Accepting request 185614 from home:vitezslav_cizek:branches:devel:libraries:c_c++

- update to 2.9.1 dropped patches (in upstream): * libxml2-2.9.0-CVE-2012-5134.patch * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch * libxml2-CVE-2013-1969.patch New features: * Support for Python3 * Add xmlXPathSetContextNode and xmlXPathNodeEval OBS-URL: https://build.opensuse.org/request/show/185614 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxml2?expand=0&rev=84
2013-08-02 14:40:50 +00:00
parent 5684170696
commit 4ac0c66c14
8 changed files with 17 additions and 259 deletions
--- a/libxml2-2.9.0-CVE-2012-5134.patch
+++ b/libxml2-2.9.0-CVE-2012-5134.patch
@@ -1,11 +0,0 @@
--- libxml2-2.9.0.orig/parser.c	2012-09-11 06:24:08.000000000 +0200
-+++ libxml2-2.9.0/parser.c	2012-12-15 16:12:27.441609871 +0100
-@@ -4075,7 +4075,7 @@
-         goto error;
- 
-     if ((in_space) && (normalize)) {
-        while (buf[len - 1] == 0x20) len--;
-+        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
-     }
-     buf[len] = 0;
-     if (RAW == '<') {
--- a/libxml2-2.9.0.tar.gz
+++ b/libxml2-2.9.0.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82
-size 5161069
--- a/libxml2-2.9.1.tar.gz
+++ b/libxml2-2.9.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb
+size 5172503
--- a/libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
+++ b/libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
@@ -1,156 +0,0 @@
-From 23f05e0c33987d6605387b300c4be5da2120a7ab Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 19 Feb 2013 10:21:49 +0800
-Subject: [PATCH] Detect excessive entities expansion upon replacement
-
-If entities expansion in the XML parser is asked for,
-it is possble to craft relatively small input document leading
-to excessive on-the-fly content generation.
-This patch accounts for those replacement and stop parsing
-after a given threshold. it can be bypassed as usual with the
-HUGE parser option.
---
- include/libxml/parser.h |    1 +
- parser.c                |   44 ++++++++++++++++++++++++++++++++++++++------
- parserInternals.c       |    2 ++
- 3 files changed, 41 insertions(+), 6 deletions(-)
-
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h
-index e1346e4..3f5730d 100644
--- a/include/libxml/parser.h
-+++ b/include/libxml/parser.h
-@@ -310,6 +310,7 @@ struct _xmlParserCtxt {
-     xmlParserNodeInfo *nodeInfoTab;   /* array of nodeInfos */
- 
-     int                input_id;      /* we need to label inputs */
-+    unsigned long      sizeentcopy;   /* volume of entity copy */
- };
- 
- /**
-diff --git a/parser.c b/parser.c
-index 91f8c90..ddf3b5b 100644
--- a/parser.c
-+++ b/parser.c
-@@ -122,7 +122,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID,
-  */
- static int
- xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-                     xmlEntityPtr ent)
-+                     xmlEntityPtr ent, size_t replacement)
- {
-     size_t consumed = 0;
- 
-@@ -130,7 +130,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-         return (0);
-     if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
-         return (1);
-    if (size != 0) {
-+    if (replacement != 0) {
-+	if (replacement < XML_MAX_TEXT_LENGTH)
-+	    return(0);
-+
-+        /*
-+	 * If the volume of entity copy reaches 10 times the
-+	 * amount of parsed data and over the large text threshold
-+	 * then that's very likely to be an abuse.
-+	 */
-+        if (ctxt->input != NULL) {
-+	    consumed = ctxt->input->consumed +
-+	               (ctxt->input->cur - ctxt->input->base);
-+	}
-+        consumed += ctxt->sizeentities;
-+
-+        if (replacement < XML_PARSER_NON_LINEAR * consumed)
-+	    return(0);
-+    } else if (size != 0) {
-         /*
-          * Do the check based on the replacement size of the entity
-          */
-@@ -176,7 +193,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-          */
-         return (0);
-     }
-
-     xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
-     return (1);
- }
-@@ -2743,7 +2759,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
- 			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
-			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
-+			    if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
- 				goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 			}
-@@ -2785,7 +2801,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 		    while (*current != 0) { /* non input consuming loop */
- 			buffer[nbchars++] = *current++;
- 			if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) {
-			    if (xmlParserEntityCheck(ctxt, nbchars, ent))
-+			    if (xmlParserEntityCheck(ctxt, nbchars, ent, 0))
- 			        goto int_error;
- 			    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
- 			}
-@@ -7203,7 +7219,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 	    xmlFreeNodeList(list);
- 	    return;
- 	}
-	if (xmlParserEntityCheck(ctxt, 0, ent)) {
-+	if (xmlParserEntityCheck(ctxt, 0, ent, 0)) {
- 	    xmlFreeNodeList(list);
- 	    return;
- 	}
-@@ -7361,6 +7377,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		xmlNodePtr nw = NULL, cur, firstChild = NULL;
- 
- 		/*
-+		 * We are copying here, make sure there is no abuse
-+		 */
-+		ctxt->sizeentcopy += ent->length;
-+		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
-+		    return;
-+
-+		/*
- 		 * when operating on a reader, the entities definitions
- 		 * are always owning the entities subtree.
- 		if (ctxt->parseMode == XML_PARSE_READER)
-@@ -7400,6 +7423,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 	    } else if ((list == NULL) || (ctxt->inputNr > 0)) {
- 		xmlNodePtr nw = NULL, cur, next, last,
- 			   firstChild = NULL;
-+
-+		/*
-+		 * We are copying here, make sure there is no abuse
-+		 */
-+		ctxt->sizeentcopy += ent->length;
-+		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
-+		    return;
-+
- 		/*
- 		 * Copy the entity child list and make it the new
- 		 * entity child list. The goal is to make sure any
-@@ -14767,6 +14798,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt)
-     ctxt->catalogs = NULL;
-     ctxt->nbentities = 0;
-     ctxt->sizeentities = 0;
-+    ctxt->sizeentcopy = 0;
-     xmlInitNodeInfoSeq(&ctxt->node_seq);
- 
-     if (ctxt->attsDefault != NULL) {
-diff --git a/parserInternals.c b/parserInternals.c
-index 02032d5..f8a7041 100644
--- a/parserInternals.c
-+++ b/parserInternals.c
-@@ -1719,6 +1719,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt)
-     ctxt->charset = XML_CHAR_ENCODING_UTF8;
-     ctxt->catalogs = NULL;
-     ctxt->nbentities = 0;
-+    ctxt->sizeentities = 0;
-+    ctxt->sizeentcopy = 0;
-     ctxt->input_id = 1;
-     xmlInitNodeInfoSeq(&ctxt->node_seq);
-     return(0);
-- 
-1.7.10.4
-
--- a/libxml2-CVE-2013-1969.patch
+++ b/libxml2-CVE-2013-1969.patch
@@ -1,80 +0,0 @@
-From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Tue, 12 Feb 2013 08:55:34 +0000
-Subject: Fix some buffer conversion issues
-
-https://bugzilla.gnome.org/show_bug.cgi?id=690202
-
-Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0
-The pointers from the context input were not properly reset after
-that call which can do reallocations.
---
-diff --git a/HTMLparser.c b/HTMLparser.c
-index a533f37..6b83654 100644
--- a/HTMLparser.c
-+++ b/HTMLparser.c
-@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size,
- 	    if ((in->encoder != NULL) && (in->buffer != NULL) &&
- 		    (in->raw != NULL)) {
- 		int nbchars;
-+		size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
-+		size_t current = ctxt->input->cur - ctxt->input->base;
- 
- 		nbchars = xmlCharEncInput(in);
- 		if (nbchars < 0) {
-@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size,
- 			         "encoder error\n", NULL, NULL);
- 		    return(XML_ERR_INVALID_ENCODING);
- 		}
-+		xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
- 	    }
- 	}
-     }
-diff --git a/parser.c b/parser.c
-index 31f90d6..1c99051 100644
--- a/parser.c
-+++ b/parser.c
-@@ -12126,7 +12126,7 @@ xmldecl_done:
-                 remain = 0;
-             }
-         }
-	res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
-+	res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
- 	if (res < 0) {
- 	    ctxt->errNo = XML_PARSER_EOF;
- 	    ctxt->disableSAX = 1;
-@@ -12143,6 +12143,8 @@ xmldecl_done:
- 	    if ((in->encoder != NULL) && (in->buffer != NULL) &&
- 		    (in->raw != NULL)) {
- 		int nbchars;
-+		size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
-+		size_t current = ctxt->input->cur - ctxt->input->base;
- 
- 		nbchars = xmlCharEncInput(in);
- 		if (nbchars < 0) {
-@@ -12151,6 +12153,7 @@ xmldecl_done:
- 				    "xmlParseChunk: encoder error\n");
- 		    return(XML_ERR_INVALID_ENCODING);
- 		}
-+		xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
- 	    }
- 	}
-     }
-@@ -12190,7 +12193,14 @@ xmldecl_done:
-     }
-     if ((end_in_lf == 1) && (ctxt->input != NULL) &&
-         (ctxt->input->buf != NULL)) {
-+	size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer,
-+					 ctxt->input);
-+	size_t current = ctxt->input->cur - ctxt->input->base;
-+
- 	xmlParserInputBufferPush(ctxt->input->buf, 1, "\r");
-+
-+	xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input,
-+			      base, current);
-     }
-     if (terminate) {
- 	/*
--
-cgit v0.9.1
-
--- a/libxml2.changes
+++ b/libxml2.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Aug  2 12:57:36 UTC 2013 - vcizek@suse.com
+
+- update to 2.9.1
+  dropped patches (in upstream):
+  * libxml2-2.9.0-CVE-2012-5134.patch
+  * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
+  * libxml2-CVE-2013-1969.patch
+  New features:
+  * Support for Python3
+  * Add xmlXPathSetContextNode and xmlXPathNodeEval
+
 -------------------------------------------------------------------
 Thu Apr 18 14:07:49 UTC 2013 - vcizek@suse.com

--- a/libxml2.spec
+++ b/libxml2.spec
@@ -19,7 +19,7 @@
 %define lname libxml2-2

 Name:           libxml2
-Version:        2.9.0
+Version:        2.9.1
 Release:        0
 Summary:        A Library to Manipulate XML Files
 License:        MIT
@@ -29,10 +29,6 @@ Url:            http://xmlsoft.org
 Source:         ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
 Source2:        baselibs.conf
 Patch0:         fix-perl.diff
-# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334)
-Patch1:         libxml2-2.9.0-CVE-2012-5134.patch
-Patch4:         libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
-Patch5:         libxml2-CVE-2013-1969.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
@@ -127,9 +123,6 @@ progress.
 %prep
 %setup -q
 %patch0
-%patch1 -p1
-%patch4 -p1
-%patch5 -p1

 %build
 %configure --disable-static \
--- a/python-libxml2.spec
+++ b/python-libxml2.spec
@@ -17,7 +17,7 @@


 Name:           python-libxml2
-Version:        2.9.0
+Version:        2.9.1
 Release:        0
 Summary:        Python Bindings for libxml2
 License:        MIT