nokogiri 1.10.2-x86-mingw32 → 1.10.3-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: afaf886be96511b5401a44a8220acd474e333d87f7b2aa4ef9e6cdcd632ae9c3
4
- data.tar.gz: e92e1f52c6407f27c81cd2c723d54446b5748ea0a338112e73a7444ba2c3e525
3
+ metadata.gz: be404b59e382195664fee52bb59899ba32bd108075d7ed8dd81f31d1fa1bc34b
4
+ data.tar.gz: de58825cac3a1f43a65f5d4525c7d396309565643759f1c3c01d3439aa568599
5
5
  SHA512:
6
- metadata.gz: f580aa238bbf083738627aaa0c45085f7a167ec5b4d90ecb51dd3b3db628a05f991e2bf1aa6fda5d909f6c3f9270981a0b4c88213466d28d78b9c5196bb2d7dc
7
- data.tar.gz: a0a010ea578f5ed4cf0afedc505049a9bd0fe6db1dad01637af57d477eb9e7c331f9e7e84eb1889506e3a06fbe31e58ab5f39e143aad254bc055b0b3536ee455
6
+ metadata.gz: 926b5e05e649eabf50d7c847d9d96af6c1ef6261c1f5e0ef4cf540aed3fabb1d0a0ad1f9772fcd4efaee16552e58fa6f3a04b7e36bafee56262a9e073cda786b
7
+ data.tar.gz: cc8cc08837088f89e60a4f5eed718392b31c5b63c4bbc88c4a7c516786c06cb76fd498bde954ecda69d515fc958f8c1cdeffd855839322c53ca9ba5b77f1c7c5
Binary file
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.2"
3
+ VERSION = "1.10.3"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -8,7 +8,7 @@ module Nokogiri
8
8
  end
9
9
 
10
10
  def engine
11
- defined?(RUBY_ENGINE) ? RUBY_ENGINE : 'mri'
11
+ defined?(RUBY_ENGINE) ? RUBY_ENGINE : "mri"
12
12
  end
13
13
 
14
14
  def loaded_parser_version
@@ -27,7 +27,7 @@ module Nokogiri
27
27
  end
28
28
 
29
29
  def libxml2_using_system?
30
- ! libxml2_using_packaged?
30
+ !libxml2_using_packaged?
31
31
  end
32
32
 
33
33
  def libxml2_using_packaged?
@@ -46,33 +46,33 @@ module Nokogiri
46
46
 
47
47
  def to_hash
48
48
  hash_info = {}
49
- hash_info['warnings'] = []
50
- hash_info['nokogiri'] = Nokogiri::VERSION
51
- hash_info['ruby'] = {}
52
- hash_info['ruby']['version'] = ::RUBY_VERSION
53
- hash_info['ruby']['platform'] = ::RUBY_PLATFORM
54
- hash_info['ruby']['description'] = ::RUBY_DESCRIPTION
55
- hash_info['ruby']['engine'] = engine
56
- hash_info['ruby']['jruby'] = jruby? if jruby?
49
+ hash_info["warnings"] = []
50
+ hash_info["nokogiri"] = Nokogiri::VERSION
51
+ hash_info["ruby"] = {}
52
+ hash_info["ruby"]["version"] = ::RUBY_VERSION
53
+ hash_info["ruby"]["platform"] = ::RUBY_PLATFORM
54
+ hash_info["ruby"]["description"] = ::RUBY_DESCRIPTION
55
+ hash_info["ruby"]["engine"] = engine
56
+ hash_info["ruby"]["jruby"] = jruby? if jruby?
57
57
 
58
58
  if libxml2?
59
- hash_info['libxml'] = {}
60
- hash_info['libxml']['binding'] = 'extension'
59
+ hash_info["libxml"] = {}
60
+ hash_info["libxml"]["binding"] = "extension"
61
61
  if libxml2_using_packaged?
62
- hash_info['libxml']['source'] = "packaged"
63
- hash_info['libxml']['libxml2_path'] = NOKOGIRI_LIBXML2_PATH
64
- hash_info['libxml']['libxslt_path'] = NOKOGIRI_LIBXSLT_PATH
65
- hash_info['libxml']['libxml2_patches'] = NOKOGIRI_LIBXML2_PATCHES
66
- hash_info['libxml']['libxslt_patches'] = NOKOGIRI_LIBXSLT_PATCHES
62
+ hash_info["libxml"]["source"] = "packaged"
63
+ hash_info["libxml"]["libxml2_path"] = NOKOGIRI_LIBXML2_PATH
64
+ hash_info["libxml"]["libxslt_path"] = NOKOGIRI_LIBXSLT_PATH
65
+ hash_info["libxml"]["libxml2_patches"] = NOKOGIRI_LIBXML2_PATCHES
66
+ hash_info["libxml"]["libxslt_patches"] = NOKOGIRI_LIBXSLT_PATCHES
67
67
  else
68
- hash_info['libxml']['source'] = "system"
68
+ hash_info["libxml"]["source"] = "system"
69
69
  end
70
- hash_info['libxml']['compiled'] = compiled_parser_version
71
- hash_info['libxml']['loaded'] = loaded_parser_version
72
- hash_info['warnings'] = warnings
70
+ hash_info["libxml"]["compiled"] = compiled_parser_version
71
+ hash_info["libxml"]["loaded"] = loaded_parser_version
72
+ hash_info["warnings"] = warnings
73
73
  elsif jruby?
74
- hash_info['xerces'] = Nokogiri::XERCES_VERSION
75
- hash_info['nekohtml'] = Nokogiri::NEKO_VERSION
74
+ hash_info["xerces"] = Nokogiri::XERCES_VERSION
75
+ hash_info["nekohtml"] = Nokogiri::NEKO_VERSION
76
76
  end
77
77
 
78
78
  hash_info
@@ -80,10 +80,10 @@ module Nokogiri
80
80
 
81
81
  def to_markdown
82
82
  begin
83
- require 'psych'
83
+ require "psych"
84
84
  rescue LoadError
85
85
  end
86
- require 'yaml'
86
+ require "yaml"
87
87
  "# Nokogiri (#{Nokogiri::VERSION})\n" +
88
88
  YAML.dump(to_hash).each_line.map { |line| " #{line}" }.join
89
89
  end
@@ -0,0 +1,120 @@
1
+ From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
2
+ From: Nick Wellnhofer <wellnhofer@aevum.de>
3
+ Date: Sun, 24 Mar 2019 09:51:39 +0100
4
+ Subject: [PATCH] Fix security framework bypass
5
+
6
+ xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
7
+ don't check for this condition and allow access. With a specially
8
+ crafted URL, xsltCheckRead could be tricked into returning an error
9
+ because of a supposedly invalid URL that would still be loaded
10
+ succesfully later on.
11
+
12
+ Fixes #12.
13
+
14
+ Thanks to Felix Wilhelm for the report.
15
+ ---
16
+ libxslt/documents.c | 18 ++++++++++--------
17
+ libxslt/imports.c | 9 +++++----
18
+ libxslt/transform.c | 9 +++++----
19
+ libxslt/xslt.c | 9 +++++----
20
+ 4 files changed, 25 insertions(+), 20 deletions(-)
21
+
22
+ diff --git a/libxslt/documents.c b/libxslt/documents.c
23
+ index 3f3a731..4aad11b 100644
24
+ --- a/libxslt/documents.c
25
+ +++ b/libxslt/documents.c
26
+ @@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
27
+ int res;
28
+
29
+ res = xsltCheckRead(ctxt->sec, ctxt, URI);
30
+ - if (res == 0) {
31
+ - xsltTransformError(ctxt, NULL, NULL,
32
+ - "xsltLoadDocument: read rights for %s denied\n",
33
+ - URI);
34
+ + if (res <= 0) {
35
+ + if (res == 0)
36
+ + xsltTransformError(ctxt, NULL, NULL,
37
+ + "xsltLoadDocument: read rights for %s denied\n",
38
+ + URI);
39
+ return(NULL);
40
+ }
41
+ }
42
+ @@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
43
+ int res;
44
+
45
+ res = xsltCheckRead(sec, NULL, URI);
46
+ - if (res == 0) {
47
+ - xsltTransformError(NULL, NULL, NULL,
48
+ - "xsltLoadStyleDocument: read rights for %s denied\n",
49
+ - URI);
50
+ + if (res <= 0) {
51
+ + if (res == 0)
52
+ + xsltTransformError(NULL, NULL, NULL,
53
+ + "xsltLoadStyleDocument: read rights for %s denied\n",
54
+ + URI);
55
+ return(NULL);
56
+ }
57
+ }
58
+ diff --git a/libxslt/imports.c b/libxslt/imports.c
59
+ index 874870c..3783b24 100644
60
+ --- a/libxslt/imports.c
61
+ +++ b/libxslt/imports.c
62
+ @@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
63
+ int secres;
64
+
65
+ secres = xsltCheckRead(sec, NULL, URI);
66
+ - if (secres == 0) {
67
+ - xsltTransformError(NULL, NULL, NULL,
68
+ - "xsl:import: read rights for %s denied\n",
69
+ - URI);
70
+ + if (secres <= 0) {
71
+ + if (secres == 0)
72
+ + xsltTransformError(NULL, NULL, NULL,
73
+ + "xsl:import: read rights for %s denied\n",
74
+ + URI);
75
+ goto error;
76
+ }
77
+ }
78
+ diff --git a/libxslt/transform.c b/libxslt/transform.c
79
+ index 1379391..0636dbd 100644
80
+ --- a/libxslt/transform.c
81
+ +++ b/libxslt/transform.c
82
+ @@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
83
+ */
84
+ if (ctxt->sec != NULL) {
85
+ ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
86
+ - if (ret == 0) {
87
+ - xsltTransformError(ctxt, NULL, inst,
88
+ - "xsltDocumentElem: write rights for %s denied\n",
89
+ - filename);
90
+ + if (ret <= 0) {
91
+ + if (ret == 0)
92
+ + xsltTransformError(ctxt, NULL, inst,
93
+ + "xsltDocumentElem: write rights for %s denied\n",
94
+ + filename);
95
+ xmlFree(URL);
96
+ xmlFree(filename);
97
+ return;
98
+ diff --git a/libxslt/xslt.c b/libxslt/xslt.c
99
+ index 780a5ad..a234eb7 100644
100
+ --- a/libxslt/xslt.c
101
+ +++ b/libxslt/xslt.c
102
+ @@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
103
+ int res;
104
+
105
+ res = xsltCheckRead(sec, NULL, filename);
106
+ - if (res == 0) {
107
+ - xsltTransformError(NULL, NULL, NULL,
108
+ - "xsltParseStylesheetFile: read rights for %s denied\n",
109
+ - filename);
110
+ + if (res <= 0) {
111
+ + if (res == 0)
112
+ + xsltTransformError(NULL, NULL, NULL,
113
+ + "xsltParseStylesheetFile: read rights for %s denied\n",
114
+ + filename);
115
+ return(NULL);
116
+ }
117
+ }
118
+ --
119
+ 2.17.1
120
+
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.2
4
+ version: 1.10.3
5
5
  platform: x86-mingw32
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-03-25 00:00:00.000000000 Z
17
+ date: 2019-04-22 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: mini_portile2
@@ -431,6 +431,7 @@ files:
431
431
  - patches/libxml2/0001-Revert-Do-not-URI-escape-in-server-side-includes.patch
432
432
  - patches/libxml2/0002-Remove-script-macro-support.patch
433
433
  - patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
434
+ - patches/libxslt/0001-Fix-security-framework-bypass.patch
434
435
  homepage:
435
436
  licenses:
436
437
  - MIT