nokogiri 1.8.0 → 1.8.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 26a2384c923e0e378063f7b522337c13affb87d0
4
- data.tar.gz: c400091c5dd53629c00c9b33cf81945f784c2989
3
+ metadata.gz: bb5ae2f309f32e6299e28f8163ccde42dd7194c6
4
+ data.tar.gz: fe6d320fb028811a39297771a9b5da13836a57ce
5
5
  SHA512:
6
- metadata.gz: f28b1f4cde4884023b7cf4556bd0faf3e8ec16d2223a399f37e156d0a7ca3714499a9f58c209d2a16907f4fb815e4563cb134898c24371676f14a9ba657ec5e5
7
- data.tar.gz: 705dd04d787ef718ff7959323e5199b0342e0aa2ab18bbaddd4fa4a8f0088f6e2470357e3cc3377e11709fff19e22bcfb300ccb56a2f490bc20ca54085fe8a70
6
+ metadata.gz: f77a7df358ec08fa9f1c78e2a9d7fd0414c15022b42066208af6724db1087ef74a9e21d8750d9411f726311947618a81625713ce4c8064641ed490a014c99950
7
+ data.tar.gz: 57adf86c265c43453c50e72b9470a164738eb3c74b229cdfc2eb1c8a8e2b657fdd569c85e01d92c9b63e43da1ef6730937c6c40e666747fd5ee3717ae2713bd4
@@ -1,3 +1,19 @@
1
+ # 1.8.1 / 2017-09-19
2
+
3
+ ## Dependencies
4
+
5
+ * [MRI] libxml2 is updated from 2.9.4 to 2.9.5.
6
+ * [MRI] libxslt is updated from 1.1.29 to 1.1.30.
7
+ * [MRI] optional dependency on the pkg-config gem has had its constraint loosened to `~> 1.1` (from `~> 1.1.7`). [#1660]
8
+ * [MRI] Upgrade mini_portile2 dependency from `~> 2.2.0` to `~> 2.3.0`, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them.
9
+
10
+
11
+ ## Bugs
12
+
13
+ * NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, @Derenge!)
14
+ * [MRI] Ensure CData.new raises TypeError if the `content` argument is not implicitly convertible into a string. [#1669]
15
+
16
+
1
17
  # 1.8.0 / 2017-06-04
2
18
 
3
19
  ## Backwards incompatibilities
data/Gemfile CHANGED
@@ -4,12 +4,12 @@
4
4
 
5
5
  source "https://rubygems.org/"
6
6
 
7
- gem "mini_portile2", "~>2.2.0"
7
+ gem "mini_portile2", "~>2.3.0"
8
8
 
9
- gem "hoe-bundler", "~>1.2.0", :group => [:development, :test]
10
- gem "hoe-debugging", "~>1.3.0", :group => [:development, :test]
11
- gem "hoe-gemspec", "~>1.0.0", :group => [:development, :test]
12
- gem "hoe-git", "~>1.6.0", :group => [:development, :test]
9
+ gem "hoe-bundler", "~>1.2", :group => [:development, :test]
10
+ gem "hoe-debugging", "~>1.4", :group => [:development, :test]
11
+ gem "hoe-gemspec", "~>1.0", :group => [:development, :test]
12
+ gem "hoe-git", "~>1.6", :group => [:development, :test]
13
13
  gem "minitest", "~>5.8.4", :group => [:development, :test]
14
14
  gem "rake", "~>12.0", :group => [:development, :test]
15
15
  gem "rake-compiler", "~>1.0.3", :group => [:development, :test]
@@ -248,13 +248,9 @@ lib/xalan.jar
248
248
  lib/xercesImpl.jar
249
249
  lib/xml-apis.jar
250
250
  lib/xsd/xmlparser/nokogiri.rb
251
- patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
252
- patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
253
- patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
254
- patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
255
- patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
256
251
  patches/sort-patches-by-date
257
252
  suppressions/README.txt
253
+ suppressions/nokogiri_ruby-2.supp
258
254
  tasks/test.rb
259
255
  test/css/test_nthiness.rb
260
256
  test/css/test_parser.rb
data/Rakefile CHANGED
@@ -125,15 +125,15 @@ HOE = Hoe.spec 'nokogiri' do
125
125
 
126
126
  unless java?
127
127
  self.extra_deps += [
128
- ["mini_portile2", "~> 2.2.0"], # keep version in sync with extconf.rb
128
+ ["mini_portile2", "~> 2.3.0"], # keep version in sync with extconf.rb
129
129
  ]
130
130
  end
131
131
 
132
132
  self.extra_dev_deps += [
133
- ["hoe-bundler", "~> 1.2.0"],
134
- ["hoe-debugging", "~> 1.3.0"],
135
- ["hoe-gemspec", "~> 1.0.0"],
136
- ["hoe-git", "~> 1.6.0"],
133
+ ["hoe-bundler", "~> 1.2"],
134
+ ["hoe-debugging", "~> 1.4"],
135
+ ["hoe-gemspec", "~> 1.0"],
136
+ ["hoe-git", "~> 1.6"],
137
137
  ["minitest", "~> 5.8.4"],
138
138
  ["rake", "~> 12.0"],
139
139
  ["rake-compiler", "~> 1.0.3"],
@@ -1,22 +1,57 @@
1
1
  libxml2:
2
- version: "2.9.4"
3
- sha256: "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c" # manually confirmed via `gpg --verify`
4
- # gpg: Signature made Mon 23 May 2016 04:02:13 AM EDT using DSA key ID DE95BC1F
5
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
6
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
7
- # gpg: WARNING: This key is not certified with a trusted signature!
8
- # gpg: There is no indication that the signature belongs to the owner.
9
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
2
+ version: "2.9.5"
3
+ sha256: "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
4
+ # manually verified checksum:
5
+ #
6
+ # $ gpg --verify libxml2-2.9.5.tar.gz.asc libxml2-2.9.5.tar.gz
7
+ # gpg: Signature made Mon 04 Sep 2017 09:00:53 AM EDT using RSA key ID 596BEA5D
8
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
9
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
10
+ # gpg: WARNING: This key is not certified with a trusted signature!
11
+ # gpg: There is no indication that the signature belongs to the owner.
12
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
13
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
14
+ #
15
+ # using this pgp signature:
16
+ #
17
+ # -----BEGIN PGP SIGNATURE-----
18
+ #
19
+ # iQEcBAABAgAGBQJZrU6FAAoJEBVYiyZZa+pd73cIAMZpWcbiWwFqPgEJtscDfUqs
20
+ # V0LjMKYXMDZCUs9/SPV/d6yXbOWSx2PgQ0wa7eCq2KmitIKYlcwnqB1WfAgSvNc+
21
+ # cK8rVwIF4MfZQTzWie6uBvwukDn3224b3qjXxJtPS6J8HmiyK6suwDX5auEgEF8f
22
+ # Ac1xy0K/hfAo+W5x7bm+suPHUduI7d6pWo1hNMwW/lyPiQthT4pPElkMBeKTi4vl
23
+ # HTRTVEJKjVkdQ2tJ9b5pUYE0Aa6T54SVpCyBRmTu4d/MoOX5VnXBoiZIJDbSA5cD
24
+ # GLQeXjDg/tYdq9DpYuT3otYd+6VWuWdH+f6jM6L2+82rAMtOAjBm97Z45XxH31I=
25
+ # =T2TF
26
+ # -----END PGP SIGNATURE-----
10
27
 
11
28
  libxslt:
12
- version: "1.1.29"
13
- sha256: "b5976e3857837e7617b29f2249ebb5eeac34e249208d31f1fbf7a6ba7a4090ce"
14
- # gpg: Signature made Mon 23 May 2016 09:58:52 PM EDT using DSA key ID DE95BC1F
15
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
16
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
17
- # gpg: WARNING: This key is not certified with a trusted signature!
18
- # gpg: There is no indication that the signature belongs to the owner.
19
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
29
+ version: "1.1.30"
30
+ sha256: "ba65236116de8326d83378b2bd929879fa185195bc530b9d1aba72107910b6b3"
31
+ # manually verified checksum:
32
+ #
33
+ # $ gpg --verify libxslt-1.1.30.tar.gz.asc libxslt-1.1.30.tar.gz
34
+ # gpg: Signature made Mon 04 Sep 2017 09:36:06 AM EDT using RSA key ID 596BEA5D
35
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
36
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
37
+ # gpg: WARNING: This key is not certified with a trusted signature!
38
+ # gpg: There is no indication that the signature belongs to the owner.
39
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
40
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
41
+ #
42
+ # using this pgp signature:
43
+ #
44
+ # -----BEGIN PGP SIGNATURE-----
45
+ #
46
+ # iQEcBAABAgAGBQJZrVbGAAoJEBVYiyZZa+pdVrMH/Ru0J8zvwx8Geu6PX8ykvdEU
47
+ # o5U/izwg8C8a1mtI9M8PcVUsERQinBcngO14Vk0V0dXHLp7/IEpRuXksCYkcTJL9
48
+ # HawU2uDXTE/VwUl9aM2OXJOCk9W/JUkElbqEG11LCfU6uGlV+mFpLVO+eMDPxlRZ
49
+ # v2LMs/yBFSiwNw757771ADShdRe3QxqhRscikK/yz/BRESdqls3/3y6GSEV2rx2n
50
+ # VKVvsuHFisviwEn+1pvqcAGNCm0pIkPX6/nr+ayK3rBX7tmS493Stp6e/qUYKo6e
51
+ # 5cmdTkPhpzICQH2yqeUlfMp1M1nN50oShpvQqyjmpI+SV1udw08suIxVTDUCTRc=
52
+ # =LjYD
53
+ # -----END PGP SIGNATURE-----
54
+ #
20
55
 
21
56
  zlib:
22
57
  version: "1.2.11"
@@ -116,7 +116,7 @@ def package_config pkg, options={}
116
116
 
117
117
  begin
118
118
  require 'rubygems'
119
- gem 'pkg-config', (gem_ver='~> 1.1.7')
119
+ gem 'pkg-config', (gem_ver='~> 1.1')
120
120
  require 'pkg-config' and message("Using pkg-config gem version #{PKGConfig::VERSION}\n")
121
121
  rescue LoadError
122
122
  message "pkg-config could not be used to find #{pkg}\nPlease install either `pkg-config` or the pkg-config gem per\n\n gem install pkg-config -v #{gem_ver.inspect}\n\n"
@@ -457,7 +457,7 @@ else
457
457
  # The gem version constraint in the Rakefile is not respected at install time.
458
458
  # Keep this version in sync with the one in the Rakefile !
459
459
  require 'rubygems'
460
- gem 'mini_portile2', '~> 2.2.0'
460
+ gem 'mini_portile2', '~> 2.3.0'
461
461
  require 'mini_portile2'
462
462
  message "Using mini_portile version #{MiniPortile::VERSION}\n"
463
463
 
@@ -5,6 +5,9 @@
5
5
  * new(document, content)
6
6
  *
7
7
  * Create a new CDATA element on the +document+ with +content+
8
+ *
9
+ * If +content+ cannot be implicitly converted to a string, this method will
10
+ * raise a TypeError exception.
8
11
  */
9
12
  static VALUE new(int argc, VALUE *argv, VALUE klass)
10
13
  {
@@ -14,23 +17,24 @@ static VALUE new(int argc, VALUE *argv, VALUE klass)
14
17
  VALUE content;
15
18
  VALUE rest;
16
19
  VALUE rb_node;
20
+ const xmlChar *content_str;
21
+ int content_str_len;
17
22
 
18
23
  rb_scan_args(argc, argv, "2*", &doc, &content, &rest);
19
24
 
20
25
  Data_Get_Struct(doc, xmlDoc, xml_doc);
21
26
 
22
- node = xmlNewCDataBlock(
23
- xml_doc->doc,
24
- NIL_P(content) ? NULL : (const xmlChar *)StringValuePtr(content),
25
- NIL_P(content) ? 0 : (int)RSTRING_LEN(content)
26
- );
27
+ content_str = NIL_P(content) ? NULL : (const xmlChar *)StringValueCStr(content);
28
+ content_str_len = (content_str == NULL) ? 0 : strlen(content_str);
29
+
30
+ node = xmlNewCDataBlock(xml_doc->doc, content_str, content_str_len);
27
31
 
28
32
  nokogiri_root_node(node);
29
33
 
30
34
  rb_node = Nokogiri_wrap_xml_node(klass, node);
31
35
  rb_obj_call_init(rb_node, argc, argv);
32
36
 
33
- if(rb_block_given_p()) rb_yield(rb_node);
37
+ if(rb_block_given_p()) { rb_yield(rb_node); }
34
38
 
35
39
  return rb_node;
36
40
  }
@@ -19,15 +19,16 @@ static void start_document(void * ctx)
19
19
  if(NULL != ctxt && ctxt->html != 1) {
20
20
  if(ctxt->standalone != -1) { /* -1 means there was no declaration */
21
21
  VALUE encoding = Qnil ;
22
+ VALUE standalone = Qnil;
23
+ VALUE version;
22
24
  if (ctxt->encoding) {
23
25
  encoding = NOKOGIRI_STR_NEW2(ctxt->encoding) ;
24
26
  } else if (ctxt->input && ctxt->input->encoding) {
25
27
  encoding = NOKOGIRI_STR_NEW2(ctxt->input->encoding) ;
26
28
  }
27
29
 
28
- VALUE version = ctxt->version ? NOKOGIRI_STR_NEW2(ctxt->version) : Qnil;
30
+ version = ctxt->version ? NOKOGIRI_STR_NEW2(ctxt->version) : Qnil;
29
31
 
30
- VALUE standalone = Qnil;
31
32
  switch(ctxt->standalone)
32
33
  {
33
34
  case 0:
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.8.0'
3
+ VERSION = '1.8.1'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -679,7 +679,7 @@ module Nokogiri
679
679
  #
680
680
  # To save indented with two dashes:
681
681
  #
682
- # node.write_to(io, :indent_text => '-', :indent => 2
682
+ # node.write_to(io, :indent_text => '-', :indent => 2)
683
683
  #
684
684
  def write_to io, *options
685
685
  options = options.first.is_a?(Hash) ? options.shift : {}
@@ -26,7 +26,7 @@ module Nokogiri
26
26
  def first n = nil
27
27
  return self[0] unless n
28
28
  list = []
29
- n.times { |i| list << self[i] }
29
+ [n, length].min.times { |i| list << self[i] }
30
30
  list
31
31
  end
32
32
 
@@ -0,0 +1,10 @@
1
+ {
2
+ <insert_a_suppression_name_here>
3
+ Memcheck:Free
4
+ fun:free
5
+ fun:__libc_freeres
6
+ fun:_vgnU_freeres
7
+ fun:__run_exit_handlers
8
+ fun:exit
9
+ fun:(below main)
10
+ }
@@ -28,6 +28,12 @@ module Nokogiri
28
28
  assert_equal nil, node.content
29
29
  end
30
30
 
31
+ def test_new_with_non_string
32
+ assert_raises(TypeError) do
33
+ CDATA.new(@xml, 1.234)
34
+ end
35
+ end
36
+
31
37
  def test_lots_of_new_cdata
32
38
  assert 100.times { CDATA.new(@xml, "asdfasdf") }
33
39
  end
@@ -251,6 +251,11 @@ module Nokogiri
251
251
  assert node_set = @xml.xpath('//employee')
252
252
  assert_equal 2, node_set.first(2).length
253
253
  end
254
+
255
+ def test_first_clamps_arguments
256
+ assert node_set = @xml.xpath('//employee[position() < 3]')
257
+ assert_equal 2, node_set.first(5).length
258
+ end
254
259
 
255
260
  [:dup, :clone].each do |method_name|
256
261
  define_method "test_#{method_name}" do
@@ -55,7 +55,7 @@ EOXML
55
55
  </xsl:stylesheet>
56
56
  EOXSL
57
57
  result = xsl.transform @xml
58
- assert_equal 'FOO', result.css('title').first.text
58
+ assert_match(/FOO/, result.css('title').first.text)
59
59
  end
60
60
 
61
61
 
@@ -126,7 +126,7 @@ EOXSL
126
126
  </xsl:stylesheet>
127
127
  EOXSL
128
128
  result = xsl.transform @xml
129
- assert_equal 'FOO', result.css('title').first.text
129
+ assert_match(/FOO/, result.css('title').first.text)
130
130
  end
131
131
  end
132
132
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.0
4
+ version: 1.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2017-06-05 00:00:00.000000000 Z
15
+ date: 2017-09-19 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: mini_portile2
@@ -20,70 +20,70 @@ dependencies:
20
20
  requirements:
21
21
  - - "~>"
22
22
  - !ruby/object:Gem::Version
23
- version: 2.2.0
23
+ version: 2.3.0
24
24
  type: :runtime
25
25
  prerelease: false
26
26
  version_requirements: !ruby/object:Gem::Requirement
27
27
  requirements:
28
28
  - - "~>"
29
29
  - !ruby/object:Gem::Version
30
- version: 2.2.0
30
+ version: 2.3.0
31
31
  - !ruby/object:Gem::Dependency
32
32
  name: hoe-bundler
33
33
  requirement: !ruby/object:Gem::Requirement
34
34
  requirements:
35
35
  - - "~>"
36
36
  - !ruby/object:Gem::Version
37
- version: 1.2.0
37
+ version: '1.2'
38
38
  type: :development
39
39
  prerelease: false
40
40
  version_requirements: !ruby/object:Gem::Requirement
41
41
  requirements:
42
42
  - - "~>"
43
43
  - !ruby/object:Gem::Version
44
- version: 1.2.0
44
+ version: '1.2'
45
45
  - !ruby/object:Gem::Dependency
46
46
  name: hoe-debugging
47
47
  requirement: !ruby/object:Gem::Requirement
48
48
  requirements:
49
49
  - - "~>"
50
50
  - !ruby/object:Gem::Version
51
- version: 1.3.0
51
+ version: '1.4'
52
52
  type: :development
53
53
  prerelease: false
54
54
  version_requirements: !ruby/object:Gem::Requirement
55
55
  requirements:
56
56
  - - "~>"
57
57
  - !ruby/object:Gem::Version
58
- version: 1.3.0
58
+ version: '1.4'
59
59
  - !ruby/object:Gem::Dependency
60
60
  name: hoe-gemspec
61
61
  requirement: !ruby/object:Gem::Requirement
62
62
  requirements:
63
63
  - - "~>"
64
64
  - !ruby/object:Gem::Version
65
- version: 1.0.0
65
+ version: '1.0'
66
66
  type: :development
67
67
  prerelease: false
68
68
  version_requirements: !ruby/object:Gem::Requirement
69
69
  requirements:
70
70
  - - "~>"
71
71
  - !ruby/object:Gem::Version
72
- version: 1.0.0
72
+ version: '1.0'
73
73
  - !ruby/object:Gem::Dependency
74
74
  name: hoe-git
75
75
  requirement: !ruby/object:Gem::Requirement
76
76
  requirements:
77
77
  - - "~>"
78
78
  - !ruby/object:Gem::Version
79
- version: 1.6.0
79
+ version: '1.6'
80
80
  type: :development
81
81
  prerelease: false
82
82
  version_requirements: !ruby/object:Gem::Requirement
83
83
  requirements:
84
84
  - - "~>"
85
85
  - !ruby/object:Gem::Version
86
- version: 1.6.0
86
+ version: '1.6'
87
87
  - !ruby/object:Gem::Dependency
88
88
  name: minitest
89
89
  requirement: !ruby/object:Gem::Requirement
@@ -425,15 +425,11 @@ files:
425
425
  - lib/nokogiri/xslt.rb
426
426
  - lib/nokogiri/xslt/stylesheet.rb
427
427
  - lib/xsd/xmlparser/nokogiri.rb
428
- - patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
429
- - patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
430
- - patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
431
- - patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
432
- - patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
433
428
  - patches/sort-patches-by-date
434
- - ports/archives/libxml2-2.9.4.tar.gz
435
- - ports/archives/libxslt-1.1.29.tar.gz
429
+ - ports/archives/libxml2-2.9.5.tar.gz
430
+ - ports/archives/libxslt-1.1.30.tar.gz
436
431
  - suppressions/README.txt
432
+ - suppressions/nokogiri_ruby-2.supp
437
433
  - tasks/test.rb
438
434
  - test/css/test_nthiness.rb
439
435
  - test/css/test_parser.rb
@@ -565,7 +561,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
565
561
  version: '0'
566
562
  requirements: []
567
563
  rubyforge_project:
568
- rubygems_version: 2.6.10
564
+ rubygems_version: 2.6.12
569
565
  signing_key:
570
566
  specification_version: 4
571
567
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
@@ -1,34 +0,0 @@
1
- From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Tue, 28 Jun 2016 14:19:58 +0200
4
- Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes
5
-
6
- This change has already been made in xmlXPathCmpNodesExt but not in
7
- xmlXPathCmpNodes.
8
- ---
9
- xpath.c | 4 ++--
10
- 1 file changed, 2 insertions(+), 2 deletions(-)
11
-
12
- diff --git a/xpath.c b/xpath.c
13
- index 751665b..d992841 100644
14
- --- a/xpath.c
15
- +++ b/xpath.c
16
- @@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
17
- * compute depth to root
18
- */
19
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
20
- - if (cur == node1)
21
- + if (cur->parent == node1)
22
- return(1);
23
- depth2++;
24
- }
25
- root = cur;
26
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
27
- - if (cur == node2)
28
- + if (cur->parent == node2)
29
- return(-1);
30
- depth1++;
31
- }
32
- --
33
- 2.9.3
34
-
@@ -1,174 +0,0 @@
1
- From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Tue, 28 Jun 2016 14:22:23 +0200
4
- Subject: [PATCH] Fix XPointer paths beginning with range-to
5
-
6
- The old code would invoke the broken xmlXPtrRangeToFunction. range-to
7
- isn't really a function but a special kind of location step. Remove
8
- this function and always handle range-to in the XPath code.
9
-
10
- The old xmlXPtrRangeToFunction could also be abused to trigger a
11
- use-after-free error with the potential for remote code execution.
12
-
13
- Found with afl-fuzz.
14
-
15
- Fixes CVE-2016-5131.
16
- ---
17
- result/XPath/xptr/vidbase | 13 ++++++++
18
- test/XPath/xptr/vidbase | 1 +
19
- xpath.c | 7 ++++-
20
- xpointer.c | 76 ++++-------------------------------------------
21
- 4 files changed, 26 insertions(+), 71 deletions(-)
22
-
23
- diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
24
- index 8b9e92d..f19193e 100644
25
- --- a/result/XPath/xptr/vidbase
26
- +++ b/result/XPath/xptr/vidbase
27
- @@ -17,3 +17,16 @@ Object is a Location Set:
28
- To node
29
- ELEMENT p
30
-
31
- +
32
- +========================
33
- +Expression: xpointer(range-to(id('chapter2')))
34
- +Object is a Location Set:
35
- +1 : Object is a range :
36
- + From node
37
- + /
38
- + To node
39
- + ELEMENT chapter
40
- + ATTRIBUTE id
41
- + TEXT
42
- + content=chapter2
43
- +
44
- diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
45
- index b146383..884b106 100644
46
- --- a/test/XPath/xptr/vidbase
47
- +++ b/test/XPath/xptr/vidbase
48
- @@ -1,2 +1,3 @@
49
- xpointer(id('chapter1')/p)
50
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
51
- +xpointer(range-to(id('chapter2')))
52
- diff --git a/xpath.c b/xpath.c
53
- index d992841..5a01b1b 100644
54
- --- a/xpath.c
55
- +++ b/xpath.c
56
- @@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
57
- lc = 1;
58
- break;
59
- } else if ((NXT(len) == '(')) {
60
- - /* Note Type or Function */
61
- + /* Node Type or Function */
62
- if (xmlXPathIsNodeType(name)) {
63
- #ifdef DEBUG_STEP
64
- xmlGenericError(xmlGenericErrorContext,
65
- "PathExpr: Type search\n");
66
- #endif
67
- lc = 1;
68
- +#ifdef LIBXML_XPTR_ENABLED
69
- + } else if (ctxt->xptr &&
70
- + xmlStrEqual(name, BAD_CAST "range-to")) {
71
- + lc = 1;
72
- +#endif
73
- } else {
74
- #ifdef DEBUG_STEP
75
- xmlGenericError(xmlGenericErrorContext,
76
- diff --git a/xpointer.c b/xpointer.c
77
- index 676c510..d74174a 100644
78
- --- a/xpointer.c
79
- +++ b/xpointer.c
80
- @@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
81
- ret->here = here;
82
- ret->origin = origin;
83
-
84
- - xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
85
- - xmlXPtrRangeToFunction);
86
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
87
- xmlXPtrRangeFunction);
88
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
89
- @@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
90
- * @nargs: the number of args
91
- *
92
- * Implement the range-to() XPointer function
93
- + *
94
- + * Obsolete. range-to is not a real function but a special type of location
95
- + * step which is handled in xpath.c.
96
- */
97
- void
98
- -xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
99
- - xmlXPathObjectPtr range;
100
- - const xmlChar *cur;
101
- - xmlXPathObjectPtr res, obj;
102
- - xmlXPathObjectPtr tmp;
103
- - xmlLocationSetPtr newset = NULL;
104
- - xmlNodeSetPtr oldset;
105
- - int i;
106
- -
107
- - if (ctxt == NULL) return;
108
- - CHECK_ARITY(1);
109
- - /*
110
- - * Save the expression pointer since we will have to evaluate
111
- - * it multiple times. Initialize the new set.
112
- - */
113
- - CHECK_TYPE(XPATH_NODESET);
114
- - obj = valuePop(ctxt);
115
- - oldset = obj->nodesetval;
116
- - ctxt->context->node = NULL;
117
- -
118
- - cur = ctxt->cur;
119
- - newset = xmlXPtrLocationSetCreate(NULL);
120
- -
121
- - for (i = 0; i < oldset->nodeNr; i++) {
122
- - ctxt->cur = cur;
123
- -
124
- - /*
125
- - * Run the evaluation with a node list made of a single item
126
- - * in the nodeset.
127
- - */
128
- - ctxt->context->node = oldset->nodeTab[i];
129
- - tmp = xmlXPathNewNodeSet(ctxt->context->node);
130
- - valuePush(ctxt, tmp);
131
- -
132
- - xmlXPathEvalExpr(ctxt);
133
- - CHECK_ERROR;
134
- -
135
- - /*
136
- - * The result of the evaluation need to be tested to
137
- - * decided whether the filter succeeded or not
138
- - */
139
- - res = valuePop(ctxt);
140
- - range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
141
- - if (range != NULL) {
142
- - xmlXPtrLocationSetAdd(newset, range);
143
- - }
144
- -
145
- - /*
146
- - * Cleanup
147
- - */
148
- - if (res != NULL)
149
- - xmlXPathFreeObject(res);
150
- - if (ctxt->value == tmp) {
151
- - res = valuePop(ctxt);
152
- - xmlXPathFreeObject(res);
153
- - }
154
- -
155
- - ctxt->context->node = NULL;
156
- - }
157
- -
158
- - /*
159
- - * The result is used as the new evaluation set.
160
- - */
161
- - xmlXPathFreeObject(obj);
162
- - ctxt->context->node = NULL;
163
- - ctxt->context->contextSize = -1;
164
- - ctxt->context->proximityPosition = -1;
165
- - valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
166
- +xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
167
- + int nargs ATTRIBUTE_UNUSED) {
168
- + XP_ERROR(XPATH_EXPR_ERROR);
169
- }
170
-
171
- /**
172
- --
173
- 2.9.3
174
-
@@ -1,249 +0,0 @@
1
- From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Tue, 28 Jun 2016 18:34:52 +0200
4
- Subject: [PATCH] Disallow namespace nodes in XPointer ranges
5
-
6
- Namespace nodes must be copied to avoid use-after-free errors.
7
- But they don't necessarily have a physical representation in a
8
- document, so simply disallow them in XPointer ranges.
9
-
10
- Found with afl-fuzz.
11
-
12
- Fixes CVE-2016-4658.
13
- ---
14
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
15
- 1 file changed, 56 insertions(+), 93 deletions(-)
16
-
17
- diff --git a/xpointer.c b/xpointer.c
18
- index a7b03fb..694d120 100644
19
- --- a/xpointer.c
20
- +++ b/xpointer.c
21
- @@ -319,6 +319,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
22
- return(1);
23
- }
24
-
25
- +/**
26
- + * xmlXPtrNewRangeInternal:
27
- + * @start: the starting node
28
- + * @startindex: the start index
29
- + * @end: the ending point
30
- + * @endindex: the ending index
31
- + *
32
- + * Internal function to create a new xmlXPathObjectPtr of type range
33
- + *
34
- + * Returns the newly created object.
35
- + */
36
- +static xmlXPathObjectPtr
37
- +xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
38
- + xmlNodePtr end, int endindex) {
39
- + xmlXPathObjectPtr ret;
40
- +
41
- + /*
42
- + * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
43
- + * Disallow them for now.
44
- + */
45
- + if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
46
- + return(NULL);
47
- + if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
48
- + return(NULL);
49
- +
50
- + ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
51
- + if (ret == NULL) {
52
- + xmlXPtrErrMemory("allocating range");
53
- + return(NULL);
54
- + }
55
- + memset(ret, 0, sizeof(xmlXPathObject));
56
- + ret->type = XPATH_RANGE;
57
- + ret->user = start;
58
- + ret->index = startindex;
59
- + ret->user2 = end;
60
- + ret->index2 = endindex;
61
- + return(ret);
62
- +}
63
- +
64
- /**
65
- * xmlXPtrNewRange:
66
- * @start: the starting node
67
- @@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
68
- if (endindex < 0)
69
- return(NULL);
70
-
71
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
72
- - if (ret == NULL) {
73
- - xmlXPtrErrMemory("allocating range");
74
- - return(NULL);
75
- - }
76
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
77
- - ret->type = XPATH_RANGE;
78
- - ret->user = start;
79
- - ret->index = startindex;
80
- - ret->user2 = end;
81
- - ret->index2 = endindex;
82
- + ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
83
- xmlXPtrRangeCheckOrder(ret);
84
- return(ret);
85
- }
86
- @@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
87
- if (end->type != XPATH_POINT)
88
- return(NULL);
89
-
90
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
91
- - if (ret == NULL) {
92
- - xmlXPtrErrMemory("allocating range");
93
- - return(NULL);
94
- - }
95
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
96
- - ret->type = XPATH_RANGE;
97
- - ret->user = start->user;
98
- - ret->index = start->index;
99
- - ret->user2 = end->user;
100
- - ret->index2 = end->index;
101
- + ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
102
- + end->index);
103
- xmlXPtrRangeCheckOrder(ret);
104
- return(ret);
105
- }
106
- @@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
107
- if (start->type != XPATH_POINT)
108
- return(NULL);
109
-
110
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
111
- - if (ret == NULL) {
112
- - xmlXPtrErrMemory("allocating range");
113
- - return(NULL);
114
- - }
115
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
116
- - ret->type = XPATH_RANGE;
117
- - ret->user = start->user;
118
- - ret->index = start->index;
119
- - ret->user2 = end;
120
- - ret->index2 = -1;
121
- + ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
122
- xmlXPtrRangeCheckOrder(ret);
123
- return(ret);
124
- }
125
- @@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
126
- if (end->type != XPATH_POINT)
127
- return(NULL);
128
-
129
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
130
- - if (ret == NULL) {
131
- - xmlXPtrErrMemory("allocating range");
132
- - return(NULL);
133
- - }
134
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
135
- - ret->type = XPATH_RANGE;
136
- - ret->user = start;
137
- - ret->index = -1;
138
- - ret->user2 = end->user;
139
- - ret->index2 = end->index;
140
- + ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
141
- xmlXPtrRangeCheckOrder(ret);
142
- return(ret);
143
- }
144
- @@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
145
- if (end == NULL)
146
- return(NULL);
147
-
148
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
149
- - if (ret == NULL) {
150
- - xmlXPtrErrMemory("allocating range");
151
- - return(NULL);
152
- - }
153
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
154
- - ret->type = XPATH_RANGE;
155
- - ret->user = start;
156
- - ret->index = -1;
157
- - ret->user2 = end;
158
- - ret->index2 = -1;
159
- + ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
160
- xmlXPtrRangeCheckOrder(ret);
161
- return(ret);
162
- }
163
- @@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
164
- if (start == NULL)
165
- return(NULL);
166
-
167
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
168
- - if (ret == NULL) {
169
- - xmlXPtrErrMemory("allocating range");
170
- - return(NULL);
171
- - }
172
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
173
- - ret->type = XPATH_RANGE;
174
- - ret->user = start;
175
- - ret->index = -1;
176
- - ret->user2 = NULL;
177
- - ret->index2 = -1;
178
- + ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
179
- return(ret);
180
- }
181
-
182
- @@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
183
- */
184
- xmlXPathObjectPtr
185
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
186
- + xmlNodePtr endNode;
187
- + int endIndex;
188
- xmlXPathObjectPtr ret;
189
-
190
- if (start == NULL)
191
- @@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
192
- return(NULL);
193
- switch (end->type) {
194
- case XPATH_POINT:
195
- + endNode = end->user;
196
- + endIndex = end->index;
197
- + break;
198
- case XPATH_RANGE:
199
- + endNode = end->user2;
200
- + endIndex = end->index2;
201
- break;
202
- case XPATH_NODESET:
203
- /*
204
- @@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
205
- */
206
- if (end->nodesetval->nodeNr <= 0)
207
- return(NULL);
208
- + endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
209
- + endIndex = -1;
210
- break;
211
- default:
212
- /* TODO */
213
- return(NULL);
214
- }
215
-
216
- - ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
217
- - if (ret == NULL) {
218
- - xmlXPtrErrMemory("allocating range");
219
- - return(NULL);
220
- - }
221
- - memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
222
- - ret->type = XPATH_RANGE;
223
- - ret->user = start;
224
- - ret->index = -1;
225
- - switch (end->type) {
226
- - case XPATH_POINT:
227
- - ret->user2 = end->user;
228
- - ret->index2 = end->index;
229
- - break;
230
- - case XPATH_RANGE:
231
- - ret->user2 = end->user2;
232
- - ret->index2 = end->index2;
233
- - break;
234
- - case XPATH_NODESET: {
235
- - ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
236
- - ret->index2 = -1;
237
- - break;
238
- - }
239
- - default:
240
- - STRANGE
241
- - return(NULL);
242
- - }
243
- + ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
244
- xmlXPtrRangeCheckOrder(ret);
245
- return(ret);
246
- }
247
- --
248
- 2.9.3
249
-
@@ -1,31 +0,0 @@
1
- From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Fri, 10 Jun 2016 14:23:58 +0200
4
- Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
5
-
6
- An empty decimal-separator could cause a heap overread. This can be
7
- exploited to leak a couple of bytes after the buffer that holds the
8
- pattern string.
9
-
10
- Found with afl-fuzz and ASan.
11
- ---
12
- libxslt/numbers.c | 3 ++-
13
- 1 file changed, 2 insertions(+), 1 deletion(-)
14
-
15
- diff --git a/libxslt/numbers.c b/libxslt/numbers.c
16
- index d1549b4..e78c46b 100644
17
- --- a/libxslt/numbers.c
18
- +++ b/libxslt/numbers.c
19
- @@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
20
- }
21
-
22
- /* We have finished the integer part, now work on fraction */
23
- - if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
24
- + if ( (*the_format != 0) &&
25
- + (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
26
- format_info.add_decimal = TRUE;
27
- the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
28
- }
29
- --
30
- 2.9.3
31
-
@@ -1,74 +0,0 @@
1
- From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Thu, 12 Jan 2017 15:39:52 +0100
4
- Subject: [PATCH] Check for integer overflow in xsltAddTextString
5
-
6
- Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
7
- exploited to trigger an out of bounds write on 64-bit systems.
8
-
9
- Originally reported to Chromium:
10
-
11
- https://crbug.com/676623
12
- ---
13
- libxslt/transform.c | 25 ++++++++++++++++++++++---
14
- libxslt/xsltInternals.h | 4 ++--
15
- 2 files changed, 24 insertions(+), 5 deletions(-)
16
-
17
- diff --git a/libxslt/transform.c b/libxslt/transform.c
18
- index 519133f..02bff34 100644
19
- --- a/libxslt/transform.c
20
- +++ b/libxslt/transform.c
21
- @@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
22
- return(target);
23
-
24
- if (ctxt->lasttext == target->content) {
25
- + int minSize;
26
-
27
- - if (ctxt->lasttuse + len >= ctxt->lasttsize) {
28
- + /* Check for integer overflow accounting for NUL terminator. */
29
- + if (len >= INT_MAX - ctxt->lasttuse) {
30
- + xsltTransformError(ctxt, NULL, target,
31
- + "xsltCopyText: text allocation failed\n");
32
- + return(NULL);
33
- + }
34
- + minSize = ctxt->lasttuse + len + 1;
35
- +
36
- + if (ctxt->lasttsize < minSize) {
37
- xmlChar *newbuf;
38
- int size;
39
- + int extra;
40
- +
41
- + /* Double buffer size but increase by at least 100 bytes. */
42
- + extra = minSize < 100 ? 100 : minSize;
43
- +
44
- + /* Check for integer overflow. */
45
- + if (extra > INT_MAX - ctxt->lasttsize) {
46
- + size = INT_MAX;
47
- + }
48
- + else {
49
- + size = ctxt->lasttsize + extra;
50
- + }
51
-
52
- - size = ctxt->lasttsize + len + 100;
53
- - size *= 2;
54
- newbuf = (xmlChar *) xmlRealloc(target->content,size);
55
- if (newbuf == NULL) {
56
- xsltTransformError(ctxt, NULL, target,
57
- diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
58
- index 060b178..5ad1771 100644
59
- --- a/libxslt/xsltInternals.h
60
- +++ b/libxslt/xsltInternals.h
61
- @@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
62
- * Speed optimization when coalescing text nodes
63
- */
64
- const xmlChar *lasttext; /* last text node content */
65
- - unsigned int lasttsize; /* last text node size */
66
- - unsigned int lasttuse; /* last text node use */
67
- + int lasttsize; /* last text node size */
68
- + int lasttuse; /* last text node use */
69
- /*
70
- * Per Context Debugging
71
- */
72
- --
73
- 2.9.3
74
-