nokogiri 1.10.0.rc1-x86-mingw32 → 1.10.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 616a41a65e99b9e36d9fb63f15ac3f89b2833fea2286cbc844d38219a80186af
4
- data.tar.gz: adc84d4f002aa42689cada09989f6ee9e94e484a1e7e2837bb8c10e91a54075f
3
+ metadata.gz: 3de3818fe85f47e9efb3fc22d2c2d9a04eca057ceb41986575a089c14a0fe065
4
+ data.tar.gz: 30b37fccb1bdc83381034f97a8196e59cef9ed7dc06a4e8e6610374389b21db6
5
5
  SHA512:
6
- metadata.gz: edc9d5049b6f6a32f535111fabbe249cac7dff31d8c7e0e04963402845fe208d3d328f927f107632772743b3cdc86330b3715833d009455a32ba615eeda60ed7
7
- data.tar.gz: 494d7565b775322e3355929b0dc7c5cbbfda00210ed2f568d106ddf50f9b18c1b23a1175e73300f01739f02c6760d835f0804a31ba8884621329a47480c3f000
6
+ metadata.gz: 3b21afe1aea314cc625c30db966d0e0f1757649ff4f7ffdf9d514016560ff8cb22b172555e43020f0ea7888d32a31f26f71cde05313d9d31026d569238d3388b
7
+ data.tar.gz: 8991a23d98a158edce0dc551b989244a3b21a21a97eb8aa39daf62fa271be7ef04040fcdc034f233f1ed7592a337a4d76d2a654aac722a05bb634b737fa90b87
data/dependencies.yml CHANGED
@@ -1,56 +1,59 @@
1
1
  libxml2:
2
- version: "2.9.8"
3
- sha256: "0b74e51595654f958148759cfef0993114ddccccbb6f31aee018f3558e8e2732"
4
- # manually verified checksum:
2
+ version: "2.9.9"
3
+ sha256: "94fb70890143e3c6549f265cee93ec064c80a84c42ad0f23e85ee1fd6540a871"
4
+ # manually verified checksum:
5
5
  #
6
- # $ gpg --verify libxml2-2.9.8.tar.gz.asc ./ports/archives/libxml2-2.9.8.tar.gz
7
- # gpg: Signature made Mon 05 Mar 2018 11:07:45 AM EST using RSA key ID 596BEA5D
8
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
9
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
10
- # gpg: WARNING: This key is not certified with a trusted signature!
11
- # gpg: There is no indication that the signature belongs to the owner.
12
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
13
- # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
6
+ # $ gpg --verify libxml2-2.9.9.tar.gz.asc ports/archives/libxml2-2.9.9.tar.gz
7
+ # gpg: Signature made Thu 03 Jan 2019 01:14:47 PM EST
8
+ # gpg: using RSA key 15588B26596BEA5D
9
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
10
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
11
+ # gpg: WARNING: This key is not certified with a trusted signature!
12
+ # gpg: There is no indication that the signature belongs to the owner.
13
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
14
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
14
15
  #
15
- # using this pgp signature:
16
- # -----BEGIN PGP SIGNATURE-----
16
+ # using this pgp signature:
17
17
  #
18
- # iQEcBAABAgAGBQJanWtRAAoJEBVYiyZZa+pdV7oIAJWdFahwt+reN/Zt2RPmjjcr
19
- # eSsY7UV1RXjScnNjTzJT1h2hJ7SnUjCkqjR6VdtKDUIzpuX+S2U83joafJH6mxUb
20
- # yw2nO4RfjYTPxpz5JkvqT7jmgEIaD81BuwcMehqpMpIfiKa2NgO1DSfZxgs8a9E2
21
- # +ehc/kZWuI5gmNGrd84EEWUqpYW/Xx7jy02osioJuU5IMPjzZKNR3maXp9oAKeBc
22
- # S2QNa1ID/pUk3K3M/5nlwNgAtQ7lxQrqhrSma2dsKt/IpL6VXomxuD4Bh1r2MZhX
23
- # uZ456X/xJN8UmPewLZWGBU1MK9wqu3Zx5Qwz64H6UdlYIzXZ2jXj2YWZa6xkxPA=
24
- # =69xn
25
- # -----END PGP SIGNATURE-----
18
+ # -----BEGIN PGP SIGNATURE-----
19
+ #
20
+ # iQEbBAABAgAGBQJcLlEXAAoJEBVYiyZZa+pd1B8H93xeCYNBLx+eX0xe3qS3ReS/
21
+ # YstjkXKUkmDQYwqQ/9Knmv1P6NX64hQL5E1pZX5sXp36giwXXJ5tCK72VRzektzU
22
+ # Kpo+M1/QA9feZQs1GmyKaXYzNwTSJnsdKA9nWqTHZ3bzfdhFSZ0czo94vgY/cz5z
23
+ # 9P3FIgeldj1vi8p2rjXbArMFQyaxHnve9LdxI8hbudNSeUw/FEV6mjtXrlZ7MXqn
24
+ # hmAkah2JwktOStF5tIlddCRqZeUPUX5flBxT95gfskXXlGEhaoGMXcC3izqqJyV2
25
+ # sx5nY7fnXdkwfYsgRUXYWmDmbs8DnFjXH9lux9O4OWglLonaRoAqFPcOzE3aCw==
26
+ # =4qWg
27
+ # -----END PGP SIGNATURE-----
26
28
  #
27
29
 
28
30
  libxslt:
29
- version: "1.1.32"
30
- sha256: "526ecd0abaf4a7789041622c3950c0e7f2c4c8835471515fd77eec684a355460"
31
- # manually verified checksum:
31
+ version: "1.1.33"
32
+ sha256: "8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8"
33
+ # manually verified checksum:
32
34
  #
33
- # $ gpg --verify libxslt-1.1.32.tar.gz.asc libxslt-1.1.32.tar.gz
34
- # gpg: Signature made Thu 02 Nov 2017 04:35:04 PM EDT using RSA key ID 596BEA5D
35
- # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>"
36
- # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>"
37
- # gpg: WARNING: This key is not certified with a trusted signature!
38
- # gpg: There is no indication that the signature belongs to the owner.
39
- # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
40
- # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
35
+ # $ gpg --verify libxslt-1.1.33.tar.gz.asc ports/archives/libxslt-1.1.33.tar.gz
36
+ # gpg: Signature made Thu 03 Jan 2019 01:30:49 PM EST
37
+ # gpg: using RSA key 15588B26596BEA5D
38
+ # gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown]
39
+ # gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown]
40
+ # gpg: WARNING: This key is not certified with a trusted signature!
41
+ # gpg: There is no indication that the signature belongs to the owner.
42
+ # Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F
43
+ # Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D
41
44
  #
42
- # using this pgp signature:
45
+ # using this pgp signature:
43
46
  #
44
- # -----BEGIN PGP SIGNATURE-----
47
+ # -----BEGIN PGP SIGNATURE-----
45
48
  #
46
- # iQEcBAABAgAGBQJZ+4F4AAoJEBVYiyZZa+pdy1IIAMX1DpzYGdnv6GCPSKeZ0woD
47
- # sHmSkygJep0/sUQD1cYunNsNZnGDgWhnsLAvHOn3opJgsiaZhmhJ8Uo7QNlT+ni1
48
- # AvRFgQoSXLWSF5kkun4u7RvnpDI6jYfCuYSwb9SO4EAYFAQQJXQaKCeFq71gad+p
49
- # XGHJFAy2TqUVLNZ5I1mQz/oBeDsJ7RzHpYqaBxsLDqrCzRQ9ai23q+dFGS3jvLBr
50
- # 0gXw0MK73ceOwW12L5aLj4erNbATWmMFMDYZZwftysv3bgx2YfiOoZUTzufrB/Bc
51
- # MG8hP76aYBwIKNbhiDFGa2qdHGZGF7YQ4mi1/ZDX1K1G2tKKeEYxscM13JwiGb8=
52
- # =NuQO
53
- # -----END PGP SIGNATURE-----
49
+ # iQEcBAABAgAGBQJcLlTZAAoJEBVYiyZZa+pd9NkIAIf6ei2iSpR/0QOyS71esDq8
50
+ # 407PcUXd/yUjDANm4Uvm7kKK+SbbfBxFIPva4g984Noe1zYMfjK3u3iNs6jykySf
51
+ # mN5eo2wNCxsZnqjbnsLgQvn5VCQpPInTddTuGUxgqJyvnR7p785L1oA2EStSPMP4
52
+ # BGZ9dZGlbreK35WzgrhUi0VN5egJW2fpMsw7rTPvfwK+90gXL0DEm8v3WlA7fCDL
53
+ # QsvuPm7jPOXxdt5bYrVP8wpNMTJIGqV6jxh7Vvl6kiGLldUjCyoCh0AGXLror0Gs
54
+ # sAMlRKJNodpcCYkIWxzjLt74sUciKNrPLHZlXJcclZMONen1GWnVDcv83Tt9n6w=
55
+ # =iAm8
56
+ # -----END PGP SIGNATURE-----
54
57
  #
55
58
 
56
59
  zlib:
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.10.0.rc1'
3
+ VERSION = '1.10.0'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.0.rc1
4
+ version: 1.10.0
5
5
  platform: x86-mingw32
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-01-03 00:00:00.000000000 Z
17
+ date: 2019-01-04 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: mini_portile2
@@ -415,14 +415,12 @@ files:
415
415
  - lib/nokogiri/xslt/stylesheet.rb
416
416
  - lib/xsd/xmlparser/nokogiri.rb
417
417
  - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
418
- - patches/libxml2/0002-Fix-nullptr-deref-with-XPath-logic-ops.patch
419
- - patches/libxml2/0003-Fix-infinite-loop-in-LZMA-decompression.patch
420
418
  homepage:
421
419
  licenses:
422
420
  - MIT
423
421
  metadata: {}
424
- post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.8,
425
- libxslt-1.1.32, zlib-1.2.11, libiconv-1.15.
422
+ post_install_message: 'Nokogiri is built with the packaged libraries: libxml2-2.9.9,
423
+ libxslt-1.1.33, zlib-1.2.11, libiconv-1.15.
426
424
 
427
425
  '
428
426
  rdoc_options:
@@ -437,12 +435,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
437
435
  version: '2.3'
438
436
  - - "<"
439
437
  - !ruby/object:Gem::Version
440
- version: '2.7'
438
+ version: 2.7.dev
441
439
  required_rubygems_version: !ruby/object:Gem::Requirement
442
440
  requirements:
443
- - - ">"
441
+ - - ">="
444
442
  - !ruby/object:Gem::Version
445
- version: 1.3.1
443
+ version: '0'
446
444
  requirements: []
447
445
  rubyforge_project:
448
446
  rubygems_version: 2.7.8
@@ -1,54 +0,0 @@
1
- From a436374994c47b12d5de1b8b1d191a098fa23594 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Mon, 30 Jul 2018 12:54:38 +0200
4
- Subject: [PATCH] Fix nullptr deref with XPath logic ops
5
-
6
- If the XPath stack is corrupted, for example by a misbehaving extension
7
- function, the "and" and "or" XPath operators could dereference NULL
8
- pointers. Check that the XPath stack isn't empty and optimize the
9
- logic operators slightly.
10
-
11
- Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
12
-
13
- Also see
14
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
15
- https://bugzilla.redhat.com/show_bug.cgi?id=1595985
16
-
17
- This is CVE-2018-14404.
18
-
19
- Thanks to Guy Inbar for the report.
20
- ---
21
- xpath.c | 10 ++++------
22
- 1 file changed, 4 insertions(+), 6 deletions(-)
23
-
24
- diff --git a/xpath.c b/xpath.c
25
- index 3fae0bf..5e3bb9f 100644
26
- --- a/xpath.c
27
- +++ b/xpath.c
28
- @@ -13234,9 +13234,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
29
- return(0);
30
- }
31
- xmlXPathBooleanFunction(ctxt, 1);
32
- - arg1 = valuePop(ctxt);
33
- - arg1->boolval &= arg2->boolval;
34
- - valuePush(ctxt, arg1);
35
- + if (ctxt->value != NULL)
36
- + ctxt->value->boolval &= arg2->boolval;
37
- xmlXPathReleaseObject(ctxt->context, arg2);
38
- return (total);
39
- case XPATH_OP_OR:
40
- @@ -13252,9 +13251,8 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
41
- return(0);
42
- }
43
- xmlXPathBooleanFunction(ctxt, 1);
44
- - arg1 = valuePop(ctxt);
45
- - arg1->boolval |= arg2->boolval;
46
- - valuePush(ctxt, arg1);
47
- + if (ctxt->value != NULL)
48
- + ctxt->value->boolval |= arg2->boolval;
49
- xmlXPathReleaseObject(ctxt->context, arg2);
50
- return (total);
51
- case XPATH_OP_EQUAL:
52
- --
53
- 2.17.1
54
-
@@ -1,50 +0,0 @@
1
- From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
2
- From: Nick Wellnhofer <wellnhofer@aevum.de>
3
- Date: Mon, 30 Jul 2018 13:14:11 +0200
4
- Subject: [PATCH] Fix infinite loop in LZMA decompression
5
- MIME-Version: 1.0
6
- Content-Type: text/plain; charset=UTF-8
7
- Content-Transfer-Encoding: 8bit
8
-
9
- Check the liblzma error code more thoroughly to avoid infinite loops.
10
-
11
- Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
12
- Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
13
-
14
- This is CVE-2018-9251 and CVE-2018-14567.
15
-
16
- Thanks to Dongliang Mu and Simon Wörner for the reports.
17
- ---
18
- xzlib.c | 9 +++++++++
19
- 1 file changed, 9 insertions(+)
20
-
21
- diff --git a/xzlib.c b/xzlib.c
22
- index a839169..0ba88cf 100644
23
- --- a/xzlib.c
24
- +++ b/xzlib.c
25
- @@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
26
- "internal error: inflate stream corrupt");
27
- return -1;
28
- }
29
- + /*
30
- + * FIXME: Remapping a couple of error codes and falling through
31
- + * to the LZMA error handling looks fragile.
32
- + */
33
- if (ret == Z_MEM_ERROR)
34
- ret = LZMA_MEM_ERROR;
35
- if (ret == Z_DATA_ERROR)
36
- @@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
37
- xz_error(state, LZMA_PROG_ERROR, "compression error");
38
- return -1;
39
- }
40
- + if ((state->how != GZIP) &&
41
- + (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
42
- + xz_error(state, ret, "lzma error");
43
- + return -1;
44
- + }
45
- } while (strm->avail_out && ret != LZMA_STREAM_END);
46
-
47
- /* update available output and crc check value */
48
- --
49
- 2.17.1
50
-