Next | Query returned 59 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2020-11-05 10:09:30 by Ryo ONODERA | Files touched by this commit (1814)
Log message:
*: Recursive revbump from textproc/icu-68.1
   2020-10-03 16:27:32 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.10.10.

Upstream chages (from CHANGELOG.md):

1.10.10 / 2020-07-06

Features

* [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that
  prior to this release, the v1.11.x prereleases provided this support.
   2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689)
Log message:
Revbump for icu
   2020-03-29 07:21:40 by Takahiro Kambe | Files touched by this commit (1) | Package updated
Log message:
textproc/ruby-nokogiri: fix ruby gem dependency

Relax dependency for mini_portile2 gem to fix runtime problem.
Noted by Robert Swindells on pkgsrc-users@NetBSD.org.

Bump PKGREVISION.
   2020-03-10 15:28:19 by Izumi Tsutsui | Files touched by this commit (1)
Log message:
ruby-nokogiri: relax dependency versions for ruby-mini_portile2.
   2020-03-10 15:19:35 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.10.9.

Upstream chages (from CHANGELOG.md):

1.10.9 / 2020-03-01

Fixed

* [MRI] Raise an exception when Nokogiri detects a specific libxml2
  edge case involving blank Schema nodes wrapped by Ruby objects
  that would cause a segfault. Currently no fix is available upstream,
  so we're preventing a dangerous operation and informing users to
  code around it if possible. [#1985, #2001]
* [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object,
  for compilation under JRuby 9.2.9 and later. [#1968, #1969]
  (Thanks, @headius!)
   2020-02-16 05:11:05 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.10.8.

Upstream changelog (from CHANGELOG.md):

## 1.10.8 / 2020-02-10

### Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595.
Full details are available in \ 
[#1992](https://github.com/sparklemotion/nokogiri/issues/1992).
Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2019-12-11 15:52:21 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.10.7.

Upstream changes (from CHANGELOG.md):

## 1.10.7 / 2019-12-03

### Bug

* [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954]

## 1.10.6 / 2019-12-03

### Bug

* [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, \ 
@nurse!)

## 1.10.5 / 2019-10-31

### Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

* CVE-2019-13117
* CVE-2019-13118
* CVE-2019-18197

More details are available at #1943.

### Dependencies

* [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
* [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
   2019-08-12 01:14:47 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.10.4.

Upstream changelog:
 https://github.com/sparklemotion/nokogi … ANGELOG.md

# 1.10.4 / 2019-08-07

### Security

#### Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows
commands to be executed in a subprocess by Ruby's `Kernel.open` method.
Processes are vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem
versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate
lexical scanner code for parsing CSS queries. The underlying
vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded
to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is
https://github.com/sparklemotion/nokogiri/issues/1915

Next | Query returned 59 messages, browsing 1 to 10 | Previous