nokogiri 1.6.2.1-x64-mingw32 → 1.6.3.rc1-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e80a3d0f5e98cb38e805e20816a9dbedfd72ebdb
4
- data.tar.gz: 38c9447c67d08a5759a01afcd1c7db20553d421f
3
+ metadata.gz: e101ca196ef0112f7f80ce3e0651f1f7d235d81d
4
+ data.tar.gz: fd39a994d9fb0f9cf3f7d6306b456f4b8ae94d89
5
5
  SHA512:
6
- metadata.gz: 7bcb96850804a2dd7f87e1899c7ab75cdd823ee394df347a88d46e3869a00ac6627164d7e325c105fd89954e6c153cefc0172924dfc9f2053faf9b60518e8a81
7
- data.tar.gz: f5034a2367ba3857467d65266f832f159f73e4502ee533c98ef6ea2ceb7c5daf90649d29ee5fb5318f47923613c2c8f2dced9497637b07f32da5918d0e4c87cf
6
+ metadata.gz: 198c70dcab649df02b7a7d46ceb51d579f03185e2628735cca15bc14be880f1cf2de796e42cae8f15b4be90054499df0c1adefdeb81228580cb93c91e4e1dca8
7
+ data.tar.gz: cab8082d82206a3c7f25ac03fd73b987f0401e4058eae8ee0047ecd9ca3dfff2f36a23d085bd24b12f3d68f1fe76132b57beaeba7ebe2e1f44a338188be9dbea
@@ -1,3 +1,11 @@
1
+ === 1.6.3 / unreleased
2
+
3
+ ==== Bug fixes
4
+
5
+ * Fix JRuby memory exhaustion vulnerability. #1087 (Thanks, @ocher!)
6
+ * Fix segfault during GC when using `libxml-ruby` and `nokogiri` together in multi-threaded environment. #895 (Thanks, @ender672!)
7
+
8
+
1
9
  === 1.6.2.1 / 2014年5月13日
2
10
 
3
11
  ==== バグ修正
@@ -1,3 +1,11 @@
1
+ === 1.6.3 / unreleased
2
+
3
+ ==== Bug fixes
4
+
5
+ * Fix JRuby memory exhaustion vulnerability. #1087 (Thanks, @ocher)
6
+ * Fix segfault during GC when using `libxml-ruby` and `nokogiri` together in multi-threaded environment. #895 (Thanks, @ender672!)
7
+
8
+
1
9
  === 1.6.2.1 / 2014-05-13
2
10
 
3
11
  ==== Bug fixes
@@ -17,13 +17,29 @@ static int dealloc_node_i(xmlNodePtr key, xmlNodePtr node, xmlDocPtr doc)
17
17
  return ST_CONTINUE;
18
18
  }
19
19
 
20
+ static void remove_private(xmlNodePtr node)
21
+ {
22
+ xmlNodePtr child;
23
+
24
+ for (child = node->children; child; child = child->next)
25
+ remove_private(child);
26
+
27
+ if ((node->type == XML_ELEMENT_NODE ||
28
+ node->type == XML_XINCLUDE_START ||
29
+ node->type == XML_XINCLUDE_END) &&
30
+ node->properties) {
31
+ for (child = (xmlNodePtr)node->properties; child; child = child->next)
32
+ remove_private(child);
33
+ }
34
+
35
+ node->_private = NULL;
36
+ }
37
+
20
38
  static void dealloc(xmlDocPtr doc)
21
39
  {
22
- xmlDeregisterNodeFunc func;
23
40
  st_table *node_hash;
24
41
 
25
42
  NOKOGIRI_DEBUG_START(doc);
26
- func = xmlDeregisterNodeDefault(NULL);
27
43
 
28
44
  node_hash = DOC_UNLINKED_NODE_HASH(doc);
29
45
 
@@ -31,10 +47,17 @@ static void dealloc(xmlDocPtr doc)
31
47
  st_free_table(node_hash);
32
48
 
33
49
  free(doc->_private);
34
- doc->_private = NULL;
50
+
51
+ /* When both Nokogiri and libxml-ruby are loaded, make sure that all nodes
52
+ * have their _private pointers cleared. This is to avoid libxml-ruby's
53
+ * xmlDeregisterNode callback from accessing VALUE pointers from ruby's GC
54
+ * free context, which can result in segfaults.
55
+ */
56
+ if (xmlDeregisterNodeDefaultValue)
57
+ remove_private((xmlNodePtr)doc);
58
+
35
59
  xmlFreeDoc(doc);
36
60
 
37
- xmlDeregisterNodeDefault(func);
38
61
  NOKOGIRI_DEBUG_END(doc);
39
62
  }
40
63
 
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.6.2.1'
3
+ VERSION = '1.6.3.rc1'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -625,6 +625,12 @@ module Nokogiri
625
625
  refute_empty doc.errors
626
626
  end
627
627
 
628
+ def test_memory_explosion_on_wrong_formatted_element_following_the_root_element
629
+ doc = Nokogiri::XML("<a/><\n")
630
+ refute_nil doc
631
+ refute_empty doc.errors
632
+ end
633
+
628
634
  def test_document_has_errors
629
635
  doc = Nokogiri::XML(<<-eoxml)
630
636
  <foo><bar></foo>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.2.1
4
+ version: 1.6.3.rc1
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2014-05-14 00:00:00.000000000 Z
15
+ date: 2014-05-22 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: mini_portile
@@ -525,9 +525,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
525
525
  version: 1.9.2
526
526
  required_rubygems_version: !ruby/object:Gem::Requirement
527
527
  requirements:
528
- - - '>='
528
+ - - '>'
529
529
  - !ruby/object:Gem::Version
530
- version: '0'
530
+ version: 1.3.1
531
531
  requirements: []
532
532
  rubyforge_project: nokogiri
533
533
  rubygems_version: 2.2.2