nokogiri 1.10.0.rc1 → 1.10.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '039ddc54ed17beda7cf1b8d11923397a19c8ba3d91ad580ba67c5115784f34de'
4
- data.tar.gz: fff1629a07282af867b5b075f1efa976d06424b08afdaf66cf98927a6abd4dc9
3
+ metadata.gz: 18bb8a03de528a72a8c0c68ea5e7530ea6ae9fe0d7affb831bf94eaa75b0a256
4
+ data.tar.gz: a997d0ecbc481a79e1a873fa1351b29db6ae2ce2839ae09fa711525fae3d34b5
5
5
  SHA512:
6
- metadata.gz: 7b79df702153473433fe73fd88dc110d5fb0eb8ff169eb092c4a38a11fd2a2a64dd10243befff8b4491f6171a25e25a5b1a0127f34abdbbb9e09af91f3aa398f
7
- data.tar.gz: 63166fcdfc06d441f006d1ccbc83afec7f55bc896f5b8481ee765c58edcf43277204ffe7399fd35482de680b8862321b43874c0ef59cc36de30d1346799dffd7
6
+ metadata.gz: ccaac7b81396074dbdd660794dbb46f47c222ba10ab7dc9e672f5d87d02308165e5df0cb7cd3d05ae08332eb82558fa4409099c321c4dea0149af395a9ee84fb
7
+ data.tar.gz: e8c7f43e049ba1bd450f2363693ff8ba515f925086056e59bb5fe86901b50ba8e519751f95b552de659268927c610508891ea1f71477e9758613bb4b0673451f
@@ -1,56 +1,59 @@
1
1
  libxml2:
2
- version: "2.9.8"
3
- sha256: "0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732"
4
- # manually verified checksum:
2
+ version: "2.9.9"
3
+ sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
4
+ # manually verified checksum:
5
5
  #
6
- # $ gpg --verify libxml2-2.9.8.tar.gz.asc ./ports/archives/libxml2-2.9.8.tar.gz
7
- # gpg: Signature made Mon 05 Mar 2018 11:07:45 AM EST using RSA key ID 596BEA5D
8
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
9
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
10
- # gpg: WARNING: This key is not certified with a trusted signature!
11
- # gpg: There is no indication that the signature belongs to the owner.
12
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
13
- # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
6
+ # $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
7
+ # gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
8
+ # gpg: using RSA key 15588B26596BEA5D
9
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
10
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
11
+ # gpg: WARNING: This key is not certified with a trusted signature!
12
+ # gpg: There is no indication that the signature belongs to the owner.
13
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
14
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
14
15
  #
15
- # using this pgp signature:
16
- # -----BEGIN PGP SIGNATURE-----
16
+ # using this pgp signature:
17
17
  #
18
- # iQEcBAABAgAGBQJanWtRAAoJEBVYiyZZa+pdV7oIAJWdFahwt+reN/Zt2RPmjjcr
19
- # eSsY7UV1RXjScnNjTzJT1h2hJ7SnUjCkqjR6VdtKDUIzpuX+S2U83joafJH6mxUb
20
- # yw2nO4RfjYTPxpz5JkvqT7jmgEIaD81BuwcMehqpMpIfiKa2NgO1DSfZxgs8a9E2
21
- # +ehc/kZWuI5gmNGrd84EEWUqpYW/Xx7jy02osioJuU5IMPjzZKNR3maXp9oAKeBc
22
- # S2QNa1ID/pUk3K3M/5nlwNgAtQ7lxQrqhrSma2dsKt/IpL6VXomxuD4Bh1r2MZhX
23
- # uZ456X/xJN8UmPewLZWGBU1MK9wqu3Zx5Qwz64H6UdlYIzXZ2jXj2YWZa6xkxPA=
24
- # =69xn
25
- # -----END PGP SIGNATURE-----
18
+ # -----BEGIN PGP SIGNATURE-----
19
+ #
20
+ # iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
21
+ # YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
22
+ # Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
23
+ # 9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
24
+ # hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
25
+ # sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
26
+ # =4qWg
27
+ # -----END PGP SIGNATURE-----
26
28
  #
27
29
 
28
30
  libxslt:
29
- version: "1.1.32"
30
- sha256: "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
31
- # manually verified checksum:
31
+ version: "1.1.33"
32
+ sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
33
+ # manually verified checksum:
32
34
  #
33
- # $ gpg --verify libxslt-1.1.32.tar.gz.asc libxslt-1.1.32.tar.gz
34
- # gpg: Signature made Thu 02 Nov 2017 04:35:04 PM EDT using RSA key ID 596BEA5D
35
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
36
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
37
- # gpg: WARNING: This key is not certified with a trusted signature!
38
- # gpg: There is no indication that the signature belongs to the owner.
39
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
40
- # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
35
+ # $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
36
+ # gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
37
+ # gpg: using RSA key 15588B26596BEA5D
38
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
39
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
40
+ # gpg: WARNING: This key is not certified with a trusted signature!
41
+ # gpg: There is no indication that the signature belongs to the owner.
42
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
43
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
41
44
  #
42
- # using this pgp signature:
45
+ # using this pgp signature:
43
46
  #
44
- # -----BEGIN PGP SIGNATURE-----
47
+ # -----BEGIN PGP SIGNATURE-----
45
48
  #
46
- # iQEcBAABAgAGBQJZ+4F4AAoJEBVYiyZZa+pdy1IIAMX1DpzYGdnv6GCPSKeZ0woD
47
- # sHmSkygJep0/sUQD1cYunNsNZnGDgWhnsLAvHOn3opJgsiaZhmhJ8Uo7QNlT+ni1
48
- # AvRFgQoSXLWSF5kkun4u7RvnpDI6jYfCuYSwb9SO4EAYFAQQJXQaKCeFq71gad+p
49
- # XGHJFAy2TqUVLNZ5I1mQz/oBeDsJ7RzHpYqaBxsLDqrCzRQ9ai23q+dFGS3jvLBr
50
- # 0gXw0MK73ceOwW12L5aLj4erNbATWmMFMDYZZwftysv3bgx2YfiOoZUTzufrB/Bc
51
- # MG8hP76aYBwIKNbhiDFGa2qdHGZGF7YQ4mi1/ZDX1K1G2tKKeEYxscM13JwiGb8=
52
- # =NuQO
53
- # -----END PGP SIGNATURE-----
49
+ # iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
50
+ # 407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
51
+ # mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
52
+ # BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
53
+ # QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
54
+ # sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
55
+ # =iAm8
56
+ # -----END PGP SIGNATURE-----
54
57
  #
55
58
 
56
59
  zlib:
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.10.0.rc1'
3
+ VERSION = '1.10.0'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.0.rc1
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-01-03 00:00:00.000000000 Z
17
+ date: 2019-01-04 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: mini_portile2
@@ -412,10 +412,8 @@ files:
412
412
  - lib/nokogiri/xslt/stylesheet.rb
413
413
  - lib/xsd/xmlparser/nokogiri.rb
414
414
  - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
415
- - patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch
416
- - patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch
417
- - ports/archives/libxml2-2.9.8.tar.gz
418
- - ports/archives/libxslt-1.1.32.tar.gz
415
+ - ports/archives/libxml2-2.9.9.tar.gz
416
+ - ports/archives/libxslt-1.1.33.tar.gz
419
417
  homepage:
420
418
  licenses:
421
419
  - MIT
@@ -433,12 +431,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
433
431
  version: 2.3.0
434
432
  required_rubygems_version: !ruby/object:Gem::Requirement
435
433
  requirements:
436
- - - ">"
434
+ - - ">="
437
435
  - !ruby/object:Gem::Version
438
- version: 1.3.1
436
+ version: '0'
439
437
  requirements: []
440
- rubyforge_project:
441
- rubygems_version: 2.7.8
438
+ rubygems_version: 3.0.1
442
439
  signing_key:
443
440
  specification_version: 4
444
441
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser
@@ -1,54 +0,0 @@
1
- From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Mon, 30 Jul 2018 12:54:38 +0200
4
- Subject: [PATCH] Fix nullptr deref with XPath logic ops
5
-
6
- If the XPath stack is corrupted, for example by a misbehaving extension
7
- function, the "and" and "or" XPath operators could dereference NULL
8
- pointers. Check that the XPath stack isn't empty and optimize the
9
- logic operators slightly.
10
-
11
- Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
12
-
13
- Also see
14
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
15
- https://bugzilla.redhat.com/show_bug.cgi?id=1595985
16
-
17
- This is CVE-2018-14404.
18
-
19
- Thanks to Guy Inbar for the report.
20
- ---
21
- xpath.c | 10 ++++------
22
- 1 file changed, 4 insertions(+), 6 deletions(-)
23
-
24
- diff --git a/xpath.c b/xpath.c
25
- index 3fae0bf..5e3bb9f 100644
26
- --- a/xpath.c
27
- +++ b/xpath.c
28
- @@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
29
- return(0);
30
- }
31
- xmlXPathBooleanFunction(ctxt, 1);
32
- - arg1 = valuePop(ctxt);
33
- - arg1->boolval &= arg2->boolval;
34
- - valuePush(ctxt, arg1);
35
- + if (ctxt->value != NULL)
36
- + ctxt->value->boolval &= arg2->boolval;
37
- xmlXPathReleaseObject(ctxt->context, arg2);
38
- return (total);
39
- case XPATH_OP_OR:
40
- @@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
41
- return(0);
42
- }
43
- xmlXPathBooleanFunction(ctxt, 1);
44
- - arg1 = valuePop(ctxt);
45
- - arg1->boolval |= arg2->boolval;
46
- - valuePush(ctxt, arg1);
47
- + if (ctxt->value != NULL)
48
- + ctxt->value->boolval |= arg2->boolval;
49
- xmlXPathReleaseObject(ctxt->context, arg2);
50
- return (total);
51
- case XPATH_OP_EQUAL:
52
- --
53
- 2.17.1
54
-
@@ -1,50 +0,0 @@
1
- From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Mon, 30 Jul 2018 13:14:11 +0200
4
- Subject: [PATCH] Fix infinite loop in LZMA decompression
5
- MIME-Version: 1.0
6
- Content-Type: text/plain; charset=UTF-8
7
- Content-Transfer-Encoding: 8bit
8
-
9
- Check the liblzma error code more thoroughly to avoid infinite loops.
10
-
11
- Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
12
- Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
13
-
14
- This is CVE-2018-9251 and CVE-2018-14567.
15
-
16
- Thanks to Dongliang Mu and Simon Wörner for the reports.
17
- ---
18
- xzlib.c | 9 +++++++++
19
- 1 file changed, 9 insertions(+)
20
-
21
- diff --git a/xzlib.c b/xzlib.c
22
- index a839169..0ba88cf 100644
23
- --- a/xzlib.c
24
- +++ b/xzlib.c
25
- @@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
26
- "internal error: inflate stream corrupt");
27
- return -1;
28
- }
29
- + /*
30
- + * FIXME: Remapping a couple of error codes and falling through
31
- + * to the LZMA error handling looks fragile.
32
- + */
33
- if (ret == Z_MEM_ERROR)
34
- ret = LZMA_MEM_ERROR;
35
- if (ret == Z_DATA_ERROR)
36
- @@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
37
- xz_error(state, LZMA_PROG_ERROR, "compression error");
38
- return -1;
39
- }
40
- + if ((state->how != GZIP) &&
41
- + (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
42
- + xz_error(state, ret, "lzma error");
43
- + return -1;
44
- + }
45
- } while (strm->avail_out && ret != LZMA_STREAM_END);
46
-
47
- /* update available output and crc check value */
48
- --
49
- 2.17.1
50
-