2018-02-18 06:45:37 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message:
ruby-nokogiri: update to 1.8.2.
Upstream changelog (from CHANGELOG.md):
# 1.8.2 / 2018-01-29
## Security Notes
[MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one \
published vulnerability, CVE-2017-15412. [#1714 has complete details]
## Dependencies
* [MRI] libxml2 is updated from 2.9.5 to 2.9.7
* [MRI] libxslt is updated from 1.1.30 to 1.1.32
## Features
* [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, \
@jeremyevans!)
* [MRI] Cross-built Windows gems now support Ruby 2.5
## Bug fixes
* Node#serialize once again returns UTF-8-encoded strings. [#1659]
* [JRuby] made SAX parsing of characters consistent with C implementation \
[#1676] (Thanks, @andrew-aladev!)
* [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]
|
2017-12-09 23:39:28 by Izumi Tsutsui | Files touched by this commit (1) |
Log message:
Actually take maintainership (missed in the previous commit).
|
2017-10-20 17:56:58 by Izumi Tsutsui | Files touched by this commit (3) | |
Log message:
nokogiri: update to 1.8.1.
This version is necessary for ruby-mini_portile2 2.3.0 in pkgsrc-2017Q3.
pkgsrc changes:
- strict dependency against ruby-mini_portile2 as defined in the Gemfile
- take maintainership
Upstream changes (from CHANGELOG.md):
# 1.8.1 / 2017-09-19
## Dependencies
* [MRI] libxml2 is updated from 2.9.4 to 2.9.5.
* [MRI] libxslt is updated from 1.1.29 to 1.1.30.
* [MRI] optional dependency on the pkg-config gem has had its constraint \
loosened to `~> 1.1` (from `~> 1.1.7`). [#1660]
* [MRI] Upgrade mini_portile2 dependency from `~> 2.2.0` to `~> 2.3.0`, \
which will validate checksums on the vendored libxml2 and libxslt tarballs \
before using them.
## Bugs
* NodeSet#first with an integer argument longer than the length of the NodeSet \
now correctly clamps the length of the returned NodeSet to the original length. \
[#1650] (Thanks, @Derenge!)
* [MRI] Ensure CData.new raises TypeError if the `content` argument is not \
implicitly convertible into a string. [#1669]
|
2017-06-05 17:22:56 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update ruby-nokogiri to 1.8.0.
# 1.8.0 / 2017-06-04
## Backwards incompatibilities
This release ends support for Ruby 2.1 on Windows in the `x86-mingw32` and \
`x64-mingw32` platform gems (containing pre-compiled DLLs). Official support \
ended for Ruby 2.1 on 2017-04-01.
Please note that this deprecation note only applies to the precompiled Windows \
gems. Ruby 2.1 continues to be supported (for now) in the default gem when \
compiled on installation.
## Dependencies
* [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries)
* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
* [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3
* [MRI] Upgrade mini-portile2 dependency from `~> 2.1.0` to `~> 2.2.0`
## Compatibility notes
* [JRuby] Removed support for `jruby --1.8` code paths. [#1607] (Thanks, @kares!)
* [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid \
deprecation issues going forward. See #1632 for details around this problem.
## Features
* NodeSet#clone is not an alias for NodeSet#dup [#1503] (Thanks, @stephankaag!)
* Allow Processing Instructions and Comments as children of a document root. \
[#1033] (Thanks, @windwiny!)
* [MRI] PushParser#replace_entities and #replace_entities= will control whether \
entities are replaced or not. [#1017] (Thanks, @spraints!)
* [MRI] SyntaxError#to_s now includes line number, column number, and log level \
if made available by the parser. [#1304, #1637] (Thanks, @spk and @ccarruitero!)
* [MRI] Cross-built Windows gems now support Ruby 2.4
* [MRI] Support for frozen string literals. [#1413]
* [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544]
* [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 \
hashes were used) [#1544]
* [JRuby] (performance) remove unnecessary synchronization of class-cache \
[#1563] (Thanks, @kares!)
* [JRuby] (performance) remove unnecessary cloning of objects in XPath searches \
[#1563] (Thanks, @kares!)
* [JRuby] (performance) more performance improvements, particularly in XPath, \
Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, @kares!)
## Bugs
* HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] \
(Thanks for the test case, @gregors!)
* Support installation on systems with a `lib64` site config. [#1562]
* [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] \
(Thanks, @jeremyevans!)
* [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477]
* [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can \
cause problems on some platforms. [#1517] (Thanks, @jeremy!)
* [JRuby] correctly append a text node before another text node [#1318] (Thanks, \
@jkraemer!)
* [JRuby] custom xpath functions returning an integer now work correctly [#1595] \
(Thanks, @kares!)
* [JRuby] serializing (`#to_html`, `#to_s`, et al) a document with explicit \
encoding now works correctly. [#1281, #1440] (Thanks, @kares!)
* [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, @kares!)
* [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, @kares!)
* [JRuby] Merged nodes no longer results in Java exceptions during XPath \
queries. [#1320] (Thanks, @kares!)
# 1.7.2 / 2017-05-09
## Security Notes
[MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which \
address CVE-2017-5029 and CVE-2016-4738.
For more information:
* https://github.com/sparklemotion/nokogiri/issues/1634
* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
|
2017-03-20 16:36:43 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update ruby-nokogiri to 1.7.1.
# 1.7.1 / unreleased
## Security Notes
[MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which \
address CVE-2016-4658 and CVE-2016-5131.
For more information:
* https://github.com/sparklemotion/nokogiri/issues/1615
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
## Dependencies
* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
|
2017-01-08 06:36:55 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Now gemspec dose not require ruby-pkg-config any more.
Bump PKGREVISION.
|
2017-01-07 23:30:13 by Thomas Klausner | Files touched by this commit (3) |
Log message:
Updated ruby-nokogiri to 1.7.0.1.
# 1.7.0.1 / 2017-01-04
## Bugs
* Fix OpenBSD support. (#1569) (related to #1543)
# 1.7.0 / 2016-12-26
## Features
* Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
* Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)
## Backwards incompatibilities.
This release ends support for:
* Ruby 1.9.2, for which official support ended on 2014-07-31
* Ruby 1.9.3, for which official support ended on 2015-02-23
* Ruby 2.0.0, for which official support ended on 2016-02-24
* MacRuby, which hasn't been actively supported since 2015-01-13 (see \
https://github.com/MacRuby/MacRuby/commit/f76b9d6e99c18236db617e8aceb12c27d593a483)
|
2016-10-18 16:41:15 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update ruby-nokogiri to 1.6.8.1
=== 1.6.8.1 / 2016-10-03
==== Dependency License Notes
Removes required dependency on the `pkg-config` gem. This dependency
was introduced in v1.6.8 and, because it's distributed under LGPL, was
objectionable to many Nokogiri users (#1488, #1496).
This version makes `pkg-config` an optional dependency. If it's
installed, it's used; but otherwise Nokogiri will attempt to work
around its absence.
=== 1.6.8 / unreleased
==== Security Notes
[MRI] Bundled libxml2 is upgraded to 2.9.4, which fixes many security issues. \
Many of these had previously been patched in the vendored libxml 2.9.2 in the \
1.6.7.x branch, but some are newer.
See these libxml2 email posts for more:
* https://mail.gnome.org/archives/xml/2015-November/msg00012.html
* https://mail.gnome.org/archives/xml/2016-May/msg00023.html
For a more detailed analysis, you may care to read Canonical's take on these \
security issues:
* http://www.ubuntu.com/usn/usn-2994-1
[MRI] Bundled libxslt is upgraded to 1.1.29, which fixes a security issue as \
well as many long-known outstanding bugs, some features, some portability \
improvements, and general cleanup.
See this libxslt email post for more:
* https://mail.gnome.org/archives/xslt/2016-May/msg00004.html
==== Features
Several changes were made to improve performance:
* [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
* XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
* Use Symbol#to_proc where we weren't previously. (#1296) (Thanks, Bruno Sutic!)
* XML::DTD#each uses implicit block calls. (Thanks, @glaucocustodio!)
* Fall back to the `pkg-config` gem if we're having trouble finding the system \
libxml2. This should help many FreeBSD users. (#1417)
* Set document encoding appropriately even on blank document. (#1043) (Thanks, \
@batter!)
==== Bug Fixes
* [JRuby] fix slow add_child (#692)
* [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, \
@atambo and @jvshahid!)
* [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) \
(Thanks, @mkristian!)
* [JRuby] fix nil attriubte node's namespace in reader (#1327) (Thanks, \
@codekitchen!)
* [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes \
(#1113) (Thanks, @mkristian!)
* [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, @esse!)
* [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
* [JRuby] HTML `style` tags are no longer encoded (#1316) (Thanks, @tbeauvais!)
* [MRI] fix assertion failure while accessing attribute node's namespace in \
reader (#843) (Thanks, @2potatocakes!)
* [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
* [MRI] Ensure C strings are null-terminated. (#1381)
* [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. \
(#1393, #1411) (Thanks, @JonRowe!)
* [MRI] Handling another edge case where the `libxml-ruby` gem's global \
callbacks were smashing the heap. (#1426). (Thanks to @bbergstrom for providing \
an isolated test case!)
* [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
* [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to \
another document. (#391) (Thanks, @ylecuyer!)
* [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) \
(Thanks, @ccutrer!)
* [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, \
#1444) (Thanks, @cuttrer and @bradleybeddoes!)
* unescape special characters in CSS queries (#1303) (Thanks, @twalpole!)
* consistently handle empty documents (#1349)
* Update to mini_portile2 2.1.0 to address whitespace-handling during patching. \
(#1402)
* Fix encoding of xml node namespaces.
* Work around issue installing Nokogiri on overlayfs (commonly used in Docker \
containers). (#1370, #1405)
==== Other Notes
* Removed legacy code remaining from Ruby 1.8.x support.
* Removed legacy code remaining from REE support.
* Removing hacky workarounds for bugs in some older versions of libxml2.
* Handling C strings in a forward-compatible manner, see \
https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319
|
2016-03-15 16:45:46 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update ruby-nokogiri to 1.6.7.2.
Below security problem dose not affect to pkgsrc since we do not use bundlerd
libxml2.
=== 1.6.7.2 / 2015-01-20
This version pulls in several upstream patches to the vendored libxml2 and \
libxslt to address:
CVE-2015-7499
Ubuntu classifies this as "Priority: Low", RedHat classifies this as \
"Impact: Moderate", and NIST classifies this as "Severity: 5.0 \
(MEDIUM)".
MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
|
2016-01-10 12:55:45 by Izumi Tsutsui | Files touched by this commit (3) |
Log message:
Update ruby-nokogiri to 1.6.7.1.
pkgsrc changes:
* Fix DEPENDS on required ${RUBY_PKGPREFIX}-mini_portile2>=2.0.0
Upstream changes:
=== 1.6.7.1 / 2015-12-16
This version pulls in several upstream patches to the vendored libxml2 and \
libxslt to address:
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-8241
CVE-2015-8242
CVE-2015-8317
See also http://www.ubuntu.com/usn/usn-2834-1/
|