nokogiri 1.10.4-x64-mingw32 → 1.10.5-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/dependencies.yml +28 -26
- data/lib/nokogiri/2.3/nokogiri.so +0 -0
- data/lib/nokogiri/2.4/nokogiri.so +0 -0
- data/lib/nokogiri/2.5/nokogiri.so +0 -0
- data/lib/nokogiri/2.6/nokogiri.so +0 -0
- data/lib/nokogiri/version.rb +1 -1
- metadata +4 -5
- data/patches/libxslt/0001-Fix-security-framework-bypass.patch +0 -120
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 499e222680c6976d58c6871d74cafe596ab67c965fa01dea45a9f8ee180ab9e2
|
4
|
+
data.tar.gz: de537b0a8aa6eae52a0744036bd573b03ad94ff4720a326e2b9ffe6030ec6724
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e0a541acfeff0434e88fafc066be336854918c73868b8907330c343defe7017f124d46de0e97004877e078b49d702547102d8de9261450cb40a4a4af2188d7c
|
7
|
+
data.tar.gz: 941bc3d2a7f84d2bf36a988c83f9b7a10dd8d9ae4a350415d0992b1790e4fac35aea5a6342c2d650e315a332c93f9d1708195eed0beec37c1a042b972d3700fd
|
data/dependencies.yml
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
libxml2:
|
2
|
-
version: "2.9.
|
3
|
-
sha256: "
|
2
|
+
version: "2.9.10"
|
3
|
+
sha256: "aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f"
|
4
4
|
# manually verified checksum:
|
5
5
|
#
|
6
|
-
# $ gpg --verify libxml2-2.9.
|
7
|
-
# gpg: Signature made
|
8
|
-
# gpg: using RSA key
|
6
|
+
# $ gpg --verify libxml2-2.9.10.tar.gz.asc ports/archives/libxml2-2.9.10.tar.gz
|
7
|
+
# gpg: Signature made Wed 30 Oct 2019 03:15:42 PM EDT
|
8
|
+
# gpg: using RSA key DB46681BB91ADCEA170FA2D415588B26596BEA5D
|
9
9
|
# gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
|
10
10
|
# gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
|
11
11
|
# gpg: WARNING: This key is not certified with a trusted signature!
|
@@ -16,25 +16,26 @@ libxml2:
|
|
16
16
|
# using this pgp signature:
|
17
17
|
#
|
18
18
|
# -----BEGIN PGP SIGNATURE-----
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
#
|
24
|
-
#
|
25
|
-
#
|
26
|
-
#
|
19
|
+
#
|
20
|
+
# iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl254V4ACgkQFViLJllr
|
21
|
+
# 6l0ldAf6Azt4/oKDfMKRd+xaykUrb+34dr2ZRsjRDS1cnelAtL9TCWhE5lOkLI3c
|
22
|
+
# 3FyNRaLhOEOOluZmKTJYyzS42JSSHDhxGj14gIeyafOjvRhHG3h1m5GvMmvgKWkd
|
23
|
+
# qzxFrVFSG26iWJxMvxIA88t7M+QHb7ff7xR29ETJscewEmAd3LmZITglK02lWeGz
|
24
|
+
# LfxfLuakM6RnCUu0dzacJKO0nMOKju+RL/N9bciI/UOhNYEkWqPnzC0GzbvFLqDu
|
25
|
+
# rM+OvCSewSTziiejpdrUwYXkY5Ui2+cxUbacLauEr8iRLg7xXKqv27NORE4yeQcS
|
26
|
+
# LgIhxG/qSNfihMS6E1ZO5bK2DbGCZQ==
|
27
|
+
# =ZNuc
|
27
28
|
# -----END PGP SIGNATURE-----
|
28
29
|
#
|
29
30
|
|
30
31
|
libxslt:
|
31
|
-
version: "1.1.
|
32
|
-
sha256: "
|
32
|
+
version: "1.1.34"
|
33
|
+
sha256: "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f"
|
33
34
|
# manually verified checksum:
|
34
35
|
#
|
35
|
-
# $ gpg --verify libxslt-1.1.
|
36
|
-
# gpg: Signature made
|
37
|
-
# gpg: using RSA key
|
36
|
+
# $ gpg --verify ~/Downloads/libxslt-1.1.34.tar.gz.asc ports/archives/libxslt-1.1.34.tar.gz
|
37
|
+
# gpg: Signature made Wed 30 Oct 2019 04:02:48 PM EDT
|
38
|
+
# gpg: using RSA key DB46681BB91ADCEA170FA2D415588B26596BEA5D
|
38
39
|
# gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
|
39
40
|
# gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
|
40
41
|
# gpg: WARNING: This key is not certified with a trusted signature!
|
@@ -45,14 +46,15 @@ libxslt:
|
|
45
46
|
# using this pgp signature:
|
46
47
|
#
|
47
48
|
# -----BEGIN PGP SIGNATURE-----
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
52
|
-
#
|
53
|
-
#
|
54
|
-
#
|
55
|
-
#
|
49
|
+
#
|
50
|
+
# iQEzBAABCAAdFiEE20ZoG7ka3OoXD6LUFViLJllr6l0FAl257GgACgkQFViLJllr
|
51
|
+
# 6l2vVggAjJEHmASiS56SxhPOsGqbfBihM66gQFoIymQfMu2430N1GSTkLsfbkJO8
|
52
|
+
# 8yBX11NjzK/m9uxwshMW3rVCU7EpL3PUimN3reXdPiQj9hAOAWF1V3BZNevbQC2E
|
53
|
+
# FCIraioukaidf8sjUG4/sGpK/gOcP/3hYoN0HUoBigCNJjDqhijxM3M3GJJtCASp
|
54
|
+
# jL4CQbs2OmxW8ixOZbuWEESvFFHUgYRsdZjRVN+GRfSOvJjxypurmYwQ3RjO7JxL
|
55
|
+
# 2FY8qKQ+xpeID8NV8F5OUEvWBjk1QS133VTqBZNlONdnEtV/og6jNu5k0O/Kvhup
|
56
|
+
# caR+8TMErOcLr9OgDklO6DoYyAsf9Q==
|
57
|
+
# =g4i4
|
56
58
|
# -----END PGP SIGNATURE-----
|
57
59
|
#
|
58
60
|
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.
|
4
|
+
version: 1.10.5
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -14,7 +14,7 @@ authors:
|
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
|
-
date: 2019-
|
17
|
+
date: 2019-10-31 00:00:00.000000000 Z
|
18
18
|
dependencies:
|
19
19
|
- !ruby/object:Gem::Dependency
|
20
20
|
name: mini_portile2
|
@@ -445,13 +445,12 @@ files:
|
|
445
445
|
- patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
|
446
446
|
- patches/libxml2/0002-Remove-script-macro-support.patch
|
447
447
|
- patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
|
448
|
-
- patches/libxslt/0001-Fix-security-framework-bypass.patch
|
449
448
|
homepage:
|
450
449
|
licenses:
|
451
450
|
- MIT
|
452
451
|
metadata: {}
|
453
|
-
post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.
|
454
|
-
libxslt-1.1.
|
452
|
+
post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.10,
|
453
|
+
libxslt-1.1.34, zlib-1.2.11, libiconv-1.15.
|
455
454
|
|
456
455
|
'
|
457
456
|
rdoc_options:
|
@@ -1,120 +0,0 @@
|
|
1
|
-
From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
3
|
-
Date: Sun, 24 Mar 2019 09:51:39 +0100
|
4
|
-
Subject: [PATCH] Fix security framework bypass
|
5
|
-
|
6
|
-
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
|
7
|
-
don't check for this condition and allow access. With a specially
|
8
|
-
crafted URL, xsltCheckRead could be tricked into returning an error
|
9
|
-
because of a supposedly invalid URL that would still be loaded
|
10
|
-
succesfully later on.
|
11
|
-
|
12
|
-
Fixes #12.
|
13
|
-
|
14
|
-
Thanks to Felix Wilhelm for the report.
|
15
|
-
---
|
16
|
-
libxslt/documents.c | 18 ++++++++++--------
|
17
|
-
libxslt/imports.c | 9 +++++----
|
18
|
-
libxslt/transform.c | 9 +++++----
|
19
|
-
libxslt/xslt.c | 9 +++++----
|
20
|
-
4 files changed, 25 insertions(+), 20 deletions(-)
|
21
|
-
|
22
|
-
diff --git a/libxslt/documents.c b/libxslt/documents.c
|
23
|
-
index 3f3a731..4aad11b 100644
|
24
|
-
--- a/libxslt/documents.c
|
25
|
-
+++ b/libxslt/documents.c
|
26
|
-
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
|
27
|
-
int res;
|
28
|
-
|
29
|
-
res = xsltCheckRead(ctxt->sec, ctxt, URI);
|
30
|
-
- if (res == 0) {
|
31
|
-
- xsltTransformError(ctxt, NULL, NULL,
|
32
|
-
- "xsltLoadDocument: read rights for %s denied\n",
|
33
|
-
- URI);
|
34
|
-
+ if (res <= 0) {
|
35
|
-
+ if (res == 0)
|
36
|
-
+ xsltTransformError(ctxt, NULL, NULL,
|
37
|
-
+ "xsltLoadDocument: read rights for %s denied\n",
|
38
|
-
+ URI);
|
39
|
-
return(NULL);
|
40
|
-
}
|
41
|
-
}
|
42
|
-
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
|
43
|
-
int res;
|
44
|
-
|
45
|
-
res = xsltCheckRead(sec, NULL, URI);
|
46
|
-
- if (res == 0) {
|
47
|
-
- xsltTransformError(NULL, NULL, NULL,
|
48
|
-
- "xsltLoadStyleDocument: read rights for %s denied\n",
|
49
|
-
- URI);
|
50
|
-
+ if (res <= 0) {
|
51
|
-
+ if (res == 0)
|
52
|
-
+ xsltTransformError(NULL, NULL, NULL,
|
53
|
-
+ "xsltLoadStyleDocument: read rights for %s denied\n",
|
54
|
-
+ URI);
|
55
|
-
return(NULL);
|
56
|
-
}
|
57
|
-
}
|
58
|
-
diff --git a/libxslt/imports.c b/libxslt/imports.c
|
59
|
-
index 874870c..3783b24 100644
|
60
|
-
--- a/libxslt/imports.c
|
61
|
-
+++ b/libxslt/imports.c
|
62
|
-
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
|
63
|
-
int secres;
|
64
|
-
|
65
|
-
secres = xsltCheckRead(sec, NULL, URI);
|
66
|
-
- if (secres == 0) {
|
67
|
-
- xsltTransformError(NULL, NULL, NULL,
|
68
|
-
- "xsl:import: read rights for %s denied\n",
|
69
|
-
- URI);
|
70
|
-
+ if (secres <= 0) {
|
71
|
-
+ if (secres == 0)
|
72
|
-
+ xsltTransformError(NULL, NULL, NULL,
|
73
|
-
+ "xsl:import: read rights for %s denied\n",
|
74
|
-
+ URI);
|
75
|
-
goto error;
|
76
|
-
}
|
77
|
-
}
|
78
|
-
diff --git a/libxslt/transform.c b/libxslt/transform.c
|
79
|
-
index 1379391..0636dbd 100644
|
80
|
-
--- a/libxslt/transform.c
|
81
|
-
+++ b/libxslt/transform.c
|
82
|
-
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
|
83
|
-
*/
|
84
|
-
if (ctxt->sec != NULL) {
|
85
|
-
ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
|
86
|
-
- if (ret == 0) {
|
87
|
-
- xsltTransformError(ctxt, NULL, inst,
|
88
|
-
- "xsltDocumentElem: write rights for %s denied\n",
|
89
|
-
- filename);
|
90
|
-
+ if (ret <= 0) {
|
91
|
-
+ if (ret == 0)
|
92
|
-
+ xsltTransformError(ctxt, NULL, inst,
|
93
|
-
+ "xsltDocumentElem: write rights for %s denied\n",
|
94
|
-
+ filename);
|
95
|
-
xmlFree(URL);
|
96
|
-
xmlFree(filename);
|
97
|
-
return;
|
98
|
-
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
|
99
|
-
index 780a5ad..a234eb7 100644
|
100
|
-
--- a/libxslt/xslt.c
|
101
|
-
+++ b/libxslt/xslt.c
|
102
|
-
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
|
103
|
-
int res;
|
104
|
-
|
105
|
-
res = xsltCheckRead(sec, NULL, filename);
|
106
|
-
- if (res == 0) {
|
107
|
-
- xsltTransformError(NULL, NULL, NULL,
|
108
|
-
- "xsltParseStylesheetFile: read rights for %s denied\n",
|
109
|
-
- filename);
|
110
|
-
+ if (res <= 0) {
|
111
|
-
+ if (res == 0)
|
112
|
-
+ xsltTransformError(NULL, NULL, NULL,
|
113
|
-
+ "xsltParseStylesheetFile: read rights for %s denied\n",
|
114
|
-
+ filename);
|
115
|
-
return(NULL);
|
116
|
-
}
|
117
|
-
}
|
118
|
-
--
|
119
|
-
2.17.1
|
120
|
-
|