[arch-commits] Commit in libxml2/trunk (3 files)
Jan de Groot
jgc at archlinux.org
Mon Nov 17 19:47:59 UTC 2014
Date: Monday, November 17, 2014 @ 20:47:58
Author: jgc
Revision: 226350
upgpkg: libxml2 2.9.2-2
Add post-release patches to fix regressions
Added:
libxml2/trunk/fix-CVE-2014-3660.patch
libxml2/trunk/revert-catalog-initialize.patch
Modified:
libxml2/trunk/PKGBUILD
---------------------------------+
PKGBUILD | 12 +++++++++---
fix-CVE-2014-3660.patch | 28 ++++++++++++++++++++++++++++
revert-catalog-initialize.patch | 26 ++++++++++++++++++++++++++
3 files changed, 63 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-11-17 16:31:10 UTC (rev 226349)
+++ PKGBUILD 2014-11-17 19:47:58 UTC (rev 226350)
@@ -5,7 +5,7 @@
pkgname=libxml2
pkgver=2.9.2
-pkgrel=1
+pkgrel=2
pkgdesc="XML parsing library, version 2"
arch=(i686 x86_64)
license=('MIT')
@@ -14,14 +14,20 @@
optdepends=('python2: python bindings to libxml')
url="http://www.xmlsoft.org/"
source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
- http://www.w3.org/XML/Test/xmlts20080827.tar.gz)
+ http://www.w3.org/XML/Test/xmlts20080827.tar.gz
+ revert-catalog-initialize.patch
+ fix-CVE-2014-3660.patch)
md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
- 'ae3d1ebe000a3972afa104ca7f0e1b4a')
+ 'ae3d1ebe000a3972afa104ca7f0e1b4a'
+ 'fdb2e26174ac9cced85ffbf4fb782187'
+ '71c88ee5a133461a8ab8aaa194899453')
prepare() {
cd ${pkgname}-${pkgver}
sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
mv ../xmlconf .
+ patch -Np1 -i ../revert-catalog-initialize.patch
+ patch -Np1 -i ../fix-CVE-2014-3660.patch
}
build() {
Added: fix-CVE-2014-3660.patch
===================================================================
--- fix-CVE-2014-3660.patch (rev 0)
+++ fix-CVE-2014-3660.patch 2014-11-17 19:47:58 UTC (rev 226350)
@@ -0,0 +1,28 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ * far more secure as the parser will only process data coming from
+ * the document entity by default.
+ */
+- if ((ent->checked == 0) &&
++ if (((ent->checked == 0) ||
++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ unsigned long oldnbent = ctxt->nbentities;
+--
+cgit v0.10.1
+
Added: revert-catalog-initialize.patch
===================================================================
--- revert-catalog-initialize.patch (rev 0)
+++ revert-catalog-initialize.patch 2014-11-17 19:47:58 UTC (rev 226350)
@@ -0,0 +1,26 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+- xmlInitializeCatalog();
+-#endif
+ xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+ }
+--
+cgit v0.10.1
+
More information about the arch-commits
mailing list