL, NULL,
113
- + "xsltParseStylesheetFile: read rights for %s denied\n",
114
- + filename);
115
- return(NULL);
116
- }
117
- }
118
- --
119
- 2.17.1
120
-