[packages/crossmingw32-libxml2] - updated to 2.10.0 (fixes CVE-2022-2309)

qboosh qboosh at pld-linux.org
Thu Aug 18 18:11:28 CEST 2022 

commit 3f814cc53217aa6d2119a0b03d6d680a494b72ef
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Thu Aug 18 18:11:23 2022 +0200

    - updated to 2.10.0 (fixes CVE-2022-2309)

 crossmingw32-libxml2.spec | 16 +++++++---------
 libxml2-man_fixes.patch   | 22 ----------------------
 libxml2-open.gz.patch     | 39 ++++++++++++++++++---------------------
 3 files changed, 25 insertions(+), 52 deletions(-)
---
diff --git a/crossmingw32-libxml2.spec b/crossmingw32-libxml2.spec
index 6d9b4ab..d98aa3f 100644
--- a/crossmingw32-libxml2.spec
+++ b/crossmingw32-libxml2.spec
@@ -2,19 +2,18 @@
 Summary:	libXML library - cross MinGW32 version
 Summary(pl.UTF-8):	Biblioteka libXML wersja 2 - wersja skrośna dla MinGW32
 Name:		crossmingw32-%{realname}
-Version:	2.9.14
+Version:	2.10.0
 Release:	1
 License:	MIT
 Group:		Development/Libraries
 #Source0:	ftp://xmlsoft.org/libxml2/%{realname}-%{version}.tar.gz
-Source0:	https://download.gnome.org/sources/libxml2/2.9/%{realname}-%{version}.tar.xz
-# Source0-md5:	b7b3029ac6beb32a7925225515f83ca3
-Patch0:		%{realname}-man_fixes.patch
-Patch1:		%{realname}-open.gz.patch
-Patch2:		%{realname}-largefile.patch
+Source0:	https://download.gnome.org/sources/libxml2/2.10/%{realname}-%{version}.tar.xz
+# Source0-md5:	54fdcf2404eb5c1ca59ffc82b2edff78
+Patch0:		%{realname}-open.gz.patch
+Patch1:		%{realname}-largefile.patch
 URL:		http://xmlsoft.org/
 BuildRequires:	autoconf >= 2.68
-BuildRequires:	automake >= 1.4
+BuildRequires:	automake >= 1:1.15
 BuildRequires:	crossmingw32-gcc
 BuildRequires:	crossmingw32-zlib >= 1.2.4-3
 BuildRequires:	crossmingw32-xz
@@ -88,7 +87,6 @@ Biblioteka DLL libxml2 dla Windows.
 %setup -q -n %{realname}-%{version}
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 
 %build
 %{__libtoolize}
@@ -102,6 +100,7 @@ CPPFLAGS="%{rpmcppflags} -D_WINSOCKAPI_"
 	--target=%{target} \
 	--host=%{target} \
 	--disable-silent-rules \
+	--enable-static \
 	--without-python
 
 %{__make}
@@ -121,7 +120,6 @@ install -d $RPM_BUILD_ROOT%{_dlldir}
 %endif
 
 %{__rm} $RPM_BUILD_ROOT%{_bindir}/{*.exe,xml2-config}
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/xml2Conf.sh
 %{__rm} -r $RPM_BUILD_ROOT%{_libdir}/cmake
 %{__rm} -r $RPM_BUILD_ROOT%{_datadir}/{aclocal,doc,gtk-doc,man}
 
diff --git a/libxml2-man_fixes.patch b/libxml2-man_fixes.patch
deleted file mode 100644
index 959505d..0000000
--- a/libxml2-man_fixes.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff -aurN libxml2-2.6.23.orig/libxml.3 libxml2-2.6.23/libxml.3
---- libxml2-2.6.23.orig/libxml.3	2005-10-28 18:13:58.000000000 +0200
-+++ libxml2-2.6.23/libxml.3	2006-01-06 23:00:43.000000000 +0100
-@@ -48,14 +48,14 @@
- library exports Push and Pull type parser interfaces for both XML and 
- .IR html . 
- .SH FILES
--.TP 2.2i
--.B /depot/lib/libxml_2.0.0/libxml.a
-+.TP
-+.B libxml.a
- static library
- .TP
--.B /depot/lib/libxml_2.0.0/libxml.so
-+.B libxml.so
- shared library
- .TP
--.B /depot/package/libxml_2.0.0/bin/xmllint
-+.B xmllint
- binary application for parsing XML files
- .SH AUTHORS
- Daniel Veillard (daniel at veillard.com).
diff --git a/libxml2-open.gz.patch b/libxml2-open.gz.patch
index 9d36147..644204b 100644
--- a/libxml2-open.gz.patch
+++ b/libxml2-open.gz.patch
@@ -1,41 +1,38 @@
-diff -ur libxml2-2.4.20/xmlIO.c libxml2-2.4.20-/xmlIO.c
---- libxml2-2.4.20/xmlIO.c	Wed Mar 27 04:35:12 2002
-+++ libxml2-2.4.20-/xmlIO.c	Thu May 23 20:35:12 2002
-@@ -465,8 +465,35 @@
+--- libxml2-2.10.0/xmlIO.c.orig	2022-08-18 16:29:32.843322082 +0200
++++ libxml2-2.10.0/xmlIO.c	2022-08-18 16:32:12.985787850 +0200
+@@ -1115,8 +1115,33 @@ xmlGzfileOpen_real (const char *filename
  
      if (path == NULL)
  	return(NULL);
 -    if (!xmlCheckFilename(path))
 -        return(NULL);
-+	
 +    if (!xmlCheckFilename(path)) {
-+        /* If we cannot open `foo.xml', we try `foo.xml.gz'. However we i
++	/* If we cannot open `foo.xml', we try `foo.xml.gz'. However we i
 +	 * append .gz only if filename doesn't alreay end with .gz. */
-+        if (strlen(path) < 3 || strcmp(path + strlen(path) - 3, ".gz") != 0) {
-+            char *gz_filename = xmlMalloc(strlen(path) + 4);
++	if (strlen(path) < 3 || strcmp(path + strlen(path) - 3, ".gz") != 0) {
++	    char *gz_filename = xmlMalloc(strlen(path) + 4);
 +
 +	    if (gz_filename == NULL) {
 +	        xmlGenericError(xmlGenericErrorContext,
 +			        "xmlGzfileOpen:  %s\n",
 +			        "Failure allocating buffer for filename.");
 +	        return NULL;
-+	     }
-+	
-+             strcpy(gz_filename, path);
-+	     strcat(gz_filename, ".gz");
++	    }
 +
-+	     fd = NULL;
-+	     
-+	     if (xmlCheckFilename(gz_filename))
++	    strcpy(gz_filename, path);
++	    strcat(gz_filename, ".gz");
++
++	    fd = NULL;
++
++	    if (xmlCheckFilename(gz_filename))
 +		fd = gzopen(gz_filename, "rb");
-+	         
-+	     xmlFree(gz_filename);
++
++	    xmlFree(gz_filename);
 +	     
-+             return((void *) fd);
-+	} else {
++	    return((void *) fd);
++	} else
 +	    return NULL;
-+	}
 +    }
  
- #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__)
+ #if defined(_WIN32)
      fd = xmlWrapGzOpenUtf8(path, "rb");
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/crossmingw32-libxml2.git/commitdiff/3f814cc53217aa6d2119a0b03d6d680a494b72ef

More information about the pld-cvs-commit mailing list