nokogiri 1.6.7.1 → 1.6.7.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c62a0f60246bbc73ddbbb0f0ab78fb0ee835e7e0
4
- data.tar.gz: ae8e6b78fefbbee6c0e69abab11aae9ed8f140ef
3
+ metadata.gz: 44efc9ecb420ea82808bccb3a6483a4c3c495800
4
+ data.tar.gz: bbe9d9ba340c51db36cd4434b111f983b80c125c
5
5
  SHA512:
6
- metadata.gz: 89b94ebfe4326b45ebc6938c79c9fe2286ea73309d35aaf31a78e6a11e563b9dcf0ac43669d20570412ab77ce379aa55d1daa07891cbac2ae9c0933754caa0e2
7
- data.tar.gz: e7761aaa4a148d41c0aa1eba705325557c336dbed1218e21a582eb34351cc1495dd1b967a289ccbaf815801deceff95fe21f80d76fce6f0242c82a106852a99a
6
+ metadata.gz: ce0a7761046a3b8d4dca66efee40a71bec7014dd59f47c006592cd7d54bed65483c0a1ea914ce59796a72d4a389f9aeba24c96c96c7aabf4391ae2d52682dee7
7
+ data.tar.gz: 11783290520f44642955123ae8b5ae241f6e3d4ec51ad170fb8994a6cee5f79c39de92cd4fd18bf0778f383124164a8b750e398ca6db872a070c421ae1a22132
@@ -1,3 +1,14 @@
1
+ === 1.6.7.2 / 2015-01-20
2
+
3
+ This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
4
+
5
+ CVE-2015-7499
6
+
7
+ Ubuntu classifies this as "Priority: Low", RedHat classifies this as "Impact: Moderate", and NIST classifies this as "Severity: 5.0 (MEDIUM)".
8
+
9
+ MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
10
+
11
+
1
12
  === 1.6.7.1 / 2015-12-16
2
13
 
3
14
  This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
@@ -11,6 +22,8 @@ This version pulls in several upstream patches to the vendored libxml2 and libxs
11
22
  CVE-2015-8242
12
23
  CVE-2015-8317
13
24
 
25
+ These CVEs are all low or medium priority according to Canonical, however NIST NVD gives CVE-2015-5312 a high severity score.
26
+
14
27
  See also http://www.ubuntu.com/usn/usn-2834-1/
15
28
 
16
29
 
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.6.7.1'
3
+ VERSION = '1.6.7.2'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -0,0 +1,28 @@
1
+ From ce0b0d0d81fdbb5f722a890432b52d363e4de57b Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Fri, 20 Nov 2015 15:01:22 +0800
4
+ Subject: Do not print error context when there is none
5
+
6
+ Which now happens more frequently du to xmlHaltParser use
7
+ ---
8
+ error.c | 4 +++-
9
+ 1 file changed, 3 insertions(+), 1 deletion(-)
10
+
11
+ diff --git a/error.c b/error.c
12
+ index cbcf5c9..9c45040 100644
13
+ --- a/error.c
14
+ +++ b/error.c
15
+ @@ -177,7 +177,9 @@ xmlParserPrintFileContextInternal(xmlParserInputPtr input ,
16
+ xmlChar content[81]; /* space for 80 chars + line terminator */
17
+ xmlChar *ctnt;
18
+
19
+ - if (input == NULL) return;
20
+ + if ((input == NULL) || (input->cur == NULL) ||
21
+ + (*input->cur == 0)) return;
22
+ +
23
+ cur = input->cur;
24
+ base = input->base;
25
+ /* skip backwards over any end-of-lines */
26
+ --
27
+ cgit v0.11.2
28
+
@@ -0,0 +1,41 @@
1
+ From 53ac9c9649fa091377dfea9511f012171f08972d Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Mon, 9 Nov 2015 18:16:00 +0800
4
+ Subject: xmlStopParser reset errNo
5
+
6
+ I had used it in contexts where that information ought to be preserved
7
+ ---
8
+ parser.c | 3 +++
9
+ 1 file changed, 3 insertions(+)
10
+
11
+ diff --git a/parser.c b/parser.c
12
+ index c79b4e8..b7b6668 100644
13
+ --- a/parser.c
14
+ +++ b/parser.c
15
+ @@ -6782,6 +6782,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
16
+ if (RAW != '[') {
17
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
18
+ xmlStopParser(ctxt);
19
+ + ctxt->errNo = XML_ERR_CONDSEC_INVALID;
20
+ return;
21
+ } else {
22
+ if (ctxt->input->id != id) {
23
+ @@ -6844,6 +6845,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
24
+ if (RAW != '[') {
25
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
26
+ xmlStopParser(ctxt);
27
+ + ctxt->errNo = XML_ERR_CONDSEC_INVALID;
28
+ return;
29
+ } else {
30
+ if (ctxt->input->id != id) {
31
+ @@ -6901,6 +6903,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
32
+ } else {
33
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
34
+ xmlStopParser(ctxt);
35
+ + ctxt->errNo = XML_ERR_CONDSEC_INVALID_KEYWORD;
36
+ return;
37
+ }
38
+
39
+ --
40
+ cgit v0.11.2
41
+
@@ -0,0 +1,175 @@
1
+ From e3b1597421ad7cbeb5939fc3b54f43f141c82366 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Fri, 20 Nov 2015 14:59:30 +0800
4
+ Subject: Reuse xmlHaltParser() where it makes sense
5
+
6
+ Unify the various place where either xmlStopParser was called
7
+ (which resets the error as a side effect) and places where we
8
+ used ctxt->instate = XML_PARSER_EOF to stop further processing
9
+ ---
10
+ parser.c | 37 +++++++++++++++++--------------------
11
+ 1 file changed, 17 insertions(+), 20 deletions(-)
12
+
13
+ diff --git a/parser.c b/parser.c
14
+ index b6e99b1..1810f99 100644
15
+ --- a/parser.c
16
+ +++ b/parser.c
17
+ @@ -1773,7 +1773,7 @@ nodePush(xmlParserCtxtPtr ctxt, xmlNodePtr value)
18
+ xmlFatalErrMsgInt(ctxt, XML_ERR_INTERNAL_ERROR,
19
+ "Excessive depth in document: %d use XML_PARSE_HUGE option\n",
20
+ xmlParserMaxDepth);
21
+ - ctxt->instate = XML_PARSER_EOF;
22
+ + xmlHaltParser(ctxt);
23
+ return(-1);
24
+ }
25
+ ctxt->nodeTab[ctxt->nodeNr] = value;
26
+ @@ -5675,7 +5675,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
27
+ if (RAW != '>') {
28
+ xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
29
+ "xmlParseEntityDecl: entity %s not terminated\n", name);
30
+ - xmlStopParser(ctxt);
31
+ + xmlHaltParser(ctxt);
32
+ } else {
33
+ if (input != ctxt->input) {
34
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
35
+ @@ -6787,8 +6787,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
36
+ SKIP_BLANKS;
37
+ if (RAW != '[') {
38
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
39
+ - xmlStopParser(ctxt);
40
+ - ctxt->errNo = XML_ERR_CONDSEC_INVALID;
41
+ + xmlHaltParser(ctxt);
42
+ return;
43
+ } else {
44
+ if (ctxt->input->id != id) {
45
+ @@ -6850,8 +6849,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
46
+ SKIP_BLANKS;
47
+ if (RAW != '[') {
48
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
49
+ - xmlStopParser(ctxt);
50
+ - ctxt->errNo = XML_ERR_CONDSEC_INVALID;
51
+ + xmlHaltParser(ctxt);
52
+ return;
53
+ } else {
54
+ if (ctxt->input->id != id) {
55
+ @@ -6908,8 +6906,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
56
+
57
+ } else {
58
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
59
+ - xmlStopParser(ctxt);
60
+ - ctxt->errNo = XML_ERR_CONDSEC_INVALID_KEYWORD;
61
+ + xmlHaltParser(ctxt);
62
+ return;
63
+ }
64
+
65
+ @@ -7120,7 +7117,7 @@ xmlParseExternalSubset(xmlParserCtxtPtr ctxt, const xmlChar *ExternalID,
66
+ /*
67
+ * The XML REC instructs us to stop parsing right here
68
+ */
69
+ - ctxt->instate = XML_PARSER_EOF;
70
+ + xmlHaltParser(ctxt);
71
+ return;
72
+ }
73
+ }
74
+ @@ -8107,7 +8104,7 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
75
+ * The XML REC instructs us to stop parsing
76
+ * right here
77
+ */
78
+ - ctxt->instate = XML_PARSER_EOF;
79
+ + xmlHaltParser(ctxt);
80
+ return;
81
+ }
82
+ }
83
+ @@ -10047,7 +10044,7 @@ xmlParseContent(xmlParserCtxtPtr ctxt) {
84
+ if ((cons == ctxt->input->consumed) && (test == CUR_PTR)) {
85
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
86
+ "detected an error in element content\n");
87
+ - ctxt->instate = XML_PARSER_EOF;
88
+ + xmlHaltParser(ctxt);
89
+ break;
90
+ }
91
+ }
92
+ @@ -10082,7 +10079,7 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
93
+ xmlFatalErrMsgInt(ctxt, XML_ERR_INTERNAL_ERROR,
94
+ "Excessive depth in document: %d use XML_PARSE_HUGE option\n",
95
+ xmlParserMaxDepth);
96
+ - ctxt->instate = XML_PARSER_EOF;
97
+ + xmlHaltParser(ctxt);
98
+ return;
99
+ }
100
+
101
+ @@ -11412,7 +11409,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
102
+ ctxt->sax->setDocumentLocator(ctxt->userData,
103
+ &xmlDefaultSAXLocator);
104
+ xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
105
+ - ctxt->instate = XML_PARSER_EOF;
106
+ + xmlHaltParser(ctxt);
107
+ #ifdef DEBUG_PUSH
108
+ xmlGenericError(xmlGenericErrorContext,
109
+ "PP: entering EOF\n");
110
+ @@ -11445,7 +11442,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
111
+ * The XML REC instructs us to stop parsing right
112
+ * here
113
+ */
114
+ - ctxt->instate = XML_PARSER_EOF;
115
+ + xmlHaltParser(ctxt);
116
+ return(0);
117
+ }
118
+ ctxt->standalone = ctxt->input->standalone;
119
+ @@ -11501,7 +11498,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
120
+ cur = ctxt->input->cur[0];
121
+ if (cur != '<') {
122
+ xmlFatalErr(ctxt, XML_ERR_DOCUMENT_EMPTY, NULL);
123
+ - ctxt->instate = XML_PARSER_EOF;
124
+ + xmlHaltParser(ctxt);
125
+ if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
126
+ ctxt->sax->endDocument(ctxt->userData);
127
+ goto done;
128
+ @@ -11533,7 +11530,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
129
+ goto done;
130
+ if (name == NULL) {
131
+ spacePop(ctxt);
132
+ - ctxt->instate = XML_PARSER_EOF;
133
+ + xmlHaltParser(ctxt);
134
+ if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
135
+ ctxt->sax->endDocument(ctxt->userData);
136
+ goto done;
137
+ @@ -11700,7 +11697,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
138
+ if ((cons == ctxt->input->consumed) && (test == CUR_PTR)) {
139
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
140
+ "detected an error in element content\n");
141
+ - ctxt->instate = XML_PARSER_EOF;
142
+ + xmlHaltParser(ctxt);
143
+ break;
144
+ }
145
+ break;
146
+ @@ -12021,7 +12018,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
147
+ goto done;
148
+ } else {
149
+ xmlFatalErr(ctxt, XML_ERR_DOCUMENT_END, NULL);
150
+ - ctxt->instate = XML_PARSER_EOF;
151
+ + xmlHaltParser(ctxt);
152
+ #ifdef DEBUG_PUSH
153
+ xmlGenericError(xmlGenericErrorContext,
154
+ "PP: entering EOF\n");
155
+ @@ -12385,7 +12382,7 @@ xmldecl_done:
156
+ res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
157
+ if (res < 0) {
158
+ ctxt->errNo = XML_PARSER_EOF;
159
+ - ctxt->disableSAX = 1;
160
+ + xmlHaltParser(ctxt);
161
+ return (XML_PARSER_EOF);
162
+ }
163
+ xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, base, cur);
164
+ @@ -12439,7 +12436,7 @@ xmldecl_done:
165
+ ((ctxt->input->cur - ctxt->input->base) > XML_MAX_LOOKUP_LIMIT)) &&
166
+ ((ctxt->options & XML_PARSE_HUGE) == 0)) {
167
+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "Huge input lookup");
168
+ - ctxt->instate = XML_PARSER_EOF;
169
+ + xmlHaltParser(ctxt);
170
+ }
171
+ if ((ctxt->errNo != XML_ERR_OK) && (ctxt->disableSAX == 1))
172
+ return(ctxt->errNo);
173
+ --
174
+ cgit v0.11.2
175
+
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.7.1
4
+ version: 1.6.7.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2015-12-17 00:00:00.000000000 Z
15
+ date: 2016-01-20 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: mini_portile2
@@ -429,6 +429,9 @@ files:
429
429
  - patches/libxml2/0016-Detect-incoherency-on-GROW.patch
430
430
  - patches/libxml2/0017-CVE-2015-7500-Fix-memory-access-error-due-to-incorre.patch
431
431
  - patches/libxml2/0018-CVE-2015-8242-Buffer-overead-with-HTML-parser-in-pus.patch
432
+ - patches/libxml2/0019-Do-not-print-error-context-when-there-is-none.patch
433
+ - patches/libxml2/0020-xmlStopParser-reset-errNo.patch
434
+ - patches/libxml2/0021-Reuse-xmlHaltParser-where-it-makes-sense.patch
432
435
  - patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch
433
436
  - patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch
434
437
  - patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch