./textproc/ruby-nokogiri, HTML, XML, SAX, and Reader parser with XPath and CSS selector support

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.13.6, Package name: ruby27-nokogiri-1.13.6, Maintainer: tsutsui

Nokogiri parses and searches XML/HTML very quickly, and also has correctly
implemented CSS3 selector support as well as XPath support.


* XPath support for document searching
* CSS3 selector support for document searching
* XML/HTML builder
* Drop in replacement for Hpricot (though not bug for bug)

Required to run:
[textproc/libxml2] [textproc/libxslt] [misc/ruby-mini_portile2] [lang/ruby26-base]

Required to build:
[devel/ruby-pkg-config] [pkgtools/cwrappers]

Master sites:

Filesize: 5253 KB

Version history: (Expand)

CVS history: (Expand)

   2022-05-14 16:33:31 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.13.6.

Upstream changes:

1.13.6 / 2022-05-08


  * [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
    related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
    more information.


  * {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
    TypeError instead of segfaulting when an incorrect type is passed.

1.13.5 / 2022-05-04


  * [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
    GHSA-cgx6-hpwq-fhv5 for more information.


  * [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.


  * [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
    recovering some broken markup related to start-of-tag and bare <


  * [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
    markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
    incorrectly-opened comments will result in HTML text nodes starting with &
    lt;! instead of skipping the invalid tag. This behavior is a direct result
    of the quadratic-behavior fix noted above. The behavior of downstream
    sanitizers relying on this behavior will also change. Some tests describing
    the changed behavior are in test/html4/test_comments.rb.
   2022-04-16 16:28:18 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.4.

Upstream changes:

1.13.4 / 2022-04-11


  * Address CVE-2022-24836, a regular expression denial-of-service
    vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
  * [CRuby] Vendored zlib is updated to address CVE-2018-25032. See
    GHSA-v6gp-9mmm-c6p5 for more information.
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address
    CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address
    CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.


  * [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See
    LICENSE-DEPENDENCIES.md for details on which packages redistribute this
  * [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to
  * [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of
    1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://
   2022-03-06 18:14:35 by Izumi Tsutsui | Files touched by this commit (3) | Package updated
Log message:
ruby-nokogiri: update to 1.13.3.

Upstream changes:

1.13.3 / 2022-02-21


  * [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri
    v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when
    encountering a bare < character in some contexts. This version of Nokogiri
    restores the earlier behavior, which is to recover from the parse error and
    treat the < as normal character data (which will be serialized as \ 
&lt; in a
    text node). The bug (and the fix) is only relevant when the RECOVER parse
    option is set, as it is by default. [#2461]

1.13.2 / 2022-02-21


  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update
    addresses CVE-2022-23308.
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update
    addresses CVE-2021-30560.

Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.


  * [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog
    is available at https://download.gnome.org/sources/libxml2/2.9/
  * [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog
    is available at https://download.gnome.org/sources/libxslt/1.1/
   2022-01-16 11:12:07 by Izumi Tsutsui | Files touched by this commit (2) | Package updated
Log message:
ruby-nokogiri: update to 1.13.1.

Upstream changes:

1.13.1 / 2022-01-13


  * Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an
    exception when non-string stylesheet parameters were passed. Non-string
    parameters (e.g., integers and symbols) are now explicitly supported and
    both keys and values will be stringified with #to_s. [#2418]
  * Fix HTML5 CSS selector query regression in v1.13.0 that raised an
    Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into
    the CSS query. Although this mash-up of XPath and CSS syntax previously
    worked unintentionally, it is now an officially supported feature and is
    documented as such. [#2419]
   2022-01-09 20:19:23 by Izumi Tsutsui | Files touched by this commit (4) | Package updated
Log message:
ruby-nokogiri: update to 1.13.0.

Upstream changes:

1.13.0 / 2022-01-06



This release introduces native gem support for Ruby 3.1. Please note that
Windows users should use the x64-mingw-ucrt platform gem for Ruby 3.1, and
x64-mingw32 for Ruby 2.6-3.0 (see RubyInstaller 3.1.0 release notes).

This release ends support for:

  * Ruby 2.5, for which official support ended 2021-03-31.
  * JRuby 9.2, which is a Ruby 2.5-compatible release.

Faster, more reliable installation: Native Gem for ARM64 Linux

This version of Nokogiri ships experimental native gem support for the
aarch64-linux platform, which should support AWS Graviton and other ARM Linux
platforms. We don't yet have CI running for this platform, and so we're
interested in hearing back from y'all whether this is working, and what
problems you're seeing. Please send us feedback here: Feedback: Have you used
the aarch64-linux native gem?


This version of Nokogiri opts-in to the "MFA required to publish" \ 
setting on
Rubygems.org. This and all future Nokogiri gem files must be published to
Rubygems by an account with multi-factor authentication enabled. This should
provide some additional protection against supply-chain attacks.

A related discussion about Trust exists at #2357 in which I invite you to
participate if you have feelings or opinions on this topic.


  * [CRuby] Vendored libiconv is updated from 1.15 to 1.16. (Note that libiconv
    is only redistributed in the native windows and native darwin gems, see
    LICENSE-DEPENDENCIES.md for more information.) [#2206]
  * [CRuby] Upgrade mini_portile2 dependency from ~> 2.6.1 to ~> 2.7.0. \ 
    platform gem only.)


  * {XML,HTML4}::DocumentFragment constructors all now take an optional parse
    options parameter or block (similar to Document constructors). [#1692]
    (Thanks, @JackMc!)
  * Nokogiri::CSS.xpath_for allows an XPathVisitor to be injected, for
    finer-grained control over how CSS queries are translated into XPath.
  * [CRuby] XML::Reader#encoding will return the encoding detected by the
    parser when it's not passed to the constructor. [#980]
  * [CRuby] Handle abruptly-closed HTML comments as recommended by WHATWG.
    (Thanks to tehryanx for reporting!)
  * [CRuby] Node#line is no longer capped at 65535. libxml v2.9.0 and later
    support a new parse option, exposed as
    Nokogiri::XML::ParseOptions::PARSE_BIG_LINES, which is turned on by default
    in ParseOptions::DEFAULT_{XML,XSLT,HTML,SCHEMA} (Note that JRuby already
    supported large line numbers.) [#1764, #1493, #1617, #1505, #1003, #533]
  * [CRuby] If a cycle is introduced when reparenting a node (i.e., the node
    becomes its own ancestor), a RuntimeError is raised. libxml2 does no
    checking for this, which means cycles would otherwise result in infinite
    loops on subsequent operations. (Note that JRuby already did this.) [#1912]
  * [CRuby] Source builds will download zlib and libiconv via HTTPS. \ 
    platform gem only.) [#2391] (Thanks, @jmartin-r7!)
  * [JRuby] Node#line behavior has been modified to return the line number of
    the node in the final DOM structure. This behavior is different from CRuby,
    which returns the node's position in the input string. Ideally the two
    implementations would be the same, but at least is now officially
    documented and tested. The real-world impact of this change is that the
    value returned in JRuby is greater by 1 to account for the XML prolog in
    the output. [#2380] (Thanks, @dabdine!)


  * CSS queries on HTML5 documents now correctly match foreign elements (SVG,
    MathML) when namespaces are not specified in the query. [#2376]
  * XML::Builder blocks restore context properly when exceptions are raised.
    [#2372] (Thanks, @ric2b and @rinthedev!)
  * The Nokogiri::CSS::Parser cache now uses the XPathVisitor configuration as
    part of the cache key, preventing incorrect cache results from being
    returned when multiple XPathVisitor options are being used.
  * Error recovery from in-context parsing (e.g., Node#parse) now always uses
    the correct DocumentFragment class. Previously
    Nokogiri::HTML4::DocumentFragment was always used, even for XML documents.
  * DocumentFragment#> now works properly, matching a CSS selector against only
    the fragment roots. [#1857]
  * XML::DocumentFragment#errors now correctly contains any parsing errors
    encountered. Previously this was always empty. (Note that
    HTML::DocumentFragment#errors already did this.)
  * [CRuby] Fix memory leak in Document#canonicalize when inclusive namespaces
    are passed in. [#2345]
  * [CRuby] Fix memory leak in Document#canonicalize when an argument type
    error is raised. [#2345]
  * [CRuby] Fix memory leak in EncodingHandler where iconv handlers were not
    being cleaned up. [#2345]
  * [CRuby] Fix memory leak in XPath custom handlers where string arguments
    were not being cleaned up. [#2345]
  * [CRuby] Fix memory leak in Reader#base_uri where the string returned by
    libxml2 was not freed. [#2347]
  * [JRuby] Deleting a Namespace from a NodeSet no longer modifies the href to
    be the default namespace URL.
  * [JRuby] Fix XHTML formatting of closing tags for non-container elements.


  * Passing a Nokogiri::XML::Node as the second parameter to Node.new is
    deprecated and will generate a warning. This parameter should be a kind of
    Nokogiri::XML::Document. This will become an error in a future version of
    Nokogiri. [#975]
  * Nokogiri::CSS::Parser, Nokogiri::CSS::Tokenizer, and Nokogiri::CSS::Node
    are now internal-only APIs that are no longer documented, and should not be
    considered stable. With the introduction of XPathVisitor injection into
    Nokogiri::CSS.xpath_for there should be no reason to rely on these internal
  * CSS-to-XPath utility classes Nokogiri::CSS::XPathVisitorAlwaysUseBuiltins
    and XPathVisitorOptimallyUseBuiltins are deprecated. Prefer
    Nokogiri::CSS::XPathVisitor with appropriate constructor arguments. These
    classes will be removed in a future version of Nokogiri.
   2021-12-28 01:01:31 by Takahiro Kambe | Files touched by this commit (1)
Log message:
textproc/ruby-nokogiri: reduce dependency

Depends on devel/ruby-racc only on ruby26 since Ruby 2.7 and later contains
racc as bundled gem.

   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2021-10-26 13:23:42 by Nia Alarie | Files touched by this commit (1161)
Log message:
textproc: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip