Accepting request 927321 from home:cvoegl:branches:devel:libraries:c_c++

- Added tinyxml-2.62-fix-infinite-loop.patch to fix an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576) OBS-URL: https://build.opensuse.org/request/show/927321 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/tinyxml?expand=0&rev=20
2021-10-27 11:12:21 +00:00
parent a43b129e52
commit ee0de8fc0c
3 changed files with 30 additions and 5 deletions
--- a/tinyxml-2.62-fix-infinite-loop.patch
+++ b/tinyxml-2.62-fix-infinite-loop.patch
@@ -0,0 +1,17 @@
+diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
+index 81b7eae..8aa0dfa 100755
+--- a/tinyxmlparser.cpp
+++ b/tinyxmlparser.cpp
+@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
+ 						else
+ 							{ p +=3; ++col; }	// A normal character.
+ 					}
+					else
+					{
+						// TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
+						// there is something wrong here. Just advance the pointer to evade infinite loops
+						++p;
+					}
+ 				}
+ 				else
+ 				{
--- a/tinyxml.changes
+++ b/tinyxml.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Oct 25 14:32:25 UTC 2021 - Christian Vögl <christian.voegl@suse.com>
+
+- Added tinyxml-2.62-fix-infinite-loop.patch to fix an infinite loop
+  for inputs containing the sequence 0xEF0x00 (bsc#1191576) 
+
 -------------------------------------------------------------------
 Sun May 13 12:19:58 UTC 2012 - lists.nico.k@googlemail.com

--- a/tinyxml.spec
+++ b/tinyxml.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package tinyxml
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@@ -34,7 +34,8 @@ Source4:        use_stl_def
 Source5:        Makefile.am.docs
 Patch0:         tinyxml-c_headers.patch
 Patch1:         tinyxml-entity.patch
-Url:            http://sourceforge.net/projects/tinyxml
+Patch2:         tinyxml-2.62-fix-infinite-loop.patch
+URL:            http://sourceforge.net/projects/tinyxml
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
@@ -60,7 +61,7 @@ TinyXML solves the text I/O file once and for all.

 %package        devel
 Summary:        Development files for libtinyxml
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Development/Libraries/C and C++
 Requires:       %{lib_package} = %{version}
 Provides:       libtinyxml-devel = %{version}
@@ -73,7 +74,7 @@ developing applications that use libtinyxml.

 %package        docs
 Summary:        Documentaqtion for libtinyxml
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Development/Libraries/C and C++
 Requires:       %{lib_package} = %{version}

@@ -85,6 +86,7 @@ libtinyxml
 %setup -q -n tinyxml
 %patch0
 %patch1
+%patch2 -p1
 mkdir -p m4
 cp %{S:1} %{S:2} %{S:3} %{S:4} .
 cp %{S:5} docs/Makefile.am