nokogiri 1.10.5-x64-mingw32 → 1.10.10-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 499e222680c6976d58c6871d74cafe596ab67c965fa01dea45a9f8ee180ab9e2
4
- data.tar.gz: de537b0a8aa6eae52a0744036bd573b03ad94ff4720a326e2b9ffe6030ec6724
3
+ metadata.gz: 7d60b52d7f07bfb0187de2cca88833a70498f002f463ac82f08b8359908df80b
4
+ data.tar.gz: 169b48cd81195b892ddd0976956ffdf7c1be89d486cdeb78bbbf87bfeb0c4cb1
5
5
  SHA512:
6
- metadata.gz: 8e0a541acfeff0434e88fafc066be336854918c73868b8907330c343defe7017f124d46de0e97004877e078b49d702547102d8de9261450cb40a4a4af2188d7c
7
- data.tar.gz: 941bc3d2a7f84d2bf36a988c83f9b7a10dd8d9ae4a350415d0992b1790e4fac35aea5a6342c2d650e315a332c93f9d1708195eed0beec37c1a042b972d3700fd
6
+ metadata.gz: ab637fb1527d865c3ce13130c363a3969abd7d6dfe2e5ca769956a89572990ca078cc27c06831337d2433a94a776bcad87b9a986303f4cd1955551663aedae3f
7
+ data.tar.gz: 5f5009a359ef8984f3b8ba817af06efdb56c9071c9e459155a5d4b96059ac3c8e5bf19b3c8d116a1b9fa5432e6b5eb2fe59e12a9e5aa0d2b8eaa447623860ce9
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
133
133
  return rb_schema;
134
134
  }
135
135
 
136
+ /* Schema creation will remove and deallocate "blank" nodes.
137
+ * If those blank nodes have been exposed to Ruby, they could get freed
138
+ * out from under the VALUE pointer. This function checks to see if any of
139
+ * those nodes have been exposed to Ruby, and if so we should raise an exception.
140
+ */
141
+ static int has_blank_nodes_p(VALUE cache)
142
+ {
143
+ long i;
144
+
145
+ if (NIL_P(cache)) {
146
+ return 0;
147
+ }
148
+
149
+ for (i = 0; i < RARRAY_LEN(cache); i++) {
150
+ xmlNodePtr node;
151
+ VALUE element = rb_ary_entry(cache, i);
152
+ Data_Get_Struct(element, xmlNode, node);
153
+ if (xmlIsBlankNode(node)) {
154
+ return 1;
155
+ }
156
+ }
157
+
158
+ return 0;
159
+ }
160
+
136
161
  /*
137
162
  * call-seq:
138
163
  * from_document(doc)
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
152
177
  /* In case someone passes us a node. ugh. */
153
178
  doc = doc->doc;
154
179
 
180
+ if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
181
+ rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
182
+ }
183
+
155
184
  ctx = xmlSchemaNewDocParserCtxt(doc);
156
185
 
157
186
  errors = rb_ary_new();
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.5"
3
+ VERSION = "1.10.10"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.5
4
+ version: 1.10.10
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-10-31 00:00:00.000000000 Z
17
+ date: 2020-07-06 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: mini_portile2
@@ -148,28 +148,28 @@ dependencies:
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: 1.0.3
151
+ version: 1.1.0
152
152
  type: :development
153
153
  prerelease: false
154
154
  version_requirements: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 1.0.3
158
+ version: 1.1.0
159
159
  - !ruby/object:Gem::Dependency
160
160
  name: rake-compiler-dock
161
161
  requirement: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: 0.7.0
165
+ version: '1.0'
166
166
  type: :development
167
167
  prerelease: false
168
168
  version_requirements: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - "~>"
171
171
  - !ruby/object:Gem::Version
172
- version: 0.7.0
172
+ version: '1.0'
173
173
  - !ruby/object:Gem::Dependency
174
174
  name: rexical
175
175
  requirement: !ruby/object:Gem::Requirement
@@ -238,14 +238,14 @@ dependencies:
238
238
  requirements:
239
239
  - - "~>"
240
240
  - !ruby/object:Gem::Version
241
- version: '3.18'
241
+ version: '3.22'
242
242
  type: :development
243
243
  prerelease: false
244
244
  version_requirements: !ruby/object:Gem::Requirement
245
245
  requirements:
246
246
  - - "~>"
247
247
  - !ruby/object:Gem::Version
248
- version: '3.18'
248
+ version: '3.22'
249
249
  description: |-
250
250
  Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
251
251
  Nokogiri's many features is the ability to search documents via XPath
@@ -380,6 +380,7 @@ files:
380
380
  - lib/nokogiri/2.4/nokogiri.so
381
381
  - lib/nokogiri/2.5/nokogiri.so
382
382
  - lib/nokogiri/2.6/nokogiri.so
383
+ - lib/nokogiri/2.7/nokogiri.so
383
384
  - lib/nokogiri/css.rb
384
385
  - lib/nokogiri/css/node.rb
385
386
  - lib/nokogiri/css/parser.rb
@@ -442,13 +443,15 @@ files:
442
443
  - lib/nokogiri/xslt.rb
443
444
  - lib/nokogiri/xslt/stylesheet.rb
444
445
  - lib/xsd/xmlparser/nokogiri.rb
445
- - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
446
- - patches/libxml2/0002-Remove-script-macro-support.patch
447
- - patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
448
- homepage:
446
+ homepage: https://nokogiri.org
449
447
  licenses:
450
448
  - MIT
451
- metadata: {}
449
+ metadata:
450
+ homepage_uri: https://nokogiri.org
451
+ bug_tracker_uri: https://github.com/sparklemotion/nokogiri/issues
452
+ documentation_uri: https://nokogiri.org/rdoc/index.html
453
+ changelog_uri: https://nokogiri.org/CHANGELOG.html
454
+ source_code_uri: https://github.com/sparklemotion/nokogiri
452
455
  post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.10,
453
456
  libxslt-1.1.34, zlib-1.2.11, libiconv-1.15.
454
457
 
@@ -465,15 +468,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
465
468
  version: '2.3'
466
469
  - - "<"
467
470
  - !ruby/object:Gem::Version
468
- version: 2.7.dev
471
+ version: 2.8.dev
469
472
  required_rubygems_version: !ruby/object:Gem::Requirement
470
473
  requirements:
471
474
  - - ">="
472
475
  - !ruby/object:Gem::Version
473
476
  version: '0'
474
477
  requirements: []
475
- rubyforge_project:
476
- rubygems_version: 2.7.9
478
+ rubygems_version: 3.1.2
477
479
  signing_key:
478
480
  specification_version: 4
479
481
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
@@ -1,78 +0,0 @@
1
- From c5538465c08a8ea248a370bf55bc39cd3385e4af Mon Sep 17 00:00:00 2001
2
- From: Mike Dalessio <mike.dalessio@gmail.com>
3
- Date: Thu, 29 Mar 2018 14:09:00 -0400
4
- Subject: [PATCH] Revert "Do not URI escape in server side includes"
5
-
6
- This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
7
- ---
8
- HTMLtree.c | 49 +++++++++++--------------------------------------
9
- 1 file changed, 11 insertions(+), 38 deletions(-)
10
-
11
- diff --git a/HTMLtree.c b/HTMLtree.c
12
- index 2fd0c9c..67160c5 100644
13
- --- a/HTMLtree.c
14
- +++ b/HTMLtree.c
15
- @@ -717,49 +717,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
16
- (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
17
- ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
18
- (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
19
- + xmlChar *escaped;
20
- xmlChar *tmp = value;
21
- - /* xmlURIEscapeStr() escapes '"' so it can be safely used. */
22
- - xmlBufCCat(buf->buffer, "\"");
23
-
24
- while (IS_BLANK_CH(*tmp)) tmp++;
25
-
26
- - /* URI Escape everything, except server side includes. */
27
- - for ( ; ; ) {
28
- - xmlChar *escaped;
29
- - xmlChar endChar;
30
- - xmlChar *end = NULL;
31
- - xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
32
- - if (start != NULL) {
33
- - end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
34
- - if (end != NULL) {
35
- - *start = '\0';
36
- - }
37
- - }
38
- -
39
- - /* Escape the whole string, or until start (set to '\0'). */
40
- - escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
41
- - if (escaped != NULL) {
42
- - xmlBufCat(buf->buffer, escaped);
43
- - xmlFree(escaped);
44
- - } else {
45
- - xmlBufCat(buf->buffer, tmp);
46
- - }
47
- -
48
- - if (end == NULL) { /* Everything has been written. */
49
- - break;
50
- - }
51
- -
52
- - /* Do not escape anything within server side includes. */
53
- - *start = '<'; /* Restore the first character of "<!--". */
54
- - end += 3; /* strlen("-->") */
55
- - endChar = *end;
56
- - *end = '\0';
57
- - xmlBufCat(buf->buffer, start);
58
- - *end = endChar;
59
- - tmp = end;
60
- + /*
61
- + * the < and > have already been escaped at the entity level
62
- + * And doing so here breaks server side includes
63
- + */
64
- + escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
65
- + if (escaped != NULL) {
66
- + xmlBufWriteQuotedString(buf->buffer, escaped);
67
- + xmlFree(escaped);
68
- + } else {
69
- + xmlBufWriteQuotedString(buf->buffer, value);
70
- }
71
- -
72
- - xmlBufCCat(buf->buffer, "\"");
73
- } else {
74
- xmlBufWriteQuotedString(buf->buffer, value);
75
- }
76
- --
77
- 2.9.5
78
-
@@ -1,40 +0,0 @@
1
- From 27e4aa8d885e47a296ea78d114dbbe8fc7aa3508 Mon Sep 17 00:00:00 2001
2
- From: Kevin Solorio <soloriok@gmail.com>
3
- Date: Fri, 1 Feb 2019 14:32:42 -0800
4
- Subject: [PATCH] Revert-support-html-h-b-7-1
5
-
6
- ---
7
- entities.c | 17 -----------------
8
- 1 file changed, 17 deletions(-)
9
-
10
- diff --git a/entities.c b/entities.c
11
- index 43549bc5..82652f6d 100644
12
- --- a/entities.c
13
- +++ b/entities.c
14
- @@ -623,23 +623,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
15
- *out++ = 't';
16
- *out++ = ';';
17
- } else if (*cur == '&') {
18
- - /*
19
- - * Special handling of &{...} construct from HTML 4, see
20
- - * http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1
21
- - */
22
- - if (html && attr && (cur[1] == '{') &&
23
- - (strchr((const char *) cur, '}'))) {
24
- - while (*cur != '}') {
25
- - *out++ = *cur++;
26
- - indx = out - buffer;
27
- - if (indx + 100 > buffer_size) {
28
- - growBufferReentrant();
29
- - out = &buffer[indx];
30
- - }
31
- - }
32
- - *out++ = *cur++;
33
- - continue;
34
- - }
35
- *out++ = '&';
36
- *out++ = 'a';
37
- *out++ = 'm';
38
- --
39
- 2.16.2
40
-
@@ -1,44 +0,0 @@
1
- From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
2
- From: Kevin Solorio <soloriok@gmail.com>
3
- Date: Wed, 27 Feb 2019 14:34:17 -0800
4
- Subject: [PATCH 2/2] update entities.c to remove handling of ssi
5
-
6
- ---
7
- entities.c | 21 ---------------------
8
- 1 file changed, 21 deletions(-)
9
-
10
- diff --git a/entities.c b/entities.c
11
- index 43549bc5..5c4a2a60 100644
12
- --- a/entities.c
13
- +++ b/entities.c
14
- @@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
15
- * By default one have to encode at least '<', '>', '"' and '&' !
16
- */
17
- if (*cur == '<') {
18
- - const xmlChar *end;
19
- -
20
- - /*
21
- - * Special handling of server side include in HTML attributes
22
- - */
23
- - if (html && attr &&
24
- - (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
25
- - ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
26
- - while (cur != end) {
27
- - *out++ = *cur++;
28
- - indx = out - buffer;
29
- - if (indx + 100 > buffer_size) {
30
- - growBufferReentrant();
31
- - out = &buffer[indx];
32
- - }
33
- - }
34
- - *out++ = *cur++;
35
- - *out++ = *cur++;
36
- - *out++ = *cur++;
37
- - continue;
38
- - }
39
- *out++ = '&';
40
- *out++ = 'l';
41
- *out++ = 't';
42
- --
43
- 2.16.2
44
-