nokogiri 1.10.2-x64-mingw32 → 1.10.3-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/lib/nokogiri/2.3/nokogiri.so +0 -0
- data/lib/nokogiri/2.4/nokogiri.so +0 -0
- data/lib/nokogiri/2.5/nokogiri.so +0 -0
- data/lib/nokogiri/2.6/nokogiri.so +0 -0
- data/lib/nokogiri/version.rb +26 -26
- data/patches/libxslt/0001-Fix-security-framework-bypass.patch +120 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c86a65945859efc8bb1073c8e131ff6392461c1d91b68c3c26bec128eb80aafe
|
|
4
|
+
data.tar.gz: 91c2262335d7d6de95c1a758bd5d6042b27cf61990d007174128d61ee3593f52
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a3e81188c260f6191b71cb33fb4ed08290c22b91f3080468ef4ab53e8a4eca388022b285de7191ab0903007b220680b189e8c94cb67b2dd7821b7dc5f08b46e
|
|
7
|
+
data.tar.gz: 993fdaae7b8da672de6a0db897f6972e48c8713fae3a26916b350b702a2a7c37fbe2d8457a8eda2a3f048af9f38c9124dc817d9ddf0ce39883344d3c4e3fd3a8
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data/lib/nokogiri/version.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module Nokogiri
|
|
2
2
|
# The version of Nokogiri you are using
|
|
3
|
-
VERSION = "1.10.
|
|
3
|
+
VERSION = "1.10.3"
|
|
4
4
|
|
|
5
5
|
class VersionInfo # :nodoc:
|
|
6
6
|
def jruby?
|
|
@@ -8,7 +8,7 @@ module Nokogiri
|
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def engine
|
|
11
|
-
defined?(RUBY_ENGINE) ? RUBY_ENGINE :
|
|
11
|
+
defined?(RUBY_ENGINE) ? RUBY_ENGINE : "mri"
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def loaded_parser_version
|
|
@@ -27,7 +27,7 @@ module Nokogiri
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def libxml2_using_system?
|
|
30
|
-
!
|
|
30
|
+
!libxml2_using_packaged?
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def libxml2_using_packaged?
|
|
@@ -46,33 +46,33 @@ module Nokogiri
|
|
|
46
46
|
|
|
47
47
|
def to_hash
|
|
48
48
|
hash_info = {}
|
|
49
|
-
hash_info[
|
|
50
|
-
hash_info[
|
|
51
|
-
hash_info[
|
|
52
|
-
hash_info[
|
|
53
|
-
hash_info[
|
|
54
|
-
hash_info[
|
|
55
|
-
hash_info[
|
|
56
|
-
hash_info[
|
|
49
|
+
hash_info["warnings"] = []
|
|
50
|
+
hash_info["nokogiri"] = Nokogiri::VERSION
|
|
51
|
+
hash_info["ruby"] = {}
|
|
52
|
+
hash_info["ruby"]["version"] = ::RUBY_VERSION
|
|
53
|
+
hash_info["ruby"]["platform"] = ::RUBY_PLATFORM
|
|
54
|
+
hash_info["ruby"]["description"] = ::RUBY_DESCRIPTION
|
|
55
|
+
hash_info["ruby"]["engine"] = engine
|
|
56
|
+
hash_info["ruby"]["jruby"] = jruby? if jruby?
|
|
57
57
|
|
|
58
58
|
if libxml2?
|
|
59
|
-
hash_info[
|
|
60
|
-
hash_info[
|
|
59
|
+
hash_info["libxml"] = {}
|
|
60
|
+
hash_info["libxml"]["binding"] = "extension"
|
|
61
61
|
if libxml2_using_packaged?
|
|
62
|
-
hash_info[
|
|
63
|
-
hash_info[
|
|
64
|
-
hash_info[
|
|
65
|
-
hash_info[
|
|
66
|
-
hash_info[
|
|
62
|
+
hash_info["libxml"]["source"] = "packaged"
|
|
63
|
+
hash_info["libxml"]["libxml2_path"] = NOKOGIRI_LIBXML2_PATH
|
|
64
|
+
hash_info["libxml"]["libxslt_path"] = NOKOGIRI_LIBXSLT_PATH
|
|
65
|
+
hash_info["libxml"]["libxml2_patches"] = NOKOGIRI_LIBXML2_PATCHES
|
|
66
|
+
hash_info["libxml"]["libxslt_patches"] = NOKOGIRI_LIBXSLT_PATCHES
|
|
67
67
|
else
|
|
68
|
-
hash_info[
|
|
68
|
+
hash_info["libxml"]["source"] = "system"
|
|
69
69
|
end
|
|
70
|
-
hash_info[
|
|
71
|
-
hash_info[
|
|
72
|
-
hash_info[
|
|
70
|
+
hash_info["libxml"]["compiled"] = compiled_parser_version
|
|
71
|
+
hash_info["libxml"]["loaded"] = loaded_parser_version
|
|
72
|
+
hash_info["warnings"] = warnings
|
|
73
73
|
elsif jruby?
|
|
74
|
-
hash_info[
|
|
75
|
-
hash_info[
|
|
74
|
+
hash_info["xerces"] = Nokogiri::XERCES_VERSION
|
|
75
|
+
hash_info["nekohtml"] = Nokogiri::NEKO_VERSION
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
hash_info
|
|
@@ -80,10 +80,10 @@ module Nokogiri
|
|
|
80
80
|
|
|
81
81
|
def to_markdown
|
|
82
82
|
begin
|
|
83
|
-
require
|
|
83
|
+
require "psych"
|
|
84
84
|
rescue LoadError
|
|
85
85
|
end
|
|
86
|
-
require
|
|
86
|
+
require "yaml"
|
|
87
87
|
"# Nokogiri (#{Nokogiri::VERSION})\n" +
|
|
88
88
|
YAML.dump(to_hash).each_line.map { |line| " #{line}" }.join
|
|
89
89
|
end
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
|
|
2
|
+
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
3
|
+
Date: Sun, 24 Mar 2019 09:51:39 +0100
|
|
4
|
+
Subject: [PATCH] Fix security framework bypass
|
|
5
|
+
|
|
6
|
+
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
|
|
7
|
+
don't check for this condition and allow access. With a specially
|
|
8
|
+
crafted URL, xsltCheckRead could be tricked into returning an error
|
|
9
|
+
because of a supposedly invalid URL that would still be loaded
|
|
10
|
+
succesfully later on.
|
|
11
|
+
|
|
12
|
+
Fixes #12.
|
|
13
|
+
|
|
14
|
+
Thanks to Felix Wilhelm for the report.
|
|
15
|
+
---
|
|
16
|
+
libxslt/documents.c | 18 ++++++++++--------
|
|
17
|
+
libxslt/imports.c | 9 +++++----
|
|
18
|
+
libxslt/transform.c | 9 +++++----
|
|
19
|
+
libxslt/xslt.c | 9 +++++----
|
|
20
|
+
4 files changed, 25 insertions(+), 20 deletions(-)
|
|
21
|
+
|
|
22
|
+
diff --git a/libxslt/documents.c b/libxslt/documents.c
|
|
23
|
+
index 3f3a731..4aad11b 100644
|
|
24
|
+
--- a/libxslt/documents.c
|
|
25
|
+
+++ b/libxslt/documents.c
|
|
26
|
+
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
|
|
27
|
+
int res;
|
|
28
|
+
|
|
29
|
+
res = xsltCheckRead(ctxt->sec, ctxt, URI);
|
|
30
|
+
- if (res == 0) {
|
|
31
|
+
- xsltTransformError(ctxt, NULL, NULL,
|
|
32
|
+
- "xsltLoadDocument: read rights for %s denied\n",
|
|
33
|
+
- URI);
|
|
34
|
+
+ if (res <= 0) {
|
|
35
|
+
+ if (res == 0)
|
|
36
|
+
+ xsltTransformError(ctxt, NULL, NULL,
|
|
37
|
+
+ "xsltLoadDocument: read rights for %s denied\n",
|
|
38
|
+
+ URI);
|
|
39
|
+
return(NULL);
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
|
|
43
|
+
int res;
|
|
44
|
+
|
|
45
|
+
res = xsltCheckRead(sec, NULL, URI);
|
|
46
|
+
- if (res == 0) {
|
|
47
|
+
- xsltTransformError(NULL, NULL, NULL,
|
|
48
|
+
- "xsltLoadStyleDocument: read rights for %s denied\n",
|
|
49
|
+
- URI);
|
|
50
|
+
+ if (res <= 0) {
|
|
51
|
+
+ if (res == 0)
|
|
52
|
+
+ xsltTransformError(NULL, NULL, NULL,
|
|
53
|
+
+ "xsltLoadStyleDocument: read rights for %s denied\n",
|
|
54
|
+
+ URI);
|
|
55
|
+
return(NULL);
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
diff --git a/libxslt/imports.c b/libxslt/imports.c
|
|
59
|
+
index 874870c..3783b24 100644
|
|
60
|
+
--- a/libxslt/imports.c
|
|
61
|
+
+++ b/libxslt/imports.c
|
|
62
|
+
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
|
|
63
|
+
int secres;
|
|
64
|
+
|
|
65
|
+
secres = xsltCheckRead(sec, NULL, URI);
|
|
66
|
+
- if (secres == 0) {
|
|
67
|
+
- xsltTransformError(NULL, NULL, NULL,
|
|
68
|
+
- "xsl:import: read rights for %s denied\n",
|
|
69
|
+
- URI);
|
|
70
|
+
+ if (secres <= 0) {
|
|
71
|
+
+ if (secres == 0)
|
|
72
|
+
+ xsltTransformError(NULL, NULL, NULL,
|
|
73
|
+
+ "xsl:import: read rights for %s denied\n",
|
|
74
|
+
+ URI);
|
|
75
|
+
goto error;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
diff --git a/libxslt/transform.c b/libxslt/transform.c
|
|
79
|
+
index 1379391..0636dbd 100644
|
|
80
|
+
--- a/libxslt/transform.c
|
|
81
|
+
+++ b/libxslt/transform.c
|
|
82
|
+
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
|
|
83
|
+
*/
|
|
84
|
+
if (ctxt->sec != NULL) {
|
|
85
|
+
ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
|
|
86
|
+
- if (ret == 0) {
|
|
87
|
+
- xsltTransformError(ctxt, NULL, inst,
|
|
88
|
+
- "xsltDocumentElem: write rights for %s denied\n",
|
|
89
|
+
- filename);
|
|
90
|
+
+ if (ret <= 0) {
|
|
91
|
+
+ if (ret == 0)
|
|
92
|
+
+ xsltTransformError(ctxt, NULL, inst,
|
|
93
|
+
+ "xsltDocumentElem: write rights for %s denied\n",
|
|
94
|
+
+ filename);
|
|
95
|
+
xmlFree(URL);
|
|
96
|
+
xmlFree(filename);
|
|
97
|
+
return;
|
|
98
|
+
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
|
|
99
|
+
index 780a5ad..a234eb7 100644
|
|
100
|
+
--- a/libxslt/xslt.c
|
|
101
|
+
+++ b/libxslt/xslt.c
|
|
102
|
+
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
|
|
103
|
+
int res;
|
|
104
|
+
|
|
105
|
+
res = xsltCheckRead(sec, NULL, filename);
|
|
106
|
+
- if (res == 0) {
|
|
107
|
+
- xsltTransformError(NULL, NULL, NULL,
|
|
108
|
+
- "xsltParseStylesheetFile: read rights for %s denied\n",
|
|
109
|
+
- filename);
|
|
110
|
+
+ if (res <= 0) {
|
|
111
|
+
+ if (res == 0)
|
|
112
|
+
+ xsltTransformError(NULL, NULL, NULL,
|
|
113
|
+
+ "xsltParseStylesheetFile: read rights for %s denied\n",
|
|
114
|
+
+ filename);
|
|
115
|
+
return(NULL);
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
--
|
|
119
|
+
2.17.1
|
|
120
|
+
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nokogiri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.10.
|
|
4
|
+
version: 1.10.3
|
|
5
5
|
platform: x64-mingw32
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Patterson
|
|
@@ -14,7 +14,7 @@ authors:
|
|
|
14
14
|
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date: 2019-
|
|
17
|
+
date: 2019-04-22 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: mini_portile2
|
|
@@ -431,6 +431,7 @@ files:
|
|
|
431
431
|
- patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
|
|
432
432
|
- patches/libxml2/0002-Remove-script-macro-support.patch
|
|
433
433
|
- patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
|
|
434
|
+
- patches/libxslt/0001-Fix-security-framework-bypass.patch
|
|
434
435
|
homepage:
|
|
435
436
|
licenses:
|
|
436
437
|
- MIT
|