nokogiri 1.7.1-x64-mingw32 → 1.7.2-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of nokogiri might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8d18478bf0ff7e94e5b1df7246a3ca068d280df9
4
- data.tar.gz: d31b295ea10280e82c7947a12762753d03fb8369
3
+ metadata.gz: 0513f9b8001a1f52ba3c8d268035bc2bfe48b8bf
4
+ data.tar.gz: ee98248884e66bd02bd9783879ce3e61b46c39f2
5
5
  SHA512:
6
- metadata.gz: d0e0b17cfb9e783dce93879104e8fdebdf1234ba53a5e927b2fb608577ff7331e7b71de090d1c33300697c9e88fb1619bd30788001c35f5a0889fb8c1a66d215
7
- data.tar.gz: 2ae11854b9e8ff18dfe3af09578d25c8eeffa063f12ca649a1663e9f2bc3a84ca5e3f0cdceca6a9eb799f1ac3909cf50116138937b7edb9a8d7529914ed0218c
6
+ metadata.gz: 9b5cdd0cc08eb44cff413858cd11e541e2550996d8bd5ba8664857d41c1ac346b0953fbc44f28c973f13ebb3abbb34dd0353aa53841a3f4653bbbba7c71e065e
7
+ data.tar.gz: 34bb68323ed6fade5aa9fb5bb9c68a2e54afe0f6a0ff7b7f767e03a534a60c081e46118a1f7817ca2fff1d4cbf63d711b22fa02f0d1240a7ee56d7ff4ea0f3b2
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ # 1.7.2 / 2017-05-09
2
+
3
+ ## Security Notes
4
+
5
+ [MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738.
6
+
7
+ For more information:
8
+
9
+ * https://github.com/sparklemotion/nokogiri/issues/1634
10
+ * http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
11
+ * http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
12
+
13
+
1
14
  # 1.7.1 / unreleased
2
15
 
3
16
  ## Security Notes
data/Manifest.txt CHANGED
@@ -249,6 +249,8 @@ lib/xsd/xmlparser/nokogiri.rb
249
249
  patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
250
250
  patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
251
251
  patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
252
+ patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
253
+ patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
252
254
  patches/sort-patches-by-date
253
255
  suppressions/README.txt
254
256
  suppressions/nokogiri_ree-1.8.7.358.supp
Binary file
Binary file
Binary file
@@ -1,6 +1,6 @@
1
1
  module Nokogiri
2
2
  # The version of Nokogiri you are using
3
- VERSION = '1.7.1'
3
+ VERSION = '1.7.2'
4
4
 
5
5
  class VersionInfo # :nodoc:
6
6
  def jruby?
@@ -0,0 +1,31 @@
1
+ From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
2
+ From: Nick Wellnhofer <wellnhofer@aevum.de>
3
+ Date: Fri, 10 Jun 2016 14:23:58 +0200
4
+ Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
5
+
6
+ An empty decimal-separator could cause a heap overread. This can be
7
+ exploited to leak a couple of bytes after the buffer that holds the
8
+ pattern string.
9
+
10
+ Found with afl-fuzz and ASan.
11
+ ---
12
+ libxslt/numbers.c | 3 ++-
13
+ 1 file changed, 2 insertions(+), 1 deletion(-)
14
+
15
+ diff --git a/libxslt/numbers.c b/libxslt/numbers.c
16
+ index d1549b4..e78c46b 100644
17
+ --- a/libxslt/numbers.c
18
+ +++ b/libxslt/numbers.c
19
+ @@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
20
+ }
21
+
22
+ /* We have finished the integer part, now work on fraction */
23
+ - if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
24
+ + if ( (*the_format != 0) &&
25
+ + (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
26
+ format_info.add_decimal = TRUE;
27
+ the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
28
+ }
29
+ --
30
+ 2.9.3
31
+
@@ -0,0 +1,74 @@
1
+ From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
2
+ From: Nick Wellnhofer <wellnhofer@aevum.de>
3
+ Date: Thu, 12 Jan 2017 15:39:52 +0100
4
+ Subject: [PATCH] Check for integer overflow in xsltAddTextString
5
+
6
+ Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
7
+ exploited to trigger an out of bounds write on 64-bit systems.
8
+
9
+ Originally reported to Chromium:
10
+
11
+ https://crbug.com/676623
12
+ ---
13
+ libxslt/transform.c | 25 ++++++++++++++++++++++---
14
+ libxslt/xsltInternals.h | 4 ++--
15
+ 2 files changed, 24 insertions(+), 5 deletions(-)
16
+
17
+ diff --git a/libxslt/transform.c b/libxslt/transform.c
18
+ index 519133f..02bff34 100644
19
+ --- a/libxslt/transform.c
20
+ +++ b/libxslt/transform.c
21
+ @@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt, xmlNodePtr target,
22
+ return(target);
23
+
24
+ if (ctxt->lasttext == target->content) {
25
+ + int minSize;
26
+
27
+ - if (ctxt->lasttuse + len >= ctxt->lasttsize) {
28
+ + /* Check for integer overflow accounting for NUL terminator. */
29
+ + if (len >= INT_MAX - ctxt->lasttuse) {
30
+ + xsltTransformError(ctxt, NULL, target,
31
+ + "xsltCopyText: text allocation failed\n");
32
+ + return(NULL);
33
+ + }
34
+ + minSize = ctxt->lasttuse + len + 1;
35
+ +
36
+ + if (ctxt->lasttsize < minSize) {
37
+ xmlChar *newbuf;
38
+ int size;
39
+ + int extra;
40
+ +
41
+ + /* Double buffer size but increase by at least 100 bytes. */
42
+ + extra = minSize < 100 ? 100 : minSize;
43
+ +
44
+ + /* Check for integer overflow. */
45
+ + if (extra > INT_MAX - ctxt->lasttsize) {
46
+ + size = INT_MAX;
47
+ + }
48
+ + else {
49
+ + size = ctxt->lasttsize + extra;
50
+ + }
51
+
52
+ - size = ctxt->lasttsize + len + 100;
53
+ - size *= 2;
54
+ newbuf = (xmlChar *) xmlRealloc(target->content,size);
55
+ if (newbuf == NULL) {
56
+ xsltTransformError(ctxt, NULL, target,
57
+ diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
58
+ index 060b178..5ad1771 100644
59
+ --- a/libxslt/xsltInternals.h
60
+ +++ b/libxslt/xsltInternals.h
61
+ @@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
62
+ * Speed optimization when coalescing text nodes
63
+ */
64
+ const xmlChar *lasttext; /* last text node content */
65
+ - unsigned int lasttsize; /* last text node size */
66
+ - unsigned int lasttuse; /* last text node use */
67
+ + int lasttsize; /* last text node size */
68
+ + int lasttuse; /* last text node use */
69
+ /*
70
+ * Per Context Debugging
71
+ */
72
+ --
73
+ 2.9.3
74
+
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nokogiri
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.1
4
+ version: 1.7.2
5
5
  platform: x64-mingw32
6
6
  authors:
7
7
  - Aaron Patterson
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2017-03-20 00:00:00.000000000 Z
15
+ date: 2017-05-09 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: mini_portile2
@@ -413,6 +413,8 @@ files:
413
413
  - patches/libxml2/0001-Fix-comparison-with-root-node-in-xmlXPathCmpNodes.patch
414
414
  - patches/libxml2/0002-Fix-XPointer-paths-beginning-with-range-to.patch
415
415
  - patches/libxml2/0003-Disallow-namespace-nodes-in-XPointer-ranges.patch
416
+ - patches/libxslt/0001-Fix-heap-overread-in-xsltFormatNumberConversion.patch
417
+ - patches/libxslt/0002-Check-for-integer-overflow-in-xsltAddTextString.patch
416
418
  - patches/sort-patches-by-date
417
419
  - suppressions/README.txt
418
420
  - suppressions/nokogiri_ree-1.8.7.358.supp