[arch-commits] Commit in libxml2/trunk (PKGBUILD libxml2-2.6.32.entities.patch)

Jan de Groot jgc at archlinux.org
Tue Oct 21 07:15:48 UTC 2008


    Date: Tuesday, October 21, 2008 @ 03:15:48
  Author: jgc
Revision: 16090

upgpkg: libxml2 2.6.32-4
    Security update

Added:
  libxml2/trunk/libxml2-2.6.32.entities.patch
Modified:
  libxml2/trunk/PKGBUILD

-------------------------------+
 PKGBUILD                      |   14 +-
 libxml2-2.6.32.entities.patch |  216 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 224 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2008-10-21 06:41:27 UTC (rev 16089)
+++ PKGBUILD	2008-10-21 07:15:48 UTC (rev 16090)
@@ -4,7 +4,7 @@
 
 pkgname=libxml2
 pkgver=2.6.32
-pkgrel=3
+pkgrel=4
 pkgdesc="XML parsing library, version 2"
 arch=(i686 x86_64)
 license=('custom')
@@ -12,16 +12,18 @@
 makedepends=('python>=2.5')
 options=('!libtool')
 source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
-	largefile64.patch)
+	largefile64.patch
+	libxml2-2.6.32.entities.patch)
 url="http://www.xmlsoft.org/"
 md5sums=('2621d322c16f0257e30f0ff2b13384de' '5ad4915665608ebfa5b89f7908467a72')
 
 build() {
-  cd ${startdir}/src/${pkgname}-${pkgver}
+  cd "${srcdir}/${pkgname}-${pkgver}"
   patch -Np1 -i ${srcdir}/largefile64.patch || return 1
+  patch -Np0 -i ${srcdir}/libxml2-2.6.32.entities.patch || return 1
   ./configure --prefix=/usr --with-threads --with-history || return 1
   make || return 1
-  make DESTDIR=${startdir}/pkg install || return 1
-  install -m755 -d ${pkgdir}/usr/share/licenses/${pkgname}
-  install -m644 COPYING ${pkgdir}/usr/share/licenses/${pkgname}/ || return 1
+  make DESTDIR="${pkgdir}" install || return 1
+  install -m755 -d "${pkgdir}/usr/share/licenses/${pkgname}"
+  install -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/" || return 1
 }

Added: libxml2-2.6.32.entities.patch
===================================================================
--- libxml2-2.6.32.entities.patch	                        (rev 0)
+++ libxml2-2.6.32.entities.patch	2008-10-21 07:15:48 UTC (rev 16090)
@@ -0,0 +1,216 @@
+Index: include/libxml/parser.h
+===================================================================
+--- include/libxml/parser.h	(revision 3771)
++++ include/libxml/parser.h	(working copy)
+@@ -297,6 +297,7 @@ struct _xmlParserCtxt {
+      */
+     xmlError          lastError;
+     xmlParserMode     parseMode;    /* the parser mode */
++    unsigned long    nbentities;    /* number of entities references */
+ };
+ 
+ /**
+Index: parserInternals.c
+===================================================================
+--- parserInternals.c	(revision 3771)
++++ parserInternals.c	(working copy)
+@@ -1670,6 +1670,7 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
+     ctxt->depth = 0;
+     ctxt->charset = XML_CHAR_ENCODING_UTF8;
+     ctxt->catalogs = NULL;
++    ctxt->nbentities = 0;
+     xmlInitNodeInfoSeq(&ctxt->node_seq);
+     return(0);
+ }
+Index: SAX2.c
+===================================================================
+--- SAX2.c	(revision 3772)
++++ SAX2.c	(working copy)
+@@ -580,7 +580,8 @@ xmlSAX2GetEntity(void *ctx, const xmlCha
+ 	    return(NULL);
+ 	}
+ 	ret->owner = 1;
+-	ret->checked = 1;
++	if (ret->checked == 0)
++	    ret->checked = 1;
+     }
+     return(ret);
+ }
+--- parser.c.orig	2008-04-08 16:47:58.000000000 +0200
++++ parser.c	2008-08-25 17:55:30.000000000 +0200
+@@ -2344,7 +2344,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt
+ 	return(NULL);
+     last = str + len;
+ 
+-    if (ctxt->depth > 40) {
++    if ((ctxt->depth > 40) || (ctxt->nbentities >= 500000)) {
+ 	xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
+ 	return(NULL);
+     }
+@@ -2382,6 +2382,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt
+ 			"String decoding Entity Reference: %.30s\n",
+ 			str);
+ 	    ent = xmlParseStringEntityRef(ctxt, &str);
++	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
++	        goto int_error;
++	    ctxt->nbentities++;
++	    if (ent != NULL)
++	        ctxt->nbentities += ent->checked;
+ 	    if ((ent != NULL) &&
+ 		(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
+ 		if (ent->content != NULL) {
+@@ -2427,6 +2432,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt
+ 		xmlGenericError(xmlGenericErrorContext,
+ 			"String decoding PE Reference: %.30s\n", str);
+ 	    ent = xmlParseStringPEReference(ctxt, &str);
++	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
++	        goto int_error;
++	    ctxt->nbentities++;
++	    if (ent != NULL)
++	        ctxt->nbentities += ent->checked;
+ 	    if (ent != NULL) {
+                 if (ent->content == NULL) {
+ 		    if (xmlLoadEntityContent(ctxt, ent) < 0) {
+@@ -2466,6 +2476,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt
+ 
+ mem_error:
+     xmlErrMemory(ctxt, NULL);
++int_error:
+     if (rep != NULL)
+         xmlFree(rep);
+     if (buffer != NULL)
+@@ -3280,6 +3291,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
+ 		}
+ 	    } else {
+ 		ent = xmlParseEntityRef(ctxt);
++		ctxt->nbentities++;
++		if (ent != NULL)
++		    ctxt->nbentities += ent->checked;
+ 		if ((ent != NULL) &&
+ 		    (ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
+ 		    if (len > buf_size - 10) {
+@@ -4566,6 +4580,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt
+     int isParameter = 0;
+     xmlChar *orig = NULL;
+     int skipped;
++    unsigned long oldnbent = ctxt->nbentities;
+     
+     /* GROW; done in the caller */
+     if (CMP8(CUR_PTR, '<', '!', 'E', 'N', 'T', 'I', 'T', 'Y')) {
+@@ -4783,6 +4798,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt
+ 		}
+ 	    }
+             if (cur != NULL) {
++	        cur->checked = ctxt->nbentities - oldnbent;
+ 	        if (cur->orig != NULL)
+ 		    xmlFree(orig);
+ 		else
+@@ -6189,6 +6205,11 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 	if (ent == NULL) return;
+ 	if (!ctxt->wellFormed)
+ 	    return;
++	ctxt->nbentities++;
++	if (ctxt->nbentities >= 500000) {
++	    xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
++	    return;
++	}
+ 	was_checked = ent->checked;
+ 	if ((ent->name != NULL) && 
+ 	    (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY)) {
+@@ -6249,6 +6270,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 			xmlFreeNodeList(list);
+ 		    }
+ 		} else {
++		    unsigned long oldnbent = ctxt->nbentities;
+ 		    /*
+ 		     * 4.3.2: An internal general parsed entity is well-formed
+ 		     * if its replacement text matches the production labeled
+@@ -6271,6 +6293,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 			ret = xmlParseBalancedChunkMemoryInternal(ctxt,
+ 					   value, user_data, &list);
+ 			ctxt->depth--;
++
+ 		    } else if (ent->etype ==
+ 			       XML_EXTERNAL_GENERAL_PARSED_ENTITY) {
+ 			ctxt->depth++;
+@@ -6283,6 +6306,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 			xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR,
+ 				     "invalid entity type found\n", NULL);
+ 		    }
++		    ent->checked = ctxt->nbentities - oldnbent;
+ 		    if (ret == XML_ERR_ENTITY_LOOP) {
+ 			xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
+ 			return;
+@@ -6339,8 +6363,10 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 			list = NULL;
+ 		    }
+ 		}
+-		ent->checked = 1;
++		if (ent->checked == 0)
++		    ent->checked = 1;
+ 	    }
++	    ctxt->nbentities += ent->checked;
+ 
+             if (ent->children == NULL) {
+ 		/*
+@@ -6349,7 +6375,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt)
+ 		 * though parsing for first checking go though the entity
+ 		 * content to generate callbacks associated to the entity
+ 		 */
+-		if (was_checked == 1) {
++		if (was_checked != 0) {
+ 		    void *user_data;
+ 		    /*
+ 		     * This is a bit hackish but this seems the best
+@@ -11480,7 +11506,7 @@ xmlParseCtxtExternalEntity(xmlParserCtxt
+ 
+     if (ctx == NULL) return(-1);
+ 
+-    if (ctx->depth > 40) {
++    if ((ctx->depth > 40) || (ctx->nbentities >= 500000)) {
+ 	return(XML_ERR_ENTITY_LOOP);
+     }
+ 
+@@ -11681,7 +11707,8 @@ xmlParseExternalEntityPrivate(xmlDocPtr 
+     xmlChar start[4];
+     xmlCharEncoding enc;
+ 
+-    if (depth > 40) {
++    if ((depth > 40) ||
++        ((oldctxt != NULL) && (oldctxt->nbentities >= 500000))) {
+ 	return(XML_ERR_ENTITY_LOOP);
+     }
+ 
+@@ -11824,6 +11851,7 @@ xmlParseExternalEntityPrivate(xmlDocPtr 
+     oldctxt->node_seq.maximum = ctxt->node_seq.maximum;
+     oldctxt->node_seq.length = ctxt->node_seq.length;
+     oldctxt->node_seq.buffer = ctxt->node_seq.buffer;
++    oldctxt->nbentities += ctxt->nbentities;
+     ctxt->node_seq.maximum = 0;
+     ctxt->node_seq.length = 0;
+     ctxt->node_seq.buffer = NULL;
+@@ -11924,7 +11952,7 @@ xmlParseBalancedChunkMemoryInternal(xmlP
+     int size;
+     xmlParserErrors ret = XML_ERR_OK;
+ 
+-    if (oldctxt->depth > 40) {
++    if ((oldctxt->depth > 40) || (oldctxt->nbentities >= 500000)) {
+ 	return(XML_ERR_ENTITY_LOOP);
+     }
+ 
+@@ -12048,6 +12076,7 @@ xmlParseBalancedChunkMemoryInternal(xmlP
+         ctxt->myDoc->last = last;
+     }
+ 	
++    oldctxt->nbentities += ctxt->nbentities;
+     ctxt->sax = oldsax;
+     ctxt->dict = NULL;
+     ctxt->attsDefault = NULL;
+@@ -13363,6 +13392,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
+     ctxt->depth = 0;
+     ctxt->charset = XML_CHAR_ENCODING_UTF8;
+     ctxt->catalogs = NULL;
++    ctxt->nbentities = 0;
+     xmlInitNodeInfoSeq(&ctxt->node_seq);
+ 
+     if (ctxt->attsDefault != NULL) {




More information about the arch-commits mailing list