pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/textproc/ruby-nokogiri
Module Name: pkgsrc
Committed By: tsutsui
Date: Fri Jun 19 13:11:17 UTC 2026
Modified Files:
pkgsrc/textproc/ruby-nokogiri: Makefile distinfo
Log Message:
ruby-nokogiri: update to 1.19.4
Upstream changelog:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.19.4
v1.19.4 / 2026-06-18
Security
* [CRuby] (Low) Fixed a possible invalid memory read when XML::Node#
initialize_copy_with_args is called with an argument that is not a
Node. See GHSA-g9g8-vgvw-g3vf for more information.
* [CRuby] (Low) Fixed a possible use-after-free when an
XML::XPathContext is used after its source document has been
garbage collected. See GHSA-p67v-3w7g-wjg7 for more information.
* [CRuby] (Low) Fixed a possible use-after-free during XInclude
processing via Node#do_xinclude. See GHSA-wfpw-mmfh-qq69 for more
information.
* [CRuby] (Low) Fixed a possible use-after-free when Document#root=
is assigned a non-element node. See GHSA-wjv4-x9w8-wm3h for more
information.
* [CRuby] (Low) Fixed a possible use-after-free when setting an
attribute value via XML::Attr#value= or #content=. See
GHSA-phwj-rprq-35pp for more information.
* [CRuby] (Low) Fixed a null pointer dereference when methods are
called on uninitialized wrapper objects (e.g. via allocate); these
now raise instead of crashing the process. See GHSA-9cv2-cfxc-v4v2
for more information.
* [CRuby] (Low) Fixed a possible use-after-free when Document#
encoding= raises an exception. See GHSA-5v8h-3h3q-446p for more
information.
* [CRuby] (Medium) Fixed an out-of-bounds read in XML::NodeSet#[]
(alias #slice) when given a large negative index. See
GHSA-5prr-v3j2-97mh for more information.
* [JRuby] (Low) XML::Schema now enforces the NONET parse option,
which Nokogiri enables by default. It was not enforced on JRuby, so
a schema parsed with default options could still fetch external
resources over the network, potentially enabling SSRF or XXE
attacks and bypassing the mitigation for CVE-2020-26247. See
GHSA-8678-w3jw-xfc2 for more information.
To generate a diff of this commit:
cvs rdiff -u -r1.110 -r1.111 pkgsrc/textproc/ruby-nokogiri/Makefile
cvs rdiff -u -r1.77 -r1.78 pkgsrc/textproc/ruby-nokogiri/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/textproc/ruby-nokogiri/Makefile
diff -u pkgsrc/textproc/ruby-nokogiri/Makefile:1.110 pkgsrc/textproc/ruby-nokogiri/Makefile:1.111
--- pkgsrc/textproc/ruby-nokogiri/Makefile:1.110 Wed Apr 29 00:01:39 2026
+++ pkgsrc/textproc/ruby-nokogiri/Makefile Fri Jun 19 13:11:17 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.110 2026/04/29 00:01:39 tsutsui Exp $
+# $NetBSD: Makefile,v 1.111 2026/06/19 13:11:17 tsutsui Exp $
-DISTNAME= nokogiri-1.19.3
+DISTNAME= nokogiri-1.19.4
CATEGORIES= textproc
MAINTAINER= tsutsui%NetBSD.org@localhost
Index: pkgsrc/textproc/ruby-nokogiri/distinfo
diff -u pkgsrc/textproc/ruby-nokogiri/distinfo:1.77 pkgsrc/textproc/ruby-nokogiri/distinfo:1.78
--- pkgsrc/textproc/ruby-nokogiri/distinfo:1.77 Wed Apr 29 00:01:39 2026
+++ pkgsrc/textproc/ruby-nokogiri/distinfo Fri Jun 19 13:11:17 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.77 2026/04/29 00:01:39 tsutsui Exp $
+$NetBSD: distinfo,v 1.78 2026/06/19 13:11:17 tsutsui Exp $
-BLAKE2s (nokogiri-1.19.3.gem) = 5b3a53e5cf78d489beed975dd9e8ee7c6ec33c0d251a3d13681599bff40ac932
-SHA512 (nokogiri-1.19.3.gem) = b0b76e4b80e54465218c96664b5bede1dfd2656b5540c5b39b9abebf7f38783e1f4f7bba28595bdf54892cd1cc2fa8473b3702f5638a344d3c6feb8809106cb3
-Size (nokogiri-1.19.3.gem) = 4367360 bytes
+BLAKE2s (nokogiri-1.19.4.gem) = 93f0800faf010eeda807555cc620517288ee8a46436475cb6aabdf3eaaa7f32b
+SHA512 (nokogiri-1.19.4.gem) = b349dbadfcab6cdde847e3f03284a79be77313b8c02a0fb45b557b001dfdc2b7d937de9f14daaf3f5c03a198138a8c547d3d9a79f030e404b966afca0f6d730c
+Size (nokogiri-1.19.4.gem) = 4369408 bytes
Home |
Main Index |
Thread Index |
Old Index