nokogiri 1.6.7.rc3 → 1.6.7.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d9a5581b6282efa8813b3f65504c100cc8feab90
-  data.tar.gz: a08e34600f546dcaea04a02e9541c24e9034fa5e
+  metadata.gz: 9f5cfcb9bbd1af2d7c8fb349f04d0c91ce22b048
+  data.tar.gz: 45f0b46461343cf11f1f2b642ba5bb69138bcce1
 SHA512:
-  metadata.gz: 4d5a04f7cb774d6c7c57bd172a0f9037f2ba11f642cbddf217f0f5584ae8e6b8d97c03461cf4923375693b99b2aa00ca88619f57a67d41465b3e28e6e10f5eea
-  data.tar.gz: eb7a69e87a742c2a91354935dfdd7584a35f13fcf89cb3ad917f6f59e8a5dfdea38e9a69be40fe5094d9d2818b0d7e330980bbadd8ebdda3e75184ed149aeae3
+  metadata.gz: 7c20e684173ea4d91771c57a117b0213024dc591244643807a5aa7b8ade0307144425192483d5460530dae15b5815ca9f81f05a5d88366ea6386a9d3e2f23198
+  data.tar.gz: 3ab9c487b64c38e4af1aecede98def30de8cf211727ca376a1ec96c1eebe4426a7764abb17c58d1f7af7df4f23c3157f86ad012187a534b95c21a69fbf950c19

data/CHANGELOG.ja.rdoc

@@ -1,4 +1,32 @@
-=== 1.6.7.rc2 / 2015年08月31日
+=== 1.6.7.rc4 / 2015年11月22日
+
+==== Security patches
+
+This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
+
+* CVE-2015-1819
+* CVE-2015-7941_1
+* CVE-2015-7941_2
+* CVE-2015-7942
+* CVE-2015-7942-2
+* CVE-2015-8035
+* CVE-2015-7995
+* unclosed comment uninitialized access issue (does not have a CVE assigned)
+
+See #1374 and #1376 for details.
+
+==== Features
+
+* [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
+* [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
+* [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)
+
+==== Bug Fixes
+
+* [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
+
+
+=== 1.6.7.rc3 / 2015年09月04日 and 1.6.7.rc2 / 2015年08月31日
 
 Note that rc1 was not released.
 

data/CHANGELOG.rdoc

@@ -1,3 +1,31 @@
+=== 1.6.7.rc4 / 2015-11-22
+
+==== Security patches
+
+This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
+
+* CVE-2015-1819
+* CVE-2015-7941_1
+* CVE-2015-7941_2
+* CVE-2015-7942
+* CVE-2015-7942-2
+* CVE-2015-8035
+* CVE-2015-7995
+* unclosed comment uninitialized access issue (does not have a CVE assigned)
+
+See #1374 and #1376 for details.
+
+==== Features
+
+* [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
+* [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
+* [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)
+
+==== Bug Fixes
+
+* [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
+
+
 === 1.6.7.rc3 / 2015-09-04 and 1.6.7.rc2 / 2015-08-31
 
 Note that rc1 was not released.

data/Gemfile

@@ -4,7 +4,7 @@
 
 source "https://rubygems.org/"
 
-gem "mini_portile", "~>0.7.0.rc4"
+gem "mini_portile2", "~>2.0.0.rc2"
 
 gem "rdoc", "~>4.0", :group => [:development, :test]
 gem "hoe-bundler", ">=1.1", :group => [:development, :test]
@@ -17,6 +17,6 @@ gem "rake-compiler", "~>0.9.2", :group => [:development, :test]
 gem "rake-compiler-dock", "~>0.4.2", :group => [:development, :test]
 gem "racc", ">=1.4.6", :group => [:development, :test], :platform => :ruby
 gem "rexical", ">=1.0.5", :group => [:development, :test], :platform => :ruby
-gem "hoe", "~>3.13", :group => [:development, :test]
+gem "hoe", "~>3.14", :group => [:development, :test]
 
 # vim: syntax=ruby

data/Rakefile

@@ -128,7 +128,8 @@ HOE = Hoe.spec 'nokogiri' do
 
   unless java?
     self.extra_deps += [
-      ["mini_portile",    "~> 0.7.0.rc4"],
+      # Keep this version in sync with the one in extconf.rb !
+      ["mini_portile2",    "~> 2.0.0.rc2"],
     ]
   end
 

data/ext/nokogiri/extconf.rb

@@ -391,7 +391,12 @@ when using_system_libraries?
 else
   message "Building nokogiri using packaged libraries.\n"
 
-  require 'mini_portile'
+  # The gem version constraint in the Rakefile is not respected at install time.
+  # Keep this version in sync with the one in the Rakefile !
+  gem "mini_portile2", "~> 2.0.0.rc2"
+  require 'mini_portile2'
+  message "Using mini_portile version #{MiniPortile::VERSION}\n"
+
   require 'yaml'
 
   static_p = enable_config('static', true) or
@@ -448,10 +453,10 @@ else
       ]
     end
   else
-    if darwin_p && !File.exist?('/usr/include/iconv.h')
+    if darwin_p && !have_header('iconv.h')
       abort <<'EOM'.chomp
 -----
-The file "/usr/include/iconv.h" is missing in your build environment,
+The file "iconv.h" is missing in your build environment,
 which means you haven't installed Xcode Command Line Tools properly.
 
 To install Command Line Tools, try running `xcode-select --install` on

data/ext/nokogiri/xml_sax_parser_context.c

@@ -206,7 +206,7 @@ static VALUE column(VALUE self)
  *  recovery=(boolean)
  *
  * Should this parser recover from structural errors? It will not stop processing
- * file on structural errors if if set to true
+ * file on structural errors if set to true
  */
 static VALUE set_recovery(VALUE self, VALUE value)
 {
@@ -226,7 +226,7 @@ static VALUE set_recovery(VALUE self, VALUE value)
  *  recovery
  *
  * Should this parser recover from structural errors? It will not stop processing
- * file on structural errors if if set to true
+ * file on structural errors if set to true
  */
 static VALUE get_recovery(VALUE self)
 {

data/lib/nokogiri/version.rb

@@ -1,6 +1,6 @@
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = '1.6.7.rc3'
+  VERSION = '1.6.7.rc4'
 
   class VersionInfo # :nodoc:
     def jruby?

data/patches/libxml2/0003-Stop-parsing-on-entities-boundaries-errors.patch

@@ -0,0 +1,32 @@
+From 99d99063ae5c4b6bd2b58324273401f3ce42a550 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:17:35 +0800
+Subject: [PATCH 3/8] Stop parsing on entities boundaries errors
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+There are times, like on unterminated entities that it's preferable to
+stop parsing, even if that means less error reporting. Entities are
+feeding the parser on further processing, and if they are ill defined
+then it's possible to get the parser to bug. Also do the same on
+Conditional Sections if the input is broken, as the structure of
+the document can't be guessed.
+---
+ parser.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/parser.c b/parser.c
+index 1d93967..7b0380c 100644
+--- a/parser.c
++++ b/parser.c
+@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
+ 	if (RAW != '>') {
+ 	    xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ 	            "xmlParseEntityDecl: entity %s not terminated\n", name);
++	    xmlStopParser(ctxt);
+ 	} else {
+ 	    if (input != ctxt->input) {
+ 		xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
+-- 
+2.5.0
+

data/patches/libxml2/0004-Cleanup-conditional-section-error-handling.patch

@@ -0,0 +1,49 @@
+From c8d3950c5532c2e3d954bacdb8c479bb9fdacf89 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: [PATCH 4/8] Cleanup conditional section error handling
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+---
+ parser.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 7b0380c..1e714e7 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	SKIP_BLANKS;
+ 	if (RAW != '[') {
+ 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++	    xmlStopParser(ctxt);
++	    return;
+ 	} else {
+ 	    if (ctxt->input->id != id) {
+ 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	SKIP_BLANKS;
+ 	if (RAW != '[') {
+ 	    xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++	    xmlStopParser(ctxt);
++	    return;
+ 	} else {
+ 	    if (ctxt->input->id != id) {
+ 		xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 
+     } else {
+ 	xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
++	xmlStopParser(ctxt);
++	return;
+     }
+ 
+     if (RAW == 0)
+-- 
+2.5.0
+

data/patches/libxml2/0005-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch

@@ -0,0 +1,177 @@
+From 12f31177b0d9be57ed8fb3467b501606fb145286 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 14 Apr 2015 17:41:48 +0800
+Subject: [PATCH 5/8] CVE-2015-1819 Enforce the reader to run in constant
+ memory
+
+One of the operation on the reader could resolve entities
+leading to the classic expansion issue. Make sure the
+buffer used for xmlreader operation is bounded.
+Introduce a new allocation type for the buffers for this effect.
+---
+ buf.c                 | 43 ++++++++++++++++++++++++++++++++++++++++++-
+ include/libxml/tree.h |  3 ++-
+ xmlreader.c           | 20 +++++++++++++++++++-
+ 3 files changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/buf.c b/buf.c
+index 6efc7b6..07922ff 100644
+--- a/buf.c
++++ b/buf.c
+@@ -27,6 +27,7 @@
+ #include <libxml/tree.h>
+ #include <libxml/globals.h>
+ #include <libxml/tree.h>
++#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
+ #include "buf.h"
+ 
+ #define WITH_BUFFER_COMPAT
+@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
+     if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
+         (scheme == XML_BUFFER_ALLOC_EXACT) ||
+         (scheme == XML_BUFFER_ALLOC_HYBRID) ||
+-        (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
++        (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
++	(scheme == XML_BUFFER_ALLOC_BOUNDED)) {
+ 	buf->alloc = scheme;
+         if (buf->buffer)
+             buf->buffer->alloc = scheme;
+@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
+     size = buf->use + len + 100;
+ #endif
+ 
++    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++        /*
++	 * Used to provide parsing limits
++	 */
++        if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
++	    (buf->size >= XML_MAX_TEXT_LENGTH)) {
++	    xmlBufMemoryError(buf, "buffer error: text too long\n");
++	    return(0);
++	}
++	if (size >= XML_MAX_TEXT_LENGTH)
++	    size = XML_MAX_TEXT_LENGTH;
++    }
+     if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
+         size_t start_buf = buf->content - buf->contentIO;
+ 
+@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
+     CHECK_COMPAT(buf)
+ 
+     if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
++    if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++        /*
++	 * Used to provide parsing limits
++	 */
++        if (size >= XML_MAX_TEXT_LENGTH) {
++	    xmlBufMemoryError(buf, "buffer error: text too long\n");
++	    return(0);
++	}
++    }
+ 
+     /* Don't resize if we don't have to */
+     if (size < buf->size)
+@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
+ 
+     needSize = buf->use + len + 2;
+     if (needSize > buf->size){
++	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++	    /*
++	     * Used to provide parsing limits
++	     */
++	    if (needSize >= XML_MAX_TEXT_LENGTH) {
++		xmlBufMemoryError(buf, "buffer error: text too long\n");
++		return(-1);
++	    }
++	}
+         if (!xmlBufResize(buf, needSize)){
+ 	    xmlBufMemoryError(buf, "growing buffer");
+             return XML_ERR_NO_MEMORY;
+@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
+     }
+     needSize = buf->use + len + 2;
+     if (needSize > buf->size){
++	if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
++	    /*
++	     * Used to provide parsing limits
++	     */
++	    if (needSize >= XML_MAX_TEXT_LENGTH) {
++		xmlBufMemoryError(buf, "buffer error: text too long\n");
++		return(-1);
++	    }
++	}
+         if (!xmlBufResize(buf, needSize)){
+ 	    xmlBufMemoryError(buf, "growing buffer");
+             return XML_ERR_NO_MEMORY;
+diff --git a/include/libxml/tree.h b/include/libxml/tree.h
+index 2f90717..4a9b3bc 100644
+--- a/include/libxml/tree.h
++++ b/include/libxml/tree.h
+@@ -76,7 +76,8 @@ typedef enum {
+     XML_BUFFER_ALLOC_EXACT,	/* grow only to the minimal size */
+     XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
+     XML_BUFFER_ALLOC_IO,	/* special allocation scheme used for I/O */
+-    XML_BUFFER_ALLOC_HYBRID	/* exact up to a threshold, and doubleit thereafter */
++    XML_BUFFER_ALLOC_HYBRID,	/* exact up to a threshold, and doubleit thereafter */
++    XML_BUFFER_ALLOC_BOUNDED	/* limit the upper size of the buffer */
+ } xmlBufferAllocationScheme;
+ 
+ /**
+diff --git a/xmlreader.c b/xmlreader.c
+index f19e123..471e7e2 100644
+--- a/xmlreader.c
++++ b/xmlreader.c
+@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
+ 		"xmlNewTextReader : malloc failed\n");
+ 	return(NULL);
+     }
++    /* no operation on a reader should require a huge buffer */
++    xmlBufSetAllocationScheme(ret->buffer,
++			      XML_BUFFER_ALLOC_BOUNDED);
+     ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
+     if (ret->sax == NULL) {
+ 	xmlBufFree(ret->buffer);
+@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
+ 	    return(((xmlNsPtr) node)->href);
+         case XML_ATTRIBUTE_NODE:{
+ 	    xmlAttrPtr attr = (xmlAttrPtr) node;
++	    const xmlChar *ret;
+ 
+ 	    if ((attr->children != NULL) &&
+ 	        (attr->children->type == XML_TEXT_NODE) &&
+@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
+                                         "xmlTextReaderSetup : malloc failed\n");
+                         return (NULL);
+                     }
++		    xmlBufSetAllocationScheme(reader->buffer,
++		                              XML_BUFFER_ALLOC_BOUNDED);
+                 } else
+                     xmlBufEmpty(reader->buffer);
+ 	        xmlBufGetNodeContent(reader->buffer, node);
+-		return(xmlBufContent(reader->buffer));
++		ret = xmlBufContent(reader->buffer);
++		if (ret == NULL) {
++		    /* error on the buffer best to reallocate */
++		    xmlBufFree(reader->buffer);
++		    reader->buffer = xmlBufCreateSize(100);
++		    xmlBufSetAllocationScheme(reader->buffer,
++		                              XML_BUFFER_ALLOC_BOUNDED);
++		    ret = BAD_CAST "";
++		}
++		return(ret);
+ 	    }
+ 	    break;
+ 	}
+@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
+                         "xmlTextReaderSetup : malloc failed\n");
+         return (-1);
+     }
++    /* no operation on a reader should require a huge buffer */
++    xmlBufSetAllocationScheme(reader->buffer,
++			      XML_BUFFER_ALLOC_BOUNDED);
+     if (reader->sax == NULL)
+ 	reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
+     if (reader->sax == NULL) {
+-- 
+2.5.0
+

data/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch

@@ -0,0 +1,32 @@
+From 9ee30e69f63379b3caf451aa7ae4058a1fa2fa73 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 23 Oct 2015 19:02:28 +0800
+Subject: [PATCH 6/8] Another variation of overflow in Conditional sections
+
+Which happen after the previous fix to
+https://bugzilla.gnome.org/show_bug.cgi?id=756456
+
+But stopping the parser and exiting we didn't pop the intermediary entities
+and doing the SKIP there applies on an input which may be too small
+---
+ parser.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index 1e714e7..0b8d633 100644
+--- a/parser.c
++++ b/parser.c
+@@ -6904,7 +6904,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 	"All markup of the conditional section is not in the same entity\n",
+ 				 NULL, NULL);
+ 	}
+-        SKIP(3);
++	if ((ctxt-> instate != XML_PARSER_EOF) &&
++	    ((ctxt->input->cur + 3) < ctxt->input->end))
++	    SKIP(3);
+     }
+ }
+ 
+-- 
+2.5.0
+