Commit graph

62 commits

Author SHA1 Message Date
adam
9d0e79c401 revbump for textproc/icu 2021-04-21 11:40:12 +00:00
tsutsui
5f312f581b ruby-nokogiri: update to 1.11.2.
Upstream changelog (from CHANGELOG.md):

1.11.2 / 2021-03-11

Fixed

  * [CRuby] NodeSet may now safely contain Node objects from multiple
    documents. Previously the GC lifecycle of the parent Document objects could
    lead to nodes being GCed while still in scope. [#1952]
  * [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA
    elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
  * [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and
    link against nokogiri.so by including LDFLAGS in Nokogiri::VERSION_INFO. [#
    2167]
  * [CRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once.
    Previously #initialize was invoked twice on each object.
  * [JRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once.
    Previously #initialize was not called, which was a problem for subclassing
    such as done by Loofah.

Improved

  * Reduce the number of object allocations needed when parsing an
    HTML::DocumentFragment. [#2087] (Thanks, @ashmaroli!)
  * [JRuby] Update the algorithm used to calculate Node#line to be wrong
    less-often. The underlying parser, Xerces, does not track line numbers, and
    so we've always used a hacky solution for this method. [#1223, #2177]
  * Introduce --enable-system-libraries and --disable-system-libraries flags to
    extconf.rb. These flags provide the same functionality as
    --use-system-libraries and the NOKOGIRI_USE_SYSTEM_LIBRARIES environment
    variable, but are more idiomatic. [#2193] (Thanks, @eregon!)
  * [TruffleRuby] --disable-static is now the default on TruffleRuby when the
    packaged libraries are used. This is more flexible and compiles faster.
    (Note, though, that the default on TR is still to use system libraries.) [#
    2191, #2193] (Thanks, @eregon!)

Changed

  * Nokogiri::XML::Path is now a Module (previously it has been a Class). It
    has been acting solely as a Module since v1.0.0. See 8461c74.
2021-03-19 16:52:25 +00:00
tsutsui
86350f4717 ruby-nokogiri: update to 1.11.1.
Upstream changelog (from CHANGELOG.md):

v1.11.1 / 2021-01-06

 Fixed

  * [CRuby] If libxml-ruby is loaded before nokogiri, the SAX and Push parsers
    no longer call libxml-ruby's handlers. Instead, they defensively override
    the libxml2 global handler before parsing. [#2168]

v1.11.0 / 2021-01-03

 Notes

 Faster, more reliable installation: Native Gems for Linux and OSX/Darwin

"Native gems" contain pre-compiled libraries for a specific machine
architecture. On supported platforms, this removes the need for compiling the C
extension and the packaged libraries. This results in much faster installation
and more reliable installation, which as you probably know are the biggest
headaches for Nokogiri users.

We've been shipping native Windows gems since 2009, but starting in v1.11.0 we
are also shipping native gems for these platforms:

  * Linux: x86-linux and x86_64-linux -- including musl platforms like alpine
  * OSX/Darwin: x86_64-darwin and arm64-darwin

We'd appreciate your thoughts and feedback on this work at #2075.

 Dependencies

 Ruby

This release introduces support for Ruby 2.7 and 3.0 in the precompiled native
gems.

This release ends support for:

  * Ruby 2.3, for which official support ended on 2019-03-31 [#1886] (Thanks
    @ashmaroli!)
  * Ruby 2.4, for which official support ended on 2020-04-05
  * JRuby 9.1, which is the Ruby 2.3-compatible release.

 Gems

  * Explicitly add racc as a runtime dependency. [#1988] (Thanks, @voxik!)
  * [MRI] Upgrade mini_portile2 dependency from ~> 2.4.0 to ~> 2.5.0 [#2005]
    (Thanks, @alejandroperea!)

 Security

See note below about CVE-2020-26247 in the "Changed" subsection entitled
"XML::Schema parsing treats input as untrusted by default".

 Added

  * Add Node methods for manipulating "keyword attributes" (for example, class
    and rel): #kwattr_values, #kwattr_add, #kwattr_append, and #kwattr_remove.
    [#2000]
  * Add support for CSS queries a:has(> b), a:has(~ b), and a:has(+ b). [#688]
    (Thanks, @jonathanhefner!)
  * Add Node#value? to better match expected semantics of a Hash-like object.
    [#1838, #1840] (Thanks, @MatzFan!)
  * [CRuby] Add Nokogiri::XML::Node#line= for use by downstream libs like
    nokogumbo. [#1918] (Thanks, @stevecheckoway!)
  * nokogiri.gemspec is back after a 10-year hiatus. We still prefer you use
    the official releases, but master is pretty stable these days, and YOLO.

 Performance

  * [CRuby] The CSS ~= operator and class selector . are about 2x faster.
    [#2137, #2135]
  * [CRuby] Patch libxml2 to call strlen from xmlStrlen rather than the naive
    implementation, because strlen is generally optimized for the architecture.
    [#2144] (Thanks, @ilyazub!)
  * Improve performance of some namespace operations. [#1916] (Thanks,
    @ashmaroli!)
  * Remove unnecessary array allocations from Node serialization methods
    [#1911] (Thanks, @ashmaroli!)
  * Avoid creation of unnecessary zero-length String objects. [#1970] (Thanks,
    @ashmaroli!)
  * Always compile libxml2 and libxslt with '-O2' [#2022, #2100] (Thanks,
    @ilyazub!)
  * [JRuby] Lots of code cleanup and performance improvements. [#1934] (Thanks,
    @kares!)
  * [CRuby] RelaxNG.from_document no longer leaks memory. [#2114]

 Improved

  * [CRuby] Handle incorrectly-closed HTML comments as WHATWG recommends for
    browsers. [#2058] (Thanks to HackerOne user mayflower for reporting this!)
  * {HTML,XML}::Document#parse now accept Pathname objects. Previously this
    worked only if the referenced file was less than 4096 bytes long; longer
    files resulted in undefined behavior because the read method would be
    repeatedly invoked. [#1821, #2110] (Thanks, @doriantaylor and @phokz!)
  * [CRuby] Nokogumbo builds faster because it can now use header files
    provided by Nokogiri. [#1788] (Thanks, @stevecheckoway!)
  * Add frozen_string_literal: true magic comment to all lib files. [#1745]
    (Thanks, @oniofchaos!)
  * [JRuby] Clean up deprecated calls into JRuby. [#2027] (Thanks, @headius!)

 Fixed

  * HTML Parsing in "strict" mode (i.e., the RECOVER parse option not set) now
    correctly raises a XML::SyntaxError exception. Previously the value of the
    RECOVER bit was being ignored by CRuby and was misinterpreted by JRuby.
    [#2130]
  * The CSS ~= operator now correctly handles non-space whitespace in the class
    attribute. commit e45dedd
  * The switch to turn off the CSS-to-XPath cache is now thread-local, rather
    than being shared mutable state. [#1935]
  * The Node methods add_previous_sibling, previous=, before, add_next_sibling,
    next=, after, replace, and swap now correctly use their parent as the
    context node for parsing markup. These methods now also raise a
    RuntimeError if they are called on a node with no parent. [nokogumbo#160]
  * [JRuby] XML::Schema XSD validation errors are captured in XML::Schema#
    errors. These errors were previously ignored.
  * [JRuby] Standardize reading from IO like objects, including StringIO.
    [#1888, #1897]
  * [JRuby] Fix how custom XPath function namespaces are inferred to be less
    naive. [#1890, #2148]
  * [JRuby] Clarify exception message when custom XPath functions can't be
    resolved.
  * [JRuby] Comparison of Node to Document with Node#<=> now matches
    CRuby/libxml2 behavior.
  * [CRuby] Syntax errors are now correctly captured in Document#errors for
    short HTML documents. Previously the SAX parser used for encoding detection
    was clobbering libxml2's global error handler.
  * [CRuby] Fixed installation on AIX with respect to vasprintf. [#1908]
  * [CRuby] On some platforms, avoid symbol name collision with glibc's
    canonicalize. [#2105]
  * [Windows Visual C++] Fixed compiler warnings and errors. [#2061, #2068]
  * [CRuby] Fixed Nokogumbo integration which broke in the v1.11.0 release
    candidates. [#1788] (Thanks, @stevecheckoway!)
  * [JRuby] Fixed document encoding regression in v1.11.0 release candidates.
    [#2080, #2083] (Thanks, @thbar!)

 Removed

  * The internal method Nokogiri::CSS::Parser.cache_on= has been removed. Use
    .set_cache if you need to muck with the cache internals.
  * The class method Nokogiri::CSS::Parser.parse has been removed. This was
    originally deprecated in 2009 in 13db61b. Use Nokogiri::CSS.parse instead.

 Changed

 XML::Schema input is now "untrusted" by default

Address CVE-2020-26247.

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema
were trusted by default, allowing external resources to be accessed over the
network, potentially enabling XXE or SSRF attacks.

This behavior is counter to the security policy intended by Nokogiri
maintainers, which is to treat all input as untrusted by default whenever
possible.

Please note that this security fix was pushed into a new minor version, 1.11.x,
rather than a patch release to the 1.10.x branch, because it is a breaking
change for some schemas and the risk was assessed to be "Low Severity".

More information and instructions for enabling "trusted input" behavior in
v1.11.0.rc4 and later is available at the public advisory.

 HTML parser now obeys the strict or norecover parsing option

(Also noted above in the "Fixed" section) HTML Parsing in "strict" mode (i.e.,
the RECOVER parse option not set) now correctly raises a XML::SyntaxError
exception. Previously the value of the RECOVER bit was being ignored by CRuby
and was misinterpreted by JRuby.

If you're using the default parser options, you will be unaffected by this fix.
If you're passing strict or norecover to your HTML parser call, you may be
surprised to see that the parser now fails to recover and raises a
XML::SyntaxError exception. Given the number of HTML documents on the internet
that libxml2 would consider to be ill-formed, this is probably not what you
want, and you can omit setting that parse option to restore the behavior that
you have been relying upon.

Apologies to anyone inconvenienced by this breaking bugfix being present in a
minor release, but I felt it was appropriate to introduce this fix because it's
straightforward to fix any code that has been relying on this buggy behavior.

 VersionInfo, the output of nokogiri -v, and related constants

This release changes the metadata provided in Nokogiri::VersionInfo which also
affects the output of nokogiri -v. Some related constants have also been
changed. If you're using VersionInfo programmatically, or relying on constants
related to underlying library versions, please read the detailed changes for
Nokogiri::VersionInfo at #2139 and accept our apologies for the inconvenience.
2021-01-08 17:09:41 +00:00
ryoon
2831546220 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:07:25 +00:00
tsutsui
02bc20b695 ruby-nokogiri: update to 1.10.10.
Upstream chages (from CHANGELOG.md):

1.10.10 / 2020-07-06

Features

* [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that
  prior to this release, the v1.11.x prereleases provided this support.
2020-10-03 14:27:32 +00:00
adam
6bd0c30da6 Revbump for icu 2020-06-02 08:22:31 +00:00
taca
85d4f92b6a textproc/ruby-nokogiri: fix ruby gem dependency
Relax dependency for mini_portile2 gem to fix runtime problem.
Noted by Robert Swindells on pkgsrc-users@NetBSD.org.

Bump PKGREVISION.
2020-03-29 05:21:40 +00:00
tsutsui
de9216ec2f ruby-nokogiri: relax dependency versions for ruby-mini_portile2. 2020-03-10 14:28:19 +00:00
tsutsui
c9f7e87aa7 ruby-nokogiri: update to 1.10.9.
Upstream chages (from CHANGELOG.md):

1.10.9 / 2020-03-01

Fixed

* [MRI] Raise an exception when Nokogiri detects a specific libxml2
  edge case involving blank Schema nodes wrapped by Ruby objects
  that would cause a segfault. Currently no fix is available upstream,
  so we're preventing a dangerous operation and informing users to
  code around it if possible. [#1985, #2001]
* [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object,
  for compilation under JRuby 9.2.9 and later. [#1968, #1969]
  (Thanks, @headius!)
2020-03-10 14:19:35 +00:00
tsutsui
cea86fc63b ruby-nokogiri: update to 1.10.8.
Upstream changelog (from CHANGELOG.md):

## 1.10.8 / 2020-02-10

### Security

[MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595.
Full details are available in [#1992](https://github.com/sparklemotion/nokogiri/issues/1992).
Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.
2020-02-16 04:11:05 +00:00
rillig
9637f7852e all: migrate homepages from http to https
pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
2020-01-26 17:30:40 +00:00
tsutsui
810b9444de ruby-nokogiri: update to 1.10.7.
Upstream changes (from CHANGELOG.md):

## 1.10.7 / 2019-12-03

### Bug

* [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954]


## 1.10.6 / 2019-12-03

### Bug

* [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)


## 1.10.5 / 2019-10-31

### Security

[MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

* CVE-2019-13117
* CVE-2019-13118
* CVE-2019-18197

More details are available at #1943.


### Dependencies

* [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
* [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
2019-12-11 14:52:21 +00:00
tsutsui
cfd28ad2ee ruby-nokogiri: update to 1.10.4.
Upstream changelog:
 https://github.com/sparklemotion/nokogiri/blob/v1.10.4/CHANGELOG.md

# 1.10.4 / 2019-08-07

### Security

#### Address CVE-2019-5477 (#1915)

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows
commands to be executed in a subprocess by Ruby's `Kernel.open` method.
Processes are vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input.

This vulnerability appears in code generated by the Rexical gem
versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate
lexical scanner code for parsing CSS queries. The underlying
vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded
to this version of Rexical in Nokogiri v1.10.4.

This CVE's public notice is
https://github.com/sparklemotion/nokogiri/issues/1915
2019-08-11 23:14:47 +00:00
tsutsui
fa80af2e38 ruby-nokogiri: update to 1.10.3.
Upstream changelog (from CHANGELOG.md):

## 1.10.3 / 2019-04-22

### Security Notes

[MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in [#1892](https://github.com/sparklemotion/nokogiri/issues/1892). Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.


## 1.10.2 / 2019-03-24

### Security

* [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
* [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]


### Bug fixes

* [JRuby] Fix node ownership in duplicated documents. [#1060]
* [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
2019-06-22 04:11:59 +00:00
tsutsui
fcc3f21074 ruby-nokogiri: update to 1.10.1.
Upstream changes (from CHANGELOG.md):

# 1.10.1 / 2019-01-13

### Features

* [MRI] During installation, handle Xcode 10's new library path.
  [#1801, #1851] (Thanks, @mlj and @deepj!)
* Avoid unnecessary creation of `Proc`s in many methods. [#1776]
  (Thanks, @chopraanmol1!)


### Bug fixes

* CSS selector `:has()` now correctly matches against any descendant.
  Previously this selector matched against only direct children).
  [#350] (Thanks, @Phrogz!)
* `NodeSet#attr` now returns `nil` if it's empty. Previously this
  raised a NoMethodError.
* [MRI] XPath errors are no longer suppressed during
  `XSLT::Stylesheet#transform`. Previously these errors were suppressed
  which led to silent failures and a subsequent segfault. [#1802]
2019-03-10 11:24:17 +00:00
tsutsui
25afc697d7 ruby-nokogiri: update to 1.10.0.
Upstream changes (from CHANGELOG.md):

## 1.10.0 / 2019-01-04

### Features

* [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850]


### Backwards incompatibilities

This release ends support for:

* Ruby 2.2, for which [official support ended on 2018-03-31](https://www.ruby-lang.org/en/news/2018/06/20/support-of-ruby-2-2-has-ended/) [#1841]
* JRuby 1.7, for which [official support ended on 2017-11-21](https://github.com/jruby/jruby/issues/4112) [#1741]


### Dependencies

* [MRI] libxml2 is updated from 2.9.8 to 2.9.9
* [MRI] libxslt is updated from 1.1.32 to 1.1.33


## 1.9.1 / 2018-12-17

### Bug fixes

* Fix a bug introduced in v1.9.0 where `XML::DocumentFragment#dup` no longer returned an instance of the callee's class, instead always returning an `XML::DocumentFragment`. This notably broke any subclass of `XML::DocumentFragment` including `HTML::DocumentFragment` as well as the Loofah gem's `Loofah::HTML::DocumentFragment`. [#1846]


## 1.9.0 / 2018-12-17

### Security Notes

* [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831] (Thanks @grajagandev for reporting.)


### Notable non-functional changes

* Decrease installation size by removing many unneeded files (e.g., `/test`) from the packaged gems. [#1719] (Thanks, @stevecrozz!)


### Features

* `XML::Attr#value=` allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800]
* Introduce `XML::Node#wrap` which does what `XML::NodeSet#wrap` has always done, but for a single node. [#1531] (Thanks, @ethirajsrinivasan!)
* [MRI] Improve installation experience on macOS High Sierra (Darwin). [#1812, #1813] (Thanks, @gpakosz and @nurse!)
* [MRI] Node#dup supports copying a node directly to a new document. See the method documentation for details.
* [MRI] DocumentFragment#dup is now more memory-efficient, avoiding making unnecessary copies. [#1063]
* [JRuby] NodeSet has been rewritten to improve performance! [#1795]


### Bug fixes

* `NodeSet#each` now returns `self` instead of zero. [#1822] (Thanks, @olehif!)
* [MRI] Address a memory leak when using XML::Builder to create nodes with namespaces. [#1810]
* [MRI] Address a memory leak when unparenting a DTD. [#1784] (Thanks, @stevecheckoway!)
* [MRI] Use RbConfig::CONFIG instead of ::MAKEFILE_CONFIG to fix installations that use Makefile macros. [#1820] (Thanks, @nobu!)
* [JRuby] Decrease large memory usage when making nested XPath queries. [#1749]
* [JRuby] Fix failing tests on JRuby 9.2.x
* [JRuby] Fix default namespaces in nodes reparented into a different document [#1774]
* [JRuby] Fix support for Java 9. [#1759] (Thanks, @Taywee!)


### Dependencies

* [MRI] Upgrade mini_portile2 dependency from `~> 2.3.0` to `~> 2.4.0`
2019-01-12 14:31:38 +00:00
tsutsui
38b500b92f ruby-nokogiri: update to 1.8.5.
Upstream changes (from CHANGELOG.md):

# 1.8.5 / 2018-10-04

## Security Notes

[MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404
and CVE-2018-14567. Full details are available in [#1785]
(https://github.com/sparklemotion/nokogiri/issues/1785).
Note that these patches are not yet (as of 2018-10-04) in an upstream
release of libxml2.


## Bug fixes

* [MRI] Fix regression in installation when building against system
  libraries, where some systems would not be able to find libxml2 or
  libxslt when present. (Regression introduced in v1.8.3.) [#1722]
* [JRuby] Fix node reparenting when the destination doc is empty. [#1773]
2018-11-01 15:00:31 +00:00
tsutsui
51b866b647 ruby-nokogiri: update to 1.8.4.
Upstream changes (from CHANGELOG.md):

# 1.8.4 / 2018-07-03

## Bug fixes

* [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771]
2018-07-06 19:12:31 +00:00
jperkin
2754df06c0 ruby-nokogiri: Fix build since last update. 2018-06-28 15:16:51 +00:00
tsutsui
a51a3fa571 nokogiri: update to 1.8.3.
Upstream changes (from CHANGELOG.md):

# 1.8.3 / 2018-06-16

## Security Notes

[MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048
(loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741
(rails-html-sanitizer gem). The commit in question is here:

> https://github.com/GNOME/libxml2/commit/960f0e2

and more information is available about this commit and its impact here:

> https://github.com/flavorjones/loofah/issues/144

This release simply reverts the libxml2 commit in question to protect users
of Nokogiri's vendored libraries from similar vulnerabilities.

If you're offended by what happened here, I'd kindly ask that you comment
on the upstream bug report here:

> https://bugzilla.gnome.org/show_bug.cgi?id=769760


## Dependencies

* [MRI] libxml2 is updated from 2.9.7 to 2.9.8


## Features

* Node#classes, #add_class, #append_class, and #remove_class are added.
* NodeSet#append_class is added.
* NodeSet#remove_attribute is a new alias for NodeSet#remove_attr.
* NodeSet#each now returns an Enumerator when no block is passed
  (Thanks, @park53kr!)
* [JRuby] General improvements in JRuby implementation (Thanks, @kares!)


## Bug fixes

* CSS attribute selectors now gracefully handle queries using integers. [#711]
* Handle ASCII-8BIT encoding on fragment input [#553]
* Handle non-string return values within `Reader` [#898]
* [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666]
* [JRuby] Stability and speed improvements to `Node`, `Sax::PushParser`,
  and the JRuby implementation [#1708, #1710, #1501]
2018-06-22 14:20:27 +00:00
tsutsui
6c867c09a8 ruby-nokogiri: update to 1.8.2.
Upstream changelog (from CHANGELOG.md):

# 1.8.2 / 2018-01-29

## Security Notes

[MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details]


## Dependencies

* [MRI] libxml2 is updated from 2.9.5 to 2.9.7
* [MRI] libxslt is updated from 1.1.30 to 1.1.32


## Features

* [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, @jeremyevans!)
* [MRI] Cross-built Windows gems now support Ruby 2.5


## Bug fixes

* Node#serialize once again returns UTF-8-encoded strings. [#1659]
* [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, @andrew-aladev!)
* [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]
2018-02-18 05:45:37 +00:00
tsutsui
6e436d2ead Actually take maintainership (missed in the previous commit). 2017-12-09 22:39:28 +00:00
tsutsui
cc034fc09f nokogiri: update to 1.8.1.
This version is necessary for ruby-mini_portile2 2.3.0 in pkgsrc-2017Q3.

pkgsrc changes:
- strict dependency against ruby-mini_portile2 as defined in the Gemfile
- take maintainership

Upstream changes (from CHANGELOG.md):

# 1.8.1 / 2017-09-19

## Dependencies

* [MRI] libxml2 is updated from 2.9.4 to 2.9.5.
* [MRI] libxslt is updated from 1.1.29 to 1.1.30.
* [MRI] optional dependency on the pkg-config gem has had its constraint loosened to `~> 1.1` (from `~> 1.1.7`). [#1660]
* [MRI] Upgrade mini_portile2 dependency from `~> 2.2.0` to `~> 2.3.0`, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them.


## Bugs

* NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, @Derenge!)
* [MRI] Ensure CData.new raises TypeError if the `content` argument is not implicitly convertible into a string. [#1669]
2017-10-20 15:56:58 +00:00
taca
b6f9932fbf Update ruby-nokogiri to 1.8.0.
# 1.8.0 / 2017-06-04

## Backwards incompatibilities

This release ends support for Ruby 2.1 on Windows in the `x86-mingw32` and `x64-mingw32` platform gems (containing pre-compiled DLLs). Official support ended for Ruby 2.1 on 2017-04-01.

Please note that this deprecation note only applies to the precompiled Windows gems. Ruby 2.1 continues to be supported (for now) in the default gem when compiled on installation.


## Dependencies

* [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries)
* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
* [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3
* [MRI] Upgrade mini-portile2 dependency from `~> 2.1.0` to `~> 2.2.0`


## Compatibility notes

* [JRuby] Removed support for `jruby --1.8` code paths. [#1607] (Thanks, @kares!)
* [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid deprecation issues going forward. See #1632 for details around this problem.


## Features

* NodeSet#clone is not an alias for NodeSet#dup [#1503] (Thanks, @stephankaag!)
* Allow Processing Instructions and Comments as children of a document root. [#1033] (Thanks, @windwiny!)
* [MRI] PushParser#replace_entities and #replace_entities= will control whether entities are replaced or not. [#1017] (Thanks, @spraints!)
* [MRI] SyntaxError#to_s now includes line number, column number, and log level if made available by the parser. [#1304, #1637] (Thanks, @spk and @ccarruitero!)
* [MRI] Cross-built Windows gems now support Ruby 2.4
* [MRI] Support for frozen string literals. [#1413]
* [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544]
* [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 hashes were used) [#1544]
* [JRuby] (performance) remove unnecessary synchronization of class-cache [#1563] (Thanks, @kares!)
* [JRuby] (performance) remove unnecessary cloning of objects in XPath searches [#1563] (Thanks, @kares!)
* [JRuby] (performance) more performance improvements, particularly in XPath, Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, @kares!)


## Bugs

* HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] (Thanks for the test case, @gregors!)
* Support installation on systems with a `lib64` site config. [#1562]
* [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] (Thanks, @jeremyevans!)
* [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477]
* [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can cause problems on some platforms. [#1517] (Thanks, @jeremy!)
* [JRuby] correctly append a text node before another text node [#1318] (Thanks, @jkraemer!)
* [JRuby] custom xpath functions returning an integer now work correctly [#1595] (Thanks, @kares!)
* [JRuby] serializing (`#to_html`, `#to_s`, et al) a document with explicit encoding now works correctly. [#1281, #1440] (Thanks, @kares!)
* [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, @kares!)
* [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, @kares!)
* [JRuby] Merged nodes no longer results in Java exceptions during XPath queries. [#1320] (Thanks, @kares!)


# 1.7.2 / 2017-05-09

## Security Notes

[MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738.

For more information:

* https://github.com/sparklemotion/nokogiri/issues/1634
* http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html
2017-06-05 15:22:56 +00:00
taca
52aea3db1f Update ruby-nokogiri to 1.7.1.
# 1.7.1 / unreleased

## Security Notes

[MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131.

For more information:

* https://github.com/sparklemotion/nokogiri/issues/1615
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
* http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html


## Dependencies

* [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
2017-03-20 15:36:43 +00:00
taca
1b7228523a Now gemspec dose not require ruby-pkg-config any more.
Bump PKGREVISION.
2017-01-08 05:36:55 +00:00
wiz
fded588464 Updated ruby-nokogiri to 1.7.0.1.
# 1.7.0.1 / 2017-01-04

## Bugs

* Fix OpenBSD support. (#1569) (related to #1543)


# 1.7.0 / 2016-12-26

## Features

* Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
* Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)


## Backwards incompatibilities.

This release ends support for:

* Ruby 1.9.2, for which official support ended on 2014-07-31
* Ruby 1.9.3, for which official support ended on 2015-02-23
* Ruby 2.0.0, for which official support ended on 2016-02-24
* MacRuby, which hasn't been actively supported since 2015-01-13 (see f76b9d6e99)
2017-01-07 22:30:13 +00:00
taca
ebc5ee53af Update ruby-nokogiri to 1.6.8.1
=== 1.6.8.1 / 2016-10-03

==== Dependency License Notes

Removes required dependency on the `pkg-config` gem. This dependency
was introduced in v1.6.8 and, because it's distributed under LGPL, was
objectionable to many Nokogiri users (#1488, #1496).

This version makes `pkg-config` an optional dependency. If it's
installed, it's used; but otherwise Nokogiri will attempt to work
around its absence.


=== 1.6.8 / unreleased

==== Security Notes

[MRI] Bundled libxml2 is upgraded to 2.9.4, which fixes many security issues. Many of these had previously been patched in the vendored libxml 2.9.2 in the 1.6.7.x branch, but some are newer.

See these libxml2 email posts for more:

* https://mail.gnome.org/archives/xml/2015-November/msg00012.html
* https://mail.gnome.org/archives/xml/2016-May/msg00023.html

For a more detailed analysis, you may care to read Canonical's take on these security issues:

* http://www.ubuntu.com/usn/usn-2994-1


[MRI] Bundled libxslt is upgraded to 1.1.29, which fixes a security issue as well as many long-known outstanding bugs, some features, some portability improvements, and general cleanup.

See this libxslt email post for more:

* https://mail.gnome.org/archives/xslt/2016-May/msg00004.html


==== Features

Several changes were made to improve performance:

* [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
* XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
* Use Symbol#to_proc where we weren't previously. (#1296) (Thanks, Bruno Sutic!)
* XML::DTD#each uses implicit block calls. (Thanks, @glaucocustodio!)
* Fall back to the `pkg-config` gem if we're having trouble finding the system libxml2. This should help many FreeBSD users. (#1417)
* Set document encoding appropriately even on blank document. (#1043) (Thanks, @batter!)


==== Bug Fixes

* [JRuby] fix slow add_child (#692)
* [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, @atambo and @jvshahid!)
* [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, @mkristian!)
* [JRuby] fix nil attriubte node's namespace in reader (#1327) (Thanks, @codekitchen!)
* [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, @mkristian!)
* [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, @esse!)
* [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
* [JRuby] HTML `style` tags are no longer encoded (#1316) (Thanks, @tbeauvais!)
* [MRI] fix assertion failure while accessing attribute node's namespace in reader (#843) (Thanks, @2potatocakes!)
* [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
* [MRI] Ensure C strings are null-terminated. (#1381)
* [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, @JonRowe!)
* [MRI] Handling another edge case where the `libxml-ruby` gem's global callbacks were smashing the heap. (#1426). (Thanks to @bbergstrom for providing an isolated test case!)
* [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
* [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, @ylecuyer!)
* [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, @ccutrer!)
* [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, @cuttrer and @bradleybeddoes!)
* unescape special characters in CSS queries (#1303) (Thanks, @twalpole!)
* consistently handle empty documents (#1349)
* Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402)
* Fix encoding of xml node namespaces.
* Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405)



==== Other Notes

* Removed legacy code remaining from Ruby 1.8.x support.
* Removed legacy code remaining from REE support.
* Removing hacky workarounds for bugs in some older versions of libxml2.
* Handling C strings in a forward-compatible manner, see https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319
2016-10-18 14:41:15 +00:00
taca
6da72dca13 Update ruby-nokogiri to 1.6.7.2.
Below security problem dose not affect to pkgsrc since we do not use bundlerd
libxml2.

=== 1.6.7.2 / 2015-01-20

This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

  CVE-2015-7499

Ubuntu classifies this as "Priority: Low", RedHat classifies this as "Impact: Moderate", and NIST classifies this as "Severity: 5.0 (MEDIUM)".

MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
2016-03-15 15:45:46 +00:00
tsutsui
4dbd38c23b Update ruby-nokogiri to 1.6.7.1.
pkgsrc changes:
* Fix DEPENDS on required ${RUBY_PKGPREFIX}-mini_portile2>=2.0.0

Upstream changes:

=== 1.6.7.1 / 2015-12-16

This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

  CVE-2015-5312
  CVE-2015-7497
  CVE-2015-7498
  CVE-2015-7499
  CVE-2015-7500
  CVE-2015-8241
  CVE-2015-8242
  CVE-2015-8317

See also http://www.ubuntu.com/usn/usn-2834-1/
2016-01-10 11:55:44 +00:00
taca
a83a685c4b Update ruby-nokogiri to 1.6.7.
=== 1.6.7 / 2015-11-29

==== Notes

This version supports native builds on Windows using the RubyInstaller
DevKit. It also supports Ruby 2.2.x on Windows, as well as making
several other improvements to the installation process on various
platforms.

This version also includes the security patches already applied in
v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source.
See #1374 and #1376 for details.

==== Features

* Cross-built gems now have a proper ruby version requirement. (#1266)
* Ruby 2.2.x is supported on Windows.
* Native build is supported on Windows.
* [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
* [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
* [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)

==== Bug Fixes

* [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
* [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!)
* [MRI] Duplicate-id errors when setting the `id` attribute on HTML documents are now silenced. (#1262)
* [JRuby] SAX parser cuts texts in peices when quare brackets exist. (#1261)
* [JRuby] Namespaced attributes aren't removed by remove_attribute. (#1299)
2015-12-13 15:26:42 +00:00
taca
665369c3cb Update ruby-nokogiri to 1.6.8.4.
=== 1.6.6.4 / 2015-11-19

This version pulls in an upstream patche to the vendored libxml2 to address:

* unclosed comment uninitialized access issue (#1376)

This issue does not have a CVE assigned to it as this time.
2015-11-23 07:28:01 +00:00
taca
18a09e2732 Update ruby-nokogiri to 1.6.6.3.
pkgsrc change: Add pkg_alternatives support.

=== 1.6.6.3 / 2015-11-16

This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

* CVE-2015-1819
* CVE-2015-7941_1
* CVE-2015-7941_2
* CVE-2015-7942
* CVE-2015-7942-2
* CVE-2015-8035
* CVE-2015-7995

See #1374 for details.
2015-11-18 16:04:50 +00:00
agc
2eddae48e5 Add SHA512 digests for distfiles for textproc category
Problems found locating distfiles:
	Package cabocha: missing distfile cabocha-0.68.tar.bz2
	Package convertlit: missing distfile clit18src.zip
	Package php-enchant: missing distfile php-enchant/enchant-1.1.0.tgz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:59:17 +00:00
taca
01ab22e11b Allow this package build on Ruby 2.2. 2015-06-07 16:07:42 +00:00
taca
17a1a339eb Add ${GEM_EXTSDIR}/gem.build_complete for new rubygems and updated ruby. 2015-03-08 15:17:17 +00:00
joerg
32d572adc9 Needs pkg-config. 2015-02-10 19:31:03 +00:00
taca
f66ee5507a Update ruby-nokogiri to 1.6.6.2.
=== 1.6.6.2 / 2015-01-23

==== Bug fixes

* Fixed installation issue affecting compiler arguments. (#1230)


=== 1.6.6.1 / 2015-01-22

Note that 1.6.6.0 was not released.

==== Features

* Unified Node and NodeSet implementations of #search, #xpath and #css.
* Added Node#lang and Node#lang=.
* bin/nokogiri passes the URI to parse() if an HTTP URL is given.
* bin/nokogiri now loads ~/.nokogirirc so user can define helper methods, etc.
* bin/nokogiri can be configured to use Pry instead of IRB by adding a couple of lines to ~/.nokogirirc. (#1198)
* bin/nokogiri can better handle urls from STDIN (aiding use of xargs). (#1065)
* JRuby 9K support.


==== Bug fixes

* DocumentFragment#search now matches against root nodes. (#1205)
* (MRI) More fixes related to handling libxml2 parse errors during DocumentFragment#dup. (#1196)
* (JRuby) Builder now handles namespace hrefs properly when there is a default ns. (#1039)
* (JRuby) Clear the XPath cache on attr removal. (#1109)
* `XML::Comment.new` argument types are now consistent and safe (and documented) across MRI and JRuby. (#1224)
* (MRI) Restoring support for Ruby 1.9.2 that was broken in v1.6.4.1 and v1.6.5. (#1207)
* Check if `zlib` is available before building `libxml2`. (#1188)
* (JRuby) HtmlSaxPushParser now exists. (#1147) (Thanks, Piotr Szmielew!)


=== 1.6.5 / 2014-11-26

==== Features

* Implement Slop#respond_to_missing?. (#1176)
* Optimized the XPath query generated by an `an+b` CSS query.


==== Bug fixes

* Capture non-parse errors from Document#dup in Document#errors. (#1196)
* (JRuby) Document#canonicalize parameters are now consistent with MRI. (#1189)


=== 1.6.4.1 / 2014-11-05

==== Bug fixes

* (MRI) Fix a bug where CFLAGS passed in are dropped. (#1188)
* Fix a bug where CSS selector :nth(n) did not work. (#1187)


=== 1.6.4 / 2014-11-04

==== Features

* (MRI) Bundled Libxml2 is upgraded to 2.9.2.
* (MRI) `nokogiri --version` will include a list of applied patches.
* (MRI) Nokogiri no longer prints messages directly to TTY while building the extension.
* (MRI) Detect and help user fix a missing /usr/include/iconv.h on OS X. (#1111)
* (MRI) Improve the iconv detection for building libxml2.

==== Bug fixes

* (MRI) Fix DocumentFragment#element_children (#1138).
* Fix a bug with CSS attribute selector without any prefix where "foo [bar]" was treated as "foo[bar]". (#1174)


=== 1.6.3.1 / 2014-07-21

==== Bug fixes

* Addressing an Apple Macintosh installation problem for GCC users. #1130 (Thanks, @zenspider!)


=== 1.6.3 / 2014-07-20

==== Features

* Added Node#document? and Node#processing_instruction?


==== Bug fixes

* [JRuby] Fix Ruby memory exhaustion vulnerability. #1087 (Thanks, @ocher)
* [MRI] Fix segfault during GC when using `libxml-ruby` and `nokogiri` together in multi-threaded environment. #895 (Thanks, @ender672!)
* Building on OSX 10.9 stock ruby 2.0.0 now works. #1101 (Thanks, @zenspider!)
* Node#parse now works again for HTML document nodes (broken in 1.6.2+).
* Processing instructions can now be added via Node#add_next_sibling.


=== 1.6.2.1 / 2014-05-13

==== Bug fixes

* Fix statically-linked libxml2 installation when using universal builds of Ruby. #1104
* Patching `mini_portile` to address the git dependency detailed in #1102.
* Library load fix to address segfault reported on some systems. #1097


=== 1.6.2 / 2014-05-12

==== Security Note

A set of security and bugfix patches have been backported from the libxml2 and libxslt repositories onto the version of 2.8.0 packaged with Nokogiri, including these notable security fixes:

* https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
* CVE-2013-2877 https://git.gnome.org/browse/libxml2/commit/?id=e50ba8164eee06461c73cd8abb9b46aa0be81869
* CVE-2014-0191 https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df

It is recommended that you upgrade from 1.6.x to this version as soon as possible.

==== Compatibility Note

Now requires libxml >= 2.6.21 (was previously >= 2.6.17).

==== Features

* Add cross building of fat binary gems for 64-Bit Windows (x64-mingw32) and add support for native builds on Windows. #864, #989, #1072
* (MRI) Alias CP932 to Windows-31J if iconv does not support Windows-31J.
* (MRI) Nokogiri now links packaged libraries statically. To disable static linking, pass --disable-static to extconf.rb. #923
* (MRI) Fix a library path (LIBPATH) precedence problem caused by CRuby bug #9760.
* (MRI) Nokogiri automatically deletes directories of packaged libraries only used during build. To keep them for debugging purposes, pass --disable-clean to extconf.rb. #952
* (MRI) Nokogiri now builds libxml2 properly with iconv support on platforms where libiconv is installed outside the system default directories, such as FreeBSD.
* Add support for an-b in nth selectors. #886 (Thanks, Magnus Bergmark!)
* Add support for bare and multiple :not() functions in selectors. #887 (Thanks, Magnus Bergmark!)
* (MRI) Add an extconf.rb option --use-system-libraries, alternative to setting the environment variable NOKOGIRI_USE_SYSTEM_LIBRARIES.
* (MRI) Update packaged libraries: libxslt to 1.1.28, zlib to 1.2.8, and libiconv to 1.14, respectively.
* Nokogiri::HTML::Document#title= and #meta_encoding= now always add an element if not present, trying hard to find the best place to put it.
* Nokogiri::XML::DTD#html_dtd? and #html5_dtd? are added.
* Nokogiri::XML::Node#prepend_child is added. #664
* Nokogiri::XML::SAX::ParserContext#recovery is added. #453
* Fix documentation for XML::Node#namespace. #803 #802 (Thanks, Hoylen Sue)
* Allow Nokogiri::XML::Node#parse from unparented non-element nodes. #407

==== Bugfixes

* Ensure :only-child pseudo class works within :not pseudo class. #858 (Thanks, Yamagishi Kazutoshi!)
* Don't call pkg_config when using bundled libraries in extconf.rb #931 (Thanks, Shota Fukumori!)
* Nokogiri.parse() does not mistake a non-HTML document like a RSS document as HTML document. #932 (Thanks, Yamagishi Kazutoshi!)
* (MRI) Perform a node type check before adding a child node to another. Previously adding a text node to another as a child could cause a SEGV. #1092
* (JRuby) XSD validation crashes in Java version. #373
* (JRuby) Document already has a root node error while using Builder. #646
* (JRuby) c14n tests are all passing on JRuby. #226
* Parsing empty documents raise SyntaxError in strict mode. #1005
* (JRuby) Make xpath faster by caching the xpath context. #741
* (JRuby) XML SAX push parser leaks memory on JRuby, but not on MRI. #998
* (JRuby) Inconsistent behavior aliasing the default namespace. #940
* (JRuby) Inconsistent behavior between parsing and adding namespaces. #943
* (JRuby) Xpath returns inconsistent result set on cloned document with namespaces and attributes. #1034
* (JRuby) Java-Implementation forgets element namespaces #902
* (JRuby) JRuby-Nokogiri does not recognise attributes inside namespaces #1081
* (JRuby) JRuby-Nokogiri has different comment node name #1080
* (JRuby) JAXPExtensionsProvider / Java 7 / Secure Processing #1070
2015-02-05 15:11:35 +00:00
schmonz
f389ae5cd4 Relax the version constraint to accept the latest ruby-mini_portile. 2014-12-10 01:54:33 +00:00
taca
4d0b4eb3d6 Ruby 1.8.7 (and prior release) support was dropped since
nokogiri 1.6.0.rc1.

No PKGREVISION bump since build already failed with ruby18.
2014-04-28 01:23:40 +00:00
taca
0a776e7752 * Fix PLIST due to broken print-PLIST target.
* Avoid to patch gemspec but use OVERRIDE_GEMSPEC.
2014-04-28 01:18:03 +00:00
jperkin
7e24bd2579 Update ruby-nokogiri to 1.6.0. This is a new branch. Changes:
1.6.0 / 2013-06-08

  This release was based on v1.5.10 and 1.6.0.rc1, and contains changes
  mentioned in both.

  Deprecations

    Remove pre 1.9 monitoring from Travis.

1.6.0.rc1 / 2013-04-14

  This release was based on v1.5.9, and so does not contain any fixes mentioned
  in the notes for v1.5.10.

  Notes

    mini_portile is now a runtime dependency

    Ruby 1.9.2 and higher now required

  Features

    (MRI) Source code for libxml 2.8.0 and libxslt 1.2.26 is packaged with the
    gem. These libraries are compiled at gem install time unless the environment
    variable NOKOGIRI_USE_SYSTEM_LIBRARIES is set. VERSION_INFO (also `nokogiri
    -v`) exposes whether libxml was compiled from packaged source, or the system
    library was used.

    (Windows) libxml upgraded to 2.8.0

  Deprecations

    Support for Ruby 1.8.7 and prior has been dropped
2014-04-25 09:28:57 +00:00
taca
56f83a17e2 Add support for GEM_EXTSDIR. 2014-03-25 16:14:45 +00:00
jperkin
9e7a1ba4b9 Set USE_GCC_RUNTIME=yes for packages which build shared libraries but do
not use libtool to do so.  This is required to correctly depend upon a
gcc runtime package (e.g. gcc47-libs) when using USE_PKGSRC_GCC_RUNTIME.
2014-03-13 11:08:49 +00:00
wiz
e03c03b6dc Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump. 2014-01-01 11:52:02 +00:00
taca
eeeb3247db Update ruby-nokogiri to 1.5.11, fixing security problem of CVE-2013-6461.
This problem is in JRuby only, but JRuby exists in pkgsrc-wip.

=== 1.5.11 / 2013-12-14

* Bugfixes

  * (JRuby) Fix out of memory bug when certain invalid documents are parsed.
  * (JRuby) Fix regression of billion-laughs vulnerability. #586
2013-12-29 23:26:04 +00:00
taca
4dfcb93ef7 Update ruby-nokogiri to 1.5.10.
=== 1.5.10 / 2013-06-07

* Bugfixes

  * (JRuby) Fix "null document" error when parsing an empty IO in jruby 1.7.3. #883
  * (JRuby) Fix schema validation when XSD has DOCTYPE set to DTD. #861 (Thanks, Patrick Cheng!)
  * (MRI) Fix segfault when there is no default subelement for an HTML node. #917


* Notes

  * Use rb_ary_entry instead of RARRAY_PTR (you know, for Rubinius). #877 (Thanks, Dirkjan Bussink!)
  * Fix TypeError when running tests. #900 (Thanks, Cédric Boutillier!)


=== 1.5.9 / 2013-03-21

* Bugfixes

  * Ensure that prefixed attributes are properly namespaced when reparented. #869
  * Fix for inconsistent namespaced attribute access for SVG nested in HTML. #861
  * (MRI) Fixed a memory leak in fragment parsing if nodes are not all subsequently reparented. #856


=== 1.5.8 / 2013-03-19

* Bugfixes

  * (JRuby) Fix EmptyStackException thrown by elements with xlink:href attributes and no base_uri #534, #805. (Thanks, Patrick Quinn and Brian Hoffman!)
  * Fixes duplicate attributes issue introduced in 1.5.7. #865
  * Allow use of a prefixed namespace on a root node using Nokogiri::XML::Builder #868


=== 1.5.7 / 2013-03-18

* Features

  * Windows support for Ruby 2.0.


* Bugfixes

  * SAX::Parser.parse_io throw an error when used with lower case encoding. #828
  * (JRuby) Java Nokogiri is finally green (passes all tests) under 1.8 and 1.9 mode. High five everyone. #798, #705
  * (JRuby) Nokogiri::XML::Reader broken (as a pull parser) on jruby - reads the whole XML document. #831
  * (JRuby) JRuby hangs parsing "&amp;". #837
  * (JRuby) JRuby NPE parsing an invalid XML instruction. #838
  * (JRuby) Node#content= incompatibility. #839
  * (JRuby) to_xhtml doesn't print the last slash for self-closing tags in JRuby. #834
  * (JRuby) Adding an EntityReference after a Text node mangles the entity in JRuby. #835
  * (JRuby) JRuby version inconsistency: nil for empty attributes. #818
  * CSS queries for classes (e.g., ".foo") now treat all whitespace identically. #854
  * Namespace behavior cleaned up and made consistent between JRuby and MRI. #846, #801 (Thanks, Michael Klein!)
  * (MRI) SAX parser handles empty processing instructions. #845
2013-09-15 16:20:51 +00:00
fhajny
68506b1e85 Resign as maintainer (not really using Ruby at all any more). 2013-09-09 12:29:25 +00:00
taca
eaef382bc9 Update ruby-nokogiri to 1.5.6.
== 1.5.6 / unreleased

* Features

  * Improved performance of XML::Document#collect_namespaces. #761 (Thanks, Juergen Mangler!)
  * New callback SAX::Document#processing_instruction (Thanks, Kitaiti Makoto!)
  * Node#native_content= allows setting unescaped node contant. #768
  * XPath lookup with namespaces supports symbol keys. #729 (Thanks, Ben Langfeld.)
  * XML::Node#[]= stringifies values. #729 (Thanks, Ben Langfeld.)
  * bin/nokogiri will process a document from $stdin
  * bin/nokogiri -e will execute a program from the command line
  * bin/nokogiri --version will print the Xerces and NekoHTML versions when ran with JRuby.


* Bugfixes
  * Nokogiri now detects XSLT transform errors. #731 (Thanks, Justin Fitzsimmons!)
  * Don't throw an Error when trying to replace top-level text node in DocumentFragment. #775
  * Raise an ArgumentError if an invalid encoding is passed to the SAX parser. #756 (Thanks, Bradley Schaefer!)
  * [JRuby] space prior to xml preamble causes nokogiri to fail parsing. (fixed along with #748) #790
  * [JRuby] Fixed the bug Nokogiri::XML::Node#content inconsistency between Java and C. #794, #797
  * [JRuby] raises INVALID_CHARACTER_ERR exception when EntityReference name starts with '#'. #719
  * [JRuby] doesn't coerce namespaces out of strings on a direct subclass of Node. #715
  * [JRuby] Node#content now renders newlines properly. #737 (Thanks, Piotr Szmielew!)
  * [JRuby] Unknown namespace are ignore when the recover option is used. #748
  * [JRuby] XPath queries for namespaces should not throw exceptions when called twice in a row. #764
  * [JRuby] More consistent (with libxml2) whitespace formatting when emitting XML. #771
  * [JRuby] namespaced attributes broken when appending raw xml to builder. #770
  * [JRuby] Nokogiri::XML::Document#wrap raises undefined method `length' for nil:NilClass when trying to << to a node. #781
  * [JRuby] Fixed "bad file descriptor" bug when closing open file descriptors. #495
  * [JRuby] JRuby/CRuby incompatibility for attribute decorators. #785
  * [JRuby] Issues parsing valid XML with no internal subset in the DTD. #547, #811
  * [JRuby] Issues parsing valid node content when it contains colons. #728
  * [JRuby] Correctly parse the doc type of html documents. #733
  * [JRuby] Include dtd in the xml output when a builder is used with create_internal_subset. #751
  * [JRuby] builder requires textwrappers for valid utf8 in jruby, not in mri. #784
2013-02-11 02:44:26 +00:00
asau
1f96787c11 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-25 06:55:37 +00:00