Hello community, here is the log from the commit of package libxml2 for openSUSE:11.4 checked in at Mon Jan 16 15:14:21 CET 2012. -------- --- old-versions/11.4/UPDATES/all/libxml2/libxml2.changes 2011-11-28 16:40:25.000000000 +0100 +++ 11.4/libxml2/libxml2.changes 2012-01-06 11:55:57.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Jan 6 10:42:43 UTC 2012 - vcizek@suse.com + +- fix for CVE-2011-3919 (bnc#739894) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- libxml2-CVE-2011-3919.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2-python.spec ++++++ --- /var/tmp/diff_new_pack.eHbJo9/_old 2012-01-16 15:10:14.000000000 +0100 +++ /var/tmp/diff_new_pack.eHbJo9/_new 2012-01-16 15:10:14.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2-python # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,15 +19,16 @@ Name: libxml2-python Version: 2.7.8 -Release: 5.<RELEASE2> -License: MIT License (or similar) +Release: 5.<RELEASE3> Summary: Python Bindings for libxml2 -Url: http://xmlsoft.org +License: MIT Group: Development/Libraries/Python +Url: http://xmlsoft.org Source: libxml2-%{version}.tar.bz2 Source1: libxml2-python-rpmlintrc BuildRequires: libxml2-devel -BuildRequires: python-devel python-xml +BuildRequires: python-devel +BuildRequires: python-xml %py_requires Requires: libxml2 = %{version} # Uncomment to save space: ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.eHbJo9/_old 2012-01-16 15:10:14.000000000 +0100 +++ /var/tmp/diff_new_pack.eHbJo9/_new 2012-01-16 15:10:14.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxml2 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,17 +19,19 @@ Name: libxml2 Version: 2.7.8 -Release: 16.<RELEASE19> -License: MIT License (or similar) +Release: 16.<RELEASE21> Summary: A Library to Manipulate XML Files -Url: http://xmlsoft.org +License: MIT Group: System/Libraries +Url: http://xmlsoft.org Source: %{name}-%{version}.tar.bz2 Source2: baselibs.conf Patch1: noxref.patch Patch2: libxml2-CVE-2010-4494.patch Patch3: libxml2-CVE-2011-1944.patch Patch4: libxml2-CVE-2011-2821.patch +# PATCH-FIX-UPSTREAM CVE-2011-3919 (bnc#739894) +Patch5: libxml2-CVE-2011-3919.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel @@ -56,7 +58,7 @@ progress. %package devel -License: MIT License (or similar) + Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -73,7 +75,7 @@ to develop applications that require these. %package doc -License: MIT License (or similar) + Summary: A Library to Manipulate XML Files Group: System/Libraries Requires: %{name} = %{version} @@ -103,6 +105,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %configure --disable-static \ ++++++ libxml2-CVE-2011-3919.patch ++++++
From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001 From: Daniel Veillard
Date: Fri, 16 Dec 2011 10:53:35 +0000 Subject: Fix an allocation error when copying entities
--- diff --git a/parser.c b/parser.c index 4e5dcb9..c55e41d 100644 --- a/parser.c +++ b/parser.c @@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, buffer[nbchars++] = '&'; if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) buffer[nbchars++] = *cur++; -- cgit v0.9.0.2 continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org