nokogiri 1.10.0.rc1-x64-mingw32 → 1.10.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/dependencies.yml +45 -42
- data/lib/nokogiri/2.3/nokogiri.so +0 -0
- data/lib/nokogiri/2.4/nokogiri.so +0 -0
- data/lib/nokogiri/2.5/nokogiri.so +0 -0
- data/lib/nokogiri/2.6/nokogiri.so +0 -0
- data/lib/nokogiri/version.rb +1 -1
- metadata +7 -9
- data/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch +0 -54
- data/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch +0 -50
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c9303c193ed62b1e25dab8835c9d58e1bf5df863ddc2badd0c69a2d172b75bf4
|
4
|
+
data.tar.gz: 7f845c23e9171495c0ac421d2fa7f993361c826f7e9ba96adbb6887da0334cf2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 87badc63a3df5043376093a435bee36e7ecd3344b49e42c1a3fadf571cbc4b473655b59474c33b06c39062908fd18fc5f67a7d57e5605cc2fa318f46717d6236
|
7
|
+
data.tar.gz: '080f07d248a0ab3489f096d664a8b4785da4e72299e4ca1fdc5ffe16ac3fe923073c483f9af4ae5123a465e38337e7276f09c4f58aebf84dc61c92da1d29efce'
|
data/dependencies.yml
CHANGED
@@ -1,56 +1,59 @@
|
|
1
1
|
libxml2:
|
2
|
-
version: "2.9.
|
3
|
-
sha256: "
|
4
|
-
#
|
2
|
+
version: "2.9.9"
|
3
|
+
sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
|
4
|
+
# manually verified checksum:
|
5
5
|
#
|
6
|
-
#
|
7
|
-
#
|
8
|
-
#
|
9
|
-
#
|
10
|
-
#
|
11
|
-
#
|
12
|
-
#
|
13
|
-
#
|
6
|
+
# $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
|
7
|
+
# gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
|
8
|
+
# gpg: using RSA key 15588B26596BEA5D
|
9
|
+
# gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
|
10
|
+
# gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
|
11
|
+
# gpg: WARNING: This key is not certified with a trusted signature!
|
12
|
+
# gpg: There is no indication that the signature belongs to the owner.
|
13
|
+
# Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
|
14
|
+
# Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
|
14
15
|
#
|
15
|
-
#
|
16
|
-
# -----BEGIN PGP SIGNATURE-----
|
16
|
+
# using this pgp signature:
|
17
17
|
#
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
#
|
24
|
-
#
|
25
|
-
#
|
18
|
+
# -----BEGIN PGP SIGNATURE-----
|
19
|
+
#
|
20
|
+
# iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
|
21
|
+
# YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
|
22
|
+
# Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
|
23
|
+
# 9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
|
24
|
+
# hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
|
25
|
+
# sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
|
26
|
+
# =4qWg
|
27
|
+
# -----END PGP SIGNATURE-----
|
26
28
|
#
|
27
29
|
|
28
30
|
libxslt:
|
29
|
-
version: "1.1.
|
30
|
-
sha256: "
|
31
|
-
#
|
31
|
+
version: "1.1.33"
|
32
|
+
sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
|
33
|
+
# manually verified checksum:
|
32
34
|
#
|
33
|
-
#
|
34
|
-
#
|
35
|
-
#
|
36
|
-
#
|
37
|
-
#
|
38
|
-
#
|
39
|
-
#
|
40
|
-
#
|
35
|
+
# $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
|
36
|
+
# gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
|
37
|
+
# gpg: using RSA key 15588B26596BEA5D
|
38
|
+
# gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
|
39
|
+
# gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
|
40
|
+
# gpg: WARNING: This key is not certified with a trusted signature!
|
41
|
+
# gpg: There is no indication that the signature belongs to the owner.
|
42
|
+
# Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
|
43
|
+
# Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
|
41
44
|
#
|
42
|
-
#
|
45
|
+
# using this pgp signature:
|
43
46
|
#
|
44
|
-
#
|
47
|
+
# -----BEGIN PGP SIGNATURE-----
|
45
48
|
#
|
46
|
-
#
|
47
|
-
#
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
#
|
52
|
-
#
|
53
|
-
#
|
49
|
+
# iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
|
50
|
+
# 407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
|
51
|
+
# mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
|
52
|
+
# BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
|
53
|
+
# QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
|
54
|
+
# sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
|
55
|
+
# =iAm8
|
56
|
+
# -----END PGP SIGNATURE-----
|
54
57
|
#
|
55
58
|
|
56
59
|
zlib:
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nokogiri
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.10.0
|
4
|
+
version: 1.10.0
|
5
5
|
platform: x64-mingw32
|
6
6
|
authors:
|
7
7
|
- Aaron Patterson
|
@@ -14,7 +14,7 @@ authors:
|
|
14
14
|
autorequire:
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
|
-
date: 2019-01-
|
17
|
+
date: 2019-01-04 00:00:00.000000000 Z
|
18
18
|
dependencies:
|
19
19
|
- !ruby/object:Gem::Dependency
|
20
20
|
name: mini_portile2
|
@@ -415,14 +415,12 @@ files:
|
|
415
415
|
- lib/nokogiri/xslt/stylesheet.rb
|
416
416
|
- lib/xsd/xmlparser/nokogiri.rb
|
417
417
|
- patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
|
418
|
-
- patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch
|
419
|
-
- patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch
|
420
418
|
homepage:
|
421
419
|
licenses:
|
422
420
|
- MIT
|
423
421
|
metadata: {}
|
424
|
-
post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.
|
425
|
-
libxslt-1.1.
|
422
|
+
post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.9,
|
423
|
+
libxslt-1.1.33, zlib-1.2.11, libiconv-1.15.
|
426
424
|
|
427
425
|
'
|
428
426
|
rdoc_options:
|
@@ -437,12 +435,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
437
435
|
version: '2.3'
|
438
436
|
- - "<"
|
439
437
|
- !ruby/object:Gem::Version
|
440
|
-
version:
|
438
|
+
version: 2.7.dev
|
441
439
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
442
440
|
requirements:
|
443
|
-
- - "
|
441
|
+
- - ">="
|
444
442
|
- !ruby/object:Gem::Version
|
445
|
-
version:
|
443
|
+
version: '0'
|
446
444
|
requirements: []
|
447
445
|
rubyforge_project:
|
448
446
|
rubygems_version: 2.7.8
|
@@ -1,54 +0,0 @@
|
|
1
|
-
From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
3
|
-
Date: Mon, 30 Jul 2018 12:54:38 +0200
|
4
|
-
Subject: [PATCH] Fix nullptr deref with XPath logic ops
|
5
|
-
|
6
|
-
If the XPath stack is corrupted, for example by a misbehaving extension
|
7
|
-
function, the "and" and "or" XPath operators could dereference NULL
|
8
|
-
pointers. Check that the XPath stack isn't empty and optimize the
|
9
|
-
logic operators slightly.
|
10
|
-
|
11
|
-
Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
|
12
|
-
|
13
|
-
Also see
|
14
|
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
|
15
|
-
https://bugzilla.redhat.com/show_bug.cgi?id=1595985
|
16
|
-
|
17
|
-
This is CVE-2018-14404.
|
18
|
-
|
19
|
-
Thanks to Guy Inbar for the report.
|
20
|
-
---
|
21
|
-
xpath.c | 10 ++++------
|
22
|
-
1 file changed, 4 insertions(+), 6 deletions(-)
|
23
|
-
|
24
|
-
diff --git a/xpath.c b/xpath.c
|
25
|
-
index 3fae0bf..5e3bb9f 100644
|
26
|
-
--- a/xpath.c
|
27
|
-
+++ b/xpath.c
|
28
|
-
@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
|
29
|
-
return(0);
|
30
|
-
}
|
31
|
-
xmlXPathBooleanFunction(ctxt, 1);
|
32
|
-
- arg1 = valuePop(ctxt);
|
33
|
-
- arg1->boolval &= arg2->boolval;
|
34
|
-
- valuePush(ctxt, arg1);
|
35
|
-
+ if (ctxt->value != NULL)
|
36
|
-
+ ctxt->value->boolval &= arg2->boolval;
|
37
|
-
xmlXPathReleaseObject(ctxt->context, arg2);
|
38
|
-
return (total);
|
39
|
-
case XPATH_OP_OR:
|
40
|
-
@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
|
41
|
-
return(0);
|
42
|
-
}
|
43
|
-
xmlXPathBooleanFunction(ctxt, 1);
|
44
|
-
- arg1 = valuePop(ctxt);
|
45
|
-
- arg1->boolval |= arg2->boolval;
|
46
|
-
- valuePush(ctxt, arg1);
|
47
|
-
+ if (ctxt->value != NULL)
|
48
|
-
+ ctxt->value->boolval |= arg2->boolval;
|
49
|
-
xmlXPathReleaseObject(ctxt->context, arg2);
|
50
|
-
return (total);
|
51
|
-
case XPATH_OP_EQUAL:
|
52
|
-
--
|
53
|
-
2.17.1
|
54
|
-
|
@@ -1,50 +0,0 @@
|
|
1
|
-
From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
|
2
|
-
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
3
|
-
Date: Mon, 30 Jul 2018 13:14:11 +0200
|
4
|
-
Subject: [PATCH] Fix infinite loop in LZMA decompression
|
5
|
-
MIME-Version: 1.0
|
6
|
-
Content-Type: text/plain; charset=UTF-8
|
7
|
-
Content-Transfer-Encoding: 8bit
|
8
|
-
|
9
|
-
Check the liblzma error code more thoroughly to avoid infinite loops.
|
10
|
-
|
11
|
-
Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
|
12
|
-
Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
|
13
|
-
|
14
|
-
This is CVE-2018-9251 and CVE-2018-14567.
|
15
|
-
|
16
|
-
Thanks to Dongliang Mu and Simon Wörner for the reports.
|
17
|
-
---
|
18
|
-
xzlib.c | 9 +++++++++
|
19
|
-
1 file changed, 9 insertions(+)
|
20
|
-
|
21
|
-
diff --git a/xzlib.c b/xzlib.c
|
22
|
-
index a839169..0ba88cf 100644
|
23
|
-
--- a/xzlib.c
|
24
|
-
+++ b/xzlib.c
|
25
|
-
@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
|
26
|
-
"internal error: inflate stream corrupt");
|
27
|
-
return -1;
|
28
|
-
}
|
29
|
-
+ /*
|
30
|
-
+ * FIXME: Remapping a couple of error codes and falling through
|
31
|
-
+ * to the LZMA error handling looks fragile.
|
32
|
-
+ */
|
33
|
-
if (ret == Z_MEM_ERROR)
|
34
|
-
ret = LZMA_MEM_ERROR;
|
35
|
-
if (ret == Z_DATA_ERROR)
|
36
|
-
@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
|
37
|
-
xz_error(state, LZMA_PROG_ERROR, "compression error");
|
38
|
-
return -1;
|
39
|
-
}
|
40
|
-
+ if ((state->how != GZIP) &&
|
41
|
-
+ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
|
42
|
-
+ xz_error(state, ret, "lzma error");
|
43
|
-
+ return -1;
|
44
|
-
+ }
|
45
|
-
} while (strm->avail_out && ret != LZMA_STREAM_END);
|
46
|
-
|
47
|
-
/* update available output and crc check value */
|
48
|
-
--
|
49
|
-
2.17.1
|
50
|
-
|