nokogiri 1.6.6.3 → 1.6.6.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of nokogiri might be problematic. Click here for more details.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1587aee5e8349fb69b32edab60adb3cca21227dd
|
|
4
|
+
data.tar.gz: 2827b6fde906ec74e2ab3e621943c6d5cd4cbf48
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a9d7f11af4d7eff36a166b23d9422358cd3c609c59a2c2d6a2d243c247ece98a4e1797bcefc5fe409bfae41eb0eb5970dab86e0b21ad99da025aa07846c79fc8
|
|
7
|
+
data.tar.gz: 998b77a82ae47d9215bac769b4c758434aeee595abd86ff87190636bf8a936321af032562b045b54f88ae2d4b1393d8442ce8b0114c1c32d6450a456e6323a74
|
data/CHANGELOG.ja.rdoc
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
=== 1.6.6.4 / 2015-11-19
|
|
2
|
+
|
|
3
|
+
This version pulls in an upstream patche to the vendored libxml2 to address:
|
|
4
|
+
|
|
5
|
+
* unclosed comment uninitialized access issue (#1376)
|
|
6
|
+
|
|
7
|
+
This issue does not have a CVE assigned to it as this time.
|
|
8
|
+
|
|
9
|
+
|
|
1
10
|
=== 1.6.6.3 / 2015-11-16
|
|
2
11
|
|
|
3
12
|
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
|
data/CHANGELOG.rdoc
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
=== 1.6.6.4 / 2015-11-19
|
|
2
|
+
|
|
3
|
+
This version pulls in an upstream patche to the vendored libxml2 to address:
|
|
4
|
+
|
|
5
|
+
* unclosed comment uninitialized access issue (#1376)
|
|
6
|
+
|
|
7
|
+
This issue does not have a CVE assigned to it as this time.
|
|
8
|
+
|
|
9
|
+
|
|
1
10
|
=== 1.6.6.3 / 2015-11-16
|
|
2
11
|
|
|
3
12
|
This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
|
data/lib/nokogiri/version.rb
CHANGED
data/ports/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch
ADDED
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001
|
|
2
|
+
From: Daniel Veillard <veillard@redhat.com>
|
|
3
|
+
Date: Fri, 30 Oct 2015 21:14:55 +0800
|
|
4
|
+
Subject: Fix parsing short unclosed comment uninitialized access
|
|
5
|
+
|
|
6
|
+
For https://bugzilla.gnome.org/show_bug.cgi?id=746048
|
|
7
|
+
The HTML parser was too optimistic when processing comments and
|
|
8
|
+
didn't check for the end of the stream on the first 2 characters
|
|
9
|
+
---
|
|
10
|
+
HTMLparser.c | 21 ++++++++++++++-------
|
|
11
|
+
1 file changed, 14 insertions(+), 7 deletions(-)
|
|
12
|
+
|
|
13
|
+
diff --git a/HTMLparser.c b/HTMLparser.c
|
|
14
|
+
index 19c10c3..bdf7807 100644
|
|
15
|
+
--- a/HTMLparser.c
|
|
16
|
+
+++ b/HTMLparser.c
|
|
17
|
+
@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
|
|
18
|
+
ctxt->instate = state;
|
|
19
|
+
return;
|
|
20
|
+
}
|
|
21
|
+
+ len = 0;
|
|
22
|
+
+ buf[len] = 0;
|
|
23
|
+
q = CUR_CHAR(ql);
|
|
24
|
+
+ if (!IS_CHAR(q))
|
|
25
|
+
+ goto unfinished;
|
|
26
|
+
NEXTL(ql);
|
|
27
|
+
r = CUR_CHAR(rl);
|
|
28
|
+
+ if (!IS_CHAR(r))
|
|
29
|
+
+ goto unfinished;
|
|
30
|
+
NEXTL(rl);
|
|
31
|
+
cur = CUR_CHAR(l);
|
|
32
|
+
- len = 0;
|
|
33
|
+
while (IS_CHAR(cur) &&
|
|
34
|
+
((cur != '>') ||
|
|
35
|
+
(r != '-') || (q != '-'))) {
|
|
36
|
+
@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
buf[len] = 0;
|
|
40
|
+
- if (!IS_CHAR(cur)) {
|
|
41
|
+
- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
|
|
42
|
+
- "Comment not terminated \n<!--%.50s\n", buf, NULL);
|
|
43
|
+
- xmlFree(buf);
|
|
44
|
+
- } else {
|
|
45
|
+
+ if (IS_CHAR(cur)) {
|
|
46
|
+
NEXT;
|
|
47
|
+
if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) &&
|
|
48
|
+
(!ctxt->disableSAX))
|
|
49
|
+
ctxt->sax->comment(ctxt->userData, buf);
|
|
50
|
+
xmlFree(buf);
|
|
51
|
+
+ ctxt->instate = state;
|
|
52
|
+
+ return;
|
|
53
|
+
}
|
|
54
|
+
- ctxt->instate = state;
|
|
55
|
+
+
|
|
56
|
+
+unfinished:
|
|
57
|
+
+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
|
|
58
|
+
+ "Comment not terminated \n<!--%.50s\n", buf, NULL);
|
|
59
|
+
+ xmlFree(buf);
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
--
|
|
64
|
+
cgit v0.11.2
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nokogiri
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.6.6.
|
|
4
|
+
version: 1.6.6.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Aaron Patterson
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2015-11-
|
|
15
|
+
date: 2015-11-19 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: mini_portile
|
|
@@ -405,6 +405,7 @@ files:
|
|
|
405
405
|
- ports/patches/libxml2/0006-Another-variation-of-overflow-in-Conditional-section.patch
|
|
406
406
|
- ports/patches/libxml2/0007-Fix-an-error-in-previous-Conditional-section-patch.patch
|
|
407
407
|
- ports/patches/libxml2/0008-CVE-2015-8035-Fix-XZ-compression-support-loop.patch
|
|
408
|
+
- ports/patches/libxml2/0010-Fix-parsering-short-unclosed-comment-uninitialized-access.patch
|
|
408
409
|
- ports/patches/libxslt/0001-Adding-doc-update-related-to-1.1.28.patch
|
|
409
410
|
- ports/patches/libxslt/0002-Fix-a-couple-of-places-where-f-printf-parameters-wer.patch
|
|
410
411
|
- ports/patches/libxslt/0003-Initialize-pseudo-random-number-generator-with-curre.patch
|