nokogiri 1.10.7 → 1.10.8

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of nokogiri might be problematic. Click here for more details.

Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/nokogiri/version.rb +1 -1
  3. data/patches/libxml2/0005-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch +32 -0
  4. metadata +8 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1715e5bd91f81db263be5e5a4b15e11054735c3d969b469240d42f06acf403db
4
- data.tar.gz: fdaaafc9da2060347de3bf9711e440e722fd6feca418d215d234197cde8d7083
3
+ metadata.gz: e9fbdbd925466e95e61566b1a8764889f23c596c3bda5ea28feed0acf85c6b99
4
+ data.tar.gz: 2060b7113b6bcfb7176b99d2d14b2e2dbdc19e198fd1185728d04272a13340cc
5
5
  SHA512:
6
- metadata.gz: 0b02f5e935859c7ebe86769cccae492a302f72d449b6287202a4d191dd9d0fd0ef25adb5cc2eaec57c7d5cff1607656d80af030fa8ec71c5cae2534b3eef18ba
7
- data.tar.gz: 1b24d7bf3880064718425be8cf7483f8bb398c12a271312c10b73dec2d15e127e924101986626e4f93c6cb3193e8131f3ded120955091eae5cf8a74f0aa11dcc
6
+ metadata.gz: e2a54877f2be89ec80f5cde2cbccdc92afb8f5dbd9f2ead7663d06094945d0a38652b4d57d22c9697801eac893f4e9e40899e23b8673cbb53e8c85e644ac4529
7
+ data.tar.gz: e1dc94dcf380e5884c2a941a7b49f1c70e8b93a371aabc20fbdfa460d4f585c7a0ad12bc2216c648bd440b01cc597a72f4a30c5e98c0425daa0cf890047833a2
data/lib/nokogiri/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = "1.10.7"
3
+ VERSION = "1.10.8"
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
data/patches/libxml2/0005-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch ADDED
@@ -0,0 +1,32 @@
1
+ From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
2
+ From: Zhipeng Xie <xiezhipeng1@huawei.com>
3
+ Date: Thu, 12 Dec 2019 17:30:55 +0800
4
+ Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
5
+
6
+ When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
7
+ return NULL which cause a infinite loop in xmlStringLenDecodeEntities
8
+
9
+ Found with libFuzzer.
10
+
11
+ Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
12
+ ---
13
+ parser.c | 3 ++-
14
+ 1 file changed, 2 insertions(+), 1 deletion(-)
15
+
16
+ diff --git a/parser.c b/parser.c
17
+ index d1c3196..a34bb6c 100644
18
+ --- a/parser.c
19
+ +++ b/parser.c
20
+ @@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
21
+ else
22
+ c = 0;
23
+ while ((c != 0) && (c != end) && /* non input consuming loop */
24
+ - (c != end2) && (c != end3)) {
25
+ + (c != end2) && (c != end3) &&
26
+ + (ctxt->instate != XML_PARSER_EOF)) {
27
+
28
+ if (c == 0) break;
29
+ if ((c == '&') && (str[1] == '#')) {
30
+ --
31
+ 2.17.1
32
+
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.10.7
4
+ version: 1.10.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Patterson
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2019-12-04 00:00:00.000000000 Z
17
+ date: 2020-02-10 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: mini_portile2
@@ -148,14 +148,14 @@ dependencies:
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: 1.0.3
151
+ version: 1.1.0
152
152
  type: :development
153
153
  prerelease: false
154
154
  version_requirements: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 1.0.3
158
+ version: 1.1.0
159
159
  - !ruby/object:Gem::Dependency
160
160
  name: rake-compiler-dock
161
161
  requirement: !ruby/object:Gem::Requirement
@@ -238,14 +238,14 @@ dependencies:
238
238
  requirements:
239
239
  - - "~>"
240
240
  - !ruby/object:Gem::Version
241
- version: '3.20'
241
+ version: '3.22'
242
242
  type: :development
243
243
  prerelease: false
244
244
  version_requirements: !ruby/object:Gem::Requirement
245
245
  requirements:
246
246
  - - "~>"
247
247
  - !ruby/object:Gem::Version
248
- version: '3.20'
248
+ version: '3.22'
249
249
  description: |-
250
250
  Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among
251
251
  Nokogiri's many features is the ability to search documents via XPath
@@ -443,6 +443,7 @@ files:
443
443
  - patches/libxml2/0002-Remove-script-macro-support.patch
444
444
  - patches/libxml2/0003-Update-entities-to-remove-handling-of-ssi.patch
445
445
  - patches/libxml2/0004-libxml2.la-is-in-top_builddir.patch
446
+ - patches/libxml2/0005-Fix-infinite-loop-in-xmlStringLenDecodeEntities.patch
446
447
  - ports/archives/libxml2-2.9.10.tar.gz
447
448
  - ports/archives/libxslt-1.1.34.tar.gz
448
449
  homepage: https://nokogiri.org
@@ -471,7 +472,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
471
472
  - !ruby/object:Gem::Version
472
473
  version: '0'
473
474
  requirements: []
474
- rubygems_version: 3.0.3
475
+ rubygems_version: 3.1.2
475
476
  signing_key:
476
477
  specification_version: 4
477
478
  summary: Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser