[packages/libxml2] - up to 2.9.0
arekm
arekm at pld-linux.org
Sat Sep 15 11:48:14 CEST 2012
commit 7658de52df0a304fd08b2edc463e2c9eb6ac0b01
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sat Sep 15 11:48:11 2012 +0200
- up to 2.9.0
libxml2-CVE-2012-2807.patch | 365 --------------------------------------------
libxml2.spec | 12 +-
2 files changed, 6 insertions(+), 371 deletions(-)
---
diff --git a/libxml2.spec b/libxml2.spec
index 1f4e331..bfa319e 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -13,18 +13,17 @@ Summary(es.UTF-8): Biblioteca libXML version 2
Summary(pl.UTF-8): Biblioteka libXML wersja 2
Summary(pt_BR.UTF-8): Biblioteca libXML versão 2
Name: libxml2
-Version: 2.8.0
-Release: 2
+Version: 2.9.0
+Release: 1
Epoch: 1
License: MIT
Group: Libraries
#Source0: http://ftp.gnome.org/pub/GNOME/sources/libxml2/2.6/%{name}-%{version}.tar.bz2
Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
-# Source0-md5: c62106f02ee00b6437f0fb9d370c1093
+# Source0-md5: 5b9bebf4f5d2200ae2c4efe8fa6103f7
Patch0: %{name}-man_fixes.patch
Patch1: %{name}-open.gz.patch
Patch2: %{name}-largefile.patch
-Patch3: %{name}-CVE-2012-2807.patch
URL: http://xmlsoft.org/
BuildRequires: autoconf >= 2.59
BuildRequires: automake >= 1.4
@@ -33,6 +32,7 @@ BuildRequires: libtool >= 1:1.4.2-9
%{?with_python:BuildRequires: python-modules}
%{?with_python:BuildRequires: rpm-pythonprov}
BuildRequires: rpmbuild(macros) >= 1.219
+BuildRequires: xz-devel
%{?with_zlib:BuildRequires: zlib-devel >= 1.2.3.3}
# history support in xmllint is disabled by default
#BuildRequires: ncurses-devel
@@ -143,7 +143,6 @@ Moduły języka Python dla biblioteki libxml2.
%patch1 -p1
%endif
%patch2 -p1
-%patch3 -p1
%build
%{__libtoolize}
@@ -156,6 +155,7 @@ Moduły języka Python dla biblioteki libxml2.
%{!?with_static_libs:--disable-static=no} \
%{!?with_python:--without-python} \
%{!?with_zlib:--without-zlib} \
+ --with-lzma \
--with%{!?with_mem_debug:out}-mem-debug
%{__make}
@@ -165,7 +165,7 @@ rm -rf $RPM_BUILD_ROOT
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT \
- DEVHELP_DIR=%{_gtkdocdir}/libxml2 \
+ devhelpdir=%{_gtkdocdir}/libxml2 \
m4datadir=%{_aclocaldir} \
pkgconfigdir=%{_pkgconfigdir}
diff --git a/libxml2-CVE-2012-2807.patch b/libxml2-CVE-2012-2807.patch
deleted file mode 100644
index b31a080..0000000
--- a/libxml2-CVE-2012-2807.patch
+++ /dev/null
@@ -1,365 +0,0 @@
-From 459eeb9dc752d5185f57ff6b135027f11981a626 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Tue, 17 Jul 2012 16:19:17 +0800
-Subject: [PATCH 1/3] Fix parser local buffers size problems
-
----
- parser.c | 74 +++++++++++++++++++++++++++++++++++++---------------------------
- 1 file changed, 43 insertions(+), 31 deletions(-)
-
-diff --git a/parser.c b/parser.c
-index 2c38fae..9863275 100644
---- a/parser.c
-+++ b/parser.c
-@@ -40,6 +40,7 @@
- #endif
-
- #include <stdlib.h>
-+#include <limits.h>
- #include <string.h>
- #include <stdarg.h>
- #include <libxml/xmlmemory.h>
-@@ -117,10 +118,10 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
- * parser option.
- */
- static int
--xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size,
-+xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
- xmlEntityPtr ent)
- {
-- unsigned long consumed = 0;
-+ size_t consumed = 0;
-
- if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE))
- return (0);
-@@ -2589,15 +2590,17 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
-
- /*
- * Macro used to grow the current buffer.
-+ * buffer##_size is expected to be a size_t
-+ * mem_error: is expected to handle memory allocation failures
- */
- #define growBuffer(buffer, n) { \
- xmlChar *tmp; \
-- buffer##_size *= 2; \
-- buffer##_size += n; \
-- tmp = (xmlChar *) \
-- xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
-+ size_t new_size = buffer##_size * 2 + n; \
-+ if (new_size < buffer##_size) goto mem_error; \
-+ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
- if (tmp == NULL) goto mem_error; \
- buffer = tmp; \
-+ buffer##_size = new_size; \
- }
-
- /**
-@@ -2623,14 +2626,14 @@ xmlChar *
- xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- int what, xmlChar end, xmlChar end2, xmlChar end3) {
- xmlChar *buffer = NULL;
-- int buffer_size = 0;
-+ size_t buffer_size = 0;
-+ size_t nbchars = 0;
-
- xmlChar *current = NULL;
- xmlChar *rep = NULL;
- const xmlChar *last;
- xmlEntityPtr ent;
- int c,l;
-- int nbchars = 0;
-
- if ((ctxt == NULL) || (str == NULL) || (len < 0))
- return(NULL);
-@@ -2647,7 +2650,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- * allocate a translation buffer.
- */
- buffer_size = XML_PARSER_BIG_BUFFER_SIZE;
-- buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar));
-+ buffer = (xmlChar *) xmlMallocAtomic(buffer_size);
- if (buffer == NULL) goto mem_error;
-
- /*
-@@ -2667,7 +2670,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- if (val != 0) {
- COPY_BUF(0,buffer,nbchars,val);
- }
-- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
-+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- }
- } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
-@@ -2685,7 +2688,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
- if (ent->content != NULL) {
- COPY_BUF(0,buffer,nbchars,ent->content[0]);
-- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
-+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- }
- } else {
-@@ -2702,8 +2705,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- current = rep;
- while (*current != 0) { /* non input consuming loop */
- buffer[nbchars++] = *current++;
-- if (nbchars >
-- buffer_size - XML_PARSER_BUFFER_SIZE) {
-+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
- goto int_error;
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-@@ -2717,7 +2719,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- const xmlChar *cur = ent->name;
-
- buffer[nbchars++] = '&';
-- if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
-+ if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) {
- growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
- }
- for (;i > 0;i--)
-@@ -2745,8 +2747,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- current = rep;
- while (*current != 0) { /* non input consuming loop */
- buffer[nbchars++] = *current++;
-- if (nbchars >
-- buffer_size - XML_PARSER_BUFFER_SIZE) {
-+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
- if (xmlParserEntityCheck(ctxt, nbchars, ent))
- goto int_error;
- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-@@ -2759,8 +2760,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- } else {
- COPY_BUF(l,buffer,nbchars,c);
- str += l;
-- if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
-- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
-+ if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
-+ growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- }
- }
- if (str < last)
-@@ -3764,8 +3765,8 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- xmlChar limit = 0;
- xmlChar *buf = NULL;
- xmlChar *rep = NULL;
-- int len = 0;
-- int buf_size = 0;
-+ size_t len = 0;
-+ size_t buf_size = 0;
- int c, l, in_space = 0;
- xmlChar *current = NULL;
- xmlEntityPtr ent;
-@@ -3787,7 +3788,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- * allocate a translation buffer.
- */
- buf_size = XML_PARSER_BUFFER_SIZE;
-- buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar));
-+ buf = (xmlChar *) xmlMallocAtomic(buf_size);
- if (buf == NULL) goto mem_error;
-
- /*
-@@ -3804,7 +3805,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
-
- if (val == '&') {
- if (ctxt->replaceEntities) {
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- buf[len++] = '&';
-@@ -3813,7 +3814,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- * The reparsing will be done in xmlStringGetNodeList()
- * called by the attribute() function in SAX.c
- */
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- buf[len++] = '&';
-@@ -3823,7 +3824,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- buf[len++] = ';';
- }
- } else if (val != 0) {
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- len += xmlCopyChar(0, &buf[len], val);
-@@ -3835,7 +3836,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- ctxt->nbentities += ent->owner;
- if ((ent != NULL) &&
- (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- if ((ctxt->replaceEntities == 0) &&
-@@ -3863,7 +3864,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- current++;
- } else
- buf[len++] = *current++;
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- }
-@@ -3871,7 +3872,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- rep = NULL;
- }
- } else {
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- if (ent->content != NULL)
-@@ -3899,7 +3900,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- * Just output the reference
- */
- buf[len++] = '&';
-- while (len > buf_size - i - 10) {
-+ while (len + i + 10 > buf_size) {
- growBuffer(buf, i + 10);
- }
- for (;i > 0;i--)
-@@ -3912,7 +3913,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- if ((len != 0) || (!normalize)) {
- if ((!normalize) || (!in_space)) {
- COPY_BUF(l,buf,len,0x20);
-- while (len > buf_size - 10) {
-+ while (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- }
-@@ -3921,7 +3922,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- } else {
- in_space = 0;
- COPY_BUF(l,buf,len,c);
-- if (len > buf_size - 10) {
-+ if (len + 10 > buf_size) {
- growBuffer(buf, 10);
- }
- }
-@@ -3946,7 +3947,18 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
- }
- } else
- NEXT;
-- if (attlen != NULL) *attlen = len;
-+
-+ /*
-+ * There we potentially risk an overflow, don't allow attribute value of
-+ * lenght more than INT_MAX it is a very reasonnable assumption !
-+ */
-+ if (len >= INT_MAX) {
-+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
-+ "AttValue lenght too long\n");
-+ goto mem_error;
-+ }
-+
-+ if (attlen != NULL) *attlen = (int) len;
- return(buf);
-
- mem_error:
---
-1.7.11.4
-
-From 4f9fdc709c4861c390cd84e2ed1fd878b3442e28 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard at redhat.com>
-Date: Wed, 18 Jul 2012 11:38:17 +0800
-Subject: [PATCH 2/3] Fix entities local buffers size problems
-
----
- entities.c | 36 +++++++++++++++++++++++-------------
- 1 file changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/entities.c b/entities.c
-index 6aef49f..859ec3b 100644
---- a/entities.c
-+++ b/entities.c
-@@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
- * Macro used to grow the current buffer.
- */
- #define growBufferReentrant() { \
-- buffer_size *= 2; \
-- buffer = (xmlChar *) \
-- xmlRealloc(buffer, buffer_size * sizeof(xmlChar)); \
-- if (buffer == NULL) { \
-- xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\
-- return(NULL); \
-- } \
-+ xmlChar *tmp; \
-+ size_t new_size = buffer_size * 2; \
-+ if (new_size < buffer_size) goto mem_error; \
-+ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
-+ if (tmp == NULL) goto mem_error; \
-+ buffer = tmp; \
-+ buffer_size = new_size; \
- }
-
-
-@@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
- const xmlChar *cur = input;
- xmlChar *buffer = NULL;
- xmlChar *out = NULL;
-- int buffer_size = 0;
-+ size_t buffer_size = 0;
- int html = 0;
-
- if (input == NULL) return(NULL);
-@@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
- out = buffer;
-
- while (*cur != '\0') {
-- if (out - buffer > buffer_size - 100) {
-- int indx = out - buffer;
-+ size_t indx = out - buffer;
-+ if (indx + 100 > buffer_size) {
-
- growBufferReentrant();
- out = &buffer[indx];
-@@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
- }
- *out = 0;
- return(buffer);
-+
-+mem_error:
-+ xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
-+ xmlFree(buffer);
-+ return(NULL);
- }
-
- /**
-@@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
- const xmlChar *cur = input;
- xmlChar *buffer = NULL;
- xmlChar *out = NULL;
-- int buffer_size = 0;
-+ size_t buffer_size = 0;
- if (input == NULL) return(NULL);
-
- /*
-@@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
- out = buffer;
-
- while (*cur != '\0') {
-- if (out - buffer > buffer_size - 10) {
-- int indx = out - buffer;
-+ size_t indx = out - buffer;
-+ if (indx + 10 > buffer_size) {
-
- growBufferReentrant();
- out = &buffer[indx];
-@@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
- }
- *out = 0;
- return(buffer);
-+
-+mem_error:
-+ xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
-+ xmlFree(buffer);
-+ return(NULL);
- }
-
- /**
---
-1.7.11.4
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libxml2.git/commitdiff/7658de52df0a304fd08b2edc463e2c9eb6ac0b01
More information about the pld-cvs-commit
mailing list