nokogiri 1.6.2.rc3 → 1.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7d046663b8199a5601e33642a0dccb55d75189d6
-  data.tar.gz: 62598c911cbaea20ebabb929f6f9a9aae29bfbaf
+  metadata.gz: 6d0ab593d0bcb4245a5e397a36552b750b9368ab
+  data.tar.gz: 7b765604091b8e6e389ae0fa715cef8d829813a1
 SHA512:
-  metadata.gz: d495243c4487f00ab92abbaa73a2abce192ba5d941f8e8423a64e7569a85b58ee2b982fb7ef3aacf7e44bd4205a134710b9b0cc95e579e3963a56013b2f9c2e4
-  data.tar.gz: b3a3f40a55c9ac5a4b3b0da16e7037a5338c20ce418a8ee47001d0721f0d0db211d1918759b0a8ab5024f93c2bc7b43beb72e7b7f59ab85d01f82a807abb0ca8
+  metadata.gz: bcadf1074f623cb21bd91cce62324011269e76eb2629714adae009c31f02a248b62b30b499a50a0e2acc6af3597e5c0aebaee50fbc9fb1bd10936c62e2f5dc0d
+  data.tar.gz: d53643d965657aa24d13b965bf0a1cf4b74bd3f71483adc5a3769bb5c93fd59557c95bbd301196479083327d7e2afec1f697f5c62ba16b196a0b6e2492f8c83b

data/CHANGELOG.ja.rdoc

@@ -1,47 +1,57 @@
-=== 1.6.2 / 未リリース
-
-* 註
-
-  * Now requires libxml >= 2.6.21 (was previously >= 2.6.17).
-
-* 機能
-
-  * Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32)
-    and add support for native builds on Windows. #864, #989, #1072
-  * (MRI) iconvが Windows-31J をサポートしていない場合は CP932 のエイリアスとして扱うようにした #836
-  * (MRI) 同梱ライブラリを静的にリンクするようになった (静的リンクをオフにするにはextconf.rbに --disable-static を渡す) #923
-  * (MRI) CRubyのバグ #9760 に起因するライブラリパス(LIBPATH)の優先順位問題に対応した
-  * (MRI) 同梱ライブラリのビルド後に不要になったディレクトリ群を自動的に削除するようになった (デバッグ等の目的で残すようにするにはextconf.rbに --disable-clean を渡す) #952
-  * (MRI) FreeBSDなど、libiconvがシステム標準ディレクトリ外にある環境でlibxml2がiconvサポート付きで正しくビルドされるようになった
-  * nthセレクタにおいてan-bを認識するようになった #886 (Magnus Bergmarkに感謝!)
-  * :not疑似クラスが、先行セレクタがない場合や複数重ねられた場合にも対応した #887 (Magnus Bergmarkに感謝!)
-  * (MRI) extconf.rb のオプション --use-system-libraries を追加
-    環境変数 NOKOGIRI_USE_SYSTEM_LIBRARIES を設定する代わりに使える
-  * (MRI) 同梱の libxslt を 1.1.28 に、 zlib を 1.2.8 に、 libiconv を 1.14 にそれぞれ更新した
-  * Nokogiri::HTML::Document#title= 及び #meta_encoding= は、head要素がない場合でも常に、最適な場所を探しつつ要素を追加するようになった
-  * Nokogiri::XML::DTD#html_dtd? と #html5_dtd? を追加
-  * Nokogiri::XML::Node#prepend_child を追加 #664
-  * Nokogiri::XML::SAX::ParserContext#recovery is added. #453
-
-* バグ修正
-
-  * :only-child疑似クラスが:not疑似クラスの中にある場合に正常な動作が行われるようになった #858 (Yamagishi Kazutoshiに感謝!)
-  * 同梱のライブラリを使う場合にはextconf.rbでpkg_configを呼ばなくなった #931 (Shota Fukumoriに感謝!)
-  * Nokogiri.parse()がRSS文書などをHTML文書として誤認する問題を修正 #932 (Yamagishi Kazutoshiに感謝!)
-  * (MRI) ノードに対して子ノードを追加する際、ノードタイプをチェックするようにした。従来はテキストノードに別のテキストノードを追加する操作によりSEGVが発生していた。 #1092
-  * (JRuby) XSD validation crashes in Java version. #373
-  * (JRuby) Document already has a root node error while using Builder. #646
-  * (JRuby) c14n tests are all passing on JRuby. #226
-  * Parsing empty documents raise SyntaxError in strict mode. #1005
-  * (JRuby) Make xpath faster by caching the xpath context. #741
-  * (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
-  * (JRUby) JRubyによるディフォルトネームスペースエイリアスの振る舞いがCRubyと同じではない。#940
-  * (JRuby) JRubyによるネームスペースのパースと追加の振る舞いが一致していない。 #943
-  * (JRuby) Builderで作ったドキュメントとクローンしたドキュメントではXpathの結果が違う。#1034
-  * (JRuby) Javaの実装はネームスペースを忘れることがある。 #902
-  * (JRuby) JRuby-Nokogiriはネームスペーススコープ内のアトリビュートを正しく認識しない。#1081
-  * (JRuby) JRuby-Nokogiriはコメントノードの名前が違う。#1080
-  * (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processingに問題がある。 #1070
+=== 1.6.2 / 2014年5月12日
+
+==== Security 註
+
+A set of security and bugfix patches have been backported from the libxml2 and libxslt repositories onto the version of 2.8.0 packaged with Nokogiri, including these notable security fixes:
+
+* https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
+* CVE-2013-2877 https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
+* CVE-2014-0191 https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
+
+It is recommended that you upgrade from 1.6.x to this version as soon as possible.
+
+==== Compatibility 註
+
+Now requires libxml >= 2.6.21 (was previously >= 2.6.17).
+
+==== 機能
+
+* Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32)
+  and add support for native builds on Windows. #864, #989, #1072
+* (MRI) iconvが Windows-31J をサポートしていない場合は CP932 のエイリアスとして扱うようにした #836
+* (MRI) 同梱ライブラリを静的にリンクするようになった (静的リンクをオフにするにはextconf.rbに --disable-static を渡す) #923
+* (MRI) CRubyのバグ #9760 に起因するライブラリパス(LIBPATH)の優先順位問題に対応した
+* (MRI) 同梱ライブラリのビルド後に不要になったディレクトリ群を自動的に削除するようになった (デバッグ等の目的で残すようにするにはextconf.rbに --disable-clean を渡す) #952
+* (MRI) FreeBSDなど、libiconvがシステム標準ディレクトリ外にある環境でlibxml2がiconvサポート付きで正しくビルドされるようになった
+* nthセレクタにおいてan-bを認識するようになった #886 (Magnus Bergmarkに感謝!)
+* :not疑似クラスが、先行セレクタがない場合や複数重ねられた場合にも対応した #887 (Magnus Bergmarkに感謝!)
+* (MRI) extconf.rb のオプション --use-system-libraries を追加
+  環境変数 NOKOGIRI_USE_SYSTEM_LIBRARIES を設定する代わりに使える
+* (MRI) 同梱の libxslt を 1.1.28 に、 zlib を 1.2.8 に、 libiconv を 1.14 にそれぞれ更新した
+* Nokogiri::HTML::Document#title= 及び #meta_encoding= は、head要素がない場合でも常に、最適な場所を探しつつ要素を追加するようになった
+* Nokogiri::XML::DTD#html_dtd? と #html5_dtd? を追加
+* Nokogiri::XML::Node#prepend_child を追加 #664
+* Nokogiri::XML::SAX::ParserContext#recovery is added. #453
+
+==== バグ修正
+
+* :only-child疑似クラスが:not疑似クラスの中にある場合に正常な動作が行われるようになった #858 (Yamagishi Kazutoshiに感謝!)
+* 同梱のライブラリを使う場合にはextconf.rbでpkg_configを呼ばなくなった #931 (Shota Fukumoriに感謝!)
+* Nokogiri.parse()がRSS文書などをHTML文書として誤認する問題を修正 #932 (Yamagishi Kazutoshiに感謝!)
+* (MRI) ノードに対して子ノードを追加する際、ノードタイプをチェックするようにした。従来はテキストノードに別のテキストノードを追加する操作によりSEGVが発生していた。 #1092
+* (JRuby) XSD validation crashes in Java version. #373
+* (JRuby) Document already has a root node error while using Builder. #646
+* (JRuby) c14n tests are all passing on JRuby. #226
+* Parsing empty documents raise SyntaxError in strict mode. #1005
+* (JRuby) Make xpath faster by caching the xpath context. #741
+* (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
+* (JRUby) JRubyによるディフォルトネームスペースエイリアスの振る舞いがCRubyと同じではない。#940
+* (JRuby) JRubyによるネームスペースのパースと追加の振る舞いが一致していない。 #943
+* (JRuby) Builderで作ったドキュメントとクローンしたドキュメントではXpathの結果が違う。#1034
+* (JRuby) Javaの実装はネームスペースを忘れることがある。 #902
+* (JRuby) JRuby-Nokogiriはネームスペーススコープ内のアトリビュートを正しく認識しない。#1081
+* (JRuby) JRuby-Nokogiriはコメントノードの名前が違う。#1080
+* (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processingに問題がある。 #1070
 
 === 1.6.1 / 2013年12月14日
 

data/CHANGELOG.rdoc

@@ -1,63 +1,57 @@
-=== 1.6.2 / unreleased
-
-* Notes
-
-  * Now requires libxml >= 2.6.21 (was previously >= 2.6.17).
-
-* Features
-
-  * Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32)
-    and add support for native builds on Windows. #864, #989, #1072
-  * (MRI) Alias CP932 to Windows-31J if iconv does not support Windows-31J.
-  * (MRI) Nokogiri now links packaged libraries statically.  To
-    disable static linking, pass --disable-static to extconf.rb. #923
-  * (MRI) Fix a library path (LIBPATH) precedence problem caused by CRuby
-    bug #9760.
-  * (MRI) Nokogiri automatically deletes directories of packaged
-    libraries only used during build.  To keep them for debugging
-    purposes, pass --disable-clean to extconf.rb. #952
-  * (MRI) Nokogiri now builds libxml2 properly with iconv support on
-    platforms where libiconv is installed outside the system default
-    directories, such as FreeBSD.
-  * Add support for an-b in nth selectors. #886 (Thanks, Magnus Bergmark!)
-  * Add support for bare and multiple :not() functions in selectors. #887
-    (Thanks, Magnus Bergmark!)
-  * (MRI) Add an extconf.rb option --use-system-libraries, alternative to
-    setting the environment variable NOKOGIRI_USE_SYSTEM_LIBRARIES.
-  * (MRI) Update packaged libraries: libxslt to 1.1.28, zlib to 1.2.8,
-    and libiconv to 1.14, respectively.
-  * Nokogiri::HTML::Document#title= and #meta_encoding= now always add
-    an element if not present, trying hard to find the best place to
-    put it.
-  * Nokogiri::XML::DTD#html_dtd? and #html5_dtd? are added.
-  * Nokogiri::XML::Node#prepend_child is added. #664
-  * Nokogiri::XML::SAX::ParserContext#recovery is added. #453
-  * Fix documentation for XML::Node#namespace. #803 #802 (Thanks, Hoylen Sue)
-  * Allow Nokogiri::XML::Node#parse from unparented non-element nodes. #407
-
-* Bugfixes
-
-  * Ensure :only-child pseudo class works within :not pseudo class. #858
-    (Thanks, Yamagishi Kazutoshi!)
-  * Don't call pkg_config when using bundled libraries in extconf.rb
-    #931 (Thanks, Shota Fukumori!)
-  * Nokogiri.parse() does not mistake a non-HTML document like a RSS
-    document as HTML document. #932 (Thanks, Yamagishi Kazutoshi!)
-  * (MRI) Perform a node type check before adding a child node to another.  Previously adding a text node to another as a child could cause a SEGV. #1092
-  * (JRuby) XSD validation crashes in Java version. #373
-  * (JRuby) Document already has a root node error while using Builder. #646
-  * (JRuby) c14n tests are all passing on JRuby. #226
-  * Parsing empty documents raise SyntaxError in strict mode. #1005
-  * (JRuby) Make xpath faster by caching the xpath context. #741
-  * (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
-  * (JRUby) Inconsistent behavior aliasing the default namespace. #940
-  * (JRuby) Inconsistent behavior between parsing and adding namespaces. #943
-  * (JRuby) Xpath returns inconsistent result set on cloned document with
-    namespaces and attributes. #1034
-  * (JRuby) Java-Implementation forgets element namespaces #902
-  * (JRuby) JRuby-Nokogiri does not recognise attributes inside namespaces #1081
-  * (JRuby) JRuby-Nokogiri has different comment node name #1080
-  * (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processing #1070
+=== 1.6.2 / 2014-05-12
+
+==== Security Note
+
+A set of security and bugfix patches have been backported from the libxml2 and libxslt repositories onto the version of 2.8.0 packaged with Nokogiri, including these notable security fixes:
+
+* https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
+* CVE-2013-2877 https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
+* CVE-2014-0191 https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
+
+It is recommended that you upgrade from 1.6.x to this version as soon as possible.
+
+==== Compatibility Note
+
+Now requires libxml >= 2.6.21 (was previously >= 2.6.17).
+
+==== Features
+
+* Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32) and add support for native builds on Windows. #864, #989, #1072
+* (MRI) Alias CP932 to Windows-31J if iconv does not support Windows-31J.
+* (MRI) Nokogiri now links packaged libraries statically. To disable static linking, pass --disable-static to extconf.rb. #923
+* (MRI) Fix a library path (LIBPATH) precedence problem caused by CRuby bug #9760.
+* (MRI) Nokogiri automatically deletes directories of packaged libraries only used during build. To keep them for debugging purposes, pass --disable-clean to extconf.rb. #952
+* (MRI) Nokogiri now builds libxml2 properly with iconv support on platforms where libiconv is installed outside the system default directories, such as FreeBSD.
+* Add support for an-b in nth selectors. #886 (Thanks, Magnus Bergmark!)
+* Add support for bare and multiple :not() functions in selectors. #887 (Thanks, Magnus Bergmark!)
+* (MRI) Add an extconf.rb option --use-system-libraries, alternative to setting the environment variable NOKOGIRI_USE_SYSTEM_LIBRARIES.
+* (MRI) Update packaged libraries: libxslt to 1.1.28, zlib to 1.2.8, and libiconv to 1.14, respectively.
+* Nokogiri::HTML::Document#title= and #meta_encoding= now always add an element if not present, trying hard to find the best place to put it.
+* Nokogiri::XML::DTD#html_dtd? and #html5_dtd? are added.
+* Nokogiri::XML::Node#prepend_child is added. #664
+* Nokogiri::XML::SAX::ParserContext#recovery is added. #453
+* Fix documentation for XML::Node#namespace. #803 #802 (Thanks, Hoylen Sue)
+* Allow Nokogiri::XML::Node#parse from unparented non-element nodes. #407
+
+==== Bugfixes
+
+* Ensure :only-child pseudo class works within :not pseudo class. #858 (Thanks, Yamagishi Kazutoshi!)
+* Don't call pkg_config when using bundled libraries in extconf.rb #931 (Thanks, Shota Fukumori!)
+* Nokogiri.parse() does not mistake a non-HTML document like a RSS document as HTML document. #932 (Thanks, Yamagishi Kazutoshi!)
+* (MRI) Perform a node type check before adding a child node to another. Previously adding a text node to another as a child could cause a SEGV. #1092
+* (JRuby) XSD validation crashes in Java version. #373
+* (JRuby) Document already has a root node error while using Builder. #646
+* (JRuby) c14n tests are all passing on JRuby. #226
+* Parsing empty documents raise SyntaxError in strict mode. #1005
+* (JRuby) Make xpath faster by caching the xpath context. #741
+* (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
+* (JRuby) Inconsistent behavior aliasing the default namespace. #940
+* (JRuby) Inconsistent behavior between parsing and adding namespaces. #943
+* (JRuby) Xpath returns inconsistent result set on cloned document with namespaces and attributes. #1034
+* (JRuby) Java-Implementation forgets element namespaces #902
+* (JRuby) JRuby-Nokogiri does not recognise attributes inside namespaces #1081
+* (JRuby) JRuby-Nokogiri has different comment node name #1080
+* (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processing #1070
 
 === 1.6.1 / 2013-12-14
 

data/README.ja.rdoc

@@ -1,9 +1,8 @@
 = Nokogiri (鋸) {<img src="https://secure.travis-ci.org/sparklemotion/nokogiri.png?rvm=1.9.3" />}[http://travis-ci.org/sparklemotion/nokogiri] {<img src="https://codeclimate.com/badge.png" />}[https://codeclimate.com/github/sparklemotion/nokogiri]
 
-* http://nokogiri.org/
-* https://github.com/sparklemotion/nokogiri/wikis
-* https://github.com/sparklemotion/nokogiri/tree/master
-* https://groups.google.com/group/nokogiri-list
+* http://nokogiri.org
+* https://github.com/sparklemotion/nokogiri
+* https://groups.google.com/group/nokogiri-talk
 * https://github.com/sparklemotion/nokogiri/issues
 
 == DESCRIPTION:

data/README.rdoc

@@ -1,7 +1,7 @@
 = Nokogiri {<img src="https://secure.travis-ci.org/sparklemotion/nokogiri.png?rvm=1.9.3" />}[http://travis-ci.org/sparklemotion/nokogiri] {<img src="https://codeclimate.com/github/sparklemotion/nokogiri.png" />}[https://codeclimate.com/github/sparklemotion/nokogiri] {<img src="https://www.versioneye.com/ruby/nokogiri/badge.png" alt="Dependency Status" />}[https://www.versioneye.com/ruby/nokogiri]
+
 * http://nokogiri.org
-* https://github.com/sparklemotion/nokogiri/wikis
-* https://github.com/sparklemotion/nokogiri/tree/master
+* https://github.com/sparklemotion/nokogiri
 * https://groups.google.com/group/nokogiri-talk
 * https://github.com/sparklemotion/nokogiri/issues
 

data/lib/nokogiri/version.rb

@@ -1,6 +1,6 @@
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = '1.6.2.rc3'
+  VERSION = '1.6.2'
 
   class VersionInfo # :nodoc:
     def jruby?

data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch

@@ -0,0 +1,39 @@
+From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 22 Apr 2014 15:30:56 +0800
+Subject: [PATCH] Do not fetch external parameter entities
+
+Unless explicitely asked for when validating or replacing entities
+with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>
+---
+ parser.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 9347ac9..c0dea05 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
+ 		    xmlCharEncoding enc;
+ 
+ 		    /*
++		     * Note: external parsed entities will not be loaded, it is
++		     * not required for a non-validating parser, unless the
++		     * option of validating, or substituting entities were
++		     * given. Doing so is far more secure as the parser will
++		     * only process data coming from the document entity by
++		     * default.
++		     */
++                    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++		        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++			((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++			(ctxt->validate == 0))
++			return;
++
++		    /*
+ 		     * handle the extra spaces added before and after
+ 		     * c.f. http://www.w3.org/TR/REC-xml#as-PE
+ 		     * this is done independently.
+-- 
+1.8.3.2
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.6.2.rc3
+  version: 1.6.2
 platform: ruby
 authors:
 - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-09 00:00:00.000000000 Z
+date: 2014-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile
@@ -405,6 +405,7 @@ files:
 - ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch
 - ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch
 - ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch
+- ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch
 - ports/patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch
 - ports/patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch
 - ports/patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch
@@ -546,9 +547,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: nokogiri
 rubygems_version: 2.2.2