nokogiri 1.9.1-java → 1.10.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d1ff0121af0a0b6dc7121a6329ed7287ad480f574915bda8fcfd0f684d38b0be
-  data.tar.gz: 8301e961274a67c39f1b95439c7e1595eea6ccaad51b93f8a6491f3b24c0924a
+  metadata.gz: 84b304b63e62342017d067c1b82443798a214d698d945646ee72b3647f2951a8
+  data.tar.gz: e3c71c9d96eac2fe37daaf31980f2510368a804980e88274e008e7bcaa41617e
 SHA512:
-  metadata.gz: 73f3578e69ccdb74d113e045f68cbe2f6280e81bc8e91d7e4eea4ae427c799a3dbb8ddd976056a2d0f2d66efb84d0bcbb7e227b41fa144202214aaa24904576a
-  data.tar.gz: 60e7add47e86b6aaf9848f2fc5982b042db4fcfc235124bd5501e2625e5bc120702c3453935496a9e6d20417f474b17d35f56e2bab6ecd2af40f924c2a367ec0
+  metadata.gz: df36221ff24a7a21864272babe99f263e39c6efab868ca7e60aef7a813cdbea17ace02839b0c17c88fb76bb4d78cf9faf701f197ca7ff627da292f3d3f1240a2
+  data.tar.gz: 4c23763a57e1d10af35b80d8d94d7de1b243cec1028dabfdd8ec1368b8aea240a42e5823520616307169a9af6ff113e3880167107da366b37024f05cd67969a0

data/LICENSE-DEPENDENCIES.md

@@ -1,3 +1,5 @@
+## Vendored Dependency Licenses
+
 Nokogiri ships with some third party dependencies, which are listed
 here along with their licenses.
 
@@ -20,9 +22,9 @@ present in any non-Windows releases.
 
 -----
 
-# default platform release
+## default platform release
 
-## libxml2
+### libxml2
 
 MIT
 
@@ -53,7 +55,7 @@ http://xmlsoft.org/
     THE SOFTWARE.
     
 
-## libxslt
+### libxslt
 
 MIT
 
@@ -113,9 +115,9 @@ http://xmlsoft.org/libxslt/
     ings in this Software without prior written authorization from him.
     ----------------------------------------------------------------------
     
-# `java` platform release
+## `java` platform release
 
-## isorelax
+### isorelax
 
 MIT
 
@@ -144,7 +146,7 @@ http://iso-relax.sourceforge.net/
     WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 
-## jing
+### jing
 
 BSD-3-Clause
 
@@ -185,7 +187,7 @@ http://www.thaiopensource.com/relaxng/jing.html
     SUCH DAMAGE.
 
     
-## nekodtd
+### nekodtd
 
 Apache 1.0-derived
 
@@ -238,7 +240,7 @@ https://people.apache.org/~andyc/neko/doc/dtd/
     
     This license is based on the Apache Software License, version 1.1.
 
-## nekohtml
+### nekohtml
 
 Apache 2.0
 
@@ -447,7 +449,7 @@ http://nekohtml.sourceforge.net/
        See the License for the specific language governing permissions and
        limitations under the License.
 
-## xalan
+### xalan
 
 Apache 2.0
 
@@ -658,7 +660,7 @@ covers xalan.jar and serializer.jar
        limitations under the License.
     
 
-## xerces
+### xerces
 
 Apache 2.0
 
@@ -868,7 +870,7 @@ https://xerces.apache.org/xerces2-j/
        limitations under the License.
     
 
-## xml-apis
+### xml-apis
 
 Apache 2.0
 
@@ -1088,13 +1090,13 @@ https://xerces.apache.org/xml-commons/
        limitations under the License.
 
 
-# binary windows release
+## binary windows release
 
 NOTE: these libraries are redistributed ONLY with the binary
 cross-compiled Windows platform version of Nokogiri, both x86-mingw32
 and x64-mingw32.
 
-## zlib
+### zlib
 
 zlib license
 
@@ -1122,7 +1124,7 @@ http://www.zlib.net/zlib_license.html
       jloup@gzip.org          madler@alumni.caltech.edu
     
 
-## libiconv
+### libiconv
 
 LGPL
 

data/LICENSE.md

@@ -1,32 +1,9 @@
-(The MIT License)
+The MIT License
 
-Copyright (c) 2008 - 2018:
+Copyright 2008 -- 2018 by Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada, Akinori MUSHA, John Shahid, Lars Kanis
 
-* [Aaron Patterson](http://tenderlovemaking.com)
-* [Mike Dalessio](http://mike.daless.io)
-* [Charles Nutter](http://blog.headius.com)
-* [Sergio Arbeo](http://www.serabe.com)
-* [Patrick Mahoney](http://polycrystal.org)
-* [Yoko Harada](http://yokolet.blogspot.com)
-* [Akinori MUSHA](https://akinori.org)
-* [John Shahid](https://github.com/jvshahid)
-* [Lars Kanis](https://github.com/larskanis)
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -6,6 +6,7 @@ Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser.  Among
 Nokogiri's many features is the ability to search documents via XPath
 or CSS3 selectors.
 
+
 ## Links
 
 * http://nokogiri.org
@@ -19,6 +20,7 @@ or CSS3 selectors.
 [![Concourse CI](https://ci.nokogiri.org/api/v1/teams/nokogiri-core/pipelines/nokogiri/jobs/ruby-2.4-system/badge)](https://ci.nokogiri.org/teams/nokogiri-core/pipelines/nokogiri?groups=master)
 [![Code Climate](https://codeclimate.com/github/sparklemotion/nokogiri.svg)](https://codeclimate.com/github/sparklemotion/nokogiri)
 [![Join the chat at https://gitter.im/sparklemotion/nokogiri](https://badges.gitter.im/sparklemotion/nokogiri.svg)](https://gitter.im/sparklemotion/nokogiri?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Tidelift dependencies](https://tidelift.com/badges/github/sparklemotion/nokogiri)](https://tidelift.com/subscription/pkg/rubygems-nokogiri?utm_source=rubygems-nokogiri&utm_medium=referral&utm_campaign=readme)
 
 
 ## Features
@@ -75,10 +77,16 @@ There are open-source tutorials (to which we invite contributions!) here: http:/
 * Before filing a bug report, please read our submission guidelines: http://nokogiri.org/tutorials/getting_help.html
 * The IRC channel is #nokogiri on freenode.
 
+Consider subscribing to [Tidelift][tidelift] which provides license assurances and timely security notifications for your open source dependencies, including Nokogiri. [Tidelift][tidelift] subscriptions also help the Nokogiri maintainers fund our [automated testing](https://ci.nokogiri.org) which in turn allows us to ship releases, bugfixes, and security updates more often.
+
+  [tidelift]: https://tidelift.com/subscription/pkg/rubygems-nokogiri?utm_source=rubygems-nokogiri&utm_medium=referral&utm_campaign=readme
+
 
 ## Security and Vulnerability Reporting
 
-See [`SECURITY.md`](SECURITY.md)
+Please report vulnerabilities at https://hackerone.com/nokogiri
+
+Full information and description of our security policy is in [`SECURITY.md`](SECURITY.md)
 
 
 ## Synopsis
@@ -113,7 +121,7 @@ end
 
 ## Requirements
 
-* Ruby 2.1.0 or higher, including any development packages necessary
+* Ruby 2.3.0 or higher, including any development packages necessary
   to compile native extensions.
 
 * In Nokogiri 1.6.0 and later libxml2 and libxslt are bundled with the
@@ -161,6 +169,7 @@ explicitly setting the encoding to EUC-JP on the parser:
   doc = Nokogiri.XML('<foo><bar /></foo>', nil, 'EUC-JP')
 ```
 
+
 ## Development
 
 ```bash
@@ -170,4 +179,6 @@ explicitly setting the encoding to EUC-JP on the parser:
 
 ## License
 
-MIT. See [`LICENSE.md`](LICENSE.md).
+This project is licensed under the terms of the MIT license.
+
+See this license at [`LICENSE.md`](LICENSE.md).

data/dependencies.yml

@@ -1,56 +1,59 @@
 libxml2:
-  version: "2.9.8"
-  sha256: "0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732"
-  # manually verified checksum:
+  version: "2.9.9"
+  sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
+  #  manually verified checksum:
   #
-  #   $ gpg --verify libxml2-2.9.8.tar.gz.asc ./ports/archives/libxml2-2.9.8.tar.gz
-  #   gpg: Signature made Mon 05 Mar 2018 11:07:45 AM EST using RSA key ID 596BEA5D
-  #   gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
-  #   gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>"
-  #   gpg: WARNING: This key is not certified with a trusted signature!
-  #   gpg:          There is no indication that the signature belongs to the owner.
-  #   Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
-  #        Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
+  #    $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
+  #    gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
+  #    gpg:                using RSA key 15588B26596BEA5D
+  #    gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
+  #    gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
+  #    gpg: WARNING: This key is not certified with a trusted signature!
+  #    gpg:          There is no indication that the signature belongs to the owner.
+  #    Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
+  #         Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
   #
-  # using this pgp signature:
-  #   -----BEGIN PGP SIGNATURE-----
+  #  using this pgp signature:
   #
-  #   iQEcBAABAgAGBQJanWtRAAoJEBVYiyZZa+pdV7oIAJWdFahwt+reN/Zt2RPmjjcr
-  #   eSsY7UV1RXjScnNjTzJT1h2hJ7SnUjCkqjR6VdtKDUIzpuX+S2U83joafJH6mxUb
-  #   yw2nO4RfjYTPxpz5JkvqT7jmgEIaD81BuwcMehqpMpIfiKa2NgO1DSfZxgs8a9E2
-  #   +ehc/kZWuI5gmNGrd84EEWUqpYW/Xx7jy02osioJuU5IMPjzZKNR3maXp9oAKeBc
-  #   S2QNa1ID/pUk3K3M/5nlwNgAtQ7lxQrqhrSma2dsKt/IpL6VXomxuD4Bh1r2MZhX
-  #   uZ456X/xJN8UmPewLZWGBU1MK9wqu3Zx5Qwz64H6UdlYIzXZ2jXj2YWZa6xkxPA=
-  #   =69xn
-  #   -----END PGP SIGNATURE-----
+  #    -----BEGIN PGP SIGNATURE-----
+  #
+  #    iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
+  #    YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
+  #    Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
+  #    9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
+  #    hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
+  #    sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
+  #    =4qWg
+  #    -----END PGP SIGNATURE-----
   #
 
 libxslt:
-  version: "1.1.32"
-  sha256: "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
-  # manually verified checksum:
+  version: "1.1.33"
+  sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
+  #  manually verified checksum:
   #
-  #   $ gpg --verify libxslt-1.1.32.tar.gz.asc libxslt-1.1.32.tar.gz
-  #   gpg: Signature made Thu 02 Nov 2017 04:35:04 PM EDT using RSA key ID 596BEA5D
-  #   gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
-  #   gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>"
-  #   gpg: WARNING: This key is not certified with a trusted signature!
-  #   gpg:          There is no indication that the signature belongs to the owner.
-  #   Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
-  #        Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
+  #    $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
+  #    gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
+  #    gpg:                using RSA key 15588B26596BEA5D
+  #    gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
+  #    gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
+  #    gpg: WARNING: This key is not certified with a trusted signature!
+  #    gpg:          There is no indication that the signature belongs to the owner.
+  #    Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
+  #         Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
   #
-  # using this pgp signature:
+  #  using this pgp signature:
   #
-  #   -----BEGIN PGP SIGNATURE-----
+  #    -----BEGIN PGP SIGNATURE-----
   #
-  #   iQEcBAABAgAGBQJZ+4F4AAoJEBVYiyZZa+pdy1IIAMX1DpzYGdnv6GCPSKeZ0woD
-  #   sHmSkygJep0/sUQD1cYunNsNZnGDgWhnsLAvHOn3opJgsiaZhmhJ8Uo7QNlT+ni1
-  #   AvRFgQoSXLWSF5kkun4u7RvnpDI6jYfCuYSwb9SO4EAYFAQQJXQaKCeFq71gad+p
-  #   XGHJFAy2TqUVLNZ5I1mQz/oBeDsJ7RzHpYqaBxsLDqrCzRQ9ai23q+dFGS3jvLBr
-  #   0gXw0MK73ceOwW12L5aLj4erNbATWmMFMDYZZwftysv3bgx2YfiOoZUTzufrB/Bc
-  #   MG8hP76aYBwIKNbhiDFGa2qdHGZGF7YQ4mi1/ZDX1K1G2tKKeEYxscM13JwiGb8=
-  #   =NuQO
-  #   -----END PGP SIGNATURE-----
+  #    iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
+  #    407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
+  #    mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
+  #    BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
+  #    QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
+  #    sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
+  #    =iAm8
+  #    -----END PGP SIGNATURE-----
   #
 
 zlib:

data/ext/java/nokogiri/internals/NokogiriHelpers.java

@@ -745,15 +745,9 @@ public class NokogiriHelpers {
 
         Class nkfClass;
         try {
-            // JRuby 1.7 and later
-            nkfClass = runtime.getClassLoader().loadClass("org.jruby.ext.nkf.RubyNKF");
-        } catch (ClassNotFoundException e1) {
-            try {
-                // Before JRuby 1.7
-                nkfClass = runtime.getClassLoader().loadClass("org.jruby.RubyNKF");
-            } catch (ClassNotFoundException e2) {
-                return str;
-            }
+            nkfClass = runtime.getClassLoader().loadClass("org.jruby.RubyNKF");
+        } catch (ClassNotFoundException e2) {
+            return str;
         }
         Method nkf_method;
         try {

data/lib/nokogiri/version.rb

@@ -1,6 +1,6 @@
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = '1.9.1'
+  VERSION = '1.10.0'
 
   class VersionInfo # :nodoc:
     def jruby?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.9.1
+  version: 1.10.0
 platform: java
 authors:
 - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-12-18 00:00:00.000000000 Z
+date: 2019-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -119,7 +119,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.2
+        version: 0.7.0
   name: rake-compiler-dock
   prerelease: false
   type: :development
@@ -127,7 +127,7 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.2
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -495,8 +495,6 @@ files:
 - lib/xml-apis.jar
 - lib/xsd/xmlparser/nokogiri.rb
 - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
-- patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch
-- patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch
 homepage:
 licenses:
 - MIT
@@ -511,7 +509,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch

@@ -1,54 +0,0 @@
-From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 12:54:38 +0200
-Subject: [PATCH] Fix nullptr deref with XPath logic ops
-
-If the XPath stack is corrupted, for example by a misbehaving extension
-function, the "and" and "or" XPath operators could dereference NULL
-pointers. Check that the XPath stack isn't empty and optimize the
-logic operators slightly.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
-
-Also see
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
-https://bugzilla.redhat.com/show_bug.cgi?id=1595985
-
-This is CVE-2018-14404.
-
-Thanks to Guy Inbar for the report.
----
- xpath.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 3fae0bf..5e3bb9f 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval &= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval &= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_OR:
-@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval |= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval |= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_EQUAL:
--- 
-2.17.1
-

data/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch

@@ -1,50 +0,0 @@
-From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 13:14:11 +0200
-Subject: [PATCH] Fix infinite loop in LZMA decompression
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Check the liblzma error code more thoroughly to avoid infinite loops.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
-Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
-
-This is CVE-2018-9251 and CVE-2018-14567.
-
-Thanks to Dongliang Mu and Simon Wörner for the reports.
----
- xzlib.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index a839169..0ba88cf 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
-                          "internal error: inflate stream corrupt");
-                 return -1;
-             }
-+            /*
-+             * FIXME: Remapping a couple of error codes and falling through
-+             * to the LZMA error handling looks fragile.
-+             */
-             if (ret == Z_MEM_ERROR)
-                 ret = LZMA_MEM_ERROR;
-             if (ret == Z_DATA_ERROR)
-@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
-             xz_error(state, LZMA_PROG_ERROR, "compression error");
-             return -1;
-         }
-+        if ((state->how != GZIP) &&
-+            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
-+            xz_error(state, ret, "lzma error");
-+            return -1;
-+        }
-     } while (strm->avail_out && ret != LZMA_STREAM_END);
- 
-     /* update available output and crc check value */
--- 
-2.17.1
-