SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1.x86_64.rpm :

* Thu Oct 27 2022 marco.striglAATTsuse.com- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408) fixes possibility to DoS because of inefficient RE in HTML encoding- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782) fixes Improper Handling of Unexpected Data Types
* Thu Jan 21 2021 jtomasiakAATTsuse.com- add 000-CVE-2019-5477.patch (CVE-2019-5477, bsc#1146578)- add 001-test-equality.patch (prereq of 002-CVE-2020-26247.patch)- add 002-CVE-2020-26247.patch (CVE-2020-26247, bsc#1180507)
* Mon Oct 29 2018 mschnitzerAATTsuse.com- updated to version 1.8.5 (bsc#1156722) [#]# Security Notes [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in [#1785](https://github.com/sparklemotion/nokogiri/issues/1785). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. [#]# Bug fixes
* [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722]
* [JRuby] Fix node reparenting when the destination doc is empty. [#1773]
* Wed Jul 04 2018 factory-autoAATTkulow.org- updated to version 1.8.4 see installed CHANGELOG.md [#] 1.8.4 / 2018-07-03 [#]# Bug fixes
* [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771]
* Sat Jun 16 2018 factory-autoAATTkulow.org- updated to version 1.8.3 see installed CHANGELOG.md [#] 1.8.3 / 2018-06-16 [#]# Security Notes [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here: > https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impact here: > https://github.com/flavorjones/loofah/issues/144 This release simply reverts the libxml2 commit in question to protect users of Nokogiri\'s vendored libraries from similar vulnerabilities. If you\'re offended by what happened here, I\'d kindly ask that you comment on the upstream bug report here: > https://bugzilla.gnome.org/show_bug.cgi?id=769760
* Thu Feb 08 2018 cooloAATTsuse.com- updated to version 1.8.2 see installed CHANGELOG.md [#] 1.8.2 / 2018-01-29 [#]# Security Notes [MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details] [#]# Dependencies
* [MRI] libxml2 is updated from 2.9.5 to 2.9.7
* [MRI] libxml2 is updated from 1.1.30 to 1.1.32 [#]# Features
* [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, AATTjeremyevans!)
* [MRI] Cross-built Windows gems now support Ruby 2.5 [#]# Bug fixes
* Node#serialize once again returns UTF-8-encoded strings. [#1659]
* [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, AATTandrew-aladev!)
* [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]
* Wed Sep 20 2017 bgeukenAATTsuse.com- Updated to version 1.8.1 From the upstream changelog: Dependencies [MRI] libxml2 is updated from 2.9.4 to 2.9.5. [MRI] libxslt is updated from 1.1.29 to 1.1.30. [MRI] optional dependency on the pkg-config gem has had its constraint loosened to ~> 1.1 (from ~> 1.1.7). [#1660] [MRI] Upgrade mini_portile2 dependency from ~> 2.2.0 to ~> 2.3.0, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them. Bugs NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, AATTDerenge!) [MRI] Ensure CData.new raises TypeError if the content argument is not implicitly convertible into a string. [#1669]
* Mon Sep 18 2017 mrueckertAATTsuse.de- make gem2rpm.yaml match the gemspec with regards to BR: mini_portile2
* Tue Jun 06 2017 cooloAATTsuse.com- updated to version 1.8.0 see installed CHANGELOG.md [#] 1.8.0 / 2017-06-04 [#]# Backwards incompatibilities This release ends support for Ruby 2.1 on Windows in the `x86-mingw32` and `x64-mingw32` platform gems (containing pre-compiled DLLs). Official support ended for Ruby 2.1 on 2017-04-01. Please note that this deprecation note only applies to the precompiled Windows gems. Ruby 2.1 continues to be supported (for now) in the default gem when compiled on installation. [#]# Dependencies
* [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries)
* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
* [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3
* [MRI] Upgrade mini-portile2 dependency from `~> 2.1.0` to `~> 2.2.0` [#]# Compatibility notes
* [JRuby] Removed support for `jruby --1.8` code paths. [#1607] (Thanks, AATTkares!)
* [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid deprecation issues going forward. See #1632 for details around this problem. [#]# Features
* NodeSet#clone is not an alias for NodeSet#dup [#1503] (Thanks, AATTstephankaag!)
* Allow Processing Instructions and Comments as children of a document root. [#1033] (Thanks, AATTwindwiny!)
* [MRI] PushParser#replace_entities and #replace_entities= will control whether entities are replaced or not. [#1017] (Thanks, AATTspraints!)
* [MRI] SyntaxError#to_s now includes line number, column number, and log level if made available by the parser. [#1304, #1637] (Thanks, AATTspk and AATTccarruitero!)
* [MRI] Cross-built Windows gems now support Ruby 2.4
* [MRI] Support for frozen string literals. [#1413]
* [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544]
* [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 hashes were used) [#1544]
* [JRuby] (performance) remove unnecessary synchronization of class-cache [#1563] (Thanks, AATTkares!)
* [JRuby] (performance) remove unnecessary cloning of objects in XPath searches [#1563] (Thanks, AATTkares!)
* [JRuby] (performance) more performance improvements, particularly in XPath, Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, AATTkares!) [#]# Bugs
* HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] (Thanks for the test case, AATTgregors!)
* Support installation on systems with a `lib64` site config. [#1562]
* [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] (Thanks, AATTjeremyevans!)
* [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477]
* [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can cause problems on some platforms. [#1517] (Thanks, AATTjeremy!)
* [JRuby] correctly append a text node before another text node [#1318] (Thanks, AATTjkraemer!)
* [JRuby] custom xpath functions returning an integer now work correctly [#1595] (Thanks, AATTkares!)
* [JRuby] serializing (`#to_html`, `#to_s`, et al) a document with explicit encoding now works correctly. [#1281, #1440] (Thanks, AATTkares!)
* [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, AATTkares!)
* [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, AATTkares!)
* [JRuby] Merged nodes no longer results in Java exceptions during XPath queries. [#1320] (Thanks, AATTkares!)
* Tue May 23 2017 cooloAATTsuse.com- updated to version 1.7.2 see installed CHANGELOG.md [#] 1.7.2 / 2017-05-09 [#]# Security Notes [MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738. For more information:
* https://github.com/sparklemotion/nokogiri/issues/1634
* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
* Mon Mar 20 2017 cooloAATTsuse.com- updated to version 1.7.1 see installed CHANGELOG.md [#] 1.7.1 / unreleased [#]# Security Notes [MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131. For more information:
* https://github.com/sparklemotion/nokogiri/issues/1615
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html [#]# Dependencies
* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
* Sat Jan 14 2017 cooloAATTsuse.com- updated to version 1.7.0.1 see installed CHANGELOG.md [#] 1.7.0.1 / 2017-01-04 [#]# Bugs
* Fix OpenBSD support. (#1569) (related to #1543)
* Tue Dec 27 2016 cooloAATTsuse.com- updated to version 1.7.0 CHANGELOG.rdoc removed upstream
* Tue Oct 04 2016 cooloAATTsuse.com- updated to version 1.6.8.1 see installed CHANGELOG.rdoc
* Tue Jun 07 2016 cooloAATTsuse.com- updated to version 1.6.8 ==== Features Several changes were made to improve performance:
* [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
* XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
* Use Symbol#to_proc where we weren\'t previously. (#1296) (Thanks, Bruno Sutic!)
* XML::DTD#each uses implicit block calls. (Thanks, AATTglaucocustodio!)
* Fall back to the `pkg-config` gem if we\'re having trouble finding the system libxml2. This should help many FreeBSD users. (#1417)
* Set document encoding appropriately even on blank document. (#1043) (Thanks, AATTbatter!) ==== Bug Fixes
* [JRuby] fix slow add_child (#692)
* [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, AATTatambo and AATTjvshahid!)
* [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, AATTmkristian!)
* [JRuby] fix nil attriubte node\'s namespace in reader (#1327) (Thanks, AATTcodekitchen!)
* [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, AATTmkristian!)
* [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, AATTesse!)
* [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
* [JRuby] HTML `style` tags are no longer encoded (#1316) (Thanks, AATTtbeauvais!)
* [MRI] fix assertion failure while accessing attribute node\'s namespace in reader (#843) (Thanks, AATT2potatocakes!)
* [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
* [MRI] Ensure C strings are null-terminated. (#1381)
* [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, AATTJonRowe!)
* [MRI] Handling another edge case where the `libxml-ruby` gem\'s global callbacks were smashing the heap. (#1426). (Thanks to AATTbbergstrom for providing an isolated test case!)
* [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
* [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, AATTylecuyer!)
* [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, AATTccutrer!)
* [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, AATTcuttrer and AATTbradleybeddoes!)
* unescape special characters in CSS queries (#1303) (Thanks, AATTtwalpole!)
* consistently handle empty documents (#1349)
* Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402)
* Fix encoding of xml node namespaces.
* Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405) ==== Other Notes
* Removed legacy code remaining from Ruby 1.8.x support.
* Removed legacy code remaining from REE support.
* Removing hacky workarounds for bugs in some older versions of libxml2.
* Handling C strings in a forward-compatible manner, see https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319- remove nokogiri-1.6.7.2_mini_portile2_version.diff as upstreamed
* Wed Mar 23 2016 olafAATTaepfle.de- Force fixed timestamps for patched gems (bsc#916047)
* Tue Jan 26 2016 mrueckertAATTsuse.de- lockdown mini_portile2 to 2.0
* Mon Jan 25 2016 mrueckertAATTsuse.de- update to version 1.6.7.2 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: CVE-2015-7499 Ubuntu classifies this as \"Priority: Low\", RedHat classifies this as \"Impact: Moderate\", and NIST classifies this as \"Severity: 5.0 (MEDIUM)\". MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499 This is not effecting us as we are using the system copy.- refresh mini_portile patch to apply cleanly again old: nokogiri-1.6.7.diff new: nokogiri-1.6.7.2_mini_portile2_version.diff
* Thu Jan 21 2016 mrueckertAATTsuse.de- fix buildrequires for mini_portile
* Thu Dec 17 2015 cooloAATTsuse.com- updated to version 1.6.7.1 see installed CHANGELOG.rdoc === 1.6.7.1 / 2015-12-16 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 See also http://www.ubuntu.com/usn/usn-2834-1/
* Tue Dec 15 2015 cooloAATTsuse.com- add nokogiri-1.6.7.diff to fix the mini_portile2 dependency
* Tue Dec 01 2015 cooloAATTsuse.com- updated to version 1.6.7 see installed CHANGELOG.rdoc === 1.6.7 / 2015-11-29 ==== Notes This version supports native builds on Windows using the RubyInstaller DevKit. It also supports Ruby 2.2.x on Windows, as well as making several other improvements to the installation process on various platforms. This version also includes the security patches already applied in v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source. See #1374 and #1376 for details. ==== Features
* Cross-built gems now have a proper ruby version requirement. (#1266)
* Ruby 2.2.x is supported on Windows.
* Native build is supported on Windows.
* [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, AATThernan-erasmo!)
* [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, AATTtwalpole!)
* [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, AATTneonichu!) ==== Bug Fixes
* [JRuby] reset the namespace cache when replacing the document\'s innerHtml (#1265) (Thanks, AATTmkristian!)
* [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!)
* [MRI] Duplicate-id errors when setting the `id` attribute on HTML documents are now silenced. (#1262)
* [JRuby] SAX parser cuts texts in peices when quare brackets exist. (#1261)
* [JRuby] Namespaced attributes aren\'t removed by remove_attribute. (#1299)
* Tue Nov 24 2015 cooloAATTsuse.com- updated to version 1.6.6.4 see installed CHANGELOG.rdoc === 1.6.6.4 / 2015-11-19 This version pulls in an upstream patche to the vendored libxml2 to address:
* unclosed comment uninitialized access issue (#1376) This issue does not have a CVE assigned to it as this time.
* Tue Nov 17 2015 cooloAATTsuse.com- updated to version 1.6.6.3 see installed CHANGELOG.rdoc === 1.6.6.3 / 2015-11-16 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:
* CVE-2015-1819
* CVE-2015-7941_1
* CVE-2015-7941_2
* CVE-2015-7942
* CVE-2015-7942-2
* CVE-2015-8035
* CVE-2015-7995 See #1374 for details.
* Wed Feb 04 2015 hvogelAATTsuse.com- Update to 1.6.6.2
* Fixed installation issue affecting compiler arguments. (#1230)
* Unified Node and NodeSet implementations of #search, #xpath and #css.
* Added Node#lang and Node#lang=.
* bin/nokogiri passes the URI to parse() if an HTTP URL is given.
* bin/nokogiri now loads ~/.nokogirirc so user can define helper methods, etc.
* bin/nokogiri can be configured to use Pry instead of IRB by adding a couple of lines to ~/.nokogirirc. (#1198)
* bin/nokogiri can better handle urls from STDIN (aiding use of xargs). (#1065)
* DocumentFragment#search now matches against root nodes. (#1205)
* (MRI) More fixes related to handling libxml2 parse errors during DocumentFragment#dup. (#1196)
* `XML::Comment.new` argument types are now consistent and safe (and documented) across MRI and JRuby. (#1224)
* Check if `zlib` is available before building `libxml2`. (#1188)
* Implement Slop#respond_to_missing?. (#1176)
* Optimized the XPath query generated by an `an+b` CSS query.
* Capture non-parse errors from Document#dup in Document#errors. (#1196)
* (MRI) Fix a bug where CFLAGS passed in are dropped. (#1188)
* Fix a bug where CSS selector :nth(n) did not work. (#1187)
* (MRI) Bundled Libxml2 is upgraded to 2.9.2.
* (MRI) `nokogiri --version` will include a list of applied patches.
* (MRI) Nokogiri no longer prints messages directly to TTY while building the extension.
* (MRI) Improve the iconv detection for building libxml2.
* (MRI) Fix DocumentFragment#element_children (#1138).
* Fix a bug with CSS attribute selector without any prefix where \"foo [bar]\" was treated as \"foo[bar]\". (#1174)
* Wed Oct 15 2014 cooloAATTsuse.com- adapt to new rubygem packaging
 
ICM