diff --git a/fix-perl.diff b/fix-perl.diff index e49001a..0ae9c78 100644 --- a/fix-perl.diff +++ b/fix-perl.diff @@ -11,9 +11,9 @@ Date: Thu Jan 26 19:11:02 2012 +0800 Index: SAX2.c =================================================================== ---- SAX2.c.orig -+++ SAX2.c -@@ -2162,7 +2162,6 @@ xmlSAX2StartElementNs(void *ctx, +--- SAX2.c.orig 2012-09-11 08:01:01.000000000 +0200 ++++ SAX2.c 2012-12-15 16:32:27.353560391 +0100 +@@ -2188,7 +2188,6 @@ xmlNodePtr parent; xmlNsPtr last = NULL, ns; const xmlChar *uri, *pref; @@ -21,7 +21,7 @@ Index: SAX2.c int i, j; if (ctx == NULL) return; -@@ -2182,20 +2181,6 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2208,20 +2207,6 @@ } /* @@ -42,7 +42,7 @@ Index: SAX2.c * allocate the node */ if (ctxt->freeElems != NULL) { -@@ -2208,10 +2193,7 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2234,10 +2219,7 @@ if (ctxt->dictNames) ret->name = localname; else { @@ -54,20 +54,20 @@ Index: SAX2.c if (ret->name == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; -@@ -2223,11 +2205,8 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2249,11 +2231,8 @@ if (ctxt->dictNames) - ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, + ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, (xmlChar *) localname, NULL); - else if (lname == NULL) - ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); else -- ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, +- ret = xmlNewDocNodeEatName(ctxt->myDoc, NULL, - (xmlChar *) lname, NULL); + ret = xmlNewDocNode(ctxt->myDoc, NULL, localname, NULL); if (ret == NULL) { xmlSAX2ErrMemory(ctxt, "xmlSAX2StartElementNs"); return; -@@ -2334,33 +2313,8 @@ xmlSAX2StartElementNs(void *ctx, +@@ -2360,31 +2339,6 @@ */ if (nb_attributes > 0) { for (j = 0,i = 0;i < nb_attributes;i++,j+=5) { @@ -97,11 +97,9 @@ Index: SAX2.c - } - } xmlSAX2AttributeNs(ctxt, attributes[j], attributes[j+1], -- attributes[j+3], attributes[j+4]); -+ attributes[j+3], attributes[j+4]); + attributes[j+3], attributes[j+4]); } - } - + Index: result/namespaces/err_7.xml =================================================================== --- result/namespaces/err_7.xml.orig diff --git a/libxml2-2.8.0.tar.gz b/libxml2-2.8.0.tar.gz deleted file mode 100644 index 15b0105..0000000 --- a/libxml2-2.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f2e2d0e322685193d1affec83b21dc05d599e17a7306d7b90de95bb5b9ac622a -size 4915203 diff --git a/libxml2-2.9.0-CVE-2012-5134.patch b/libxml2-2.9.0-CVE-2012-5134.patch new file mode 100644 index 0000000..b4b234f --- /dev/null +++ b/libxml2-2.9.0-CVE-2012-5134.patch @@ -0,0 +1,11 @@ +--- libxml2-2.9.0.orig/parser.c 2012-09-11 06:24:08.000000000 +0200 ++++ libxml2-2.9.0/parser.c 2012-12-15 16:12:27.441609871 +0100 +@@ -4075,7 +4075,7 @@ + goto error; + + if ((in_space) && (normalize)) { +- while (buf[len - 1] == 0x20) len--; ++ while ((len > 0) && (buf[len - 1] == 0x20)) len--; + } + buf[len] = 0; + if (RAW == '<') { diff --git a/libxml2-2.9.0.tar.gz b/libxml2-2.9.0.tar.gz new file mode 100644 index 0000000..f4c3523 --- /dev/null +++ b/libxml2-2.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82 +size 5161069 diff --git a/libxml2-CVE-2012-5134.patch b/libxml2-CVE-2012-5134.patch deleted file mode 100644 index b2abe56..0000000 --- a/libxml2-CVE-2012-5134.patch +++ /dev/null @@ -1,19 +0,0 @@ -From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Mon, 29 Oct 2012 02:39:55 +0000 -Subject: Fix potential out of bound access - ---- -Index: libxml2-2.8.0/parser.c -=================================================================== ---- libxml2-2.8.0.orig/parser.c 2012-05-18 09:30:30.000000000 +0200 -+++ libxml2-2.8.0/parser.c 2012-12-07 12:00:57.111732279 +0100 -@@ -3931,7 +3931,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr - c = CUR_CHAR(l); - } - if ((in_space) && (normalize)) { -- while (buf[len - 1] == 0x20) len--; -+ while ((len > 0) && (buf[len - 1] == 0x20)) len--; - } - buf[len] = 0; - if (RAW == '<') { diff --git a/libxml2.spec b/libxml2.spec index ba685a8..ebfc11b 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -19,7 +19,7 @@ %define lname libxml2-2 Name: libxml2 -Version: 2.8.0 +Version: 2.9.0 Release: 0 Summary: A Library to Manipulate XML Files License: MIT @@ -30,7 +30,7 @@ Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch0: fix-perl.diff # PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) -Patch1: libxml2-CVE-2012-5134.patch +Patch1: libxml2-2.9.0-CVE-2012-5134.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -104,9 +104,7 @@ to develop applications that require these. Summary: A Library to Manipulate XML Files Group: System/Libraries Requires: %{lname} = %{version} -%if 0%{?suse_version} >= 1120 BuildArch: noarch -%endif %description doc The XML C library was initially developed for the GNOME project. It is diff --git a/python-libxml2.changes b/python-libxml2.changes index e7470bc..0c61e1b 100644 --- a/python-libxml2.changes +++ b/python-libxml2.changes @@ -1,8 +1,17 @@ +------------------------------------------------------------------- +Sat Dec 15 15:55:26 UTC 2012 - p.drouand@gmail.com + +- update to 2.9.0 version: + * please see the Changelog +- Updated patchs to get working with new version: + * libxml2-2.9.0-CVE-2012-5134.patch ( libxml2-CVE-2012-5134.patch ) + * fix-perl.diff + ------------------------------------------------------------------- Tue Jun 12 18:10:07 UTC 2012 - chris@computersalat.de - update to 2.8.0 - * please se ChangeLog for more info + * please see ChangeLog for more info ------------------------------------------------------------------- Sat Feb 25 08:47:58 UTC 2012 - coolo@suse.com diff --git a/python-libxml2.spec b/python-libxml2.spec index 911a14c..a46e5bb 100644 --- a/python-libxml2.spec +++ b/python-libxml2.spec @@ -17,7 +17,7 @@ Name: python-libxml2 -Version: 2.8.0 +Version: 2.9.0 Release: 0 Summary: Python Bindings for libxml2 License: MIT