commit libxml2.1799 for openSUSE:12.2:Update

Hello community, here is the log from the commit of package libxml2.1799 for openSUSE:12.2:Update checked in at 2013-06-26 12:37:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/libxml2.1799 (Old) and /work/SRC/openSUSE:12.2:Update/.libxml2.1799.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libxml2.1799" Changes: -------- New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.2:Update/.libxml2.1799.new/libxml2.changes 2013-06-26 12:37:58.000000000 +0200 @@ -0,0 +1,1598 @@ +------------------------------------------------------------------- +Wed Jun 19 12:15:30 UTC 2013 - vcizek@suse.com + +- fix a leak in lzma code (bnc#823792) + * added libxml2-lzma_memory_leak.patch + +------------------------------------------------------------------- +Thu Mar 7 13:28:59 UTC 2013 - vcizek@suse.com + +- fix for CVE-2013-0338 (bnc#805233) + libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + +------------------------------------------------------------------- +Fri Dec 7 10:49:11 UTC 2012 - vcizek@suse.com + +- fixed CVE-2012-5134 (bnc#793334) / libxml2-CVE-2012-5134.patch + +------------------------------------------------------------------- +Thu Jun 28 09:48:22 UTC 2012 - vcizek@suse.com + +- fixed CVE-2012-2807 (bnc#769184) + +------------------------------------------------------------------- +Sun Mar 11 21:00:19 UTC 2012 - jengelh@medozas.de + +- libxml2-2 should not require libxml2-tools. There is no trouble + expected, since attempting to install libxml2 will already pull + in libxml2-tools due to Provides tags. + +------------------------------------------------------------------- +Mon Mar 5 10:18:12 UTC 2012 - coolo@suse.com + +- revert the two commits that broke perl-XML-LibXML's test case, + I hope the two upstreams will figure it out + +------------------------------------------------------------------- +Fri Mar 2 16:47:56 UTC 2012 - coolo@suse.com + +- update to git to fix some issues + * Fix a logic error in Schemas Component ConstraintsHEADmaster + * Fix a wrong enum type use in Schemas Types + +------------------------------------------------------------------- +Thu Mar 1 18:36:33 CET 2012 - meissner@suse.de + +- fixed a 64bit big endian bug in the file reader. + +------------------------------------------------------------------- +Sat Feb 25 13:50:54 UTC 2012 - coolo@suse.com + +- the fallout of requiring libxml2-tools as explicit buildrequire + is just too large, so avoid it for now and create a cycle between + libxml2-2 and libxml2-tools + +------------------------------------------------------------------- +Sat Feb 25 08:09:00 UTC 2012 - coolo@suse.com + +- add provide for the old name to fix packages with explicit + library dependency + +------------------------------------------------------------------- +Thu Feb 23 10:42:16 UTC 2012 - coolo@suse.com + +- update to today's GIT snapshot: + include XZ support +- split libxml2-2 according to shared library policy + +------------------------------------------------------------------- +Mon Dec 26 17:08:52 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections + +------------------------------------------------------------------- +Wed Dec 21 10:24:19 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Dec 20 11:05:01 UTC 2011 - coolo@suse.com + +- own aclocal directory, there is no other reason to buildrequire + automake + +------------------------------------------------------------------- +Fri Jul 8 08:52:06 UTC 2011 - saschpe@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes +- drop upstreamed patches: + * libxml2-CVE-2010-4494.patch + * libxml2-CVE-2011-1944.patch + * noxref.patch + * symbol-versioning.patch + +------------------------------------------------------------------- +Wed Jun 29 09:05:59 UTC 2011 - puzel@novell.com + +- add libxml2-CVE-2011-1944.patch (bnc#697372) + +------------------------------------------------------------------- +Sun Jun 5 21:36:07 UTC 2011 - cshorler@googlemail.com + +- add symbol-versioning.patch to restore 11.3 versioned symbols + +------------------------------------------------------------------- +Mon Jan 3 09:21:20 UTC 2011 - puzel@novell.com + +- add libxml2-CVE-2010-4494.patch (bnc#661471) + +------------------------------------------------------------------- +Fri Dec 3 12:09:40 UTC 2010 - puzel@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- drop libxml2-xpath-ns-attr-axis.patch (in upstream) +- clean up specfile + +------------------------------------------------------------------- +Mon Nov 1 10:00:04 UTC 2010 - puzel@novell.com + +- add libxml2-xpath-ns-attr-axis.patch (bnc#648277) + +------------------------------------------------------------------- +Sat Oct 30 22:45:22 UTC 2010 - cristian.rodriguez@opensuse.org + +- Use --disable-static + +------------------------------------------------------------------- +Mon Sep 20 11:36:31 UTC 2010 - puzel@novell.com + +- drop libxml2-largefile64.patch (revert last change) + - the issue is fixed in zlib + +------------------------------------------------------------------- +Fri Sep 17 16:28:46 UTC 2010 - puzel@novell.com + +- add libxml2-largefile64.patch (fixes build) + - debian bug#439843 + +------------------------------------------------------------------- +Wed Jul 14 20:05:00 UTC 2010 - jw@novell.com + +- added noxref.patch, + this implements a new --noxref option, which turns + validation errors about missing xrefs into warnings. + Upstreamed as https://bugzilla.gnome.org/show_bug.cgi?id=624386 + +------------------------------------------------------------------- +Sat Apr 24 09:50:01 UTC 2010 - coolo@novell.com + +- buildrequire pkg-config to fix provides + +------------------------------------------------------------------- +Tue Mar 23 23:46:00 CET 2010 - mrdocs@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +------------------------------------------------------------------- +Mon Feb 22 22:11:00 CET 2010 - mrdocs@opensuse.org + +- add sax parser option compiled in + +------------------------------------------------------------------- +Mon Dec 14 16:14:49 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- package documentation as noarch + +------------------------------------------------------------------- +Sun Aug 2 16:58:15 UTC 2009 - jansimon.moeller@opensuse.org + +- Disable the check for ARM as qemu-arm can't keep up atm. + +------------------------------------------------------------------- +Thu Mar 19 10:16:50 CET 2009 - prusnak@suse.cz + +- updated to 2.7.2 + * Portability fix: fix solaris compilation problem, + fix compilation if XPath is not configured in + * Bug fixes: nasty entity bug introduced in 2.7.0, restore old + behaviour when saving an HTML doc with an xml dump function, + HTML UTF-8 parsing bug, fix reader custom error handlers + (Riccardo Scussat) + * Improvement: xmlSave options for more flexibility to save + as XML/HTML/XHTML, handle leading BOM in HTML documents +- updated to 2.7.3 + * Build fix: fix build when HTML support is not included. + * Bug fixes: avoid memory overflow in gigantic text nodes, + indentation problem on the writed (Rob Richards), ++++ 1401 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.libxml2.1799.new/libxml2.changes New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.2:Update/.libxml2.1799.new/python-libxml2.changes 2013-06-26 12:37:58.000000000 +0200 @@ -0,0 +1,1474 @@ +------------------------------------------------------------------- +Sat Feb 25 08:47:58 UTC 2012 - coolo@suse.com + +- fix version + +------------------------------------------------------------------- +Thu Feb 23 11:00:21 UTC 2012 - coolo@suse.com + +- renamed to python-libxml2 to follow python naming expectations +- do not require python but let rpm figure it out + +------------------------------------------------------------------- +Mon Dec 26 17:08:59 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections + +------------------------------------------------------------------- +Fri Jul 8 08:52:06 UTC 2011 - saschpe@suse.de + +- update to libxml-2.7.8+git20110708 + - several important bugfixes + +------------------------------------------------------------------- +Mon Dec 6 09:05:53 UTC 2010 - coolo@novell.com + +- buildrequire python-xml to fix build + +------------------------------------------------------------------- +Fri Dec 3 12:24:42 UTC 2010 - puzel@novell.com + +- update to libxml-2.7.8 + - number of bufixes, documentation and portability fixes + - update language ID parser to RFC 5646 + - sort python generated stubs + - add an HTML parser option to avoid a default doctype + - see http://xmlsoft.org/news.html for exact details +- clean up specfile + +------------------------------------------------------------------- +Wed Apr 7 16:34:29 UTC 2010 - coolo@novell.com + +- fix build + +------------------------------------------------------------------- +Tue Mar 23 23:46:00 CET 2010 - mrdocs@opensuse.org + +- update to 2.7.7 +- add extra options to ./configure for scribus features and avoid a crash +- updates from 2.7.3 > 2.7.7 include a number of portability, correctness + memory leaks and build fixes including some CVE +- see http://xmlsoft.org/news.html for exact details + +------------------------------------------------------------------- +Tue Dec 15 12:19:16 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Thu Mar 19 10:16:50 CET 2009 - prusnak@suse.cz + +- updated to 2.7.2 + * Portability fix: fix solaris compilation problem, + fix compilation if XPath is not configured in + * Bug fixes: nasty entity bug introduced in 2.7.0, restore old + behaviour when saving an HTML doc with an xml dump function, + HTML UTF-8 parsing bug, fix reader custom error handlers + (Riccardo Scussat) + * Improvement: xmlSave options for more flexibility to save + as XML/HTML/XHTML, handle leading BOM in HTML documents +- updated to 2.7.3 + * Build fix: fix build when HTML support is not included. + * Bug fixes: avoid memory overflow in gigantic text nodes, + indentation problem on the writed (Rob Richards), + xmlAddChildList pointer problem (Rob Richards and Kevin Milburn), + xmlAddChild problem with attribute (Rob Richards and Kris Breuker), + avoid a memory leak in an edge case (Daniel Zimmermann), + deallocate some pthread data (Alex Ott). + * Improvements: configure option to avoid rebuilding docs + (Adrian Bunk), limit text nodes to 10MB max by default, + add element traversal APIs, add a parser option to enable + pre 2.7 SAX behavior (Rob Richards), + add gcc malloc checking (Marcus Meissner), + add gcc printf like functions parameters checking (Marcus Meissner). +- dropped obsoleted patches: + * alloc_size.patch (mainline) + * CVE-2008-4225.patch (mainline) + * CVE-2008-4226.patch (mainline) + * CVE-2008-4409.patch (mainline) + * oldsax.patch (mainline) + * pritnf.patch (mainline) + * xmlsave.patch (mainline) + +------------------------------------------------------------------- +Mon Jan 12 17:21:59 CET 2009 - prusnak@suse.cz + +- added oldsax.patch to enable pre 2.7.0 sax behaviour [bnc#457056] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Tue Nov 25 16:00:27 CET 2008 - prusnak@suse.cz + +- fix broken xmlsave (xmlsave.patch) [bnc#437203] + +------------------------------------------------------------------- +Tue Nov 18 16:24:39 CET 2008 - prusnak@suse.cz + +- fixed CVE-2008-4225 [bnc#445677] + +------------------------------------------------------------------- +Thu Nov 6 12:02:25 CET 2008 - prusnak@suse.cz + +- fixed CVE-2008-4226 [bnc#441368] + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Oct 6 14:50:38 CEST 2008 - prusnak@suse.cz + +- fixed CVE-2008-4409 [bnc#432486] + +------------------------------------------------------------------- +Tue Sep 9 17:01:12 CEST 2008 - meissner@suse.de + +- added GCC attribute alloc_size markup (alloc_size.patch) + +------------------------------------------------------------------- +Wed Sep 3 16:58:23 CEST 2008 - prusnak@suse.cz + +- updated to 2.7.1 + * Portability fix: Borland C fix (Moritz Both) + * Bug fixes: python serialization wrappers, XPath QName corner + case handking and leaks (Martin) + * Improvement: extend the xmlSave to handle HTML documents and trees + * Cleanup: python serialization wrappers + +------------------------------------------------------------------- +Wed Sep 3 16:57:46 CEST 2008 - prusnak@suse.cz + +- updated to 2.7.0 + * Documentation: switch ChangeLog to UTF-8, improve mutithreads and + xmlParserCleanup docs + * Portability fixes: Older Win32 platforms (Rob Richards), MSVC + porting fix (Rob Richards), Mac OS X regression tests (Sven Herzberg), + non GNUCC builds (Rob Richards), compilation on Haiku (Andreas Färber) + * Bug fixes: various realloc problems (Ashwin), potential double-free + (Ashwin), regexp crash, icrash with invalid whitespace facets (Rob + Richards), pattern fix when streaming (William Brack), various XML + parsing and validation fixes based on the W3C regression tests, reader + tree skipping function fix (Ashwin), Schemas regexps escaping fix + (Volker Grabsch), handling of entity push errors (Ashwin), fix a slowdown + when encoder cant serialize characters on output + * Code cleanup: compilation fix without the reader, without the output + (Robert Schwebel), python whitespace (Martin), many space/tabs cleanups, + serious cleanup of the entity handling code + * Improvement: switch parser to XML-1.0 5th edition, add parsing flags + for old versions, switch URI parsing to RFC 3986, + add xmlSchemaValidCtxtGetParserCtxt (Holger Kaelberer), + new hashing functions for dictionnaries (based on Stefan Behnel work), + improve handling of misplaced html/head/body in HTML parser, better + regression test tools and code coverage display, better algorithms + to detect various versions of the billion laughts attacks, make + arbitrary parser limits avoidable as a parser option +- dropped obsoleted patches: + * billion-laughs.patch (included in update) + +------------------------------------------------------------------- +Wed Aug 13 12:05:08 CEST 2008 - prusnak@suse.cz + +- fixed billion laughs vulnerability (billion-laughs.patch) [bnc#415371] + +------------------------------------------------------------------- +Fri Apr 11 14:34:30 CEST 2008 - prusnak@suse.cz + +- updated to 2.6.32 + * Documentation: + - returning heap memory to kernel (Wolfram Sang) + - trying to clarify xmlCleanupParser() use + - xmlXPathContext improvement (Jack Jansen) + - improve the *Recover* functions documentation + - XmlNodeType doc link fix (Martijn Arts) + * Bug fixes: + - internal subset memory leak (Ashwin) + - avoid problem with paths starting with // (Petr Sumbera) + - streaming XSD validation callback patches (Ashwin) + - fix redirection on port other than 80 (William Brack) + - SAX2 leak (Ashwin) + - XInclude fragment of own document (Chris Ryan) + - regexp bug with '.' (Andrew Tosh) + - flush the writer at the end of the document (Alfred Mickautsch) ++++ 1277 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.libxml2.1799.new/python-libxml2.changes New: ---- baselibs.conf bigendian64.patch fix-perl.diff libxml2-CVE-2012-2807.patch libxml2-CVE-2012-5134.patch libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch libxml2-git-snapshot.tar.gz libxml2-lzma_memory_leak.patch libxml2.changes libxml2.spec python-libxml2.changes python-libxml2.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ # # spec file for package libxml2 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define lname libxml2-2 Name: libxml2 Version: 2.7.8+git20120223 Release: 0 Summary: A Library to Manipulate XML Files License: MIT Group: System/Libraries Url: http://xmlsoft.org # Source ftp://xmlsoft.org/libxml2/libxml2-git-snapshot.tar.gz changes every day Source: libxml2-git-snapshot.tar.gz Source2: baselibs.conf Patch0: bigendian64.patch Patch1: fix-perl.diff Patch2: libxml2-CVE-2012-2807.patch # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) Patch3: libxml2-CVE-2012-5134.patch Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch Patch5: libxml2-lzma_memory_leak.patch BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: xz-devel BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX. The library also supports RelaxNG. Support for W3C XML Schemas is in progress. %package -n %lname Summary: A Library to Manipulate XML Files Group: System/Libraries %description -n %lname The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX. The library also supports RelaxNG. Support for W3C XML Schemas is in progress. %package tools Summary: Tools using libxml Group: System/Libraries Provides: %name = %version-%release Obsoletes: %name < 2.7.8+git20120223 %description tools This package contains xmllint, a very useful tool proving libxml's power. %package devel Summary: Include Files and Libraries mandatory for Development Group: Development/Libraries/C and C++ Requires: %name-tools = %{version} Requires: %{lname} = %{version} Requires: glibc-devel Requires: readline-devel Requires: xz-devel Requires: zlib-devel # bug437293 %ifarch ppc64 Obsoletes: libxml2-devel-64bit %endif %description devel This package contains all necessary include files and libraries needed to develop applications that require these. %package doc Summary: A Library to Manipulate XML Files Group: System/Libraries Requires: %{lname} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description doc The XML C library was initially developed for the GNOME project. It is now used by many programs to load and save extensible data structures or manipulate any kind of XML files. This library implements a number of existing standards related to markup languages, including the XML standard, name spaces in XML, XML Base, RFC 2396, XPath, XPointer, HTML4, XInclude, SGML catalogs, and XML catalogs. In most cases, libxml tries to implement the specification in a rather strict way. To some extent, it provides support for the following specifications, but does not claim to implement them: DOM, FTP client, HTTP client, and SAX. The library also supports RelaxNG. Support for W3C XML Schemas is in progress. %prep %setup -q -n %{name}-2.7.8 %patch0 -p0 %patch1 -p1 -R %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %build %configure --disable-static \ --with-html-subdir=packages/%{name}/html \ --with-fexceptions \ --with-history \ --without-python \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-http make %{?_smp_mflags} DOC_MODULE=packages/%{name} %install %makeinstall DOC_MODULE=packages/%{name} cp -a AUTHORS NEWS README COPYING* Copyright TODO* %{buildroot}%{_docdir}/%{name}/ ln -s libxml2/libxml %{buildroot}%{_includedir}/libxml %check # qemu-arm can't keep up atm, disabling check for arm %ifnarch %arm make check %endif %post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-, root, root) %{_libdir}/lib*.so.* %doc %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/[ANRCT]* %files tools %defattr(-, root, root) %{_bindir}/xmllint %{_bindir}/xmlcatalog %doc %{_mandir}/man1/xmllint.1* %doc %{_mandir}/man1/xmlcatalog.1* %files devel %defattr(-, root, root) %{_bindir}/xml2-config %dir %{_datadir}/aclocal %{_datadir}/aclocal/libxml.m4 %{_includedir}/libxml %{_includedir}/libxml2 %{_libdir}/lib*.so %{_libdir}/libxml2.la %{_libdir}/*.sh %{_libdir}/pkgconfig/*.pc %doc %{_mandir}/man1/xml2-config.1* %doc %{_mandir}/man3/libxml.3* %files doc %defattr(-, root, root) %{_datadir}/gtk-doc/html/* %doc %{_docdir}/%{name}/examples %doc %{_docdir}/%{name}/html # owning these directories prevents gtk-doc <-> libxml2 build loop: %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html %changelog ++++++ python-libxml2.spec ++++++ # # spec file for package python-libxml2 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: python-libxml2 Version: 2.7.8+git20120223 Release: 0 Summary: Python Bindings for libxml2 License: MIT Group: Development/Libraries/Python Url: http://xmlsoft.org Source: libxml2-git-snapshot.tar.gz BuildRequires: libxml2-devel BuildRequires: python-devel BuildRequires: python-xml Requires: libxml2-2 = %{version} # Uncomment to save space: #NoSource: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: libxml2-python = %{version} Obsoletes: libxml2-python < 2.7.8+git20110223 %description The libxml2-python package contains a module that permits applications written in the Python programming language to use the interface supplied by the libxml2 library to manipulate XML files. This library allows manipulation of XML files. It includes support for reading, modifying, and writing XML and HTML files. There is DTD support that includes parsing and validation even with complex DTDs, either at parse time or later once the document has been modified. %prep %setup -q -n libxml2-2.7.8 %build # workaround for bnc#310196 %ifarch s390 s390x export RPM_OPT_FLAGS=${RPM_OPT_FLAGS/-O2/-O1} %endif export CFLAGS="%{optflags} -fno-strict-aliasing" %configure \ --with-fexceptions \ --with-history \ --enable-ipv6 \ --with-sax1 \ --with-regexps \ --with-threads \ --with-reader \ --with-http # use libxml2 as built by libxml2 source package mkdir .libs cp -v %{_libdir}/libxml2.la . make -C python %{?_smp_mflags} %install make -C python install \ DESTDIR=%{buildroot} \ pythondir=%{py_sitedir} \ PYTHON_SITE_PACKAGES=%{py_sitedir} chmod a-x python/tests/*.py # Unwanted doc stuff rm -fr %{buildroot}%{_datadir}/doc rm -f python/tests/Makefile* # #223696 rm -f %{buildroot}%{py_sitedir}/*.{la,a} %files %defattr(-, root, root) %doc python/TODO %doc python/libxml2class.txt %doc python/tests %{py_sitedir}/* %changelog ++++++ baselibs.conf ++++++ libxml2-2 libxml2-devel requires -libxml2-<targettype> requires "libxml2-2-<targettype> = <version>" ++++++ bigendian64.patch ++++++ --- xzlib.c.xx 2012-03-01 17:23:54.000000000 +0000 +++ xzlib.c 2012-03-01 17:24:48.000000000 +0000 @@ -228,9 +228,14 @@ if (state->err != LZMA_OK) return -1; if (state->eof == 0) { + /* avail_in is size_t, which is not necessary sizeof(unsigned) */ + unsigned tmp = strm->avail_in; if (xz_load(state, state->in, state->size, - (unsigned *) &(strm->avail_in)) == -1) + &tmp) == -1) { + strm->avail_in = tmp; return -1; + } + strm->avail_in = tmp; strm->next_in = state->in; } return 0; ++++++ fix-perl.diff ++++++ commit 77b77b1301e052d90e6a0967534a698506afcd86 Author: Daniel Veillard Date: Thu Jan 26 19:11:02 2012 +0800 Fix SAX2 builder in case of undefined element namespaces Work as in XML-1.0 before namespaces, and use prefix:localname as the new element name (and no namespace of course) Also fix 3 cases in the regression tests where the prefix: was erroneously dropped in such case diff --git a/SAX2.c b/SAX2.c index c0482c0..0c48d65 100644 --- a/SAX2.c +++ b/SAX2.c @@ -2163,6 +2163,7 @@ xmlSAX2StartElementNs(void *ctx, xmlNodePtr parent; xmlNsPtr last = NULL, ns; const xmlChar *uri, *pref; + xmlChar *lname = NULL; int i, j; if (ctx == NULL) return; @@ -2182,6 +2183,20 @@ xmlSAX2StartElementNs(void *ctx, } /* + * Take care of the rare case of an undefined namespace prefix + */ + if ((prefix != NULL) && (URI == NULL)) { + if (ctxt->dictNames) { + const xmlChar *fullname; + + fullname = xmlDictQLookup(ctxt->dict, prefix, localname); + if (fullname != NULL) + localname = fullname; + } else { + lname = xmlBuildQName(localname, prefix, NULL, 0); + } + } + /* * allocate the node */ if (ctxt->freeElems != NULL) { @@ -2194,7 +2209,10 @@ xmlSAX2StartElementNs(void *ctx, if (ctxt->dictNames) ret->name = localname; else { - ret->name = xmlStrdup(localname); + if (lname == NULL) + ret->name = xmlStrdup(localname); + else + ret->name = lname; if (ret->name == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; @@ -2206,8 +2224,11 @@ xmlSAX2StartElementNs(void *ctx, if (ctxt->dictNames) ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, (xmlChar *) localname, NULL); - else + else if (lname == NULL) ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); + else + ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, + (xmlChar *) lname, NULL); if (ret == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; diff --git a/result/namespaces/err_7.xml b/result/namespaces/err_7.xml index f4e5164..4b4c662 100644 --- a/result/namespaces/err_7.xml +++ b/result/namespaces/err_7.xml @@ -1,2 +1,2 @@ <?xml version="1.0"?> -<foo/> + diff --git a/result/xmlid/id_tst2.xml b/result/xmlid/id_tst2.xml index 33ee896..856a320 100644 --- a/result/xmlid/id_tst2.xml +++ b/result/xmlid/id_tst2.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT foo +1 ELEMENT n:foo ATTRIBUTE id TEXT content=bar diff --git a/result/xmlid/id_tst3.xml b/result/xmlid/id_tst3.xml index e2f8228..6d8865c 100644 --- a/result/xmlid/id_tst3.xml +++ b/result/xmlid/id_tst3.xml @@ -1,6 +1,6 @@ Object is a Node Set : Set contains 1 nodes: -1 ELEMENT o:o +1 ELEMENT f:o:o ATTRIBUTE id TEXT content=bar commit 1c989278d9650daafc79e55750bec5a5a224a553 Author: Daniel Veillard Date: Thu Jan 26 19:43:06 2012 +0800 Fix SAX2 builder in case of undefined attributes namespace To follow the early XML-1.0 REC, the new localname is "prefix:localname" and there is obviously now namespace. diff --git a/SAX2.c b/SAX2.c index 0c48d65..e230cea 100644 --- a/SAX2.c +++ b/SAX2.c @@ -2335,8 +2335,33 @@ xmlSAX2StartElementNs(void *ctx, */ if (nb_attributes > 0) { for (j = 0,i = 0;i < nb_attributes;i++,j+=5) { + /* + * Handle the rare case of an undefined atribute prefix + */ + if ((attributes[j+1] != NULL) && (attributes[j+2] == NULL)) { + if (ctxt->dictNames) { + const xmlChar *fullname; + + fullname = xmlDictQLookup(ctxt->dict, attributes[j+1], + attributes[j]); + if (fullname != NULL) { + xmlSAX2AttributeNs(ctxt, fullname, NULL, + attributes[j+3], attributes[j+4]); + continue; + } + } else { + lname = xmlBuildQName(attributes[j], attributes[j+1], + NULL, 0); + if (lname != NULL) { + xmlSAX2AttributeNs(ctxt, lname, NULL, + attributes[j+3], attributes[j+4]); + xmlFree(lname); + continue; + } + } + } xmlSAX2AttributeNs(ctxt, attributes[j], attributes[j+1], - attributes[j+3], attributes[j+4]); + attributes[j+3], attributes[j+4]); } } ++++++ libxml2-CVE-2012-2807.patch ++++++

From 459eeb9dc752d5185f57ff6b135027f11981a626 Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Tue, 17 Jul 2012 08:19:17 +0000 Subject: Fix parser local buffers size problems

--- Index: libxml2-2.7.8/parser.c =================================================================== --- libxml2-2.7.8.orig/parser.c 2012-03-01 06:25:02.000000000 +0100 +++ libxml2-2.7.8/parser.c 2012-08-01 13:36:55.890102432 +0200 @@ -40,6 +40,7 @@ #endif #include +#include #include #include #include @@ -117,10 +118,10 @@ xmlCreateEntityParserCtxtInternal(const * parser option. */ static int -xmlParserEntityCheck(xmlParserCtxtPtr ctxt, unsigned long size, +xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, xmlEntityPtr ent) { - unsigned long consumed = 0; + size_t consumed = 0; if ((ctxt == NULL) || (ctxt->options & XML_PARSE_HUGE)) return (0); @@ -2589,15 +2590,17 @@ xmlParserHandlePEReference(xmlParserCtxt /* * Macro used to grow the current buffer. + * buffer##_size is expected to be a size_t + * mem_error: is expected to handle memory allocation failures */ #define growBuffer(buffer, n) { \ xmlChar *tmp; \ - buffer##_size *= 2; \ - buffer##_size += n; \ - tmp = (xmlChar *) \ - xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \ + size_t new_size = buffer##_size * 2 + n; \ + if (new_size < buffer##_size) goto mem_error; \ + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \ if (tmp == NULL) goto mem_error; \ buffer = tmp; \ + buffer##_size = new_size; \ } /** @@ -2623,14 +2626,14 @@ xmlChar * xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, int what, xmlChar end, xmlChar end2, xmlChar end3) { xmlChar *buffer = NULL; - int buffer_size = 0; + size_t buffer_size = 0; + size_t nbchars = 0; xmlChar *current = NULL; xmlChar *rep = NULL; const xmlChar *last; xmlEntityPtr ent; int c,l; - int nbchars = 0; if ((ctxt == NULL) || (str == NULL) || (len < 0)) return(NULL); @@ -2647,7 +2650,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt * allocate a translation buffer. */ buffer_size = XML_PARSER_BIG_BUFFER_SIZE; - buffer = (xmlChar *) xmlMallocAtomic(buffer_size * sizeof(xmlChar)); + buffer = (xmlChar *) xmlMallocAtomic(buffer_size); if (buffer == NULL) goto mem_error; /* @@ -2667,7 +2670,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt if (val != 0) { COPY_BUF(0,buffer,nbchars,val); } - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { growBuffer(buffer, XML_PARSER_BUFFER_SIZE); } } else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) { @@ -2685,7 +2688,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { if (ent->content != NULL) { COPY_BUF(0,buffer,nbchars,ent->content[0]); - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { growBuffer(buffer, XML_PARSER_BUFFER_SIZE); } } else { @@ -2702,8 +2705,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt current = rep; while (*current != 0) { /* non input consuming loop */ buffer[nbchars++] = *current++; - if (nbchars > - buffer_size - XML_PARSER_BUFFER_SIZE) { + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { if (xmlParserEntityCheck(ctxt, nbchars, ent)) goto int_error; growBuffer(buffer, XML_PARSER_BUFFER_SIZE); @@ -2717,7 +2719,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt const xmlChar *cur = ent->name; buffer[nbchars++] = '&'; - if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { + if (nbchars + i + XML_PARSER_BUFFER_SIZE > buffer_size) { growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); } for (;i > 0;i--) @@ -2745,8 +2747,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt current = rep; while (*current != 0) { /* non input consuming loop */ buffer[nbchars++] = *current++; - if (nbchars > - buffer_size - XML_PARSER_BUFFER_SIZE) { + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { if (xmlParserEntityCheck(ctxt, nbchars, ent)) goto int_error; growBuffer(buffer, XML_PARSER_BUFFER_SIZE); @@ -2759,8 +2760,8 @@ xmlStringLenDecodeEntities(xmlParserCtxt } else { COPY_BUF(l,buffer,nbchars,c); str += l; - if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) { - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); + if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { + growBuffer(buffer, XML_PARSER_BUFFER_SIZE); } } if (str < last) @@ -3764,8 +3765,8 @@ xmlParseAttValueComplex(xmlParserCtxtPtr xmlChar limit = 0; xmlChar *buf = NULL; xmlChar *rep = NULL; - int len = 0; - int buf_size = 0; + size_t len = 0; + size_t buf_size = 0; int c, l, in_space = 0; xmlChar *current = NULL; xmlEntityPtr ent; @@ -3787,7 +3788,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr * allocate a translation buffer. */ buf_size = XML_PARSER_BUFFER_SIZE; - buf = (xmlChar *) xmlMallocAtomic(buf_size * sizeof(xmlChar)); + buf = (xmlChar *) xmlMallocAtomic(buf_size); if (buf == NULL) goto mem_error; /* @@ -3804,7 +3805,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr if (val == '&') { if (ctxt->replaceEntities) { - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } buf[len++] = '&'; @@ -3813,7 +3814,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr * The reparsing will be done in xmlStringGetNodeList() * called by the attribute() function in SAX.c */ - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } buf[len++] = '&'; @@ -3823,7 +3824,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr buf[len++] = ';'; } } else if (val != 0) { - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } len += xmlCopyChar(0, &buf[len], val); @@ -3835,7 +3836,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt->nbentities += ent->owner; if ((ent != NULL) && (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) { - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } if ((ctxt->replaceEntities == 0) && @@ -3863,7 +3864,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr current++; } else buf[len++] = *current++; - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } } @@ -3871,7 +3872,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr rep = NULL; } } else { - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } if (ent->content != NULL) @@ -3899,7 +3900,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr * Just output the reference */ buf[len++] = '&'; - while (len > buf_size - i - 10) { + while (len + i + 10 > buf_size) { growBuffer(buf, i + 10); } for (;i > 0;i--) @@ -3912,7 +3913,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr if ((len != 0) || (!normalize)) { if ((!normalize) || (!in_space)) { COPY_BUF(l,buf,len,0x20); - while (len > buf_size - 10) { + while (len + 10 > buf_size) { growBuffer(buf, 10); } } @@ -3921,7 +3922,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr } else { in_space = 0; COPY_BUF(l,buf,len,c); - if (len > buf_size - 10) { + if (len + 10 > buf_size) { growBuffer(buf, 10); } } @@ -3946,7 +3947,18 @@ xmlParseAttValueComplex(xmlParserCtxtPtr } } else NEXT; - if (attlen != NULL) *attlen = len; + + /* + * There we potentially risk an overflow, don't allow attribute value of + * lenght more than INT_MAX it is a very reasonnable assumption ! + */ + if (len >= INT_MAX) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue lenght too long\n"); + goto mem_error; + } + + if (attlen != NULL) *attlen = (int) len; return(buf); mem_error: Index: libxml2-2.7.8/entities.c =================================================================== --- libxml2-2.7.8.orig/entities.c 2012-03-01 06:25:02.000000000 +0100 +++ libxml2-2.7.8/entities.c 2012-08-01 13:36:02.213499245 +0200 @@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xml * Macro used to grow the current buffer. */ #define growBufferReentrant() { \ - buffer_size *= 2; \ - buffer = (xmlChar *) \ - xmlRealloc(buffer, buffer_size * sizeof(xmlChar)); \ - if (buffer == NULL) { \ - xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\ - return(NULL); \ - } \ + xmlChar *tmp; \ + size_t new_size = buffer_size *= 2; \ + if (new_size < buffer_size) goto mem_error; \ + tmp = (xmlChar *) xmlRealloc(buffer, new_size); \ + if (tmp == NULL) goto mem_error; \ + buffer = tmp; \ + buffer_size = new_size; \ } @@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc const xmlChar *cur = input; xmlChar *buffer = NULL; xmlChar *out = NULL; - int buffer_size = 0; + size_t buffer_size = 0; int html = 0; if (input == NULL) return(NULL); @@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc out = buffer; while (*cur != '\0') { - if (out - buffer > buffer_size - 100) { - int indx = out - buffer; + size_t indx = out - buffer; + if (indx + 100 > buffer_size) { growBufferReentrant(); out = &buffer[indx]; @@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc } *out = 0; return(buffer); + +mem_error: + xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed"); + xmlFree(buffer); + return(NULL); } /** @@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTR const xmlChar *cur = input; xmlChar *buffer = NULL; xmlChar *out = NULL; - int buffer_size = 0; + size_t buffer_size = 0; if (input == NULL) return(NULL); /* @@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTR out = buffer; while (*cur != '\0') { - if (out - buffer > buffer_size - 10) { - int indx = out - buffer; + size_t indx = out - buffer; + if (indx + 10 > buffer_size) { growBufferReentrant(); out = &buffer[indx]; @@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTR } *out = 0; return(buffer); + +mem_error: + xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed"); + xmlFree(buffer); + return(NULL); } /** ++++++ libxml2-CVE-2012-5134.patch ++++++

From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Mon, 29 Oct 2012 02:39:55 +0000 Subject: Fix potential out of bound access

--- Index: libxml2-2.8.0/parser.c =================================================================== --- libxml2-2.8.0.orig/parser.c 2012-05-18 09:30:30.000000000 +0200 +++ libxml2-2.8.0/parser.c 2012-12-07 12:00:57.111732279 +0100 @@ -3931,7 +3931,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr c = CUR_CHAR(l); } if ((in_space) && (normalize)) { - while (buf[len - 1] == 0x20) len--; + while ((len > 0) && (buf[len - 1] == 0x20)) len--; } buf[len] = 0; if (RAW == '<') { ++++++ libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch ++++++

From 23f05e0c33987d6605387b300c4be5da2120a7ab Mon Sep 17 00:00:00 2001 From: Daniel Veillard Date: Tue, 19 Feb 2013 10:21:49 +0800 Subject: [PATCH] Detect excessive entities expansion upon replacement

If entities expansion in the XML parser is asked for, it is possble to craft relatively small input document leading to excessive on-the-fly content generation. This patch accounts for those replacement and stop parsing after a given threshold. it can be bypassed as usual with the HUGE parser option. --- include/libxml/parser.h | 1 + parser.c | 44 ++++++++++++++++++++++++++++++++++++++------ parserInternals.c | 2 ++ 3 files changed, 41 insertions(+), 6 deletions(-) Index: libxml2-2.7.8/include/libxml/parser.h =================================================================== --- libxml2-2.7.8.orig/include/libxml/parser.h 2012-03-01 06:25:02.000000000 +0100 +++ libxml2-2.7.8/include/libxml/parser.h 2013-03-07 14:33:36.522115244 +0100 @@ -308,6 +308,7 @@ struct _xmlParserCtxt { int nodeInfoNr; /* Depth of the parsing stack */ int nodeInfoMax; /* Max depth of the parsing stack */ xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ + unsigned long sizeentcopy; /* volume of entity copy */ }; /** Index: libxml2-2.7.8/parser.c =================================================================== --- libxml2-2.7.8.orig/parser.c 2013-03-07 14:32:24.067961711 +0100 +++ libxml2-2.7.8/parser.c 2013-03-07 14:32:39.704426464 +0100 @@ -119,7 +119,7 @@ xmlCreateEntityParserCtxtInternal(const */ static int xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - xmlEntityPtr ent) + xmlEntityPtr ent, size_t replacement) { size_t consumed = 0; @@ -127,7 +127,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ct return (0); if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) return (1); - if (size != 0) { + if (replacement != 0) { + if (replacement < XML_MAX_TEXT_LENGTH) + return(0); + + /* + * If the volume of entity copy reaches 10 times the + * amount of parsed data and over the large text threshold + * then that's very likely to be an abuse. + */ + if (ctxt->input != NULL) { + consumed = ctxt->input->consumed + + (ctxt->input->cur - ctxt->input->base); + } + consumed += ctxt->sizeentities; + + if (replacement < XML_PARSER_NON_LINEAR * consumed) + return(0); + } else if (size != 0) { /* * Do the check based on the replacement size of the entity */ @@ -173,7 +190,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ct */ return (0); } - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); return (1); } @@ -2706,7 +2722,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt while (*current != 0) { /* non input consuming loop */ buffer[nbchars++] = *current++; if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { - if (xmlParserEntityCheck(ctxt, nbchars, ent)) + if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) goto int_error; growBuffer(buffer, XML_PARSER_BUFFER_SIZE); } @@ -2748,7 +2764,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt while (*current != 0) { /* non input consuming loop */ buffer[nbchars++] = *current++; if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { - if (xmlParserEntityCheck(ctxt, nbchars, ent)) + if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) goto int_error; growBuffer(buffer, XML_PARSER_BUFFER_SIZE); } @@ -6975,7 +6991,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) xmlFreeNodeList(list); return; } - if (xmlParserEntityCheck(ctxt, 0, ent)) { + if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { xmlFreeNodeList(list); return; } @@ -7135,6 +7151,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) xmlNodePtr nw = NULL, cur, firstChild = NULL; /* + * We are copying here, make sure there is no abuse + */ + ctxt->sizeentcopy += ent->length; + if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) + return; + + /* * when operating on a reader, the entities definitions * are always owning the entities subtree. if (ctxt->parseMode == XML_PARSE_READER) @@ -7174,6 +7197,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) } else if (list == NULL) { xmlNodePtr nw = NULL, cur, next, last, firstChild = NULL; + + /* + * We are copying here, make sure there is no abuse + */ + ctxt->sizeentcopy += ent->length; + if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) + return; + /* * Copy the entity child list and make it the new * entity child list. The goal is to make sure any @@ -14339,6 +14370,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt) ctxt->catalogs = NULL; ctxt->nbentities = 0; ctxt->sizeentities = 0; + ctxt->sizeentcopy = 0; xmlInitNodeInfoSeq(&ctxt->node_seq); if (ctxt->attsDefault != NULL) { Index: libxml2-2.7.8/parserInternals.c =================================================================== --- libxml2-2.7.8.orig/parserInternals.c 2012-03-01 06:25:02.000000000 +0100 +++ libxml2-2.7.8/parserInternals.c 2013-03-07 14:34:38.744964733 +0100 @@ -1757,6 +1757,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt) ctxt->charset = XML_CHAR_ENCODING_UTF8; ctxt->catalogs = NULL; ctxt->nbentities = 0; + ctxt->sizeentities = 0; + ctxt->sizeentcopy = 0; xmlInitNodeInfoSeq(&ctxt->node_seq); return(0); } ++++++ libxml2-lzma_memory_leak.patch ++++++ commit 9f3cdef08a5d45c82c71bf740a54e2bc5d07f3ec Author: Daniel Veillard Date: Tue May 15 09:38:13 2012 +0800 Fix a memory leak in the xzlib code The freeing function wasn't called due to a bogus #ifdef surrounding value. Also switch the code to use the normal libxml2 allocation and freeing routines. diff --git a/xzlib.c b/xzlib.c index f1f50e5..b2db4ee 100644 --- a/xzlib.c +++ b/xzlib.c @@ -37,6 +37,7 @@ #include #include "xzlib.h" +#include /* values for xz_state how */ #define LOOK 0 /* look for a gzip/lzma header */ @@ -68,6 +69,7 @@ typedef struct { int err; /* error code */ char *msg; /* error message */ /* lzma stream */ + int init; /* is the iniflate stream initialized */ lzma_stream strm; /* stream structure in-place (not a pointer) */ char padding1[32]; /* padding allowing to cope with possible extensions of above structure without @@ -87,7 +89,7 @@ xz_error(xz_statep state, int err, const char *msg) /* free previously allocated message and clear */ if (state->msg != NULL) { if (state->err != LZMA_MEM_ERROR) - free(state->msg); + xmlFree(state->msg); state->msg = NULL; } @@ -104,7 +106,7 @@ xz_error(xz_statep state, int err, const char *msg) /* construct error message with path */ if ((state->msg = - malloc(strlen(state->path) + strlen(msg) + 3)) == NULL) { + xmlMalloc(strlen(state->path) + strlen(msg) + 3)) == NULL) { state->err = LZMA_MEM_ERROR; state->msg = (char *) "out of memory"; return; @@ -137,17 +139,18 @@ xz_open(const char *path, int fd, const char *mode ATTRIBUTE_UNUSED) xz_statep state; /* allocate xzFile structure to return */ - state = malloc(sizeof(xz_state)); + state = xmlMalloc(sizeof(xz_state)); if (state == NULL) return NULL; state->size = 0; /* no buffers allocated yet */ state->want = BUFSIZ; /* requested buffer size */ state->msg = NULL; /* no error message yet */ + state->init = 0; /* initialization of zlib data */ /* save the path name for error messages */ - state->path = malloc(strlen(path) + 1); + state->path = xmlMalloc(strlen(path) + 1); if (state->path == NULL) { - free(state); + xmlFree(state); return NULL; } strcpy(state->path, path); @@ -162,8 +165,8 @@ xz_open(const char *path, int fd, const char *mode ATTRIBUTE_UNUSED) #endif O_RDONLY, 0666); if (state->fd == -1) { - free(state->path); - free(state); + xmlFree(state->path); + xmlFree(state); return NULL; } @@ -191,11 +194,11 @@ __libxml2_xzdopen(int fd, const char *mode) char *path; /* identifier for error messages */ xzFile xz; - if (fd == -1 || (path = malloc(7 + 3 * sizeof(int))) == NULL) + if (fd == -1 || (path = xmlMalloc(7 + 3 * sizeof(int))) == NULL) return NULL; sprintf(path, "fd:%d", fd); /* for debugging */ xz = xz_open(path, fd, mode); - free(path); + xmlFree(path); return xz; } @@ -270,7 +273,7 @@ is_format_lzma(xz_statep state) opt = filter.options; dict_size = opt->dict_size; - free(opt); + xmlFree(opt); /* A hack to ditch tons of false positives: We allow only dictionary * sizes that are 2^n or 2^n + 2^(n-1) or UINT32_MAX. LZMA_Alone @@ -344,13 +347,13 @@ xz_head(xz_statep state) /* allocate read buffers and inflate memory */ if (state->size == 0) { /* allocate buffers */ - state->in = malloc(state->want); - state->out = malloc(state->want << 1); + state->in = xmlMalloc(state->want); + state->out = xmlMalloc(state->want << 1); if (state->in == NULL || state->out == NULL) { if (state->out != NULL) - free(state->out); + xmlFree(state->out); if (state->in != NULL) - free(state->in); + xmlFree(state->in); xz_error(state, LZMA_MEM_ERROR, "out of memory"); return -1; } @@ -361,8 +364,8 @@ xz_head(xz_statep state) state->strm.avail_in = 0; state->strm.next_in = NULL; if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) { - free(state->out); - free(state->in); + xmlFree(state->out); + xmlFree(state->in); state->size = 0; xz_error(state, LZMA_MEM_ERROR, "out of memory"); return -1; @@ -374,12 +377,15 @@ xz_head(xz_statep state) state->zstrm.opaque = Z_NULL; state->zstrm.avail_in = 0; state->zstrm.next_in = Z_NULL; - if (inflateInit2(&(state->zstrm), -15) != Z_OK) { /* raw inflate */ - free(state->out); - free(state->in); - state->size = 0; - xz_error(state, LZMA_MEM_ERROR, "out of memory"); - return -1; + if (state->init == 0) { + if (inflateInit2(&(state->zstrm), -15) != Z_OK) {/* raw inflate */ + xmlFree(state->out); + xmlFree(state->in); + state->size = 0; + xz_error(state, LZMA_MEM_ERROR, "out of memory"); + return -1; + } + state->init = 1; } #endif } @@ -733,15 +739,17 @@ __libxml2_xzclose(xzFile file) /* free memory and close file */ if (state->size) { lzma_end(&(state->strm)); -#ifdef HAVE_LIBZ_H - inflateEnd(&(state->zstrm)); +#ifdef HAVE_ZLIB_H + if (state->init == 1) + inflateEnd(&(state->zstrm)); + state->init = 0; #endif - free(state->out); - free(state->in); + xmlFree(state->out); + xmlFree(state->in); } - free(state->path); + xmlFree(state->path); ret = close(state->fd); - free(state); + xmlFree(state); return ret ? ret : LZMA_OK; } #endif /* HAVE_LZMA_H */ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org