Hello community, here is the log from the commit of package libxml2 for openSUSE:11.3 checked in at Mon Jan 16 14:49:32 CET 2012. -------- --- old-versions/11.3/UPDATES/all/libxml2/libxml2.changes 2011-11-28 16:25:17.000000000 +0100 +++ 11.3/libxml2/libxml2.changes 2012-01-06 11:46:57.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Jan 6 10:42:43 UTC 2012 - vcizek@suse.com + +- fix for CVE-2011-3919 (bnc#739894) + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- libxml2-CVE-2011-3919.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2-python.spec ++++++ --- /var/tmp/diff_new_pack.Zb6rcZ/_old 2012-01-16 14:49:14.000000000 +0100 +++ /var/tmp/diff_new_pack.Zb6rcZ/_new 2012-01-16 14:49:14.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2-python # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,17 +15,17 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: libxml2-python -BuildRequires: libxml2-devel python-devel python-xml -License: MIT License (or similar) -Group: Development/Libraries/Python -AutoReqProv: on +BuildRequires: libxml2-devel +BuildRequires: python-devel +BuildRequires: python-xml Summary: Python Bindings for libxml2 +License: MIT +Group: Development/Libraries/Python Version: 2.7.7 -Release: 4.<RELEASE5> +Release: 4.<RELEASE6> Source: libxml2-%{version}.tar.bz2 Source1: libxml2-python-rpmlintrc %py_requires ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.Zb6rcZ/_old 2012-01-16 14:49:14.000000000 +0100 +++ /var/tmp/diff_new_pack.Zb6rcZ/_new 2012-01-16 14:49:14.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,23 +15,26 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: libxml2 -BuildRequires: pkg-config readline-devel zlib-devel -License: MIT License (or similar) -Group: System/Libraries +BuildRequires: pkg-config +BuildRequires: readline-devel +BuildRequires: zlib-devel Summary: A Library to Manipulate XML Files +License: MIT +Group: System/Libraries Url: http://xmlsoft.org Version: 2.7.7 -Release: 4.<RELEASE9> +Release: 4.<RELEASE11> Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf Patch1: libxml2-xpath-ns-attr-axis.patch Patch2: libxml2-CVE-2010-4494.patch Patch3: libxml2-CVE-2011-1944.patch Patch4: libxml2-CVE-2011-2821.patch +# PATCH-FIX-UPSTREAM CVE-2011-3919 (bnc#739894) +Patch5: libxml2-CVE-2011-3919.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # bug437293 %ifarch ppc64 @@ -55,7 +58,7 @@ progress. %package devel -License: MIT License (or similar) + Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -77,7 +80,7 @@ cf. libxml2. %package doc -License: MIT License (or similar) + Summary: A Library to Manipulate XML Files Group: System/Libraries Requires: %{name} = %{version} @@ -107,6 +110,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %configure \ ++++++ libxml2-CVE-2011-3919.patch ++++++
From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 From: Daniel Veillard
Date: Fri, 16 Dec 2011 10:53:35 +0000 Subject: Fix an allocation error when copying entities
--- diff --git a/parser.c b/parser.c index 4e5dcb9..c55e41d 100644 --- a/parser.c +++ b/parser.c @@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, buffer[nbchars++] = '&'; if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) buffer[nbchars++] = *cur++; -- cgit v0.9.0.2 continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org