nokogiri 1.6.3.1-java → 1.6.4-java
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +7 -2
- data/CHANGELOG.ja.rdoc +16 -0
- data/CHANGELOG.rdoc +16 -0
- data/Gemfile +2 -2
- data/Manifest.txt +2 -11
- data/README.ja.rdoc +2 -2
- data/README.rdoc +2 -2
- data/Rakefile +1 -1
- data/build_all +17 -17
- data/dependencies.yml +1 -1
- data/ext/nokogiri/extconf.rb +115 -82
- data/ext/nokogiri/nokogiri.c +4 -0
- data/ext/nokogiri/xml_io.c +10 -6
- data/ext/nokogiri/xml_syntax_error.c +2 -1
- data/lib/nokogiri/css/parser.rb +175 -165
- data/lib/nokogiri/css/parser.y +8 -2
- data/lib/nokogiri/css/tokenizer.rb +1 -1
- data/lib/nokogiri/css/tokenizer.rex +1 -1
- data/lib/nokogiri/nokogiri.jar +0 -0
- data/lib/nokogiri/version.rb +3 -1
- data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +29 -0
- data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +31 -0
- data/test/css/test_parser.rb +5 -0
- data/test/css/test_tokenizer.rb +17 -0
- data/test/html/test_document.rb +5 -5
- data/test/html/test_document_fragment.rb +5 -0
- data/test/xml/test_builder.rb +1 -1
- data/test/xml/test_document.rb +1 -9
- data/test/xml/test_entity_reference.rb +9 -3
- data/test/xml/test_node.rb +1 -1
- data/test/xml/test_syntax_error.rb +18 -0
- data/test/xml/test_xpath.rb +2 -0
- data/test_all +2 -2
- metadata +9 -18
- data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +0 -265
- data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +0 -102
- data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +0 -26
- data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +0 -26
- data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +0 -158
- data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +0 -78
- data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +0 -480
- data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +0 -315
- data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +0 -37
- data/ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch +0 -2006
- data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch +0 -39
@@ -1,39 +0,0 @@
|
|
1
|
-
From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
|
2
|
-
From: Daniel Veillard <veillard@redhat.com>
|
3
|
-
Date: Tue, 22 Apr 2014 15:30:56 +0800
|
4
|
-
Subject: [PATCH] Do not fetch external parameter entities
|
5
|
-
|
6
|
-
Unless explicitely asked for when validating or replacing entities
|
7
|
-
with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>
|
8
|
-
---
|
9
|
-
parser.c | 14 ++++++++++++++
|
10
|
-
1 file changed, 14 insertions(+)
|
11
|
-
|
12
|
-
diff --git a/parser.c b/parser.c
|
13
|
-
index 9347ac9..c0dea05 100644
|
14
|
-
--- a/parser.c
|
15
|
-
+++ b/parser.c
|
16
|
-
@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
|
17
|
-
xmlCharEncoding enc;
|
18
|
-
|
19
|
-
/*
|
20
|
-
+ * Note: external parsed entities will not be loaded, it is
|
21
|
-
+ * not required for a non-validating parser, unless the
|
22
|
-
+ * option of validating, or substituting entities were
|
23
|
-
+ * given. Doing so is far more secure as the parser will
|
24
|
-
+ * only process data coming from the document entity by
|
25
|
-
+ * default.
|
26
|
-
+ */
|
27
|
-
+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
|
28
|
-
+ ((ctxt->options & XML_PARSE_NOENT) == 0) &&
|
29
|
-
+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
|
30
|
-
+ (ctxt->validate == 0))
|
31
|
-
+ return;
|
32
|
-
+
|
33
|
-
+ /*
|
34
|
-
* handle the extra spaces added before and after
|
35
|
-
* c.f. http://www.w3.org/TR/REC-xml#as-PE
|
36
|
-
* this is done independently.
|
37
|
-
--
|
38
|
-
1.8.3.2
|
39
|
-
|