Log Message: ruby-nokogiri: update to 1.13.9. Upstream changes: https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.9 1.13.9 / 2022-10-18 Security * [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for more information. * [CRuby] Vendored zlib is updated to address CVE-2022-37434. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see #2626 for more information. Dependencies * [CRuby] Vendored libxml2 is updated to v2.10.3 from v2.9.14. * [CRuby] Vendored libxslt is updated to v1.1.37 from v1.1.35. * [CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.) Fixed * [CRuby] Nokogiri::XML::Namespace objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2658] (Thanks, @eightbitraptor and @peterzhu2118!) * [CRuby] Document#remove_namespaces! now defers freeing the underlying xmlNs struct until the Document is GCed. Previously, maintaining a reference to a Namespace object that was removed in this way could lead to a segfault. [#2658]
Revision | Action | file |
1.74 | modify | pkgsrc/textproc/ruby-nokogiri/Makefile |
1.38 | modify | pkgsrc/textproc/ruby-nokogiri/PLIST |
1.53 | modify | pkgsrc/textproc/ruby-nokogiri/distinfo |