nokogiri 1.6.7.rc3 → 1.6.7.rc4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d9a5581b6282efa8813b3f65504c100cc8feab90
4
- data.tar.gz: a08e34600f546dcaea04a02e9541c24e9034fa5e
3
+ metadata.gz: 9f5cfcb9bbd1af2d7c8fb349f04d0c91ce22b048
4
+ data.tar.gz: 45f0b46461343cf11f1f2b642ba5bb69138bcce1
5
5
  SHA512:
6
- metadata.gz: 4d5a04f7cb774d6c7c57bd172a0f9037f2ba11f642cbddf217f0f5584ae8e6b8d97c03461cf4923375693b99b2aa00ca88619f57a67d41465b3e28e6e10f5eea
7
- data.tar.gz: eb7a69e87a742c2a91354935dfdd7584a35f13fcf89cb3ad917f6f59e8a5dfdea38e9a69be40fe5094d9d2818b0d7e330980bbadd8ebdda3e75184ed149aeae3
6
+ metadata.gz: 7c20e684173ea4d91771c57a117b0213024dc591244643807a5aa7b8ade0307144425192483d5460530dae15b5815ca9f81f05a5d88366ea6386a9d3e2f23198
7
+ data.tar.gz: 3ab9c487b64c38e4af1aecede98def30de8cf211727ca376a1ec96c1eebe4426a7764abb17c58d1f7af7df4f23c3157f86ad012187a534b95c21a69fbf950c19
@@ -1,4 +1,32 @@
1
- === 1.6.7.rc2 / 2015年0831
1
+ === 1.6.7.rc4 / 2015年1122
2
+
3
+ ==== Security patches
4
+
5
+ This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
6
+
7
+ * CVE-2015-1819
8
+ * CVE-2015-7941_1
9
+ * CVE-2015-7941_2
10
+ * CVE-2015-7942
11
+ * CVE-2015-7942-2
12
+ * CVE-2015-8035
13
+ * CVE-2015-7995
14
+ * unclosed comment uninitialized access issue (does not have a CVE assigned)
15
+
16
+ See #1374 and #1376 for details.
17
+
18
+ ==== Features
19
+
20
+ * [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
21
+ * [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
22
+ * [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)
23
+
24
+ ==== Bug Fixes
25
+
26
+ * [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
27
+
28
+
29
+ === 1.6.7.rc3 / 2015年09月04日 and 1.6.7.rc2 / 2015年08月31日
2
30
 
3
31
  Note that rc1 was not released.
4
32
 
@@ -1,3 +1,31 @@
1
+ === 1.6.7.rc4 / 2015-11-22
2
+
3
+ ==== Security patches
4
+
5
+ This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
6
+
7
+ * CVE-2015-1819
8
+ * CVE-2015-7941_1
9
+ * CVE-2015-7941_2
10
+ * CVE-2015-7942
11
+ * CVE-2015-7942-2
12
+ * CVE-2015-8035
13
+ * CVE-2015-7995
14
+ * unclosed comment uninitialized access issue (does not have a CVE assigned)
15
+
16
+ See #1374 and #1376 for details.
17
+
18
+ ==== Features
19
+
20
+ * [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
21
+ * [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
22
+ * [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)
23
+
24
+ ==== Bug Fixes
25
+
26
+ * [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
27
+
28
+
1
29
  === 1.6.7.rc3 / 2015-09-04 and 1.6.7.rc2 / 2015-08-31
2
30
 
3
31
  Note that rc1 was not released.
data/Gemfile CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  source "https://rubygems.org/"
6
6
 
7
- gem "mini_portile", "~>0.7.0.rc4"
7
+ gem "mini_portile2", "~>2.0.0.rc2"
8
8
 
9
9
  gem "rdoc", "~>4.0", :group => [:development, :test]
10
10
  gem "hoe-bundler", ">=1.1", :group => [:development, :test]
@@ -17,6 +17,6 @@ gem "rake-compiler", "~>0.9.2", :group => [:development, :test]
17
17
  gem "rake-compiler-dock", "~>0.4.2", :group => [:development, :test]
18
18
  gem "racc", ">=1.4.6", :group => [:development, :test], :platform => :ruby
19
19
  gem "rexical", ">=1.0.5", :group => [:development, :test], :platform => :ruby
20
- gem "hoe", "~>3.13", :group => [:development, :test]
20
+ gem "hoe", "~>3.14", :group => [:development, :test]
21
21
 
22
22
  # vim: syntax=ruby
data/Rakefile CHANGED
@@ -128,7 +128,8 @@ HOE = Hoe.spec 'nokogiri' do
128
128
 
129
129
  unless java?
130
130
  self.extra_deps += [
131
- ["mini_portile", "~> 0.7.0.rc4"],
131
+ # Keep this version in sync with the one in extconf.rb !
132
+ ["mini_portile2", "~> 2.0.0.rc2"],
132
133
  ]
133
134
  end
134
135
 
@@ -391,7 +391,12 @@ when using_system_libraries?
391
391
  else
392
392
  message "Building nokogiri using packaged libraries.\n"
393
393
 
394
- require 'mini_portile'
394
+ # The gem version constraint in the Rakefile is not respected at install time.
395
+ # Keep this version in sync with the one in the Rakefile !
396
+ gem "mini_portile2", "~> 2.0.0.rc2"
397
+ require 'mini_portile2'
398
+ message "Using mini_portile version #{MiniPortile::VERSION}\n"
399
+
395
400
  require 'yaml'
396
401
 
397
402
  static_p = enable_config('static', true) or
@@ -448,10 +453,10 @@ else
448
453
  ]
449
454
  end
450
455
  else
451
- if darwin_p && !File.exist?('/usr/include/iconv.h')
456
+ if darwin_p && !have_header('iconv.h')
452
457
  abort <<'EOM'.chomp
453
458
  -----
454
- The file "/usr/include/iconv.h" is missing in your build environment,
459
+ The file "iconv.h" is missing in your build environment,
455
460
  which means you haven't installed Xcode Command Line Tools properly.
456
461
 
457
462
  To install Command Line Tools, try running `xcode-select --install` on
@@ -206,7 +206,7 @@ static VALUE column(VALUE self)
206
206
  * recovery=(boolean)
207
207
  *
208
208
  * Should this parser recover from structural errors? It will not stop processing
209
- * file on structural errors if if set to true
209
+ * file on structural errors if set to true
210
210
  */
211
211
  static VALUE set_recovery(VALUE self, VALUE value)
212
212
  {
@@ -226,7 +226,7 @@ static VALUE set_recovery(VALUE self, VALUE value)
226
226
  * recovery
227
227
  *
228
228
  * Should this parser recover from structural errors? It will not stop processing
229
- * file on structural errors if if set to true
229
+ * file on structural errors if set to true
230
230
  */
231
231
  static VALUE get_recovery(VALUE self)
232
232
  {
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.6.7.rc3'
3
+ VERSION = '1.6.7.rc4'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -0,0 +1,32 @@
1
+ From 99d99063ae5c4b6bd2b58324273401f3ce42a550 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Mon, 23 Feb 2015 11:17:35 +0800
4
+ Subject: [PATCH 3/8] Stop parsing on entities boundaries errors
5
+
6
+ For https://bugzilla.gnome.org/show_bug.cgi?id=744980
7
+
8
+ There are times, like on unterminated entities that it's preferable to
9
+ stop parsing, even if that means less error reporting. Entities are
10
+ feeding the parser on further processing, and if they are ill defined
11
+ then it's possible to get the parser to bug. Also do the same on
12
+ Conditional Sections if the input is broken, as the structure of
13
+ the document can't be guessed.
14
+ ---
15
+ parser.c | 1 +
16
+ 1 file changed, 1 insertion(+)
17
+
18
+ diff --git a/parser.c b/parser.c
19
+ index 1d93967..7b0380c 100644
20
+ --- a/parser.c
21
+ +++ b/parser.c
22
+ @@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) {
23
+ if (RAW != '>') {
24
+ xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
25
+ "xmlParseEntityDecl: entity %s not terminated\n", name);
26
+ + xmlStopParser(ctxt);
27
+ } else {
28
+ if (input != ctxt->input) {
29
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
30
+ --
31
+ 2.5.0
32
+
@@ -0,0 +1,49 @@
1
+ From c8d3950c5532c2e3d954bacdb8c479bb9fdacf89 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Mon, 23 Feb 2015 11:29:20 +0800
4
+ Subject: [PATCH 4/8] Cleanup conditional section error handling
5
+
6
+ For https://bugzilla.gnome.org/show_bug.cgi?id=744980
7
+
8
+ The error handling of Conditional Section also need to be
9
+ straightened as the structure of the document can't be
10
+ guessed on a failure there and it's better to stop parsing
11
+ as further errors are likely to be irrelevant.
12
+ ---
13
+ parser.c | 6 ++++++
14
+ 1 file changed, 6 insertions(+)
15
+
16
+ diff --git a/parser.c b/parser.c
17
+ index 7b0380c..1e714e7 100644
18
+ --- a/parser.c
19
+ +++ b/parser.c
20
+ @@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
21
+ SKIP_BLANKS;
22
+ if (RAW != '[') {
23
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
24
+ + xmlStopParser(ctxt);
25
+ + return;
26
+ } else {
27
+ if (ctxt->input->id != id) {
28
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
29
+ @@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
30
+ SKIP_BLANKS;
31
+ if (RAW != '[') {
32
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
33
+ + xmlStopParser(ctxt);
34
+ + return;
35
+ } else {
36
+ if (ctxt->input->id != id) {
37
+ xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
38
+ @@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
39
+
40
+ } else {
41
+ xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
42
+ + xmlStopParser(ctxt);
43
+ + return;
44
+ }
45
+
46
+ if (RAW == 0)
47
+ --
48
+ 2.5.0
49
+
@@ -0,0 +1,177 @@
1
+ From 12f31177b0d9be57ed8fb3467b501606fb145286 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Tue, 14 Apr 2015 17:41:48 +0800
4
+ Subject: [PATCH 5/8] CVE-2015-1819 Enforce the reader to run in constant
5
+ memory
6
+
7
+ One of the operation on the reader could resolve entities
8
+ leading to the classic expansion issue. Make sure the
9
+ buffer used for xmlreader operation is bounded.
10
+ Introduce a new allocation type for the buffers for this effect.
11
+ ---
12
+ buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
13
+ include/libxml/tree.h | 3 ++-
14
+ xmlreader.c | 20 +++++++++++++++++++-
15
+ 3 files changed, 63 insertions(+), 3 deletions(-)
16
+
17
+ diff --git a/buf.c b/buf.c
18
+ index 6efc7b6..07922ff 100644
19
+ --- a/buf.c
20
+ +++ b/buf.c
21
+ @@ -27,6 +27,7 @@
22
+ #include <libxml/tree.h>
23
+ #include <libxml/globals.h>
24
+ #include <libxml/tree.h>
25
+ +#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
26
+ #include "buf.h"
27
+
28
+ #define WITH_BUFFER_COMPAT
29
+ @@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf,
30
+ if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
31
+ (scheme == XML_BUFFER_ALLOC_EXACT) ||
32
+ (scheme == XML_BUFFER_ALLOC_HYBRID) ||
33
+ - (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) {
34
+ + (scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
35
+ + (scheme == XML_BUFFER_ALLOC_BOUNDED)) {
36
+ buf->alloc = scheme;
37
+ if (buf->buffer)
38
+ buf->buffer->alloc = scheme;
39
+ @@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
40
+ size = buf->use + len + 100;
41
+ #endif
42
+
43
+ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
44
+ + /*
45
+ + * Used to provide parsing limits
46
+ + */
47
+ + if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
48
+ + (buf->size >= XML_MAX_TEXT_LENGTH)) {
49
+ + xmlBufMemoryError(buf, "buffer error: text too long\n");
50
+ + return(0);
51
+ + }
52
+ + if (size >= XML_MAX_TEXT_LENGTH)
53
+ + size = XML_MAX_TEXT_LENGTH;
54
+ + }
55
+ if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
56
+ size_t start_buf = buf->content - buf->contentIO;
57
+
58
+ @@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size)
59
+ CHECK_COMPAT(buf)
60
+
61
+ if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
62
+ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
63
+ + /*
64
+ + * Used to provide parsing limits
65
+ + */
66
+ + if (size >= XML_MAX_TEXT_LENGTH) {
67
+ + xmlBufMemoryError(buf, "buffer error: text too long\n");
68
+ + return(0);
69
+ + }
70
+ + }
71
+
72
+ /* Don't resize if we don't have to */
73
+ if (size < buf->size)
74
+ @@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
75
+
76
+ needSize = buf->use + len + 2;
77
+ if (needSize > buf->size){
78
+ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
79
+ + /*
80
+ + * Used to provide parsing limits
81
+ + */
82
+ + if (needSize >= XML_MAX_TEXT_LENGTH) {
83
+ + xmlBufMemoryError(buf, "buffer error: text too long\n");
84
+ + return(-1);
85
+ + }
86
+ + }
87
+ if (!xmlBufResize(buf, needSize)){
88
+ xmlBufMemoryError(buf, "growing buffer");
89
+ return XML_ERR_NO_MEMORY;
90
+ @@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
91
+ }
92
+ needSize = buf->use + len + 2;
93
+ if (needSize > buf->size){
94
+ + if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
95
+ + /*
96
+ + * Used to provide parsing limits
97
+ + */
98
+ + if (needSize >= XML_MAX_TEXT_LENGTH) {
99
+ + xmlBufMemoryError(buf, "buffer error: text too long\n");
100
+ + return(-1);
101
+ + }
102
+ + }
103
+ if (!xmlBufResize(buf, needSize)){
104
+ xmlBufMemoryError(buf, "growing buffer");
105
+ return XML_ERR_NO_MEMORY;
106
+ diff --git a/include/libxml/tree.h b/include/libxml/tree.h
107
+ index 2f90717..4a9b3bc 100644
108
+ --- a/include/libxml/tree.h
109
+ +++ b/include/libxml/tree.h
110
+ @@ -76,7 +76,8 @@ typedef enum {
111
+ XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */
112
+ XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */
113
+ XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */
114
+ - XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */
115
+ + XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */
116
+ + XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */
117
+ } xmlBufferAllocationScheme;
118
+
119
+ /**
120
+ diff --git a/xmlreader.c b/xmlreader.c
121
+ index f19e123..471e7e2 100644
122
+ --- a/xmlreader.c
123
+ +++ b/xmlreader.c
124
+ @@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) {
125
+ "xmlNewTextReader : malloc failed\n");
126
+ return(NULL);
127
+ }
128
+ + /* no operation on a reader should require a huge buffer */
129
+ + xmlBufSetAllocationScheme(ret->buffer,
130
+ + XML_BUFFER_ALLOC_BOUNDED);
131
+ ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
132
+ if (ret->sax == NULL) {
133
+ xmlBufFree(ret->buffer);
134
+ @@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
135
+ return(((xmlNsPtr) node)->href);
136
+ case XML_ATTRIBUTE_NODE:{
137
+ xmlAttrPtr attr = (xmlAttrPtr) node;
138
+ + const xmlChar *ret;
139
+
140
+ if ((attr->children != NULL) &&
141
+ (attr->children->type == XML_TEXT_NODE) &&
142
+ @@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) {
143
+ "xmlTextReaderSetup : malloc failed\n");
144
+ return (NULL);
145
+ }
146
+ + xmlBufSetAllocationScheme(reader->buffer,
147
+ + XML_BUFFER_ALLOC_BOUNDED);
148
+ } else
149
+ xmlBufEmpty(reader->buffer);
150
+ xmlBufGetNodeContent(reader->buffer, node);
151
+ - return(xmlBufContent(reader->buffer));
152
+ + ret = xmlBufContent(reader->buffer);
153
+ + if (ret == NULL) {
154
+ + /* error on the buffer best to reallocate */
155
+ + xmlBufFree(reader->buffer);
156
+ + reader->buffer = xmlBufCreateSize(100);
157
+ + xmlBufSetAllocationScheme(reader->buffer,
158
+ + XML_BUFFER_ALLOC_BOUNDED);
159
+ + ret = BAD_CAST "";
160
+ + }
161
+ + return(ret);
162
+ }
163
+ break;
164
+ }
165
+ @@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader,
166
+ "xmlTextReaderSetup : malloc failed\n");
167
+ return (-1);
168
+ }
169
+ + /* no operation on a reader should require a huge buffer */
170
+ + xmlBufSetAllocationScheme(reader->buffer,
171
+ + XML_BUFFER_ALLOC_BOUNDED);
172
+ if (reader->sax == NULL)
173
+ reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler));
174
+ if (reader->sax == NULL) {
175
+ --
176
+ 2.5.0
177
+
@@ -0,0 +1,32 @@
1
+ From 9ee30e69f63379b3caf451aa7ae4058a1fa2fa73 Mon Sep 17 00:00:00 2001
2
+ From: Daniel Veillard <veillard@redhat.com>
3
+ Date: Fri, 23 Oct 2015 19:02:28 +0800
4
+ Subject: [PATCH 6/8] Another variation of overflow in Conditional sections
5
+
6
+ Which happen after the previous fix to
7
+ https://bugzilla.gnome.org/show_bug.cgi?id=756456
8
+
9
+ But stopping the parser and exiting we didn't pop the intermediary entities
10
+ and doing the SKIP there applies on an input which may be too small
11
+ ---
12
+ parser.c | 4 +++-
13
+ 1 file changed, 3 insertions(+), 1 deletion(-)
14
+
15
+ diff --git a/parser.c b/parser.c
16
+ index 1e714e7..0b8d633 100644
17
+ --- a/parser.c
18
+ +++ b/parser.c
19
+ @@ -6904,7 +6904,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
20
+ "All markup of the conditional section is not in the same entity\n",
21
+ NULL, NULL);
22
+ }
23
+ - SKIP(3);
24
+ + if ((ctxt-> instate != XML_PARSER_EOF) &&
25
+ + ((ctxt->input->cur + 3) < ctxt->input->end))
26
+ + SKIP(3);
27
+ }
28
+ }
29
+
30
+ --
31
+ 2.5.0
32
+