RubyGems - nokogiri - Versions diffs - 1.6.3.1 → 1.6.4 - Mend

nokogiri 1.6.3.1 → 1.6.4

Potentially problematic release.

This version of nokogiri might be problematic. Click here for more details.

Files changed (47) hide show

checksums.yaml +4 -4
data/.travis.yml +7 -2
data/CHANGELOG.ja.rdoc +16 -0
data/CHANGELOG.rdoc +16 -0
data/Gemfile +2 -2
data/Manifest.txt +2 -11
data/README.ja.rdoc +2 -2
data/README.rdoc +2 -2
data/Rakefile +1 -1
data/build_all +1 -1
data/dependencies.yml +1 -1
data/ext/nokogiri/extconf.rb +115 -82
data/ext/nokogiri/nokogiri.c +4 -0
data/ext/nokogiri/xml_io.c +10 -6
data/ext/nokogiri/xml_syntax_error.c +2 -1
data/lib/nokogiri/css/parser.rb +175 -165
data/lib/nokogiri/css/parser.y +8 -2
data/lib/nokogiri/css/tokenizer.rb +1 -1
data/lib/nokogiri/css/tokenizer.rex +1 -1
data/lib/nokogiri/version.rb +3 -1
data/ports/archives/libxml2-2.9.2.tar.gz +0 -0
data/ports/patches/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +29 -0
data/ports/patches/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +31 -0
data/test/css/test_parser.rb +5 -0
data/test/css/test_tokenizer.rb +17 -0
data/test/html/test_document.rb +5 -5
data/test/html/test_document_fragment.rb +5 -0
data/test/xml/test_builder.rb +1 -1
data/test/xml/test_document.rb +1 -9
data/test/xml/test_entity_reference.rb +9 -3
data/test/xml/test_node.rb +1 -1
data/test/xml/test_syntax_error.rb +18 -0
data/test/xml/test_xpath.rb +2 -0
data/test_all +2 -2
metadata +11 -20
data/ports/archives/libxml2-2.8.0.tar.gz +0 -0
data/ports/patches/libxml2/0001-Fix-parser-local-buffers-size-problems.patch +0 -265
data/ports/patches/libxml2/0002-Fix-entities-local-buffers-size-problems.patch +0 -102
data/ports/patches/libxml2/0003-Fix-an-error-in-previous-commit.patch +0 -26
data/ports/patches/libxml2/0004-Fix-potential-out-of-bound-access.patch +0 -26
data/ports/patches/libxml2/0005-Detect-excessive-entities-expansion-upon-replacement.patch +0 -158
data/ports/patches/libxml2/0006-Do-not-fetch-external-parsed-entities.patch +0 -78
data/ports/patches/libxml2/0007-Enforce-XML_PARSER_EOF-state-handling-through-the-pa.patch +0 -480
data/ports/patches/libxml2/0008-Improve-handling-of-xmlStopParser.patch +0 -315
data/ports/patches/libxml2/0009-Fix-a-couple-of-return-without-value.patch +0 -37
data/ports/patches/libxml2/0010-Keep-non-significant-blanks-node-in-HTML-parser.patch +0 -2006
data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch +0 -39

data/ports/patches/libxml2/0011-Do-not-fetch-external-parameter-entities.patch DELETED

@@ -1,39 +0,0 @@
-From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 22 Apr 2014 15:30:56 +0800
-Subject: [PATCH] Do not fetch external parameter entities
-Unless explicitely asked for when validating or replacing entities
-with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>
----
- parser.c | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-diff --git a/parser.c b/parser.c
-index 9347ac9..c0dea05 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
- 		    xmlCharEncoding enc;
- 		    /*
-+		     * Note: external parsed entities will not be loaded, it is
-+		     * not required for a non-validating parser, unless the
-+		     * option of validating, or substituting entities were
-+		     * given. Doing so is far more secure as the parser will
-+		     * only process data coming from the document entity by
-+		     * default.
-+		     */
-+                    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
-+		        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
-+			((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
-+			(ctxt->validate == 0))
-+			return;
-+
-+		    /*
- 		     * handle the extra spaces added before and after
- 		     * c.f. http://www.w3.org/TR/REC-xml#as-PE
- 		     * this is done independently.
---
-1.8.3.2