nokogiri 1.10.5 → 1.10.10
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8ea976ad079c6e265a2275365b6572541c675b6815a8cc08b6cdd18e08f86764
|
4
|
+
data.tar.gz: 33d11553009bb7563d6594802e0de35f5c950d7df07b828c54b6411f573d4a99
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c8b1e1b238c4a0f4354bb7358a31dbf2288cc654313267e65bbbacb996abf28eb7d40122fae3a27f0ae9a589531c6717a0f7be4660412b757a95b15e12661b30
|
7
|
+
data.tar.gz: 87769ba4a458792224e910db95258ae447714a0b732e69832d7ab643d798827e27faeafe29936067b4d07affb144dd88f6ab09de47e296c9f67b0bc4093176a8
|
data/ext/nokogiri/xml_schema.c
CHANGED
@@ -133,6 +133,31 @@ static VALUE read_memory(VALUE klass, VALUE content)
|
|
133
133
|
return rb_schema;
|
134
134
|
}
|
135
135
|
|
136
|
+
/* Schema creation will remove and deallocate "blank" nodes.
|
137
|
+
* If those blank nodes have been exposed to Ruby, they could get freed
|
138
|
+
* out from under the VALUE pointer. This function checks to see if any of
|
139
|
+
* those nodes have been exposed to Ruby, and if so we should raise an exception.
|
140
|
+
*/
|
141
|
+
static int has_blank_nodes_p(VALUE cache)
|
142
|
+
{
|
143
|
+
long i;
|
144
|
+
|
145
|
+
if (NIL_P(cache)) {
|
146
|
+
return 0;
|
147
|
+
}
|
148
|
+
|
149
|
+
for (i = 0; i < RARRAY_LEN(cache); i++) {
|
150
|
+
xmlNodePtr node;
|
151
|
+
VALUE element = rb_ary_entry(cache, i);
|
152
|
+
Data_Get_Struct(element, xmlNode, node);
|
153
|
+
if (xmlIsBlankNode(node)) {
|
154
|
+
return 1;
|
155
|
+
}
|
156
|
+
}
|
157
|
+
|
158
|
+
return 0;
|
159
|
+
}
|
160
|
+
|
136
161
|
/*
|
137
162
|
* call-seq:
|
138
163
|
* from_document(doc)
|
@@ -152,6 +177,10 @@ static VALUE from_document(VALUE klass, VALUE document)
|
|
152
177
|
/* In case someone passes us a node. ugh. */
|
153
178
|
doc = doc->doc;
|
154
179
|
|
180
|
+
if (has_blank_nodes_p(DOC_NODE_CACHE(doc))) {
|
181
|
+
rb_raise(rb_eArgError, "Creating a schema from a document that has blank nodes exposed to Ruby is dangerous");
|
182
|
+
}
|
183
|
+
|
155
184
|
ctx = xmlSchemaNewDocParserCtxt(doc);
|
156
185
|
|
157
186
|
errors = rb_ary_new();
|
data/lib/nokogiri/version.rb
CHANGED
@@ -0,0 +1,25 @@
|
|
1
|
+
From 0b6ae484761fa01242fe8b67b54e3eb2d282d83d Mon Sep 17 00:00:00 2001
|
2
|
+
From: Mike Dalessio <mike.dalessio@gmail.com>
|
3
|
+
Date: Wed, 4 Dec 2019 08:43:51 -0500
|
4
|
+
Subject: [PATCH] fix libxml2.la's path
|
5
|
+
|
6
|
+
---
|
7
|
+
Makefile.in | 2 +-
|
8
|
+
1 file changed, 1 insertion(+), 1 deletion(-)
|
9
|
+
|
10
|
+
diff --git a/Makefile.in b/Makefile.in
|
11
|
+
index cf96d41..1372d8b 100644
|
12
|
+
--- a/Makefile.in
|
13
|
+
+++ b/Makefile.in
|
14
|
+
@@ -1057,7 +1057,7 @@ clean-noinstLTLIBRARIES:
|
15
|
+
rm -f $${locs}; \
|
16
|
+
}
|
17
|
+
|
18
|
+
-libxml2.la: $(libxml2_la_OBJECTS) $(libxml2_la_DEPENDENCIES) $(EXTRA_libxml2_la_DEPENDENCIES)
|
19
|
+
+$(top_builddir)/libxml2.la: $(libxml2_la_OBJECTS) $(libxml2_la_DEPENDENCIES) $(EXTRA_libxml2_la_DEPENDENCIES)
|
20
|
+
$(AM_V_CCLD)$(libxml2_la_LINK) -rpath $(libdir) $(libxml2_la_OBJECTS) $(libxml2_la_LIBADD) $(LIBS)
|
21
|
+
|
22
|
+
testdso.la: $(testdso_la_OBJECTS) $(testdso_la_DEPENDENCIES) $(EXTRA_testdso_la_DEPENDENCIES)
|
23
|
+
--
|
24
|
+
2.17.1
|
25
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
|
2
|
+
From: Zhipeng Xie <xiezhipeng1@huawei.com>
|
3
|
+
Date: Thu, 12 Dec 2019 17:30:55 +0800
|
4
|
+
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
|
5
|
+
|
6
|
+
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
|
7
|
+
return NULL which cause a infinite loop in xmlStringLenDecodeEntities
|
8
|
+
|
9
|
+
Found with libFuzzer.
|
10
|
+
|
11
|
+
Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
|
12
|
+
---
|
13
|
+
parser.c | 3 ++-
|
14
|
+
1 file changed, 2 insertions(+), 1 deletion(-)
|
15
|
+
|
16
|
+
diff --git a/parser.c b/parser.c
|
17
|
+
index d1c3196..a34bb6c 100644
|
18
|
+
--- a/parser.c
|
19
|
+
+++ b/parser.c
|
20
|
+
@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
|
21
|
+
else
|
22
|
+
c = 0;
|
23
|
+
while ((c != 0) && (c != end) && /* non input consuming loop */
|
24
|
+
- (c != end2) && (c != end3)) {
|
25
|
+
+ (c != end2) && (c != end3) &&
|
26
|
+
+ (ctxt->instate != XML_PARSER_EOF)) {
|
27
|
+
|
28
|
+
if (c == 0) break;
|
29
|
+
if ((c == '&') && (str[1] == '#')) {
|
30
|
+
--
|
31
|
+
2.17.1
|
32
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.
|
4
|
+
version: 1.10.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -14,7 +14,7 @@ authors:
|
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
|
-
date:
|
17
|
+
date: 2020-07-06 00:00:00.000000000 Z
|
18
18
|
dependencies:
|
19
19
|
- !ruby/object:Gem::Dependency
|
20
20
|
name: mini_portile2
|
@@ -148,28 +148,28 @@ dependencies:
|
|
148
148
|
requirements:
|
149
149
|
- - "~>"
|
150
150
|
- !ruby/object:Gem::Version
|
151
|
-
version: 1.0
|
151
|
+
version: 1.1.0
|
152
152
|
type: :development
|
153
153
|
prerelease: false
|
154
154
|
version_requirements: !ruby/object:Gem::Requirement
|
155
155
|
requirements:
|
156
156
|
- - "~>"
|
157
157
|
- !ruby/object:Gem::Version
|
158
|
-
version: 1.0
|
158
|
+
version: 1.1.0
|
159
159
|
- !ruby/object:Gem::Dependency
|
160
160
|
name: rake-compiler-dock
|
161
161
|
requirement: !ruby/object:Gem::Requirement
|
162
162
|
requirements:
|
163
163
|
- - "~>"
|
164
164
|
- !ruby/object:Gem::Version
|
165
|
-
version:
|
165
|
+
version: '1.0'
|
166
166
|
type: :development
|
167
167
|
prerelease: false
|
168
168
|
version_requirements: !ruby/object:Gem::Requirement
|
169
169
|
requirements:
|
170
170
|
- - "~>"
|
171
171
|
- !ruby/object:Gem::Version
|
172
|
-
version:
|
172
|
+
version: '1.0'
|
173
173
|
- !ruby/object:Gem::Dependency
|
174
174
|
name: rexical
|
175
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -238,14 +238,14 @@ dependencies:
|
|
238
238
|
requirements:
|
239
239
|
- - "~>"
|
240
240
|
- !ruby/object:Gem::Version
|
241
|
-
version: '3.
|
241
|
+
version: '3.22'
|
242
242
|
type: :development
|
243
243
|
prerelease: false
|
244
244
|
version_requirements: !ruby/object:Gem::Requirement
|
245
245
|
requirements:
|
246
246
|
- - "~>"
|
247
247
|
- !ruby/object:Gem::Version
|
248
|
-
version: '3.
|
248
|
+
version: '3.22'
|
249
249
|
description: |-
|
250
250
|
Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
|
251
251
|
Nokogiri's many features is the ability to search documents via XPath
|
@@ -442,12 +442,19 @@ files:
|
|
442
442
|
- patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
|
443
443
|
- patches/libxml2/0002-Remove-script-macro-support.patch
|
444
444
|
- patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
|
445
|
+
- patches/libxml2/0004-libxml2.la-is-in-top_builddir.patch
|
446
|
+
- patches/libxml2/0005-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
|
445
447
|
- ports/archives/libxml2-2.9.10.tar.gz
|
446
448
|
- ports/archives/libxslt-1.1.34.tar.gz
|
447
|
-
homepage:
|
449
|
+
homepage: https://nokogiri.org
|
448
450
|
licenses:
|
449
451
|
- MIT
|
450
|
-
metadata:
|
452
|
+
metadata:
|
453
|
+
homepage_uri: https://nokogiri.org
|
454
|
+
bug_tracker_uri: https://github.com/sparklemotion/nokogiri/issues
|
455
|
+
documentation_uri: https://nokogiri.org/rdoc/index.html
|
456
|
+
changelog_uri: https://nokogiri.org/CHANGELOG.html
|
457
|
+
source_code_uri: https://github.com/sparklemotion/nokogiri
|
451
458
|
post_install_message:
|
452
459
|
rdoc_options:
|
453
460
|
- "--main"
|
@@ -465,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
465
472
|
- !ruby/object:Gem::Version
|
466
473
|
version: '0'
|
467
474
|
requirements: []
|
468
|
-
rubygems_version: 3.0.
|
475
|
+
rubygems_version: 3.0.8
|
469
476
|
signing_key:
|
470
477
|
specification_version: 4
|
471
478
|
summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
|