[arch-commits] Commit in libxml2/repos (8 files)
Jan de Groot
jgc at archlinux.org
Mon Nov 17 19:48:07 UTC 2014
Date: Monday, November 17, 2014 @ 20:48:07
Author: jgc
Revision: 226351
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
libxml2/repos/extra-i686/PKGBUILD
(from rev 226350, libxml2/trunk/PKGBUILD)
libxml2/repos/extra-i686/fix-CVE-2014-3660.patch
(from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch)
libxml2/repos/extra-i686/revert-catalog-initialize.patch
(from rev 226350, libxml2/trunk/revert-catalog-initialize.patch)
libxml2/repos/extra-x86_64/PKGBUILD
(from rev 226350, libxml2/trunk/PKGBUILD)
libxml2/repos/extra-x86_64/fix-CVE-2014-3660.patch
(from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch)
libxml2/repos/extra-x86_64/revert-catalog-initialize.patch
(from rev 226350, libxml2/trunk/revert-catalog-initialize.patch)
Deleted:
libxml2/repos/extra-i686/PKGBUILD
libxml2/repos/extra-x86_64/PKGBUILD
----------------------------------------------+
/PKGBUILD | 96 +++++++++++++++++++++++++
extra-i686/PKGBUILD | 42 ----------
extra-i686/fix-CVE-2014-3660.patch | 28 +++++++
extra-i686/revert-catalog-initialize.patch | 26 ++++++
extra-x86_64/PKGBUILD | 42 ----------
extra-x86_64/fix-CVE-2014-3660.patch | 28 +++++++
extra-x86_64/revert-catalog-initialize.patch | 26 ++++++
7 files changed, 204 insertions(+), 84 deletions(-)
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2014-11-17 19:47:58 UTC (rev 226350)
+++ extra-i686/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351)
@@ -1,42 +0,0 @@
-# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-# Maintainer: Tom Gundersen <teg at jklm.no>
-# Contributor: John Proctor <jproctor at prium.net>
-
-pkgname=libxml2
-pkgver=2.9.2
-pkgrel=1
-pkgdesc="XML parsing library, version 2"
-arch=(i686 x86_64)
-license=('MIT')
-depends=('zlib' 'readline' 'ncurses' 'xz')
-makedepends=('python2')
-optdepends=('python2: python bindings to libxml')
-url="http://www.xmlsoft.org/"
-source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
- http://www.w3.org/XML/Test/xmlts20080827.tar.gz)
-md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
- 'ae3d1ebe000a3972afa104ca7f0e1b4a')
-
-prepare() {
- cd ${pkgname}-${pkgver}
- sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
- mv ../xmlconf .
-}
-
-build() {
- cd ${pkgname}-${pkgver}
- ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
- make
-}
-
-check() {
- cd ${pkgname}-${pkgver}
- make check
-}
-
-package() {
- cd ${pkgname}-${pkgver}
- make DESTDIR="${pkgdir}" install
- install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
-}
Copied: libxml2/repos/extra-i686/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,48 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+# Maintainer: Tom Gundersen <teg at jklm.no>
+# Contributor: John Proctor <jproctor at prium.net>
+
+pkgname=libxml2
+pkgver=2.9.2
+pkgrel=2
+pkgdesc="XML parsing library, version 2"
+arch=(i686 x86_64)
+license=('MIT')
+depends=('zlib' 'readline' 'ncurses' 'xz')
+makedepends=('python2')
+optdepends=('python2: python bindings to libxml')
+url="http://www.xmlsoft.org/"
+source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ http://www.w3.org/XML/Test/xmlts20080827.tar.gz
+ revert-catalog-initialize.patch
+ fix-CVE-2014-3660.patch)
+md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
+ 'ae3d1ebe000a3972afa104ca7f0e1b4a'
+ 'fdb2e26174ac9cced85ffbf4fb782187'
+ '71c88ee5a133461a8ab8aaa194899453')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
+ mv ../xmlconf .
+ patch -Np1 -i ../revert-catalog-initialize.patch
+ patch -Np1 -i ../fix-CVE-2014-3660.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make check
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}
Copied: libxml2/repos/extra-i686/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch)
===================================================================
--- extra-i686/fix-CVE-2014-3660.patch (rev 0)
+++ extra-i686/fix-CVE-2014-3660.patch 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,28 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ * far more secure as the parser will only process data coming from
+ * the document entity by default.
+ */
+- if ((ent->checked == 0) &&
++ if (((ent->checked == 0) ||
++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ unsigned long oldnbent = ctxt->nbentities;
+--
+cgit v0.10.1
+
Copied: libxml2/repos/extra-i686/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch)
===================================================================
--- extra-i686/revert-catalog-initialize.patch (rev 0)
+++ extra-i686/revert-catalog-initialize.patch 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,26 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+- xmlInitializeCatalog();
+-#endif
+ xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+ }
+--
+cgit v0.10.1
+
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2014-11-17 19:47:58 UTC (rev 226350)
+++ extra-x86_64/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351)
@@ -1,42 +0,0 @@
-# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
-# Maintainer: Tom Gundersen <teg at jklm.no>
-# Contributor: John Proctor <jproctor at prium.net>
-
-pkgname=libxml2
-pkgver=2.9.2
-pkgrel=1
-pkgdesc="XML parsing library, version 2"
-arch=(i686 x86_64)
-license=('MIT')
-depends=('zlib' 'readline' 'ncurses' 'xz')
-makedepends=('python2')
-optdepends=('python2: python bindings to libxml')
-url="http://www.xmlsoft.org/"
-source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
- http://www.w3.org/XML/Test/xmlts20080827.tar.gz)
-md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
- 'ae3d1ebe000a3972afa104ca7f0e1b4a')
-
-prepare() {
- cd ${pkgname}-${pkgver}
- sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
- mv ../xmlconf .
-}
-
-build() {
- cd ${pkgname}-${pkgver}
- ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
- make
-}
-
-check() {
- cd ${pkgname}-${pkgver}
- make check
-}
-
-package() {
- cd ${pkgname}-${pkgver}
- make DESTDIR="${pkgdir}" install
- install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
-}
Copied: libxml2/repos/extra-x86_64/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,48 @@
+# $Id$
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+# Maintainer: Tom Gundersen <teg at jklm.no>
+# Contributor: John Proctor <jproctor at prium.net>
+
+pkgname=libxml2
+pkgver=2.9.2
+pkgrel=2
+pkgdesc="XML parsing library, version 2"
+arch=(i686 x86_64)
+license=('MIT')
+depends=('zlib' 'readline' 'ncurses' 'xz')
+makedepends=('python2')
+optdepends=('python2: python bindings to libxml')
+url="http://www.xmlsoft.org/"
+source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ http://www.w3.org/XML/Test/xmlts20080827.tar.gz
+ revert-catalog-initialize.patch
+ fix-CVE-2014-3660.patch)
+md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
+ 'ae3d1ebe000a3972afa104ca7f0e1b4a'
+ 'fdb2e26174ac9cced85ffbf4fb782187'
+ '71c88ee5a133461a8ab8aaa194899453')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
+ mv ../xmlconf .
+ patch -Np1 -i ../revert-catalog-initialize.patch
+ patch -Np1 -i ../fix-CVE-2014-3660.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make check
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
+}
Copied: libxml2/repos/extra-x86_64/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch)
===================================================================
--- extra-x86_64/fix-CVE-2014-3660.patch (rev 0)
+++ extra-x86_64/fix-CVE-2014-3660.patch 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,28 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ * far more secure as the parser will only process data coming from
+ * the document entity by default.
+ */
+- if ((ent->checked == 0) &&
++ if (((ent->checked == 0) ||
++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ unsigned long oldnbent = ctxt->nbentities;
+--
+cgit v0.10.1
+
Copied: libxml2/repos/extra-x86_64/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch)
===================================================================
--- extra-x86_64/revert-catalog-initialize.patch (rev 0)
+++ extra-x86_64/revert-catalog-initialize.patch 2014-11-17 19:48:07 UTC (rev 226351)
@@ -0,0 +1,26 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard at redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+- xmlInitializeCatalog();
+-#endif
+ xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+ }
+--
+cgit v0.10.1
+
More information about the arch-commits
mailing list