RubyGems - nokogiri - Versions diffs - 1.10.5-x86-mingw32 → 1.10.10-x86-mingw32 - Mend

nokogiri 1.10.5-x86-mingw32 → 1.10.10-x86-mingw32

Potentially problematic release.

This version of nokogiri might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +4 -4
data/ext/nokogiri/xml_schema.c +29 -0
data/lib/nokogiri/2.3/nokogiri.so +0 -0
data/lib/nokogiri/2.4/nokogiri.so +0 -0
data/lib/nokogiri/2.5/nokogiri.so +0 -0
data/lib/nokogiri/2.6/nokogiri.so +0 -0
data/lib/nokogiri/2.7/nokogiri.so +0 -0
data/lib/nokogiri/version.rb +1 -1
metadata +18 -16
data/patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch +0 -78
data/patches/libxml2/0002-Remove-script-macro-support.patch +0 -40
data/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch +0 -44

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c677ef927f92ae419153a3fc3278e6d899fc557a6ebafa9c2686f41926c7dca
-  data.tar.gz: 91a11a9056616b5349e338af67ea8e964fd879ac46e8370de680392acb980abc
+  metadata.gz: 4b3cc7047ee4e20abec1b6bd99252fb63f1430abfe501c582dbbccfd557d7218
+  data.tar.gz: a48ecd19b235fafeee336bc26360b52aee83f76d95c359138a655bea2fd607b4
 SHA512:
-  metadata.gz: eefa7a1deca88a65bb1166c7451b974b9bccdbe640dd71d9d7d54e62a1ca9ba1dd69c0bc66105ecdd8b1f54328c703e523b5915655d8bfaac2cf86ec6bb5a39e
-  data.tar.gz: f8ab04a30dadea34d75ca190be6821ceda631a7c3fa311b4bc107ead0fbf9fd77d2bd087854e1c19770ae8899346fe603791ad6cc45cfc3c75151077c66e10da
+  metadata.gz: 979dc20b49aa0b8abad9f50f63f269f6be64b9ad728171a54f6bca0d1497fc536e84bd22a5f04f8e3025d44a4e362c51d4068784e3afe541464d6aeefdc68363
+  data.tar.gz: fefea5811b85b82c117c81db41cc9d4654631fdac8c80b511a1f3b2b8032eced1dddaa4f740099057025221e8f96e95374269d91b7dc9dea745c469fc1c5775c

data/ext/nokogiri/xml_schema.c CHANGED

@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
   return rb_schema;
 }
+/* Schema creation will remove and deallocate "blank" nodes.
+ * If those blank nodes have been exposed to Ruby, they could get freed
+ * out from under the VALUE pointer.  This function checks to see if any of
+ * those nodes have been exposed to Ruby, and if so we should raise an exception.
+ */
+static int has_blank_nodes_p(VALUE cache)
+{
+    long i;
+    if (NIL_P(cache)) {
+        return 0;
+    }
+    for (i = 0; i < RARRAY_LEN(cache); i++) {
+        xmlNodePtr node;
+        VALUE element = rb_ary_entry(cache, i);
+        Data_Get_Struct(element, xmlNode, node);
+        if (xmlIsBlankNode(node)) {
+            return 1;
+        }
+    }
+    return 0;
+}
 /*
  * call-seq:
  *  from_document(doc)
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
   /* In case someone passes us a node. ugh. */
   doc = doc->doc;
+  if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
+    rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
+  }
   ctx = xmlSchemaNewDocParserCtxt(doc);
   errors = rb_ary_new();

data/lib/nokogiri/2.3/nokogiri.so CHANGED

Binary file

data/lib/nokogiri/2.4/nokogiri.so CHANGED

Binary file

data/lib/nokogiri/2.5/nokogiri.so CHANGED

Binary file

data/lib/nokogiri/2.6/nokogiri.so CHANGED

Binary file

data/lib/nokogiri/2.7/nokogiri.so ADDED

Binary file

data/lib/nokogiri/version.rb CHANGED

@@ -1,6 +1,6 @@
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.10.5"
+  VERSION = "1.10.10"
   class VersionInfo # :nodoc:
     def jruby?

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.10.5
+  version: 1.10.10
 platform: x86-mingw32
 authors:
 - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-10-31 00:00:00.000000000 Z
+date: 2020-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile2
@@ -148,28 +148,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 1.1.0
 - !ruby/object:Gem::Dependency
   name: rake-compiler-dock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rexical
   requirement: !ruby/object:Gem::Requirement
@@ -238,14 +238,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.22'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.18'
+        version: '3.22'
 description: |-
   Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser.  Among
   Nokogiri's many features is the ability to search documents via XPath
@@ -380,6 +380,7 @@ files:
 - lib/nokogiri/2.4/nokogiri.so
 - lib/nokogiri/2.5/nokogiri.so
 - lib/nokogiri/2.6/nokogiri.so
+- lib/nokogiri/2.7/nokogiri.so
 - lib/nokogiri/css.rb
 - lib/nokogiri/css/node.rb
 - lib/nokogiri/css/parser.rb
@@ -442,13 +443,15 @@ files:
 - lib/nokogiri/xslt.rb
 - lib/nokogiri/xslt/stylesheet.rb
 - lib/xsd/xmlparser/nokogiri.rb
-- patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
-- patches/libxml2/0002-Remove-script-macro-support.patch
-- patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
-homepage:
+homepage: https://nokogiri.org
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://nokogiri.org
+  bug_tracker_uri: https://github.com/sparklemotion/nokogiri/issues
+  documentation_uri: https://nokogiri.org/rdoc/index.html
+  changelog_uri: https://nokogiri.org/CHANGELOG.html
+  source_code_uri: https://github.com/sparklemotion/nokogiri
 post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.10,
   libxslt-1.1.34, zlib-1.2.11, libiconv-1.15.
@@ -465,15 +468,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.3'
   - - "<"
     - !ruby/object:Gem::Version
-      version: 2.7.dev
+      version: 2.8.dev
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.9
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser

data/patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch DELETED

@@ -1,78 +0,0 @@
-From c5538465c08a8ea248a370bf55bc39cd3385e4af Mon Sep 17 00:00:00 2001
-From: Mike Dalessio <mike.dalessio@gmail.com>
-Date: Thu, 29 Mar 2018 14:09:00 -0400
-Subject: [PATCH] Revert "Do not URI escape in server side includes"
-This reverts commit 960f0e275616cadc29671a218d7fb9b69eb35588.
----
- HTMLtree.c | 49 +++++++++++--------------------------------------
- 1 file changed, 11 insertions(+), 38 deletions(-)
-diff --git a/HTMLtree.c b/HTMLtree.c
-index 2fd0c9c..67160c5 100644
---- a/HTMLtree.c
-+++ b/HTMLtree.c
-@@ -717,49 +717,22 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur,
- 		 (!xmlStrcasecmp(cur->name, BAD_CAST "src")) ||
- 		 ((!xmlStrcasecmp(cur->name, BAD_CAST "name")) &&
- 		  (!xmlStrcasecmp(cur->parent->name, BAD_CAST "a"))))) {
-+		xmlChar *escaped;
- 		xmlChar *tmp = value;
--		/* xmlURIEscapeStr() escapes '"' so it can be safely used. */
--		xmlBufCCat(buf->buffer, "\"");
- 		while (IS_BLANK_CH(*tmp)) tmp++;
--		/* URI Escape everything, except server side includes. */
--		for ( ; ; ) {
--		    xmlChar *escaped;
--		    xmlChar endChar;
--		    xmlChar *end = NULL;
--		    xmlChar *start = (xmlChar *)xmlStrstr(tmp, BAD_CAST "<!--");
--		    if (start != NULL) {
--			end = (xmlChar *)xmlStrstr(tmp, BAD_CAST "-->");
--			if (end != NULL) {
--			    *start = '\0';
--			}
--		    }
--
--		    /* Escape the whole string, or until start (set to '\0'). */
--		    escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+");
--		    if (escaped != NULL) {
--		        xmlBufCat(buf->buffer, escaped);
--		        xmlFree(escaped);
--		    } else {
--		        xmlBufCat(buf->buffer, tmp);
--		    }
--
--		    if (end == NULL) { /* Everything has been written. */
--			break;
--		    }
--
--		    /* Do not escape anything within server side includes. */
--		    *start = '<'; /* Restore the first character of "<!--". */
--		    end += 3; /* strlen("-->") */
--		    endChar = *end;
--		    *end = '\0';
--		    xmlBufCat(buf->buffer, start);
--		    *end = endChar;
--		    tmp = end;
-+		/*
-+		 * the < and > have already been escaped at the entity level
-+		 * And doing so here breaks server side includes
-+		 */
-+		escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>");
-+		if (escaped != NULL) {
-+		    xmlBufWriteQuotedString(buf->buffer, escaped);
-+		    xmlFree(escaped);
-+		} else {
-+		    xmlBufWriteQuotedString(buf->buffer, value);
- 		}
--
--		xmlBufCCat(buf->buffer, "\"");
- 	    } else {
- 		xmlBufWriteQuotedString(buf->buffer, value);
- 	    }
---
-2.9.5

data/patches/libxml2/0002-Remove-script-macro-support.patch DELETED

@@ -1,40 +0,0 @@
-From 27e4aa8d885e47a296ea78d114dbbe8fc7aa3508 Mon Sep 17 00:00:00 2001
-From: Kevin Solorio <soloriok@gmail.com>
-Date: Fri, 1 Feb 2019 14:32:42 -0800
-Subject: [PATCH] Revert-support-html-h-b-7-1
----
- entities.c | 17 -----------------
- 1 file changed, 17 deletions(-)
-diff --git a/entities.c b/entities.c
-index 43549bc5..82652f6d 100644
---- a/entities.c
-+++ b/entities.c
-@@ -623,23 +623,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
- 	    *out++ = 't';
- 	    *out++ = ';';
- 	} else if (*cur == '&') {
--	    /*
--	     * Special handling of &{...} construct from HTML 4, see
--	     * http://www.w3.org/TR/html401/appendix/notes.html#h-B.7.1
--	     */
--	    if (html && attr && (cur[1] == '{') &&
--	        (strchr((const char *) cur, '}'))) {
--	        while (*cur != '}') {
--		    *out++ = *cur++;
--		    indx = out - buffer;
--		    if (indx + 100 > buffer_size) {
--			growBufferReentrant();
--			out = &buffer[indx];
--		    }
--		}
--		*out++ = *cur++;
--		continue;
--	    }
- 	    *out++ = '&';
- 	    *out++ = 'a';
- 	    *out++ = 'm';
---
-2.16.2

data/patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch DELETED

@@ -1,44 +0,0 @@
-From ffc08467744bd2305d41ca882c37fa30adf3a067 Mon Sep 17 00:00:00 2001
-From: Kevin Solorio <soloriok@gmail.com>
-Date: Wed, 27 Feb 2019 14:34:17 -0800
-Subject: [PATCH 2/2] update entities.c to remove handling of ssi
----
- entities.c | 21 ---------------------
- 1 file changed, 21 deletions(-)
-diff --git a/entities.c b/entities.c
-index 43549bc5..5c4a2a60 100644
---- a/entities.c
-+++ b/entities.c
-@@ -592,27 +592,6 @@ xmlEncodeEntitiesInternal(xmlDocPtr doc, const xmlChar *input, int attr) {
- 	 * By default one have to encode at least '<', '>', '"' and '&' !
- 	 */
- 	if (*cur == '<') {
--	    const xmlChar *end;
--
--	    /*
--	     * Special handling of server side include in HTML attributes
--	     */
--	    if (html && attr &&
--	        (cur[1] == '!') && (cur[2] == '-') && (cur[3] == '-') &&
--	        ((end = xmlStrstr(cur, BAD_CAST "-->")) != NULL)) {
--	        while (cur != end) {
--		    *out++ = *cur++;
--		    indx = out - buffer;
--		    if (indx + 100 > buffer_size) {
--			growBufferReentrant();
--			out = &buffer[indx];
--		    }
--		}
--		*out++ = *cur++;
--		*out++ = *cur++;
--		*out++ = *cur++;
--		continue;
--	    }
- 	    *out++ = '&';
- 	    *out++ = 'l';
- 	    *out++ = 't';
---
-2.16.2