nokogiri 1.10.0.rc1-x64-mingw32 → 1.10.0-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6aa6ef50777b2ee4a4ea2f11964bf11a7333cc9ce7ba494d6b3e667a46413d86
-  data.tar.gz: a0b5a6753186f8f89a05c635677d928d9d55bb06e92f36d79c3883c38a53d816
+  metadata.gz: c9303c193ed62b1e25dab8835c9d58e1bf5df863ddc2badd0c69a2d172b75bf4
+  data.tar.gz: 7f845c23e9171495c0ac421d2fa7f993361c826f7e9ba96adbb6887da0334cf2
 SHA512:
-  metadata.gz: a3d14d9c598e41379ed29d4029de4f0b51bbf0ae07ac15465c3b622ed6fac2f24f678fea6d39dce1e3dc7b0f9769b0fae1f916e55c9715971092b33e290fd9ce
-  data.tar.gz: 6af90ae76f4820f212b1f59e2d0f367d01afafcaf94b560878ad39bea0d2152b90f29ccd02e82fc0ab34b8206c60fd4526a0a3ef8edc02fdb1750556cbf503c4
+  metadata.gz: 87badc63a3df5043376093a435bee36e7ecd3344b49e42c1a3fadf571cbc4b473655b59474c33b06c39062908fd18fc5f67a7d57e5605cc2fa318f46717d6236
+  data.tar.gz: '080f07d248a0ab3489f096d664a8b4785da4e72299e4ca1fdc5ffe16ac3fe923073c483f9af4ae5123a465e38337e7276f09c4f58aebf84dc61c92da1d29efce'

data/dependencies.yml

@@ -1,56 +1,59 @@
 libxml2:
-  version: "2.9.8"
-  sha256: "0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732"
-  # manually verified checksum:
+  version: "2.9.9"
+  sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
+  #  manually verified checksum:
   #
-  #   $ gpg --verify libxml2-2.9.8.tar.gz.asc ./ports/archives/libxml2-2.9.8.tar.gz
-  #   gpg: Signature made Mon 05 Mar 2018 11:07:45 AM EST using RSA key ID 596BEA5D
-  #   gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
-  #   gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>"
-  #   gpg: WARNING: This key is not certified with a trusted signature!
-  #   gpg:          There is no indication that the signature belongs to the owner.
-  #   Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
-  #        Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
+  #    $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
+  #    gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
+  #    gpg:                using RSA key 15588B26596BEA5D
+  #    gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
+  #    gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
+  #    gpg: WARNING: This key is not certified with a trusted signature!
+  #    gpg:          There is no indication that the signature belongs to the owner.
+  #    Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
+  #         Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
   #
-  # using this pgp signature:
-  #   -----BEGIN PGP SIGNATURE-----
+  #  using this pgp signature:
   #
-  #   iQEcBAABAgAGBQJanWtRAAoJEBVYiyZZa+pdV7oIAJWdFahwt+reN/Zt2RPmjjcr
-  #   eSsY7UV1RXjScnNjTzJT1h2hJ7SnUjCkqjR6VdtKDUIzpuX+S2U83joafJH6mxUb
-  #   yw2nO4RfjYTPxpz5JkvqT7jmgEIaD81BuwcMehqpMpIfiKa2NgO1DSfZxgs8a9E2
-  #   +ehc/kZWuI5gmNGrd84EEWUqpYW/Xx7jy02osioJuU5IMPjzZKNR3maXp9oAKeBc
-  #   S2QNa1ID/pUk3K3M/5nlwNgAtQ7lxQrqhrSma2dsKt/IpL6VXomxuD4Bh1r2MZhX
-  #   uZ456X/xJN8UmPewLZWGBU1MK9wqu3Zx5Qwz64H6UdlYIzXZ2jXj2YWZa6xkxPA=
-  #   =69xn
-  #   -----END PGP SIGNATURE-----
+  #    -----BEGIN PGP SIGNATURE-----
+  #
+  #    iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
+  #    YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
+  #    Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
+  #    9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
+  #    hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
+  #    sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
+  #    =4qWg
+  #    -----END PGP SIGNATURE-----
   #
 
 libxslt:
-  version: "1.1.32"
-  sha256: "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
-  # manually verified checksum:
+  version: "1.1.33"
+  sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
+  #  manually verified checksum:
   #
-  #   $ gpg --verify libxslt-1.1.32.tar.gz.asc libxslt-1.1.32.tar.gz
-  #   gpg: Signature made Thu 02 Nov 2017 04:35:04 PM EDT using RSA key ID 596BEA5D
-  #   gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
-  #   gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>"
-  #   gpg: WARNING: This key is not certified with a trusted signature!
-  #   gpg:          There is no indication that the signature belongs to the owner.
-  #   Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
-  #        Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
+  #    $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
+  #    gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
+  #    gpg:                using RSA key 15588B26596BEA5D
+  #    gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
+  #    gpg:                 aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
+  #    gpg: WARNING: This key is not certified with a trusted signature!
+  #    gpg:          There is no indication that the signature belongs to the owner.
+  #    Primary key fingerprint: C744 15BA 7C9C 7F78 F02E  1DC3 4606 B8A5 DE95 BC1F
+  #         Subkey fingerprint: DB46 681B B91A DCEA 170F  A2D4 1558 8B26 596B EA5D
   #
-  # using this pgp signature:
+  #  using this pgp signature:
   #
-  #   -----BEGIN PGP SIGNATURE-----
+  #    -----BEGIN PGP SIGNATURE-----
   #
-  #   iQEcBAABAgAGBQJZ+4F4AAoJEBVYiyZZa+pdy1IIAMX1DpzYGdnv6GCPSKeZ0woD
-  #   sHmSkygJep0/sUQD1cYunNsNZnGDgWhnsLAvHOn3opJgsiaZhmhJ8Uo7QNlT+ni1
-  #   AvRFgQoSXLWSF5kkun4u7RvnpDI6jYfCuYSwb9SO4EAYFAQQJXQaKCeFq71gad+p
-  #   XGHJFAy2TqUVLNZ5I1mQz/oBeDsJ7RzHpYqaBxsLDqrCzRQ9ai23q+dFGS3jvLBr
-  #   0gXw0MK73ceOwW12L5aLj4erNbATWmMFMDYZZwftysv3bgx2YfiOoZUTzufrB/Bc
-  #   MG8hP76aYBwIKNbhiDFGa2qdHGZGF7YQ4mi1/ZDX1K1G2tKKeEYxscM13JwiGb8=
-  #   =NuQO
-  #   -----END PGP SIGNATURE-----
+  #    iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
+  #    407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
+  #    mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
+  #    BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
+  #    QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
+  #    sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
+  #    =iAm8
+  #    -----END PGP SIGNATURE-----
   #
 
 zlib:

data/lib/nokogiri/version.rb

@@ -1,6 +1,6 @@
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = '1.10.0.rc1'
+  VERSION = '1.10.0'
 
   class VersionInfo # :nodoc:
     def jruby?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nokogiri
 version: !ruby/object:Gem::Version
-  version: 1.10.0.rc1
+  version: 1.10.0
 platform: x64-mingw32
 authors:
 - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-03 00:00:00.000000000 Z
+date: 2019-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mini_portile2
@@ -415,14 +415,12 @@ files:
 - lib/nokogiri/xslt/stylesheet.rb
 - lib/xsd/xmlparser/nokogiri.rb
 - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
-- patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch
-- patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch
 homepage: 
 licenses:
 - MIT
 metadata: {}
-post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.8,
-  libxslt-1.1.32, zlib-1.2.11, libiconv-1.15.
+post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.9,
+  libxslt-1.1.33, zlib-1.2.11, libiconv-1.15.
 
 '
 rdoc_options:
@@ -437,12 +435,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.3'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: 2.7.dev
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.7.8

data/patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch

@@ -1,54 +0,0 @@
-From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 12:54:38 +0200
-Subject: [PATCH] Fix nullptr deref with XPath logic ops
-
-If the XPath stack is corrupted, for example by a misbehaving extension
-function, the "and" and "or" XPath operators could dereference NULL
-pointers. Check that the XPath stack isn't empty and optimize the
-logic operators slightly.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
-
-Also see
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
-https://bugzilla.redhat.com/show_bug.cgi?id=1595985
-
-This is CVE-2018-14404.
-
-Thanks to Guy Inbar for the report.
----
- xpath.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 3fae0bf..5e3bb9f 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval &= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval &= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_OR:
-@@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
- 		return(0);
- 	    }
-             xmlXPathBooleanFunction(ctxt, 1);
--            arg1 = valuePop(ctxt);
--            arg1->boolval |= arg2->boolval;
--            valuePush(ctxt, arg1);
-+            if (ctxt->value != NULL)
-+                ctxt->value->boolval |= arg2->boolval;
- 	    xmlXPathReleaseObject(ctxt->context, arg2);
-             return (total);
-         case XPATH_OP_EQUAL:
--- 
-2.17.1
-

data/patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch

@@ -1,50 +0,0 @@
-From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Mon, 30 Jul 2018 13:14:11 +0200
-Subject: [PATCH] Fix infinite loop in LZMA decompression
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Check the liblzma error code more thoroughly to avoid infinite loops.
-
-Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
-Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
-
-This is CVE-2018-9251 and CVE-2018-14567.
-
-Thanks to Dongliang Mu and Simon Wörner for the reports.
----
- xzlib.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/xzlib.c b/xzlib.c
-index a839169..0ba88cf 100644
---- a/xzlib.c
-+++ b/xzlib.c
-@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
-                          "internal error: inflate stream corrupt");
-                 return -1;
-             }
-+            /*
-+             * FIXME: Remapping a couple of error codes and falling through
-+             * to the LZMA error handling looks fragile.
-+             */
-             if (ret == Z_MEM_ERROR)
-                 ret = LZMA_MEM_ERROR;
-             if (ret == Z_DATA_ERROR)
-@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
-             xz_error(state, LZMA_PROG_ERROR, "compression error");
-             return -1;
-         }
-+        if ((state->how != GZIP) &&
-+            (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
-+            xz_error(state, ret, "lzma error");
-+            return -1;
-+        }
-     } while (strm->avail_out && ret != LZMA_STREAM_END);
- 
-     /* update available output and crc check value */
--- 
-2.17.1
-