nokogiri 1.6.6.4 → 1.6.7.rc2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of nokogiri might be problematic. Click here for more details.

Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.cross_rubies +7 -5
  3. data/.travis.yml +33 -30
  4. data/CHANGELOG.ja.rdoc +15 -18
  5. data/CHANGELOG.rdoc +12 -15
  6. data/Gemfile +2 -1
  7. data/LICENSE.txt +31 -0
  8. data/Manifest.txt +4 -24
  9. data/README.md +170 -0
  10. data/Rakefile +24 -22
  11. data/appveyor.yml +22 -0
  12. data/build_all +6 -90
  13. data/ext/nokogiri/extconf.rb +29 -31
  14. data/ext/nokogiri/xml_node.c +21 -11
  15. data/lib/nokogiri/version.rb +1 -1
  16. data/lib/nokogiri/xml/node.rb +16 -0
  17. data/{ports/patches → patches}/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +0 -0
  18. data/{ports/patches → patches}/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +0 -0
  19. data/{ports/patches → patches}/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch +0 -0
  20. data/{ports/patches → patches}/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch +0 -0
  21. data/{ports/patches → patches}/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch +0 -0
  22. data/{ports/patches → patches}/libxslt/0004-EXSLT-function-str-replace-is-broken-as-is.patch +0 -0
  23. data/{ports/patches → patches}/libxslt/0006-Fix-str-padding-to-work-with-UTF-8-strings.patch +0 -0
  24. data/{ports/patches → patches}/libxslt/0007-Separate-function-for-predicate-matching-in-patterns.patch +0 -0
  25. data/{ports/patches → patches}/libxslt/0008-Fix-direct-pattern-matching.patch +0 -0
  26. data/{ports/patches → patches}/libxslt/0009-Fix-certain-patterns-with-predicates.patch +0 -0
  27. data/{ports/patches → patches}/libxslt/0010-Fix-handling-of-UTF-8-strings-in-EXSLT-crypto-module.patch +0 -0
  28. data/{ports/patches → patches}/libxslt/0013-Memory-leak-in-xsltCompileIdKeyPattern-error-path.patch +0 -0
  29. data/{ports/patches → patches}/libxslt/0014-Fix-for-bug-436589.patch +0 -0
  30. data/{ports/patches → patches}/libxslt/0015-Fix-mkdir-for-mingw.patch +0 -0
  31. data/{ports/patches → patches}/sort-patches-by-date +0 -0
  32. data/test/html/test_document.rb +21 -3
  33. data/test/xml/sax/test_parser.rb +11 -0
  34. data/test/xml/test_document.rb +11 -0
  35. data/test_all +3 -3
  36. metadata +79 -71
  37. data/README.ja.rdoc +0 -112
  38. data/README.rdoc +0 -177
  39. data/ports/patches/libxml2/0003-Stop-parsing-on-entities-boundaries-errors.patch +0 -32
  40. data/ports/patches/libxml2/0004-Cleanup-conditional-section-error-handling.patch +0 -49
  41. data/ports/patches/libxml2/0005-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch +0 -177
  42. data/ports/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch +0 -32
  43. data/ports/patches/libxml2/0007-Fix-an-error-in-previous-Conditional-section-patch.patch +0 -28
  44. data/ports/patches/libxml2/0008-CVE-2015-8035-Fix-XZ-compression-support-loop.patch +0 -31
  45. data/ports/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch +0 -64
  46. data/ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch +0 -29
data/ports/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch DELETED
@@ -1,32 +0,0 @@
1
- From 9ee30e69f63379b3caf451aa7ae4058a1fa2fa73 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 23 Oct 2015 19:02:28 +0800
4
- Subject: [PATCH 6/8] Another variation of overflow in Conditional sections
5
-
6
- Which happen after the previous fix to
7
- https://bugzilla.gnome.org/show_bug.cgi?id=756456
8
-
9
- But stopping the parser and exiting we didn't pop the intermediary entities
10
- and doing the SKIP there applies on an input which may be too small
11
- ---
12
- parser.c | 4 +++-
13
- 1 file changed, 3 insertions(+), 1 deletion(-)
14
-
15
- diff --git a/parser.c b/parser.c
16
- index 1e714e7..0b8d633 100644
17
- --- a/parser.c
18
- +++ b/parser.c
19
- @@ -6904,7 +6904,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
20
- "All markup of the conditional section is not in the same entity\n",
21
- NULL, NULL);
22
- }
23
- - SKIP(3);
24
- + if ((ctxt-> instate != XML_PARSER_EOF) &&
25
- + ((ctxt->input->cur + 3) < ctxt->input->end))
26
- + SKIP(3);
27
- }
28
- }
29
-
30
- --
31
- 2.5.0
32
-
data/ports/patches/libxml2/0007-Fix-an-error-in-previous-Conditional-section-patch.patch DELETED
@@ -1,28 +0,0 @@
1
- From 587f0e0133f51f3e09d1166cc0f6b24b50ddb357 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Tue, 27 Oct 2015 10:53:44 +0800
4
- Subject: [PATCH 7/8] Fix an error in previous Conditional section patch
5
-
6
- an off by one mistake in the change, led to error on correct
7
- document where the end of the included entity was exactly
8
- the end of the conditional section, leading to regtest failure
9
- ---
10
- parser.c | 2 +-
11
- 1 file changed, 1 insertion(+), 1 deletion(-)
12
-
13
- diff --git a/parser.c b/parser.c
14
- index 0b8d633..0650d2a 100644
15
- --- a/parser.c
16
- +++ b/parser.c
17
- @@ -6905,7 +6905,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
18
- NULL, NULL);
19
- }
20
- if ((ctxt-> instate != XML_PARSER_EOF) &&
21
- - ((ctxt->input->cur + 3) < ctxt->input->end))
22
- + ((ctxt->input->cur + 3) <= ctxt->input->end))
23
- SKIP(3);
24
- }
25
- }
26
- --
27
- 2.5.0
28
-
data/ports/patches/libxml2/0008-CVE-2015-8035-Fix-XZ-compression-support-loop.patch DELETED
@@ -1,31 +0,0 @@
1
- From 8f905eeb2aa553ee50194ed38db7186653ec6e1c Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Tue, 3 Nov 2015 15:31:25 +0800
4
- Subject: [PATCH 8/8] CVE-2015-8035 Fix XZ compression support loop
5
-
6
- For https://bugzilla.gnome.org/show_bug.cgi?id=757466
7
- DoS when parsing specially crafted XML document if XZ support
8
- is compiled in (which wasn't the case for 2.9.2 and master since
9
- Nov 2013, fixed in next commit !)
10
- ---
11
- xzlib.c | 4 ++++
12
- 1 file changed, 4 insertions(+)
13
-
14
- diff --git a/xzlib.c b/xzlib.c
15
- index 0dcb9f4..1fab546 100644
16
- --- a/xzlib.c
17
- +++ b/xzlib.c
18
- @@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
19
- xz_error(state, LZMA_DATA_ERROR, "compressed data error");
20
- return -1;
21
- }
22
- + if (ret == LZMA_PROG_ERROR) {
23
- + xz_error(state, LZMA_PROG_ERROR, "compression error");
24
- + return -1;
25
- + }
26
- } while (strm->avail_out && ret != LZMA_STREAM_END);
27
-
28
- /* update available output and crc check value */
29
- --
30
- 2.5.0
31
-
data/ports/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch DELETED
@@ -1,64 +0,0 @@
1
- From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Fri, 30 Oct 2015 21:14:55 +0800
4
- Subject: Fix parsing short unclosed comment uninitialized access
5
-
6
- For https://bugzilla.gnome.org/show_bug.cgi?id=746048
7
- The HTML parser was too optimistic when processing comments and
8
- didn't check for the end of the stream on the first 2 characters
9
- ---
10
- HTMLparser.c | 21 ++++++++++++++-------
11
- 1 file changed, 14 insertions(+), 7 deletions(-)
12
-
13
- diff --git a/HTMLparser.c b/HTMLparser.c
14
- index 19c10c3..bdf7807 100644
15
- --- a/HTMLparser.c
16
- +++ b/HTMLparser.c
17
- @@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
18
- ctxt->instate = state;
19
- return;
20
- }
21
- + len = 0;
22
- + buf[len] = 0;
23
- q = CUR_CHAR(ql);
24
- + if (!IS_CHAR(q))
25
- + goto unfinished;
26
- NEXTL(ql);
27
- r = CUR_CHAR(rl);
28
- + if (!IS_CHAR(r))
29
- + goto unfinished;
30
- NEXTL(rl);
31
- cur = CUR_CHAR(l);
32
- - len = 0;
33
- while (IS_CHAR(cur) &&
34
- ((cur != '>') ||
35
- (r != '-') || (q != '-'))) {
36
- @@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
37
- }
38
- }
39
- buf[len] = 0;
40
- - if (!IS_CHAR(cur)) {
41
- - htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
42
- - "Comment not terminated \n<!--%.50s\n", buf, NULL);
43
- - xmlFree(buf);
44
- - } else {
45
- + if (IS_CHAR(cur)) {
46
- NEXT;
47
- if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
48
- (!ctxt->disableSAX))
49
- ctxt->sax->comment(ctxt->userData, buf);
50
- xmlFree(buf);
51
- + ctxt->instate = state;
52
- + return;
53
- }
54
- - ctxt->instate = state;
55
- +
56
- +unfinished:
57
- + htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
58
- + "Comment not terminated \n<!--%.50s\n", buf, NULL);
59
- + xmlFree(buf);
60
- }
61
-
62
- /**
63
- --
64
- cgit v0.11.2
data/ports/patches/libxslt/0016-Fix-for-type-confusion-in-preprocessing-attributes.patch DELETED
@@ -1,29 +0,0 @@
1
- From 5865b9545891a38608374ff6458663e483a0dfb5 Mon Sep 17 00:00:00 2001
2
- From: Daniel Veillard <veillard@redhat.com>
3
- Date: Thu, 29 Oct 2015 19:33:23 +0800
4
- Subject: [PATCH] Fix for type confusion in preprocessing attributes
5
-
6
- CVE-2015-7995 http://www.openwall.com/lists/oss-security/2015/10/27/10
7
- We need to check that the parent node is an element before dereferencing
8
- its namespace
9
- ---
10
- libxslt/preproc.c | 3 ++-
11
- 1 file changed, 2 insertions(+), 1 deletion(-)
12
-
13
- diff --git a/libxslt/preproc.c b/libxslt/preproc.c
14
- index 4ef3f63..dac6acb 100644
15
- --- a/libxslt/preproc.c
16
- +++ b/libxslt/preproc.c
17
- @@ -2245,7 +2245,8 @@ xsltStylePreCompute(xsltStylesheetPtr style, xmlNodePtr inst) {
18
- } else if (IS_XSLT_NAME(inst, "attribute")) {
19
- xmlNodePtr parent = inst->parent;
20
-
21
- - if ((parent == NULL) || (parent->ns == NULL) ||
22
- + if ((parent == NULL) ||
23
- + (parent->type != XML_ELEMENT_NODE) || (parent->ns == NULL) ||
24
- ((parent->ns != inst->ns) &&
25
- (!xmlStrEqual(parent->ns->href, inst->ns->href))) ||
26
- (!xmlStrEqual(parent->name, BAD_CAST "attribute-set"))) {
27
- --
28
- 2.5.0
29
-