Navigation:
Browse pkgsrc
(this page)| 2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981) |
Log message: all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually. |
2019-12-11 15:52:21 by Izumi Tsutsui | Files touched by this commit (3) |  |
Log message: ruby-nokogiri: update to 1.10.7. Upstream changes (from CHANGELOG.md): ## 1.10.7 / 2019-12-03 ### Bug * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954] ## 1.10.6 / 2019-12-03 ### Bug * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, \ @nurse!) ## 1.10.5 / 2019-10-31 ### Security [MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt: * CVE-2019-13117 * CVE-2019-13118 * CVE-2019-18197 More details are available at #1943. ### Dependencies * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10 * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34 |
| 2019-08-12 01:14:47 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message: ruby-nokogiri: update to 1.10.4. Upstream changelog: https://github.com/sparklemotion/nokogiri/blob/v1.10.4/CHANGELOG.md # 1.10.4 / 2019-08-07 ### Security #### Address CVE-2019-5477 (#1915) A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. This CVE's public notice is https://github.com/sparklemotion/nokogiri/issues/1915 |
| 2019-06-22 06:11:59 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message: ruby-nokogiri: update to 1.10.3. Upstream changelog (from CHANGELOG.md): ## 1.10.3 / 2019-04-22 ### Security Notes [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full \ details are available in \ [#1892](https://github.com/sparklemotion/nokogiri/issues/1892). Note that this \ patch is not yet (as of 2019-04-22) in an upstream release of libxslt. ## 1.10.2 / 2019-03-24 ### Security * [MRI] Remove support from vendored libxml2 for future script macros. [#1871] * [MRI] Remove support from vendored libxml2 for server-side includes within \ attributes. [#1877] ### Bug fixes * [JRuby] Fix node ownership in duplicated documents. [#1060] * [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, \ @adjam!) |
| 2019-03-10 12:24:17 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message: ruby-nokogiri: update to 1.10.1. Upstream changes (from CHANGELOG.md): # 1.10.1 / 2019-01-13 ### Features * [MRI] During installation, handle Xcode 10's new library path. [#1801, #1851] (Thanks, @mlj and @deepj!) * Avoid unnecessary creation of `Proc`s in many methods. [#1776] (Thanks, @chopraanmol1!) ### Bug fixes * CSS selector `:has()` now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!) * `NodeSet#attr` now returns `nil` if it's empty. Previously this raised a NoMethodError. * [MRI] XPath errors are no longer suppressed during `XSLT::Stylesheet#transform`. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802] |
| 2019-01-12 15:31:39 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message: ruby-nokogiri: update to 1.10.0. Upstream changes (from CHANGELOG.md): ## 1.10.0 / 2019-01-04 ### Features * [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850] ### Backwards incompatibilities This release ends support for: * Ruby 2.2, for which [official support ended on \ 2018-03-31](https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/) \ [#1841] * JRuby 1.7, for which [official support ended on \ 2017-11-21](https://github.com/jruby/jruby/issues/4112) [#1741] ### Dependencies * [MRI] libxml2 is updated from 2.9.8 to 2.9.9 * [MRI] libxslt is updated from 1.1.32 to 1.1.33 ## 1.9.1 / 2018-12-17 ### Bug fixes * Fix a bug introduced in v1.9.0 where `XML::DocumentFragment#dup` no longer \ returned an instance of the callee's class, instead always returning an \ `XML::DocumentFragment`. This notably broke any subclass of \ `XML::DocumentFragment` including `HTML::DocumentFragment` as well as the Loofah \ gem's `Loofah::HTML::DocumentFragment`. [#1846] ## 1.9.0 / 2018-12-17 ### Security Notes * [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream \ vulnerability CVE-2012-0881 [#1831] (Thanks @grajagandev for reporting.) ### Notable non-functional changes * Decrease installation size by removing many unneeded files (e.g., `/test`) \ from the packaged gems. [#1719] (Thanks, @stevecrozz!) ### Features * `XML::Attr#value=` allows HTML node attribute values to be set to either a \ blank string or an empty boolean attribute. [#1800] * Introduce `XML::Node#wrap` which does what `XML::NodeSet#wrap` has always \ done, but for a single node. [#1531] (Thanks, @ethirajsrinivasan!) * [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, \ #1813] (Thanks, @gpakosz and @nurse!) * [MRI] Node#dup supports copying a node directly to a new document. See the \ method documentation for details. * [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making \ unnecessary copies. [#1063] * [JRuby] NodeSet has been rewritten to improve performance! [#1795] ### Bug fixes * `NodeSet#each` now returns `self` instead of zero. [#1822] (Thanks, @olehif!) * [MRI] Address a memory leak when using XML::Builder to create nodes with \ namespaces. [#1810] * [MRI] Address a memory leak when unparenting a DTD. [#1784] (Thanks, \ @stevecheckoway!) * [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations \ that use Makefile macros. [#1820] (Thanks, @nobu!) * [JRuby] Decrease large memory usage when making nested XPath queries. [#1749] * [JRuby] Fix failing tests on JRuby 9.2.x * [JRuby] Fix default namespaces in nodes reparented into a different document \ [#1774] * [JRuby] Fix support for Java 9. [#1759] (Thanks, @Taywee!) ### Dependencies * [MRI] Upgrade mini_portile2 dependency from `~> 2.3.0` to `~> 2.4.0` |
| 2018-11-01 16:00:31 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message: ruby-nokogiri: update to 1.8.5. Upstream changes (from CHANGELOG.md): # 1.8.5 / 2018-10-04 ## Security Notes [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in [#1785] (https://github.com/sparklemotion/nokogiri/issues/1785). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. ## Bug fixes * [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722] * [JRuby] Fix node reparenting when the destination doc is empty. [#1773] |
| 2018-07-06 21:12:32 by Izumi Tsutsui | Files touched by this commit (2) | |
Log message: ruby-nokogiri: update to 1.8.4. Upstream changes (from CHANGELOG.md): # 1.8.4 / 2018-07-03 ## Bug fixes * [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in \ v1.5.7) [#1771] |
| 2018-06-28 17:16:51 by Jonathan Perkin | Files touched by this commit (1) | |
Log message: ruby-nokogiri: Fix build since last update. |
| 2018-06-22 16:20:27 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message: nokogiri: update to 1.8.3. Upstream changes (from CHANGELOG.md): # 1.8.3 / 2018-06-16 ## Security Notes [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here: > https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impact here: > https://github.com/flavorjones/loofah/issues/144 This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities. If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here: > https://bugzilla.gnome.org/show_bug.cgi?id=769760 ## Dependencies * [MRI] libxml2 is updated from 2.9.7 to 2.9.8 ## Features * Node#classes, #add_class, #append_class, and #remove_class are added. * NodeSet#append_class is added. * NodeSet#remove_attribute is a new alias for NodeSet#remove_attr. * NodeSet#each now returns an Enumerator when no block is passed (Thanks, @park53kr!) * [JRuby] General improvements in JRuby implementation (Thanks, @kares!) ## Bug fixes * CSS attribute selectors now gracefully handle queries using integers. [#711] * Handle ASCII-8BIT encoding on fragment input [#553] * Handle non-string return values within `Reader` [#898] * [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666] * [JRuby] Stability and speed improvements to `Node`, `Sax::PushParser`, and the JRuby implementation [#1708, #1710, #1501] |
New packages: