Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2021-10-01 20:54:25
Message id: 20211001185425.ED603FA97@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.12.5.

Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.12.5

1.12.5 / 2021-09-27

Security

[JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).

In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve
external entities (XXE) by default. This fix turns off
entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX
parsers' behavior.

CRuby users are not affected by this CVE.

Fixed

  * [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml >
    2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting
    start and and tags (e.g., <br></br>) instead of a self-closing \ 
tag (e.g.,
    <br/>) in previous Nokogiri versions. [#2324]
Files:
RevisionActionfile
1.64modifypkgsrc/textproc/ruby-nokogiri/Makefile
1.44modifypkgsrc/textproc/ruby-nokogiri/distinfo