Hello community, here is the log from the commit of package rubygem-nokogiri for openSUSE:Factory checked in at 2018-07-07 21:54:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-nokogiri (Old) and /work/SRC/openSUSE:Factory/.rubygem-nokogiri.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-nokogiri" Sat Jul 7 21:54:02 2018 rev:38 rq:620580 version:1.8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-nokogiri/rubygem-nokogiri.changes 2018-02-13 10:27:33.757073188 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-nokogiri.new/rubygem-nokogiri.changes 2018-07-07 21:54:10.567639356 +0200 @@ -1,0 +2,59 @@ +Wed Jul 4 01:09:15 UTC 2018 - [email protected] + +- updated to version 1.8.4 + see installed CHANGELOG.md + + # 1.8.4 / 2018-07-03 + + ## Bug fixes + + * [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771] + +------------------------------------------------------------------- +Sat Jun 16 21:08:46 UTC 2018 - [email protected] + +- updated to version 1.8.3 + see installed CHANGELOG.md + + # 1.8.3 / 2018-06-16 + + ## Security Notes + + [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here: + + > https://github.com/GNOME/libxml2/commit/960f0e2 + + and more information is available about this commit and its impact here: + + > https://github.com/flavorjones/loofah/issues/144 + + This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities. + + If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here: + + > https://bugzilla.gnome.org/show_bug.cgi?id=769760 + + + ## Dependencies + + * [MRI] libxml2 is updated from 2.9.7 to 2.9.8 + + + ## Features + + * Node#classes, #add_class, #append_class, and #remove_class are added. + * NodeSet#append_class is added. + * NodeSet#remove_attribute is a new alias for NodeSet#remove_attr. + * NodeSet#each now returns an Enumerator when no block is passed (Thanks, @park53kr!) + * [JRuby] General improvements in JRuby implementation (Thanks, @kares!) + + + ## Bug fixes + + * CSS attribute selectors now gracefully handle queries using integers. [#711] + * Handle ASCII-8BIT encoding on fragment input [#553] + * Handle non-string return values within `Reader` [#898] + * [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666] + * [JRuby] Stability and speed improvements to `Node`, `Sax::PushParser`, and the JRuby implementation [#1708, #1710, #1501] + +------------------------------------------------------------------- Old: ---- nokogiri-1.8.2.gem New: ---- nokogiri-1.8.4.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-nokogiri.spec ++++++ --- /var/tmp/diff_new_pack.Oyj4mc/_old 2018-07-07 21:54:11.999637535 +0200 +++ /var/tmp/diff_new_pack.Oyj4mc/_new 2018-07-07 21:54:12.003637530 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-nokogiri -Version: 1.8.2 +Version: 1.8.4 Release: 0 %define mod_name nokogiri %define mod_full_name %{mod_name}-%{version} @@ -40,7 +40,6 @@ BuildRequires: %{rubygem rdoc > 3.10} BuildRequires: ruby-macros >= 5 BuildRequires: update-alternatives -Url: http://nokogiri.org Source: https://rubygems.org/gems/%{mod_full_name}.gem Source1: rubygem-nokogiri-rpmlintrc Source2: gem2rpm.yml ++++++ nokogiri-1.8.2.gem -> nokogiri-1.8.4.gem ++++++ /work/SRC/openSUSE:Factory/rubygem-nokogiri/nokogiri-1.8.2.gem /work/SRC/openSUSE:Factory/.rubygem-nokogiri.new/nokogiri-1.8.4.gem differ: char 133, line 1
