diff --git a/libxml2-2.9.0-CVE-2012-5134.patch b/libxml2-2.9.0-CVE-2012-5134.patch deleted file mode 100644 index b4b234f..0000000 --- a/libxml2-2.9.0-CVE-2012-5134.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- libxml2-2.9.0.orig/parser.c 2012-09-11 06:24:08.000000000 +0200 -+++ libxml2-2.9.0/parser.c 2012-12-15 16:12:27.441609871 +0100 -@@ -4075,7 +4075,7 @@ - goto error; - - if ((in_space) && (normalize)) { -- while (buf[len - 1] == 0x20) len--; -+ while ((len > 0) && (buf[len - 1] == 0x20)) len--; - } - buf[len] = 0; - if (RAW == '<') { diff --git a/libxml2-2.9.0.tar.gz b/libxml2-2.9.0.tar.gz deleted file mode 100644 index f4c3523..0000000 --- a/libxml2-2.9.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ad25d91958b7212abdc12b9611cfb4dc4e5cddb6d1e9891532f48aacee422b82 -size 5161069 diff --git a/libxml2-2.9.1.tar.gz b/libxml2-2.9.1.tar.gz new file mode 100644 index 0000000..2c6dcc3 --- /dev/null +++ b/libxml2-2.9.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd3c64cb66f2c4ea27e934d275904d92cec494a8e8405613780cbc8a71680fdb +size 5172503 diff --git a/libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch b/libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch deleted file mode 100644 index 0483d1a..0000000 --- a/libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch +++ /dev/null @@ -1,156 +0,0 @@ -From 23f05e0c33987d6605387b300c4be5da2120a7ab Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Tue, 19 Feb 2013 10:21:49 +0800 -Subject: [PATCH] Detect excessive entities expansion upon replacement - -If entities expansion in the XML parser is asked for, -it is possble to craft relatively small input document leading -to excessive on-the-fly content generation. -This patch accounts for those replacement and stop parsing -after a given threshold. it can be bypassed as usual with the -HUGE parser option. ---- - include/libxml/parser.h | 1 + - parser.c | 44 ++++++++++++++++++++++++++++++++++++++------ - parserInternals.c | 2 ++ - 3 files changed, 41 insertions(+), 6 deletions(-) - -diff --git a/include/libxml/parser.h b/include/libxml/parser.h -index e1346e4..3f5730d 100644 ---- a/include/libxml/parser.h -+++ b/include/libxml/parser.h -@@ -310,6 +310,7 @@ struct _xmlParserCtxt { - xmlParserNodeInfo *nodeInfoTab; /* array of nodeInfos */ - - int input_id; /* we need to label inputs */ -+ unsigned long sizeentcopy; /* volume of entity copy */ - }; - - /** -diff --git a/parser.c b/parser.c -index 91f8c90..ddf3b5b 100644 ---- a/parser.c -+++ b/parser.c -@@ -122,7 +122,7 @@ xmlCreateEntityParserCtxtInternal(const xmlChar *URL, const xmlChar *ID, - */ - static int - xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, -- xmlEntityPtr ent) -+ xmlEntityPtr ent, size_t replacement) - { - size_t consumed = 0; - -@@ -130,7 +130,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - return (0); - if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) - return (1); -- if (size != 0) { -+ if (replacement != 0) { -+ if (replacement < XML_MAX_TEXT_LENGTH) -+ return(0); -+ -+ /* -+ * If the volume of entity copy reaches 10 times the -+ * amount of parsed data and over the large text threshold -+ * then that's very likely to be an abuse. -+ */ -+ if (ctxt->input != NULL) { -+ consumed = ctxt->input->consumed + -+ (ctxt->input->cur - ctxt->input->base); -+ } -+ consumed += ctxt->sizeentities; -+ -+ if (replacement < XML_PARSER_NON_LINEAR * consumed) -+ return(0); -+ } else if (size != 0) { - /* - * Do the check based on the replacement size of the entity - */ -@@ -176,7 +193,6 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, - */ - return (0); - } -- - xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); - return (1); - } -@@ -2743,7 +2759,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - while (*current != 0) { /* non input consuming loop */ - buffer[nbchars++] = *current++; - if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { -- if (xmlParserEntityCheck(ctxt, nbchars, ent)) -+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) - goto int_error; - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } -@@ -2785,7 +2801,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, - while (*current != 0) { /* non input consuming loop */ - buffer[nbchars++] = *current++; - if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { -- if (xmlParserEntityCheck(ctxt, nbchars, ent)) -+ if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) - goto int_error; - growBuffer(buffer, XML_PARSER_BUFFER_SIZE); - } -@@ -7203,7 +7219,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - xmlFreeNodeList(list); - return; - } -- if (xmlParserEntityCheck(ctxt, 0, ent)) { -+ if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { - xmlFreeNodeList(list); - return; - } -@@ -7361,6 +7377,13 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - xmlNodePtr nw = NULL, cur, firstChild = NULL; - - /* -+ * We are copying here, make sure there is no abuse -+ */ -+ ctxt->sizeentcopy += ent->length; -+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) -+ return; -+ -+ /* - * when operating on a reader, the entities definitions - * are always owning the entities subtree. - if (ctxt->parseMode == XML_PARSE_READER) -@@ -7400,6 +7423,14 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - } else if ((list == NULL) || (ctxt->inputNr > 0)) { - xmlNodePtr nw = NULL, cur, next, last, - firstChild = NULL; -+ -+ /* -+ * We are copying here, make sure there is no abuse -+ */ -+ ctxt->sizeentcopy += ent->length; -+ if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) -+ return; -+ - /* - * Copy the entity child list and make it the new - * entity child list. The goal is to make sure any -@@ -14767,6 +14798,7 @@ xmlCtxtReset(xmlParserCtxtPtr ctxt) - ctxt->catalogs = NULL; - ctxt->nbentities = 0; - ctxt->sizeentities = 0; -+ ctxt->sizeentcopy = 0; - xmlInitNodeInfoSeq(&ctxt->node_seq); - - if (ctxt->attsDefault != NULL) { -diff --git a/parserInternals.c b/parserInternals.c -index 02032d5..f8a7041 100644 ---- a/parserInternals.c -+++ b/parserInternals.c -@@ -1719,6 +1719,8 @@ xmlInitParserCtxt(xmlParserCtxtPtr ctxt) - ctxt->charset = XML_CHAR_ENCODING_UTF8; - ctxt->catalogs = NULL; - ctxt->nbentities = 0; -+ ctxt->sizeentities = 0; -+ ctxt->sizeentcopy = 0; - ctxt->input_id = 1; - xmlInitNodeInfoSeq(&ctxt->node_seq); - return(0); --- -1.7.10.4 - diff --git a/libxml2-CVE-2013-1969.patch b/libxml2-CVE-2013-1969.patch deleted file mode 100644 index 0fa874e..0000000 --- a/libxml2-CVE-2013-1969.patch +++ /dev/null @@ -1,80 +0,0 @@ -From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001 -From: Daniel Veillard -Date: Tue, 12 Feb 2013 08:55:34 +0000 -Subject: Fix some buffer conversion issues - -https://bugzilla.gnome.org/show_bug.cgi?id=690202 - -Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0 -The pointers from the context input were not properly reset after -that call which can do reallocations. ---- -diff --git a/HTMLparser.c b/HTMLparser.c -index a533f37..6b83654 100644 ---- a/HTMLparser.c -+++ b/HTMLparser.c -@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, - if ((in->encoder != NULL) && (in->buffer != NULL) && - (in->raw != NULL)) { - int nbchars; -+ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); -+ size_t current = ctxt->input->cur - ctxt->input->base; - - nbchars = xmlCharEncInput(in); - if (nbchars < 0) { -@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, - "encoder error\n", NULL, NULL); - return(XML_ERR_INVALID_ENCODING); - } -+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); - } - } - } -diff --git a/parser.c b/parser.c -index 31f90d6..1c99051 100644 ---- a/parser.c -+++ b/parser.c -@@ -12126,7 +12126,7 @@ xmldecl_done: - remain = 0; - } - } -- res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk); -+ res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk); - if (res < 0) { - ctxt->errNo = XML_PARSER_EOF; - ctxt->disableSAX = 1; -@@ -12143,6 +12143,8 @@ xmldecl_done: - if ((in->encoder != NULL) && (in->buffer != NULL) && - (in->raw != NULL)) { - int nbchars; -+ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input); -+ size_t current = ctxt->input->cur - ctxt->input->base; - - nbchars = xmlCharEncInput(in); - if (nbchars < 0) { -@@ -12151,6 +12153,7 @@ xmldecl_done: - "xmlParseChunk: encoder error\n"); - return(XML_ERR_INVALID_ENCODING); - } -+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); - } - } - } -@@ -12190,7 +12193,14 @@ xmldecl_done: - } - if ((end_in_lf == 1) && (ctxt->input != NULL) && - (ctxt->input->buf != NULL)) { -+ size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer, -+ ctxt->input); -+ size_t current = ctxt->input->cur - ctxt->input->base; -+ - xmlParserInputBufferPush(ctxt->input->buf, 1, "\r"); -+ -+ xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input, -+ base, current); - } - if (terminate) { - /* --- -cgit v0.9.1 - diff --git a/libxml2.changes b/libxml2.changes index 884eb1d..b29096a 100644 --- a/libxml2.changes +++ b/libxml2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Aug 2 12:57:36 UTC 2013 - vcizek@suse.com + +- update to 2.9.1 + dropped patches (in upstream): + * libxml2-2.9.0-CVE-2012-5134.patch + * libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch + * libxml2-CVE-2013-1969.patch + New features: + * Support for Python3 + * Add xmlXPathSetContextNode and xmlXPathNodeEval + ------------------------------------------------------------------- Thu Apr 18 14:07:49 UTC 2013 - vcizek@suse.com diff --git a/libxml2.spec b/libxml2.spec index 53812f4..005a311 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -19,7 +19,7 @@ %define lname libxml2-2 Name: libxml2 -Version: 2.9.0 +Version: 2.9.1 Release: 0 Summary: A Library to Manipulate XML Files License: MIT @@ -29,10 +29,6 @@ Url: http://xmlsoft.org Source: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch0: fix-perl.diff -# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334) -Patch1: libxml2-2.9.0-CVE-2012-5134.patch -Patch4: libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch -Patch5: libxml2-CVE-2013-1969.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config BuildRequires: readline-devel @@ -127,9 +123,6 @@ progress. %prep %setup -q %patch0 -%patch1 -p1 -%patch4 -p1 -%patch5 -p1 %build %configure --disable-static \ diff --git a/python-libxml2.spec b/python-libxml2.spec index 396e5f2..5623b8d 100644 --- a/python-libxml2.spec +++ b/python-libxml2.spec @@ -17,7 +17,7 @@ Name: python-libxml2 -Version: 2.9.0 +Version: 2.9.1 Release: 0 Summary: Python Bindings for libxml2 License: MIT