Log Message: ruby-nokogiri: update to 1.13.6. Upstream changes: https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5 1.13.6 / 2022-05-08 Security * [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information. Improvements * {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise TypeError instead of segfaulting when an incorrect type is passed. 1.13.5 / 2022-05-04 Security * [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See GHSA-cgx6-hpwq-fhv5 for more information. Dependencies * [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14. Improvements * [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare < characters. Changed * [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and incorrectly-opened comments will result in HTML text nodes starting with & lt;! instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in test/html4/test_comments.rb.
Revision | Action | file |
1.71 | modify | pkgsrc/textproc/ruby-nokogiri/Makefile |
1.37 | modify | pkgsrc/textproc/ruby-nokogiri/PLIST |
1.51 | modify | pkgsrc/textproc/ruby-nokogiri/distinfo |