[packages/libxml2] - updated to 2.9.13 (fixes CVE-2022-23308) - removed obsolete lxml-api-abuse patch
qboosh
qboosh at pld-linux.org
Mon Feb 21 17:43:29 CET 2022
commit 26990bdf6c51f2f7c4ed79fc05a7fbde487b083f
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Mon Feb 21 17:45:01 2022 +0100
- updated to 2.9.13 (fixes CVE-2022-23308)
- removed obsolete lxml-api-abuse patch
libxml2.spec | 33 ++++----
lxml-api-abuse.patch | 211 ---------------------------------------------------
2 files changed, 17 insertions(+), 227 deletions(-)
---
diff --git a/libxml2.spec b/libxml2.spec
index f8247ed..381845c 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -15,18 +15,18 @@ Summary(es.UTF-8): Biblioteca libXML version 2
Summary(pl.UTF-8): Biblioteka libXML wersja 2
Summary(pt_BR.UTF-8): Biblioteca libXML versão 2
Name: libxml2
-Version: 2.9.12
-Release: 2
+Version: 2.9.13
+Release: 1
Epoch: 1
License: MIT
Group: Libraries
-Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
-# Source0-md5: f433a39be087a9f0b197eb2307ad9f75
+#Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
+Source0: https://download.gnome.org/sources/libxml2/2.9/%{name}-%{version}.tar.xz
+# Source0-md5: 824470f8cc325ae6b01f174b842c321f
Patch0: %{name}-man_fixes.patch
Patch1: %{name}-open.gz.patch
Patch2: %{name}-largefile.patch
Patch3: %{name}-libx32.patch
-Patch4: lxml-api-abuse.patch
# Fedora patches
# https://bugzilla.gnome.org/show_bug.cgi?id=789714
Patch11: %{name}-python3-unicode-errors.patch
@@ -44,7 +44,10 @@ BuildRequires: python3-devel >= 1:3.2
BuildRequires: python3-modules >= 1:3.2
BuildRequires: rpm-pythonprov
%endif
+BuildRequires: rpm-build >= 4.6
BuildRequires: rpmbuild(macros) >= 1.714
+BuildRequires: tar >= 1:1.22
+BuildRequires: xz
BuildRequires: xz-devel
%{?with_zlib:BuildRequires: zlib-devel >= 1.2.3.3}
# history support in xmllint is disabled by default
@@ -176,7 +179,6 @@ do biblioteki libxml2.
%endif
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%patch11 -p1
%build
@@ -190,6 +192,7 @@ do biblioteki libxml2.
%{!?with_static_libs:--disable-static} \
--without-python \
%{!?with_zlib:--without-zlib} \
+ --with-html-dir=%{_docdir}/libxml2 \
--with-lzma \
--with%{!?with_mem_debug:out}-mem-debug
@@ -217,9 +220,8 @@ rm -rf $RPM_BUILD_ROOT
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT \
- devhelpdir=%{_gtkdocdir}/libxml2 \
- m4datadir=%{_aclocaldir} \
- pkgconfigdir=%{_pkgconfigdir}
+ EXAMPLES_DIR=%{_examplesdir}/%{name}-%{version} \
+ devhelpdir=%{_gtkdocdir}/libxml2
%if %{with python2}
cd python
@@ -235,11 +237,9 @@ cd python
cd ..
%endif
-# move html doc to -devel package
-install -d $RPM_BUILD_ROOT%{_docdir}/%{name}-devel-%{version}
-%{__mv} $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}/html \
- $RPM_BUILD_ROOT%{_docdir}/%{name}-devel-%{version}
-%{__rm} -r $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version}
+# paths n/a in our packaging scheme
+%{__rm} $RPM_BUILD_ROOT%{_docdir}/%{name}/Copyright
+%{__rm} $RPM_BUILD_ROOT%{_examplesdir}/%{name}-%{version}/README
# install catalog file
install -d $RPM_BUILD_ROOT%{_sysconfdir}/xml
@@ -254,7 +254,7 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
-%doc AUTHORS ChangeLog Copyright NEWS README TODO
+%doc Copyright NEWS README.md TODO TODO_SCHEMAS
%attr(755,root,root) %{_libdir}/libxml2.so.*.*.*
%attr(755,root,root) %ghost %{_libdir}/libxml2.so.2
%{_mandir}/man3/libxml.3*
@@ -264,7 +264,6 @@ rm -rf $RPM_BUILD_ROOT
%files devel
%defattr(644,root,root,755)
-%doc %{_docdir}/%{name}-devel-%{version}
%attr(755,root,root) %{_bindir}/xml2-config
%attr(755,root,root) %{_libdir}/libxml2.so
%{_libdir}/libxml2.la
@@ -284,7 +283,9 @@ rm -rf $RPM_BUILD_ROOT
%if %{with apidocs}
%files apidocs
%defattr(644,root,root,755)
+%{_docdir}/%{name}
%{_gtkdocdir}/libxml2
+%{_examplesdir}/%{name}-%{version}
%endif
%files progs
diff --git a/lxml-api-abuse.patch b/lxml-api-abuse.patch
deleted file mode 100644
index 482b9f0..0000000
--- a/lxml-api-abuse.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-From 85b1792e37b131e7a51af98a37f92472e8de5f3f Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer at aevum.de>
-Date: Tue, 18 May 2021 20:08:28 +0200
-Subject: [PATCH] Work around lxml API abuse
-
-Make xmlNodeDumpOutput and htmlNodeDumpFormatOutput work with corrupted
-parent pointers. This used to work with the old recursive code but the
-non-recursive rewrite required parent pointers to be set correctly.
-
-Unfortunately, lxml relies on the old behavior and passes subtrees with
-a corrupted structure. Fall back to a recursive function call if an
-invalid parent pointer is detected.
-
-Fixes #255.
----
- HTMLtree.c | 46 ++++++++++++++++++++++++++++------------------
- xmlsave.c | 31 +++++++++++++++++++++----------
- 2 files changed, 49 insertions(+), 28 deletions(-)
-
-diff --git a/HTMLtree.c b/HTMLtree.c
-index 24434d45..bdd639c7 100644
---- a/HTMLtree.c
-+++ b/HTMLtree.c
-@@ -744,7 +744,7 @@ void
- htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- xmlNodePtr cur, const char *encoding ATTRIBUTE_UNUSED,
- int format) {
-- xmlNodePtr root;
-+ xmlNodePtr root, parent;
- xmlAttrPtr attr;
- const htmlElemDesc * info;
-
-@@ -755,6 +755,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- }
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_HTML_DOCUMENT_NODE:
-@@ -762,13 +763,25 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- if (((xmlDocPtr) cur)->intSubset != NULL) {
- htmlDtdDumpOutput(buf, (xmlDocPtr) cur, NULL);
- }
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
- break;
-
- case XML_ELEMENT_NODE:
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ htmlNodeDumpFormatOutput(buf, doc, cur, encoding, format);
-+ break;
-+ }
-+
- /*
- * Get specific HTML info for that node.
- */
-@@ -817,6 +830,7 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (cur->name != NULL) &&
- (cur->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -825,9 +839,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (info != NULL) && (!info->isinline)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
-
-@@ -842,9 +856,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- break;
- if (((cur->name == (const xmlChar *)xmlStringText) ||
- (cur->name != (const xmlChar *)xmlStringTextNoenc)) &&
-- ((cur->parent == NULL) ||
-- ((xmlStrcasecmp(cur->parent->name, BAD_CAST "script")) &&
-- (xmlStrcasecmp(cur->parent->name, BAD_CAST "style"))))) {
-+ ((parent == NULL) ||
-+ ((xmlStrcasecmp(parent->name, BAD_CAST "script")) &&
-+ (xmlStrcasecmp(parent->name, BAD_CAST "style"))))) {
- xmlChar *buffer;
-
- buffer = xmlEncodeEntitiesReentrant(doc, cur->content);
-@@ -902,13 +916,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if ((cur->type == XML_HTML_DOCUMENT_NODE) ||
- (cur->type == XML_DOCUMENT_NODE)) {
-@@ -939,9 +949,9 @@ htmlNodeDumpFormatOutput(xmlOutputBufferPtr buf, xmlDocPtr doc,
- (cur->next != NULL)) {
- if ((cur->next->type != HTML_TEXT_NODE) &&
- (cur->next->type != HTML_ENTITY_REF_NODE) &&
-- (cur->parent != NULL) &&
-- (cur->parent->name != NULL) &&
-- (cur->parent->name[0] != 'p')) /* p, pre, param */
-+ (parent != NULL) &&
-+ (parent->name != NULL) &&
-+ (parent->name[0] != 'p')) /* p, pre, param */
- xmlOutputBufferWriteString(buf, "\n");
- }
- }
-diff --git a/xmlsave.c b/xmlsave.c
-index 61a40459..aedbd5e7 100644
---- a/xmlsave.c
-+++ b/xmlsave.c
-@@ -847,7 +847,7 @@ htmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- static void
- xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- int format = ctxt->format;
-- xmlNodePtr tmp, root, unformattedNode = NULL;
-+ xmlNodePtr tmp, root, unformattedNode = NULL, parent;
- xmlAttrPtr attr;
- xmlChar *start, *end;
- xmlOutputBufferPtr buf;
-@@ -856,6 +856,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- buf = ctxt->buf;
-
- root = cur;
-+ parent = cur->parent;
- while (1) {
- switch (cur->type) {
- case XML_DOCUMENT_NODE:
-@@ -868,7 +869,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
-
- case XML_DOCUMENT_FRAG_NODE:
-- if (cur->children != NULL) {
-+ /* Always validate cur->parent when descending. */
-+ if ((cur->parent == parent) && (cur->children != NULL)) {
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -887,7 +890,18 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
-
- case XML_ELEMENT_NODE:
-- if ((cur != root) && (ctxt->format == 1) && (xmlIndentTreeOutput))
-+ /*
-+ * Some users like lxml are known to pass nodes with a corrupted
-+ * tree structure. Fall back to a recursive call to handle this
-+ * case.
-+ */
-+ if ((cur->parent != parent) && (cur->children != NULL)) {
-+ xmlNodeDumpOutputInternal(ctxt, cur);
-+ break;
-+ }
-+
-+ if ((ctxt->level > 0) && (ctxt->format == 1) &&
-+ (xmlIndentTreeOutput))
- xmlOutputBufferWrite(buf, ctxt->indent_size *
- (ctxt->level > ctxt->indent_nr ?
- ctxt->indent_nr : ctxt->level),
-@@ -942,6 +956,7 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- xmlOutputBufferWrite(buf, 1, ">");
- if (ctxt->format == 1) xmlOutputBufferWrite(buf, 1, "\n");
- if (ctxt->level >= 0) ctxt->level++;
-+ parent = cur;
- cur = cur->children;
- continue;
- }
-@@ -1058,13 +1073,9 @@ xmlNodeDumpOutputInternal(xmlSaveCtxtPtr ctxt, xmlNodePtr cur) {
- break;
- }
-
-- /*
-- * The parent should never be NULL here but we want to handle
-- * corrupted documents gracefully.
-- */
-- if (cur->parent == NULL)
-- return;
-- cur = cur->parent;
-+ cur = parent;
-+ /* cur->parent was validated when descending. */
-+ parent = cur->parent;
-
- if (cur->type == XML_ELEMENT_NODE) {
- if (ctxt->level > 0) ctxt->level--;
---
-GitLab
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libxml2.git/commitdiff/26990bdf6c51f2f7c4ed79fc05a7fbde487b083f
More information about the pld-cvs-commit
mailing list