Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1652538811147620"
MIME-Version: 1.0
Date: Sat, 14 May 2022 14:33:31 +0000
From: "Izumi Tsutsui" <tsutsui@netbsd.org>
Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
To: pkgsrc-changes@NetBSD.org
Reply-To: tsutsui@netbsd.org
Message-Id: <20220514143331.619FDFAEB@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1652538811147620
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	tsutsui
Date:		Sat May 14 14:33:31 UTC 2022

Modified Files:
	pkgsrc/textproc/ruby-nokogiri: Makefile PLIST distinfo

Log Message:
ruby-nokogiri: update to 1.13.6.

Upstream changes:
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.5

1.13.6 / 2022-05-08

Security

  * [CRuby] Address CVE-2022-29181, improper handling of unexpected data types,
    related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for
    more information.

Improvements

  * {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
    TypeError instead of segfaulting when an incorrect type is passed.

1.13.5 / 2022-05-04

Security

  * [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See
    GHSA-cgx6-hpwq-fhv5 for more information.

Dependencies

  * [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

Improvements

  * [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when
    recovering some broken markup related to start-of-tag and bare <
    characters.

Changed

  * [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken
    markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and
    incorrectly-opened comments will result in HTML text nodes starting with &
    lt;! instead of skipping the invalid tag. This behavior is a direct result
    of the quadratic-behavior fix noted above. The behavior of downstream
    sanitizers relying on this behavior will also change. Some tests describing
    the changed behavior are in test/html4/test_comments.rb.


To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 pkgsrc/textproc/ruby-nokogiri/Makefile
cvs rdiff -u -r1.36 -r1.37 pkgsrc/textproc/ruby-nokogiri/PLIST
cvs rdiff -u -r1.50 -r1.51 pkgsrc/textproc/ruby-nokogiri/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1652538811147620
Content-Disposition: inline
Content-Length: 2999
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/textproc/ruby-nokogiri/Makefile
diff -u pkgsrc/textproc/ruby-nokogiri/Makefile:1.70 pkgsrc/textproc/ruby-nokogiri/Makefile:1.71
--- pkgsrc/textproc/ruby-nokogiri/Makefile:1.70	Sat Apr 16 14:28:18 2022
+++ pkgsrc/textproc/ruby-nokogiri/Makefile	Sat May 14 14:33:31 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.70 2022/04/16 14:28:18 tsutsui Exp $
+# $NetBSD: Makefile,v 1.71 2022/05/14 14:33:31 tsutsui Exp $
 
-DISTNAME=	nokogiri-1.13.4
+DISTNAME=	nokogiri-1.13.6
 CATEGORIES=	textproc
 
 MAINTAINER=	tsutsui@NetBSD.org
@@ -14,7 +14,7 @@ USE_GCC_RUNTIME=	yes
 USE_TOOLS+=		pkg-config
 MAKE_ENV+=		NOKOGIRI_USE_SYSTEM_LIBRARIES=yes
 RUBYGEM_OPTIONS+=	--format-executable
-OVERRIDE_GEMSPEC+=	:files ports/archives/libxml2-2.9.13.tar.gz= \
+OVERRIDE_GEMSPEC+=	:files ports/archives/libxml2-2.9.14.tar.gz= \
 			ports/archives/libxslt-1.1.35.tar.gz=
 
 # XXX: work around bug in bootstrap-mk-files, remove when fixed

Index: pkgsrc/textproc/ruby-nokogiri/PLIST
diff -u pkgsrc/textproc/ruby-nokogiri/PLIST:1.36 pkgsrc/textproc/ruby-nokogiri/PLIST:1.37
--- pkgsrc/textproc/ruby-nokogiri/PLIST:1.36	Sun Mar  6 17:14:34 2022
+++ pkgsrc/textproc/ruby-nokogiri/PLIST	Sat May 14 14:33:31 2022
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.36 2022/03/06 17:14:34 tsutsui Exp $
+@comment $NetBSD: PLIST,v 1.37 2022/05/14 14:33:31 tsutsui Exp $
 bin/nokogiri${RUBY_SUFFIX}
 ${GEM_HOME}/cache/${GEM_NAME}.gem
 ${GEM_EXTSDIR}/gem.build_complete
@@ -175,6 +175,5 @@ ${GEM_LIBDIR}/patches/libxml2/0005-avoid
 ${GEM_LIBDIR}/patches/libxml2/0006-update-automake-files-for-arm64.patch
 ${GEM_LIBDIR}/patches/libxml2/0008-htmlParseComment-handle-abruptly-closed-comments.patch
 ${GEM_LIBDIR}/patches/libxml2/0009-allow-wildcard-namespaces.patch
-${GEM_LIBDIR}/patches/libxml2/0010-Revert-Different-approach-to-fix-quadratic-behavior.patch
 ${GEM_LIBDIR}/patches/libxslt/0001-update-automake-files-for-arm64.patch
 ${GEM_HOME}/specifications/${GEM_NAME}.gemspec

Index: pkgsrc/textproc/ruby-nokogiri/distinfo
diff -u pkgsrc/textproc/ruby-nokogiri/distinfo:1.50 pkgsrc/textproc/ruby-nokogiri/distinfo:1.51
--- pkgsrc/textproc/ruby-nokogiri/distinfo:1.50	Sat Apr 16 14:28:18 2022
+++ pkgsrc/textproc/ruby-nokogiri/distinfo	Sat May 14 14:33:31 2022
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.50 2022/04/16 14:28:18 tsutsui Exp $
+$NetBSD: distinfo,v 1.51 2022/05/14 14:33:31 tsutsui Exp $
 
-BLAKE2s (nokogiri-1.13.4.gem) = eeb5307c42870338c02c160081ac950686e759dda6517b2120a36ce8d96d71d9
-SHA512 (nokogiri-1.13.4.gem) = f2982819aa6d2bce87fc6e9d67e5b06a7f75c85d926eca306b2a13f00ec18c05650e510b1897610171901c891db8231e6ad850cad33d66e7f7a530b3869528af
-Size (nokogiri-1.13.4.gem) = 5492736 bytes
+BLAKE2s (nokogiri-1.13.6.gem) = faf40e01edf43045aa1f90041b1c3d82b8e08a1bfd60574dd3c963947417f7c9
+SHA512 (nokogiri-1.13.6.gem) = 1928b41b1e8f5e99792b8427b8228343d53deca56d472055b2afdf29d247637acc3403c5183be0f80e64b55ba20747a152ce5eebdaf90a4c431ca54010ce4b3f
+Size (nokogiri-1.13.6.gem) = 5379072 bytes


--_----------=_1652538811147620--