nokogiri 1.7.1-x64-mingw32 → 1.7.2-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/Manifest.txt +2 -0
- data/lib/nokogiri/2.1/nokogiri.so +0 -0
- data/lib/nokogiri/2.2/nokogiri.so +0 -0
- data/lib/nokogiri/2.3/nokogiri.so +0 -0
- data/lib/nokogiri/version.rb +1 -1
- data/patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch +31 -0
- data/patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch +74 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0513f9b8001a1f52ba3c8d268035bc2bfe48b8bf
|
4
|
+
data.tar.gz: ee98248884e66bd02bd9783879ce3e61b46c39f2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9b5cdd0cc08eb44cff413858cd11e541e2550996d8bd5ba8664857d41c1ac346b0953fbc44f28c973f13ebb3abbb34dd0353aa53841a3f4653bbbba7c71e065e
|
7
|
+
data.tar.gz: 34bb68323ed6fade5aa9fb5bb9c68a2e54afe0f6a0ff7b7f767e03a534a60c081e46118a1f7817ca2fff1d4cbf63d711b22fa02f0d1240a7ee56d7ff4ea0f3b2
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# 1.7.2 / 2017-05-09
|
2
|
+
|
3
|
+
## Security Notes
|
4
|
+
|
5
|
+
[MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738.
|
6
|
+
|
7
|
+
For more information:
|
8
|
+
|
9
|
+
* https://github.com/sparklemotion/nokogiri/issues/1634
|
10
|
+
* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
|
11
|
+
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
|
12
|
+
|
13
|
+
|
1
14
|
# 1.7.1 / unreleased
|
2
15
|
|
3
16
|
## Security Notes
|
data/Manifest.txt
CHANGED
@@ -249,6 +249,8 @@ lib/xsd/xmlparser/nokogiri.rb
|
|
249
249
|
patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
|
250
250
|
patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
|
251
251
|
patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
|
252
|
+
patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
|
253
|
+
patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
|
252
254
|
patches/sort-patches-by-date
|
253
255
|
suppressions/README.txt
|
254
256
|
suppressions/nokogiri_ree-1.8.7.358.supp
|
Binary file
|
Binary file
|
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
@@ -0,0 +1,31 @@
|
|
1
|
+
From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
|
2
|
+
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
3
|
+
Date: Fri, 10 Jun 2016 14:23:58 +0200
|
4
|
+
Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
|
5
|
+
|
6
|
+
An empty decimal-separator could cause a heap overread. This can be
|
7
|
+
exploited to leak a couple of bytes after the buffer that holds the
|
8
|
+
pattern string.
|
9
|
+
|
10
|
+
Found with afl-fuzz and ASan.
|
11
|
+
---
|
12
|
+
libxslt/numbers.c | 3 ++-
|
13
|
+
1 file changed, 2 insertions(+), 1 deletion(-)
|
14
|
+
|
15
|
+
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
|
16
|
+
index d1549b4..e78c46b 100644
|
17
|
+
--- a/libxslt/numbers.c
|
18
|
+
+++ b/libxslt/numbers.c
|
19
|
+
@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
|
20
|
+
}
|
21
|
+
|
22
|
+
/* We have finished the integer part, now work on fraction */
|
23
|
+
- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
|
24
|
+
+ if ( (*the_format != 0) &&
|
25
|
+
+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
|
26
|
+
format_info.add_decimal = TRUE;
|
27
|
+
the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
|
28
|
+
}
|
29
|
+
--
|
30
|
+
2.9.3
|
31
|
+
|
@@ -0,0 +1,74 @@
|
|
1
|
+
From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
|
2
|
+
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
3
|
+
Date: Thu, 12 Jan 2017 15:39:52 +0100
|
4
|
+
Subject: [PATCH] Check for integer overflow in xsltAddTextString
|
5
|
+
|
6
|
+
Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
|
7
|
+
exploited to trigger an out of bounds write on 64-bit systems.
|
8
|
+
|
9
|
+
Originally reported to Chromium:
|
10
|
+
|
11
|
+
https://crbug.com/676623
|
12
|
+
---
|
13
|
+
libxslt/transform.c | 25 ++++++++++++++++++++++---
|
14
|
+
libxslt/xsltInternals.h | 4 ++--
|
15
|
+
2 files changed, 24 insertions(+), 5 deletions(-)
|
16
|
+
|
17
|
+
diff --git a/libxslt/transform.c b/libxslt/transform.c
|
18
|
+
index 519133f..02bff34 100644
|
19
|
+
--- a/libxslt/transform.c
|
20
|
+
+++ b/libxslt/transform.c
|
21
|
+
@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
|
22
|
+
return(target);
|
23
|
+
|
24
|
+
if (ctxt->lasttext == target->content) {
|
25
|
+
+ int minSize;
|
26
|
+
|
27
|
+
- if (ctxt->lasttuse + len >= ctxt->lasttsize) {
|
28
|
+
+ /* Check for integer overflow accounting for NUL terminator. */
|
29
|
+
+ if (len >= INT_MAX - ctxt->lasttuse) {
|
30
|
+
+ xsltTransformError(ctxt, NULL, target,
|
31
|
+
+ "xsltCopyText: text allocation failed\n");
|
32
|
+
+ return(NULL);
|
33
|
+
+ }
|
34
|
+
+ minSize = ctxt->lasttuse + len + 1;
|
35
|
+
+
|
36
|
+
+ if (ctxt->lasttsize < minSize) {
|
37
|
+
xmlChar *newbuf;
|
38
|
+
int size;
|
39
|
+
+ int extra;
|
40
|
+
+
|
41
|
+
+ /* Double buffer size but increase by at least 100 bytes. */
|
42
|
+
+ extra = minSize < 100 ? 100 : minSize;
|
43
|
+
+
|
44
|
+
+ /* Check for integer overflow. */
|
45
|
+
+ if (extra > INT_MAX - ctxt->lasttsize) {
|
46
|
+
+ size = INT_MAX;
|
47
|
+
+ }
|
48
|
+
+ else {
|
49
|
+
+ size = ctxt->lasttsize + extra;
|
50
|
+
+ }
|
51
|
+
|
52
|
+
- size = ctxt->lasttsize + len + 100;
|
53
|
+
- size *= 2;
|
54
|
+
newbuf = (xmlChar *) xmlRealloc(target->content,size);
|
55
|
+
if (newbuf == NULL) {
|
56
|
+
xsltTransformError(ctxt, NULL, target,
|
57
|
+
diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
|
58
|
+
index 060b178..5ad1771 100644
|
59
|
+
--- a/libxslt/xsltInternals.h
|
60
|
+
+++ b/libxslt/xsltInternals.h
|
61
|
+
@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
|
62
|
+
* Speed optimization when coalescing text nodes
|
63
|
+
*/
|
64
|
+
const xmlChar *lasttext; /* last text node content */
|
65
|
+
- unsigned int lasttsize; /* last text node size */
|
66
|
+
- unsigned int lasttuse; /* last text node use */
|
67
|
+
+ int lasttsize; /* last text node size */
|
68
|
+
+ int lasttuse; /* last text node use */
|
69
|
+
/*
|
70
|
+
* Per Context Debugging
|
71
|
+
*/
|
72
|
+
--
|
73
|
+
2.9.3
|
74
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.7.
|
4
|
+
version: 1.7.2
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2017-
|
15
|
+
date: 2017-05-09 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: mini_portile2
|
@@ -413,6 +413,8 @@ files:
|
|
413
413
|
- patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
|
414
414
|
- patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
|
415
415
|
- patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
|
416
|
+
- patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
|
417
|
+
- patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
|
416
418
|
- patches/sort-patches-by-date
|
417
419
|
- suppressions/README.txt
|
418
420
|
- suppressions/nokogiri_ree-1.8.7.358.supp
|