| 1 |
commit: c9f16c34d6906021849b9488b718b4922e6c726b |
| 2 |
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Fri Feb 2 15:42:14 2018 +0000 |
| 4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Feb 11 13:30:55 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9f16c34 |
| 7 |
|
| 8 |
dev-libs/libxml2: remove unused patches |
| 9 |
|
| 10 |
Closes: https://github.com/gentoo/gentoo/pull/7025 |
| 11 |
|
| 12 |
.../files/libxml2-2.9.4-CVE-2016-9318.patch | 202 ------------- |
| 13 |
.../files/libxml2-2.9.4-CVE-2017-0663.patch | 43 --- |
| 14 |
.../files/libxml2-2.9.4-CVE-2017-5969.patch | 63 ---- |
| 15 |
.../files/libxml2-2.9.4-CVE-2017-7375.patch | 35 --- |
| 16 |
.../files/libxml2-2.9.4-CVE-2017-7376.patch | 31 -- |
| 17 |
.../files/libxml2-2.9.4-CVE-2017-9047-9048.patch | 116 -------- |
| 18 |
.../files/libxml2-2.9.4-CVE-2017-9049-9050.patch | 316 --------------------- |
| 19 |
.../files/libxml2-2.9.4-fix-root-node-cmp.patch | 34 --- |
| 20 |
.../files/libxml2-2.9.4-heap-buffer-overflow.patch | 32 --- |
| 21 |
.../files/libxml2-2.9.4-osd-validation.patch | 66 ----- |
| 22 |
10 files changed, 938 deletions(-) |
| 23 |
|
| 24 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch |
| 25 |
deleted file mode 100644 |
| 26 |
index 5d1adb014a0..00000000000 |
| 27 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2016-9318.patch |
| 28 |
+++ /dev/null |
| 29 |
@@ -1,202 +0,0 @@ |
| 30 |
-From 292be65a52ab9e0eb3a53b4e0be5a57bc6de59d3 Mon Sep 17 00:00:00 2001 |
| 31 |
-From: Doran Moppert <dmoppert@××××××.com> |
| 32 |
-Date: Fri, 7 Apr 2017 16:45:56 +0200 |
| 33 |
-Subject: [PATCH 6/7] Add an XML_PARSE_NOXXE flag to block all entities loading |
| 34 |
- even local |
| 35 |
- |
| 36 |
-For https://bugzilla.gnome.org/show_bug.cgi?id=772726 |
| 37 |
- |
| 38 |
-* include/libxml/parser.h: Add a new parser flag XML_PARSE_NOXXE |
| 39 |
-* elfgcchack.h, xmlIO.h, xmlIO.c: associated loading routine |
| 40 |
-* include/libxml/xmlerror.h: new error raised |
| 41 |
-* xmllint.c: adds --noxxe flag to activate the option |
| 42 |
---- |
| 43 |
- elfgcchack.h | 10 ++++++++++ |
| 44 |
- include/libxml/parser.h | 3 ++- |
| 45 |
- include/libxml/xmlIO.h | 8 ++++++++ |
| 46 |
- include/libxml/xmlerror.h | 1 + |
| 47 |
- parser.c | 4 ++++ |
| 48 |
- xmlIO.c | 40 +++++++++++++++++++++++++++++++++++----- |
| 49 |
- xmllint.c | 5 +++++ |
| 50 |
- 7 files changed, 65 insertions(+), 6 deletions(-) |
| 51 |
- |
| 52 |
-diff --git a/elfgcchack.h b/elfgcchack.h |
| 53 |
-index 8c52884a..1b81dcde 100644 |
| 54 |
---- a/elfgcchack.h |
| 55 |
-+++ b/elfgcchack.h |
| 56 |
-@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int |
| 57 |
- #endif |
| 58 |
- #endif |
| 59 |
- |
| 60 |
-+#ifdef bottom_xmlIO |
| 61 |
-+#undef xmlNoXxeExternalEntityLoader |
| 62 |
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias"))); |
| 63 |
-+#else |
| 64 |
-+#ifndef xmlNoXxeExternalEntityLoader |
| 65 |
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden"))); |
| 66 |
-+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias |
| 67 |
-+#endif |
| 68 |
-+#endif |
| 69 |
-+ |
| 70 |
- #ifdef bottom_tree |
| 71 |
- #undef xmlNodeAddContent |
| 72 |
- extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); |
| 73 |
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h |
| 74 |
-index 47fbec03..63ca1b97 100644 |
| 75 |
---- a/include/libxml/parser.h |
| 76 |
-+++ b/include/libxml/parser.h |
| 77 |
-@@ -1111,7 +1111,8 @@ typedef enum { |
| 78 |
- XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ |
| 79 |
- XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ |
| 80 |
- XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ |
| 81 |
-- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */ |
| 82 |
-+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ |
| 83 |
-+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity loading */ |
| 84 |
- } xmlParserOption; |
| 85 |
- |
| 86 |
- XMLPUBFUN void XMLCALL |
| 87 |
-diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h |
| 88 |
-index 3e41744d..8d3fdef5 100644 |
| 89 |
---- a/include/libxml/xmlIO.h |
| 90 |
-+++ b/include/libxml/xmlIO.h |
| 91 |
-@@ -299,6 +299,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL |
| 92 |
- const char *ID, |
| 93 |
- xmlParserCtxtPtr ctxt); |
| 94 |
- |
| 95 |
-+/* |
| 96 |
-+ * A predefined entity loader external entity expansion |
| 97 |
-+ */ |
| 98 |
-+XMLPUBFUN xmlParserInputPtr XMLCALL |
| 99 |
-+ xmlNoXxeExternalEntityLoader (const char *URL, |
| 100 |
-+ const char *ID, |
| 101 |
-+ xmlParserCtxtPtr ctxt); |
| 102 |
-+ |
| 103 |
- /* |
| 104 |
- * xmlNormalizeWindowsPath is obsolete, don't use it. |
| 105 |
- * Check xmlCanonicPath in uri.h for a better alternative. |
| 106 |
-diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h |
| 107 |
-index 037c16d5..3036062d 100644 |
| 108 |
---- a/include/libxml/xmlerror.h |
| 109 |
-+++ b/include/libxml/xmlerror.h |
| 110 |
-@@ -470,6 +470,7 @@ typedef enum { |
| 111 |
- XML_IO_EADDRINUSE, /* 1554 */ |
| 112 |
- XML_IO_EALREADY, /* 1555 */ |
| 113 |
- XML_IO_EAFNOSUPPORT, /* 1556 */ |
| 114 |
-+ XML_IO_ILLEGAL_XXE, /* 1557 */ |
| 115 |
- XML_XINCLUDE_RECURSION=1600, |
| 116 |
- XML_XINCLUDE_PARSE_VALUE, /* 1601 */ |
| 117 |
- XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ |
| 118 |
-diff --git a/parser.c b/parser.c |
| 119 |
-index b832406a..8e11c127 100644 |
| 120 |
---- a/parser.c |
| 121 |
-+++ b/parser.c |
| 122 |
-@@ -15352,6 +15352,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi |
| 123 |
- ctxt->options |= XML_PARSE_NONET; |
| 124 |
- options -= XML_PARSE_NONET; |
| 125 |
- } |
| 126 |
-+ if (options & XML_PARSE_NOXXE) { |
| 127 |
-+ ctxt->options |= XML_PARSE_NOXXE; |
| 128 |
-+ options -= XML_PARSE_NOXXE; |
| 129 |
-+ } |
| 130 |
- if (options & XML_PARSE_COMPACT) { |
| 131 |
- ctxt->options |= XML_PARSE_COMPACT; |
| 132 |
- options -= XML_PARSE_COMPACT; |
| 133 |
-diff --git a/xmlIO.c b/xmlIO.c |
| 134 |
-index 6e61f45a..34881461 100644 |
| 135 |
---- a/xmlIO.c |
| 136 |
-+++ b/xmlIO.c |
| 137 |
-@@ -212,6 +212,7 @@ static const char *IOerr[] = { |
| 138 |
- "adddress in use", /* EADDRINUSE */ |
| 139 |
- "already in use", /* EALREADY */ |
| 140 |
- "unknown address familly", /* EAFNOSUPPORT */ |
| 141 |
-+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */ |
| 142 |
- }; |
| 143 |
- |
| 144 |
- #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) |
| 145 |
-@@ -4057,13 +4058,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID, |
| 146 |
- xmlGenericError(xmlGenericErrorContext, |
| 147 |
- "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); |
| 148 |
- #endif |
| 149 |
-- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) { |
| 150 |
-+ if (ctxt != NULL) { |
| 151 |
- int options = ctxt->options; |
| 152 |
- |
| 153 |
-- ctxt->options -= XML_PARSE_NONET; |
| 154 |
-- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
| 155 |
-- ctxt->options = options; |
| 156 |
-- return(ret); |
| 157 |
-+ if (options & XML_PARSE_NOXXE) { |
| 158 |
-+ ctxt->options -= XML_PARSE_NOXXE; |
| 159 |
-+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt); |
| 160 |
-+ ctxt->options = options; |
| 161 |
-+ return(ret); |
| 162 |
-+ } |
| 163 |
-+ |
| 164 |
-+ if (options & XML_PARSE_NONET) { |
| 165 |
-+ ctxt->options -= XML_PARSE_NONET; |
| 166 |
-+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
| 167 |
-+ ctxt->options = options; |
| 168 |
-+ return(ret); |
| 169 |
-+ } |
| 170 |
- } |
| 171 |
- #ifdef LIBXML_CATALOG_ENABLED |
| 172 |
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
| 173 |
-@@ -4164,6 +4174,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
| 174 |
- xmlParserInputPtr input = NULL; |
| 175 |
- xmlChar *resource = NULL; |
| 176 |
- |
| 177 |
-+ if (ctxt == NULL) { |
| 178 |
-+ return(NULL); |
| 179 |
-+ } |
| 180 |
-+ if (ctxt->input_id == 1) { |
| 181 |
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
| 182 |
-+ } |
| 183 |
-+ |
| 184 |
- #ifdef LIBXML_CATALOG_ENABLED |
| 185 |
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
| 186 |
- #endif |
| 187 |
-@@ -4186,5 +4203,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
| 188 |
- return(input); |
| 189 |
- } |
| 190 |
- |
| 191 |
-+xmlParserInputPtr |
| 192 |
-+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID, |
| 193 |
-+ xmlParserCtxtPtr ctxt) { |
| 194 |
-+ if (ctxt == NULL) { |
| 195 |
-+ return(NULL); |
| 196 |
-+ } |
| 197 |
-+ if (ctxt->input_id == 1) { |
| 198 |
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
| 199 |
-+ } |
| 200 |
-+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL); |
| 201 |
-+ return(NULL); |
| 202 |
-+} |
| 203 |
-+ |
| 204 |
- #define bottom_xmlIO |
| 205 |
- #include "elfgcchack.h" |
| 206 |
-diff --git a/xmllint.c b/xmllint.c |
| 207 |
-index f8eb7ec4..8f304cda 100644 |
| 208 |
---- a/xmllint.c |
| 209 |
-+++ b/xmllint.c |
| 210 |
-@@ -3019,6 +3019,7 @@ static void usage(const char *name) { |
| 211 |
- printf("\t--path 'paths': provide a set of paths for resources\n"); |
| 212 |
- printf("\t--load-trace : print trace of all external entities loaded\n"); |
| 213 |
- printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); |
| 214 |
-+ printf("\t--noxxe : forbid any external entity loading\n"); |
| 215 |
- printf("\t--nocompact : do not generate compact text nodes\n"); |
| 216 |
- printf("\t--htmlout : output results as HTML\n"); |
| 217 |
- printf("\t--nowrap : do not put HTML doc wrapper\n"); |
| 218 |
-@@ -3461,6 +3462,10 @@ main(int argc, char **argv) { |
| 219 |
- (!strcmp(argv[i], "--nonet"))) { |
| 220 |
- options |= XML_PARSE_NONET; |
| 221 |
- xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); |
| 222 |
-+ } else if ((!strcmp(argv[i], "-noxxe")) || |
| 223 |
-+ (!strcmp(argv[i], "--noxxe"))) { |
| 224 |
-+ options |= XML_PARSE_NOXXE; |
| 225 |
-+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader); |
| 226 |
- } else if ((!strcmp(argv[i], "-nocompact")) || |
| 227 |
- (!strcmp(argv[i], "--nocompact"))) { |
| 228 |
- options &= ~XML_PARSE_COMPACT; |
| 229 |
--- |
| 230 |
-2.14.1 |
| 231 |
- |
| 232 |
|
| 233 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch |
| 234 |
deleted file mode 100644 |
| 235 |
index 517e178a533..00000000000 |
| 236 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-0663.patch |
| 237 |
+++ /dev/null |
| 238 |
@@ -1,43 +0,0 @@ |
| 239 |
-From d815758b6a8c9dee8155268e49b5ef3b80135a14 Mon Sep 17 00:00:00 2001 |
| 240 |
-From: Nick Wellnhofer <wellnhofer@×××××.de> |
| 241 |
-Date: Tue, 6 Jun 2017 12:56:28 +0200 |
| 242 |
-Subject: [PATCH 1/3] Fix type confusion in xmlValidateOneNamespace |
| 243 |
- |
| 244 |
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on |
| 245 |
-namespace declarations make no practical sense anyway. |
| 246 |
- |
| 247 |
-Fixes bug 780228. |
| 248 |
- |
| 249 |
-Found with libFuzzer and ASan. |
| 250 |
---- |
| 251 |
- valid.c | 7 +++++++ |
| 252 |
- 1 file changed, 7 insertions(+) |
| 253 |
- |
| 254 |
-diff --git a/valid.c b/valid.c |
| 255 |
-index 8075d3a0..c51ea290 100644 |
| 256 |
---- a/valid.c |
| 257 |
-+++ b/valid.c |
| 258 |
-@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { |
| 259 |
- } |
| 260 |
- } |
| 261 |
- |
| 262 |
-+ /* |
| 263 |
-+ * Casting ns to xmlAttrPtr is wrong. We'd need separate functions |
| 264 |
-+ * xmlAddID and xmlAddRef for namespace declarations, but it makes |
| 265 |
-+ * no practical sense to use ID types anyway. |
| 266 |
-+ */ |
| 267 |
-+#if 0 |
| 268 |
- /* Validity Constraint: ID uniqueness */ |
| 269 |
- if (attrDecl->atype == XML_ATTRIBUTE_ID) { |
| 270 |
- if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) |
| 271 |
-@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { |
| 272 |
- if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) |
| 273 |
- ret = 0; |
| 274 |
- } |
| 275 |
-+#endif |
| 276 |
- |
| 277 |
- /* Validity Constraint: Notation Attributes */ |
| 278 |
- if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) { |
| 279 |
--- |
| 280 |
-2.14.1 |
| 281 |
- |
| 282 |
|
| 283 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch |
| 284 |
deleted file mode 100644 |
| 285 |
index 4d1362f2f93..00000000000 |
| 286 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-5969.patch |
| 287 |
+++ /dev/null |
| 288 |
@@ -1,63 +0,0 @@ |
| 289 |
-From 8952ce48a5fa1d3de1f087f10e8b6e47bb59f4e3 Mon Sep 17 00:00:00 2001 |
| 290 |
-From: Daniel Veillard <veillard@××××××.com> |
| 291 |
-Date: Wed, 7 Jun 2017 16:47:36 +0200 |
| 292 |
-Subject: [PATCH 1/7] Fix NULL pointer deref in xmlDumpElementContent |
| 293 |
- |
| 294 |
-Can only be triggered in recovery mode. |
| 295 |
- |
| 296 |
-Fixes bug 758422 (CVE-2017-5969). |
| 297 |
---- |
| 298 |
- valid.c | 24 ++++++++++++++---------- |
| 299 |
- 1 file changed, 14 insertions(+), 10 deletions(-) |
| 300 |
- |
| 301 |
-diff --git a/valid.c b/valid.c |
| 302 |
-index 19f84b82..0a8e58ab 100644 |
| 303 |
---- a/valid.c |
| 304 |
-+++ b/valid.c |
| 305 |
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob) |
| 306 |
- xmlBufferWriteCHAR(buf, content->name); |
| 307 |
- break; |
| 308 |
- case XML_ELEMENT_CONTENT_SEQ: |
| 309 |
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
| 310 |
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) |
| 311 |
-+ if ((content->c1 != NULL) && |
| 312 |
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
| 313 |
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) |
| 314 |
- xmlDumpElementContent(buf, content->c1, 1); |
| 315 |
- else |
| 316 |
- xmlDumpElementContent(buf, content->c1, 0); |
| 317 |
- xmlBufferWriteChar(buf, " , "); |
| 318 |
-- if ((content->c2->type == XML_ELEMENT_CONTENT_OR) || |
| 319 |
-- ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && |
| 320 |
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) |
| 321 |
-+ if ((content->c2 != NULL) && |
| 322 |
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) || |
| 323 |
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) && |
| 324 |
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) |
| 325 |
- xmlDumpElementContent(buf, content->c2, 1); |
| 326 |
- else |
| 327 |
- xmlDumpElementContent(buf, content->c2, 0); |
| 328 |
- break; |
| 329 |
- case XML_ELEMENT_CONTENT_OR: |
| 330 |
-- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
| 331 |
-- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) |
| 332 |
-+ if ((content->c1 != NULL) && |
| 333 |
-+ ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
| 334 |
-+ (content->c1->type == XML_ELEMENT_CONTENT_SEQ))) |
| 335 |
- xmlDumpElementContent(buf, content->c1, 1); |
| 336 |
- else |
| 337 |
- xmlDumpElementContent(buf, content->c1, 0); |
| 338 |
- xmlBufferWriteChar(buf, " | "); |
| 339 |
-- if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || |
| 340 |
-- ((content->c2->type == XML_ELEMENT_CONTENT_OR) && |
| 341 |
-- (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))) |
| 342 |
-+ if ((content->c2 != NULL) && |
| 343 |
-+ ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) || |
| 344 |
-+ ((content->c2->type == XML_ELEMENT_CONTENT_OR) && |
| 345 |
-+ (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))) |
| 346 |
- xmlDumpElementContent(buf, content->c2, 1); |
| 347 |
- else |
| 348 |
- xmlDumpElementContent(buf, content->c2, 0); |
| 349 |
--- |
| 350 |
-2.14.1 |
| 351 |
- |
| 352 |
|
| 353 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch |
| 354 |
deleted file mode 100644 |
| 355 |
index db9d597ad73..00000000000 |
| 356 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7375.patch |
| 357 |
+++ /dev/null |
| 358 |
@@ -1,35 +0,0 @@ |
| 359 |
-From 9ea49a06b9421b6a3a9c243fb1ec23b19bd6b049 Mon Sep 17 00:00:00 2001 |
| 360 |
-From: Neel Mehta <nmehta@××××××.com> |
| 361 |
-Date: Fri, 7 Apr 2017 17:43:02 +0200 |
| 362 |
-Subject: [PATCH 7/7] Prevent unwanted external entity reference |
| 363 |
- |
| 364 |
-For https://bugzilla.gnome.org/show_bug.cgi?id=780691 |
| 365 |
- |
| 366 |
-* parser.c: add a specific check to avoid PE reference |
| 367 |
---- |
| 368 |
- parser.c | 9 +++++++++ |
| 369 |
- 1 file changed, 9 insertions(+) |
| 370 |
- |
| 371 |
-diff --git a/parser.c b/parser.c |
| 372 |
-index 8e11c127..e8e962bb 100644 |
| 373 |
---- a/parser.c |
| 374 |
-+++ b/parser.c |
| 375 |
-@@ -8125,6 +8125,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt) |
| 376 |
- if (xmlPushInput(ctxt, input) < 0) |
| 377 |
- return; |
| 378 |
- } else { |
| 379 |
-+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && |
| 380 |
-+ ((ctxt->options & XML_PARSE_NOENT) == 0) && |
| 381 |
-+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && |
| 382 |
-+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && |
| 383 |
-+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && |
| 384 |
-+ (ctxt->replaceEntities == 0) && |
| 385 |
-+ (ctxt->validate == 0)) |
| 386 |
-+ return; |
| 387 |
-+ |
| 388 |
- /* |
| 389 |
- * TODO !!! |
| 390 |
- * handle the extra spaces added before and after |
| 391 |
--- |
| 392 |
-2.14.1 |
| 393 |
- |
| 394 |
|
| 395 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch |
| 396 |
deleted file mode 100644 |
| 397 |
index 14ec773608b..00000000000 |
| 398 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-7376.patch |
| 399 |
+++ /dev/null |
| 400 |
@@ -1,31 +0,0 @@ |
| 401 |
-From 43cd3b6222bda2332e963eb1c9ead78f29912b0a Mon Sep 17 00:00:00 2001 |
| 402 |
-From: Daniel Veillard <veillard@××××××.com> |
| 403 |
-Date: Fri, 7 Apr 2017 17:13:28 +0200 |
| 404 |
-Subject: [PATCH 2/3] Increase buffer space for port in HTTP redirect support |
| 405 |
- |
| 406 |
-For https://bugzilla.gnome.org/show_bug.cgi?id=780690 |
| 407 |
- |
| 408 |
-nanohttp.c: the code wrongly assumed a short int port value. |
| 409 |
---- |
| 410 |
- nanohttp.c | 4 ++-- |
| 411 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
| 412 |
- |
| 413 |
-diff --git a/nanohttp.c b/nanohttp.c |
| 414 |
-index 26e4290e..9c17530e 100644 |
| 415 |
---- a/nanohttp.c |
| 416 |
-+++ b/nanohttp.c |
| 417 |
-@@ -1423,9 +1423,9 @@ retry: |
| 418 |
- if (ctxt->port != 80) { |
| 419 |
- /* reserve space for ':xxxxx', incl. potential proxy */ |
| 420 |
- if (proxy) |
| 421 |
-- blen += 12; |
| 422 |
-+ blen += 17; |
| 423 |
- else |
| 424 |
-- blen += 6; |
| 425 |
-+ blen += 11; |
| 426 |
- } |
| 427 |
- bp = (char*)xmlMallocAtomic(blen); |
| 428 |
- if ( bp == NULL ) { |
| 429 |
--- |
| 430 |
-2.14.1 |
| 431 |
- |
| 432 |
|
| 433 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch |
| 434 |
deleted file mode 100644 |
| 435 |
index f7c48cd877d..00000000000 |
| 436 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9047-9048.patch |
| 437 |
+++ /dev/null |
| 438 |
@@ -1,116 +0,0 @@ |
| 439 |
-From 839b89e678b5265a0e6b0477410e64fac669d578 Mon Sep 17 00:00:00 2001 |
| 440 |
-From: Nick Wellnhofer <wellnhofer@×××××.de> |
| 441 |
-Date: Sat, 3 Jun 2017 02:01:29 +0200 |
| 442 |
-Subject: [PATCH 4/7] Fix buffer size checks in xmlSnprintfElementContent |
| 443 |
-MIME-Version: 1.0 |
| 444 |
-Content-Type: text/plain; charset=UTF-8 |
| 445 |
-Content-Transfer-Encoding: 8bit |
| 446 |
- |
| 447 |
-xmlSnprintfElementContent failed to correctly check the available |
| 448 |
-buffer space in two locations. |
| 449 |
- |
| 450 |
-Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). |
| 451 |
- |
| 452 |
-Thanks to Marcel Böhme and Thuan Pham for the report. |
| 453 |
---- |
| 454 |
- result/valid/781333.xml | 5 +++++ |
| 455 |
- result/valid/781333.xml.err | 3 +++ |
| 456 |
- result/valid/781333.xml.err.rdr | 6 ++++++ |
| 457 |
- test/valid/781333.xml | 4 ++++ |
| 458 |
- valid.c | 20 +++++++++++--------- |
| 459 |
- 5 files changed, 29 insertions(+), 9 deletions(-) |
| 460 |
- create mode 100644 result/valid/781333.xml |
| 461 |
- create mode 100644 result/valid/781333.xml.err |
| 462 |
- create mode 100644 result/valid/781333.xml.err.rdr |
| 463 |
- create mode 100644 test/valid/781333.xml |
| 464 |
- |
| 465 |
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml |
| 466 |
-new file mode 100644 |
| 467 |
-index 00000000..45dc451d |
| 468 |
---- /dev/null |
| 469 |
-+++ b/result/valid/781333.xml |
| 470 |
-@@ -0,0 +1,5 @@ |
| 471 |
-+<?xml version="1.0"?> |
| 472 |
-+<!DOCTYPE a [ |
| 473 |
-+<!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 474 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 475 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 476 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 477 |
pppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll |
| 478 |
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll |
| 479 |
lllllllllllllllllllllllllllllllll)> |
| 480 |
-+]> |
| 481 |
-+<a/> |
| 482 |
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err |
| 483 |
-new file mode 100644 |
| 484 |
-index 00000000..b401b49a |
| 485 |
---- /dev/null |
| 486 |
-+++ b/result/valid/781333.xml.err |
| 487 |
-@@ -0,0 +1,3 @@ |
| 488 |
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got |
| 489 |
-+<a/> |
| 490 |
-+ ^ |
| 491 |
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr |
| 492 |
-new file mode 100644 |
| 493 |
-index 00000000..5ff56992 |
| 494 |
---- /dev/null |
| 495 |
-+++ b/result/valid/781333.xml.err.rdr |
| 496 |
-@@ -0,0 +1,6 @@ |
| 497 |
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got |
| 498 |
-+<a/> |
| 499 |
-+ ^ |
| 500 |
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child |
| 501 |
-+ |
| 502 |
-+^ |
| 503 |
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml |
| 504 |
-new file mode 100644 |
| 505 |
-index 00000000..b29e5a68 |
| 506 |
---- /dev/null |
| 507 |
-+++ b/test/valid/781333.xml |
| 508 |
-@@ -0,0 +1,4 @@ |
| 509 |
-+<!DOCTYPE a [ |
| 510 |
-+ <!ELEMENT a (ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 511 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 512 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 513 |
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp |
| 514 |
pppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll |
| 515 |
lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll |
| 516 |
lllllllllllllllllllllllllllllllllllll)> |
| 517 |
-+]> |
| 518 |
-+<a/> |
| 519 |
-diff --git a/valid.c b/valid.c |
| 520 |
-index 0a8e58ab..8075d3a0 100644 |
| 521 |
---- a/valid.c |
| 522 |
-+++ b/valid.c |
| 523 |
-@@ -1266,22 +1266,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int |
| 524 |
- case XML_ELEMENT_CONTENT_PCDATA: |
| 525 |
- strcat(buf, "#PCDATA"); |
| 526 |
- break; |
| 527 |
-- case XML_ELEMENT_CONTENT_ELEMENT: |
| 528 |
-+ case XML_ELEMENT_CONTENT_ELEMENT: { |
| 529 |
-+ int qnameLen = xmlStrlen(content->name); |
| 530 |
-+ |
| 531 |
-+ if (content->prefix != NULL) |
| 532 |
-+ qnameLen += xmlStrlen(content->prefix) + 1; |
| 533 |
-+ if (size - len < qnameLen + 10) { |
| 534 |
-+ strcat(buf, " ..."); |
| 535 |
-+ return; |
| 536 |
-+ } |
| 537 |
- if (content->prefix != NULL) { |
| 538 |
-- if (size - len < xmlStrlen(content->prefix) + 10) { |
| 539 |
-- strcat(buf, " ..."); |
| 540 |
-- return; |
| 541 |
-- } |
| 542 |
- strcat(buf, (char *) content->prefix); |
| 543 |
- strcat(buf, ":"); |
| 544 |
- } |
| 545 |
-- if (size - len < xmlStrlen(content->name) + 10) { |
| 546 |
-- strcat(buf, " ..."); |
| 547 |
-- return; |
| 548 |
-- } |
| 549 |
- if (content->name != NULL) |
| 550 |
- strcat(buf, (char *) content->name); |
| 551 |
- break; |
| 552 |
-+ } |
| 553 |
- case XML_ELEMENT_CONTENT_SEQ: |
| 554 |
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
| 555 |
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) |
| 556 |
-@@ -1323,6 +1324,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int |
| 557 |
- xmlSnprintfElementContent(buf, size, content->c2, 0); |
| 558 |
- break; |
| 559 |
- } |
| 560 |
-+ if (size - strlen(buf) <= 2) return; |
| 561 |
- if (englob) |
| 562 |
- strcat(buf, ")"); |
| 563 |
- switch (content->ocur) { |
| 564 |
--- |
| 565 |
-2.14.1 |
| 566 |
- |
| 567 |
|
| 568 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch b/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch |
| 569 |
deleted file mode 100644 |
| 570 |
index abf43ef9815..00000000000 |
| 571 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-CVE-2017-9049-9050.patch |
| 572 |
+++ /dev/null |
| 573 |
@@ -1,316 +0,0 @@ |
| 574 |
-From 9c95d1b7f3951efe09df66ec41d7b19d6283084d Mon Sep 17 00:00:00 2001 |
| 575 |
-From: Nick Wellnhofer <wellnhofer@×××××.de> |
| 576 |
-Date: Mon, 5 Jun 2017 15:37:17 +0200 |
| 577 |
-Subject: [PATCH 3/7] Fix handling of parameter-entity references |
| 578 |
-MIME-Version: 1.0 |
| 579 |
-Content-Type: text/plain; charset=UTF-8 |
| 580 |
-Content-Transfer-Encoding: 8bit |
| 581 |
- |
| 582 |
-There were two bugs where parameter-entity references could lead to an |
| 583 |
-unexpected change of the input buffer in xmlParseNameComplex and |
| 584 |
-xmlDictLookup being called with an invalid pointer. |
| 585 |
- |
| 586 |
-Percent sign in DTD Names |
| 587 |
-========================= |
| 588 |
- |
| 589 |
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing |
| 590 |
-"complex" names inside the DTD, this could result in entity expansion |
| 591 |
-which created a new input buffer. The fix is to simply remove the call |
| 592 |
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because |
| 593 |
-no users of the macro require expansion of parameter entities. |
| 594 |
- |
| 595 |
-- xmlParseNameComplex |
| 596 |
-- xmlParseNCNameComplex |
| 597 |
-- xmlParseNmtoken |
| 598 |
- |
| 599 |
-The percent sign is not allowed in names, which are grammatical tokens. |
| 600 |
- |
| 601 |
-- xmlParseEntityValue |
| 602 |
- |
| 603 |
-Parameter-entity references in entity values are expanded but this |
| 604 |
-happens in a separate step in this function. |
| 605 |
- |
| 606 |
-- xmlParseSystemLiteral |
| 607 |
- |
| 608 |
-Parameter-entity references are ignored in the system literal. |
| 609 |
- |
| 610 |
-- xmlParseAttValueComplex |
| 611 |
-- xmlParseCharDataComplex |
| 612 |
-- xmlParseCommentComplex |
| 613 |
-- xmlParsePI |
| 614 |
-- xmlParseCDSect |
| 615 |
- |
| 616 |
-Parameter-entity references are ignored outside the DTD. |
| 617 |
- |
| 618 |
-- xmlLoadEntityContent |
| 619 |
- |
| 620 |
-This function is only called from xmlStringLenDecodeEntities and |
| 621 |
-entities are replaced in a separate step immediately after the function |
| 622 |
-call. |
| 623 |
- |
| 624 |
-This bug could also be triggered with an internal subset and double |
| 625 |
-entity expansion. |
| 626 |
- |
| 627 |
-This fixes bug 766956 initially reported by Wei Lei and independently by |
| 628 |
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone |
| 629 |
-involved. |
| 630 |
- |
| 631 |
-xmlParseNameComplex with XML_PARSE_OLD10 |
| 632 |
-======================================== |
| 633 |
- |
| 634 |
-When parsing Names inside an expanded parameter entity with the |
| 635 |
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the |
| 636 |
-GROW macro if the input buffer was exhausted. At the end of the |
| 637 |
-parameter entity's replacement text, this function would then call |
| 638 |
-xmlPopInput which invalidated the input buffer. |
| 639 |
- |
| 640 |
-There should be no need to invoke GROW in this situation because the |
| 641 |
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, |
| 642 |
-at least for UTF-8, in xmlCurrentChar. This also matches the code path |
| 643 |
-executed when XML_PARSE_OLD10 is not set. |
| 644 |
- |
| 645 |
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). |
| 646 |
-Thanks to Marcel Böhme and Thuan Pham for the report. |
| 647 |
- |
| 648 |
-Additional hardening |
| 649 |
-==================== |
| 650 |
- |
| 651 |
-A separate check was added in xmlParseNameComplex to validate the |
| 652 |
-buffer size. |
| 653 |
---- |
| 654 |
- Makefile.am | 18 ++++++++++++++++++ |
| 655 |
- parser.c | 18 ++++++++++-------- |
| 656 |
- result/errors10/781205.xml | 0 |
| 657 |
- result/errors10/781205.xml.err | 21 +++++++++++++++++++++ |
| 658 |
- result/errors10/781361.xml | 0 |
| 659 |
- result/errors10/781361.xml.err | 13 +++++++++++++ |
| 660 |
- result/valid/766956.xml | 0 |
| 661 |
- result/valid/766956.xml.err | 9 +++++++++ |
| 662 |
- result/valid/766956.xml.err.rdr | 10 ++++++++++ |
| 663 |
- runtest.c | 3 +++ |
| 664 |
- test/errors10/781205.xml | 3 +++ |
| 665 |
- test/errors10/781361.xml | 3 +++ |
| 666 |
- test/valid/766956.xml | 2 ++ |
| 667 |
- test/valid/dtds/766956.dtd | 2 ++ |
| 668 |
- 14 files changed, 94 insertions(+), 8 deletions(-) |
| 669 |
- create mode 100644 result/errors10/781205.xml |
| 670 |
- create mode 100644 result/errors10/781205.xml.err |
| 671 |
- create mode 100644 result/errors10/781361.xml |
| 672 |
- create mode 100644 result/errors10/781361.xml.err |
| 673 |
- create mode 100644 result/valid/766956.xml |
| 674 |
- create mode 100644 result/valid/766956.xml.err |
| 675 |
- create mode 100644 result/valid/766956.xml.err.rdr |
| 676 |
- create mode 100644 test/errors10/781205.xml |
| 677 |
- create mode 100644 test/errors10/781361.xml |
| 678 |
- create mode 100644 test/valid/766956.xml |
| 679 |
- create mode 100644 test/valid/dtds/766956.dtd |
| 680 |
- |
| 681 |
-diff --git a/Makefile.am b/Makefile.am |
| 682 |
-index 3b52bae7..bf20124e 100644 |
| 683 |
---- a/Makefile.am |
| 684 |
-+++ b/Makefile.am |
| 685 |
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT) |
| 686 |
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \ |
| 687 |
- rm result.$$name error.$$name ; \ |
| 688 |
- fi ; fi ; done) |
| 689 |
-+ @echo "## Error cases regression tests (old 1.0)" |
| 690 |
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ |
| 691 |
-+ name=`basename $$i`; \ |
| 692 |
-+ if [ ! -d $$i ] ; then \ |
| 693 |
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ |
| 694 |
-+ echo New test file $$name ; \ |
| 695 |
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ |
| 696 |
-+ 2> $(srcdir)/result/errors10/$$name.err \ |
| 697 |
-+ > $(srcdir)/result/errors10/$$name ; \ |
| 698 |
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ |
| 699 |
-+ else \ |
| 700 |
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ |
| 701 |
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ |
| 702 |
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ |
| 703 |
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ |
| 704 |
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ |
| 705 |
-+ rm result.$$name error.$$name ; \ |
| 706 |
-+ fi ; fi ; done) |
| 707 |
- @echo "## Error cases stream regression tests" |
| 708 |
- -@(for i in $(srcdir)/test/errors/*.xml ; do \ |
| 709 |
- name=`basename $$i`; \ |
| 710 |
-diff --git a/parser.c b/parser.c |
| 711 |
-index 53a6b7f0..b832406a 100644 |
| 712 |
---- a/parser.c |
| 713 |
-+++ b/parser.c |
| 714 |
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { |
| 715 |
- ctxt->input->line++; ctxt->input->col = 1; \ |
| 716 |
- } else ctxt->input->col++; \ |
| 717 |
- ctxt->input->cur += l; \ |
| 718 |
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ |
| 719 |
- } while (0) |
| 720 |
- |
| 721 |
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) |
| 722 |
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { |
| 723 |
- len += l; |
| 724 |
- NEXTL(l); |
| 725 |
- c = CUR_CHAR(l); |
| 726 |
-- if (c == 0) { |
| 727 |
-- count = 0; |
| 728 |
-- GROW; |
| 729 |
-- if (ctxt->instate == XML_PARSER_EOF) |
| 730 |
-- return(NULL); |
| 731 |
-- c = CUR_CHAR(l); |
| 732 |
-- } |
| 733 |
- } |
| 734 |
- } |
| 735 |
- if ((len > XML_MAX_NAME_LENGTH) && |
| 736 |
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { |
| 737 |
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); |
| 738 |
- return(NULL); |
| 739 |
- } |
| 740 |
-+ if (ctxt->input->cur - ctxt->input->base < len) { |
| 741 |
-+ /* |
| 742 |
-+ * There were a couple of bugs where PERefs lead to to a change |
| 743 |
-+ * of the buffer. Check the buffer size to avoid passing an invalid |
| 744 |
-+ * pointer to xmlDictLookup. |
| 745 |
-+ */ |
| 746 |
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, |
| 747 |
-+ "unexpected change of input buffer"); |
| 748 |
-+ return (NULL); |
| 749 |
-+ } |
| 750 |
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) |
| 751 |
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); |
| 752 |
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); |
| 753 |
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml |
| 754 |
-new file mode 100644 |
| 755 |
-index 00000000..e69de29b |
| 756 |
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err |
| 757 |
-new file mode 100644 |
| 758 |
-index 00000000..da15c3f7 |
| 759 |
---- /dev/null |
| 760 |
-+++ b/result/errors10/781205.xml.err |
| 761 |
-@@ -0,0 +1,21 @@ |
| 762 |
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration |
| 763 |
-+ |
| 764 |
-+ %a; |
| 765 |
-+ ^ |
| 766 |
-+Entity: line 1: |
| 767 |
-+<:0000 |
| 768 |
-+^ |
| 769 |
-+Entity: line 1: parser error : DOCTYPE improperly terminated |
| 770 |
-+ %a; |
| 771 |
-+ ^ |
| 772 |
-+Entity: line 1: |
| 773 |
-+<:0000 |
| 774 |
-+^ |
| 775 |
-+namespace error : Failed to parse QName ':0000' |
| 776 |
-+ %a; |
| 777 |
-+ ^ |
| 778 |
-+<:0000 |
| 779 |
-+ ^ |
| 780 |
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 |
| 781 |
-+ |
| 782 |
-+^ |
| 783 |
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml |
| 784 |
-new file mode 100644 |
| 785 |
-index 00000000..e69de29b |
| 786 |
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err |
| 787 |
-new file mode 100644 |
| 788 |
-index 00000000..655f41a2 |
| 789 |
---- /dev/null |
| 790 |
-+++ b/result/errors10/781361.xml.err |
| 791 |
-@@ -0,0 +1,13 @@ |
| 792 |
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected |
| 793 |
-+ |
| 794 |
-+^ |
| 795 |
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration |
| 796 |
-+ |
| 797 |
-+ |
| 798 |
-+^ |
| 799 |
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated |
| 800 |
-+ |
| 801 |
-+^ |
| 802 |
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found |
| 803 |
-+ |
| 804 |
-+^ |
| 805 |
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml |
| 806 |
-new file mode 100644 |
| 807 |
-index 00000000..e69de29b |
| 808 |
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err |
| 809 |
-new file mode 100644 |
| 810 |
-index 00000000..34b1dae6 |
| 811 |
---- /dev/null |
| 812 |
-+++ b/result/valid/766956.xml.err |
| 813 |
-@@ -0,0 +1,9 @@ |
| 814 |
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' |
| 815 |
-+%ä%ent; |
| 816 |
-+ ^ |
| 817 |
-+Entity: line 1: parser error : Content error in the external subset |
| 818 |
-+ %ent; |
| 819 |
-+ ^ |
| 820 |
-+Entity: line 1: |
| 821 |
-+value |
| 822 |
-+^ |
| 823 |
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr |
| 824 |
-new file mode 100644 |
| 825 |
-index 00000000..77603462 |
| 826 |
---- /dev/null |
| 827 |
-+++ b/result/valid/766956.xml.err.rdr |
| 828 |
-@@ -0,0 +1,10 @@ |
| 829 |
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' |
| 830 |
-+%ä%ent; |
| 831 |
-+ ^ |
| 832 |
-+Entity: line 1: parser error : Content error in the external subset |
| 833 |
-+ %ent; |
| 834 |
-+ ^ |
| 835 |
-+Entity: line 1: |
| 836 |
-+value |
| 837 |
-+^ |
| 838 |
-+./test/valid/766956.xml : failed to parse |
| 839 |
-diff --git a/runtest.c b/runtest.c |
| 840 |
-index 7d030bdc..cd233da9 100644 |
| 841 |
---- a/runtest.c |
| 842 |
-+++ b/runtest.c |
| 843 |
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = { |
| 844 |
- { "Error cases regression tests", |
| 845 |
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err", |
| 846 |
- 0 }, |
| 847 |
-+ { "Error cases regression tests (old 1.0)", |
| 848 |
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err", |
| 849 |
-+ XML_PARSE_OLD10 }, |
| 850 |
- #ifdef LIBXML_READER_ENABLED |
| 851 |
- { "Error cases stream regression tests", |
| 852 |
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str", |
| 853 |
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml |
| 854 |
-new file mode 100644 |
| 855 |
-index 00000000..d9e9e839 |
| 856 |
---- /dev/null |
| 857 |
-+++ b/test/errors10/781205.xml |
| 858 |
-@@ -0,0 +1,3 @@ |
| 859 |
-+<!DOCTYPE D [ |
| 860 |
-+ <!ENTITY % a "<:0000"> |
| 861 |
-+ %a; |
| 862 |
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml |
| 863 |
-new file mode 100644 |
| 864 |
-index 00000000..67476bcb |
| 865 |
---- /dev/null |
| 866 |
-+++ b/test/errors10/781361.xml |
| 867 |
-@@ -0,0 +1,3 @@ |
| 868 |
-+<!DOCTYPE doc [ |
| 869 |
-+ <!ENTITY % elem "<!ELEMENT e0000000000"> |
| 870 |
-+ %elem; |
| 871 |
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml |
| 872 |
-new file mode 100644 |
| 873 |
-index 00000000..19a95a0e |
| 874 |
---- /dev/null |
| 875 |
-+++ b/test/valid/766956.xml |
| 876 |
-@@ -0,0 +1,2 @@ |
| 877 |
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> |
| 878 |
-+<test/> |
| 879 |
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd |
| 880 |
-new file mode 100644 |
| 881 |
-index 00000000..dddde68b |
| 882 |
---- /dev/null |
| 883 |
-+++ b/test/valid/dtds/766956.dtd |
| 884 |
-@@ -0,0 +1,2 @@ |
| 885 |
-+<!ENTITY % ent "value"> |
| 886 |
-+%ä%ent; |
| 887 |
--- |
| 888 |
-2.14.1 |
| 889 |
- |
| 890 |
|
| 891 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch b/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch |
| 892 |
deleted file mode 100644 |
| 893 |
index 224d60ff052..00000000000 |
| 894 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-fix-root-node-cmp.patch |
| 895 |
+++ /dev/null |
| 896 |
@@ -1,34 +0,0 @@ |
| 897 |
-From a1fb9a4f511d89f0738b62cabd6d92bfd9eb94a9 Mon Sep 17 00:00:00 2001 |
| 898 |
-From: Nick Wellnhofer <wellnhofer@×××××.de> |
| 899 |
-Date: Tue, 28 Jun 2016 14:19:58 +0200 |
| 900 |
-Subject: [PATCH 3/3] Fix comparison with root node in xmlXPathCmpNodes |
| 901 |
- |
| 902 |
-This change has already been made in xmlXPathCmpNodesExt but not in |
| 903 |
-xmlXPathCmpNodes. |
| 904 |
---- |
| 905 |
- xpath.c | 4 ++-- |
| 906 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
| 907 |
- |
| 908 |
-diff --git a/xpath.c b/xpath.c |
| 909 |
-index 67afbca5..5a01b1b3 100644 |
| 910 |
---- a/xpath.c |
| 911 |
-+++ b/xpath.c |
| 912 |
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { |
| 913 |
- * compute depth to root |
| 914 |
- */ |
| 915 |
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { |
| 916 |
-- if (cur == node1) |
| 917 |
-+ if (cur->parent == node1) |
| 918 |
- return(1); |
| 919 |
- depth2++; |
| 920 |
- } |
| 921 |
- root = cur; |
| 922 |
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { |
| 923 |
-- if (cur == node2) |
| 924 |
-+ if (cur->parent == node2) |
| 925 |
- return(-1); |
| 926 |
- depth1++; |
| 927 |
- } |
| 928 |
--- |
| 929 |
-2.14.1 |
| 930 |
- |
| 931 |
|
| 932 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch |
| 933 |
deleted file mode 100644 |
| 934 |
index 770a1832b19..00000000000 |
| 935 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch |
| 936 |
+++ /dev/null |
| 937 |
@@ -1,32 +0,0 @@ |
| 938 |
-From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001 |
| 939 |
-From: David Kilzer <ddkilzer@×××××.com> |
| 940 |
-Date: Tue, 4 Jul 2017 18:38:03 +0200 |
| 941 |
-Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in |
| 942 |
- xmlFAParsePosCharGroup |
| 943 |
- |
| 944 |
-Credit to OSS-Fuzz. |
| 945 |
- |
| 946 |
-Add a check to xmlFAParseCharRange() for the end of the buffer |
| 947 |
-to prevent reading past the end of it. |
| 948 |
- |
| 949 |
-This fixes Bug 784017. |
| 950 |
---- |
| 951 |
- xmlregexp.c | 2 +- |
| 952 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
| 953 |
- |
| 954 |
-diff --git a/xmlregexp.c b/xmlregexp.c |
| 955 |
-index ca3b4f46..6676c2a8 100644 |
| 956 |
---- a/xmlregexp.c |
| 957 |
-+++ b/xmlregexp.c |
| 958 |
-@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) { |
| 959 |
- return; |
| 960 |
- } |
| 961 |
- len = 1; |
| 962 |
-- } else if ((cur != 0x5B) && (cur != 0x5D)) { |
| 963 |
-+ } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) { |
| 964 |
- end = CUR_SCHAR(ctxt->cur, len); |
| 965 |
- } else { |
| 966 |
- ERROR("Expecting the end of a char range"); |
| 967 |
--- |
| 968 |
-2.14.1 |
| 969 |
- |
| 970 |
|
| 971 |
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch b/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch |
| 972 |
deleted file mode 100644 |
| 973 |
index 9d1a03346f6..00000000000 |
| 974 |
--- a/dev-libs/libxml2/files/libxml2-2.9.4-osd-validation.patch |
| 975 |
+++ /dev/null |
| 976 |
@@ -1,66 +0,0 @@ |
| 977 |
-From 8bc6baccc7da291c2338b8d95953ea487b0b3ca1 Mon Sep 17 00:00:00 2001 |
| 978 |
-From: Alex Henrie <alexhenrie24@×××××.com> |
| 979 |
-Date: Thu, 26 May 2016 17:38:35 -0600 |
| 980 |
-Subject: [PATCH 2/7] Fix attribute decoding during XML schema validation |
| 981 |
- |
| 982 |
-For https://bugzilla.gnome.org/show_bug.cgi?id=766834 |
| 983 |
- |
| 984 |
-vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs, |
| 985 |
-so this function can't call xmlStringLenDecodeEntities to decode the |
| 986 |
-entities. |
| 987 |
---- |
| 988 |
- xmlschemas.c | 30 +++++++++++++++++++++++++----- |
| 989 |
- 1 file changed, 25 insertions(+), 5 deletions(-) |
| 990 |
- |
| 991 |
-diff --git a/xmlschemas.c b/xmlschemas.c |
| 992 |
-index e1b3a4f0..59535e5c 100644 |
| 993 |
---- a/xmlschemas.c |
| 994 |
-+++ b/xmlschemas.c |
| 995 |
-@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx, |
| 996 |
- * attributes yet. |
| 997 |
- */ |
| 998 |
- if (nb_attributes != 0) { |
| 999 |
-+ int valueLen, k, l; |
| 1000 |
- xmlChar *value; |
| 1001 |
- |
| 1002 |
- for (j = 0, i = 0; i < nb_attributes; i++, j += 5) { |
| 1003 |
-@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx, |
| 1004 |
- * libxml2 differs from normal SAX here in that it escapes all ampersands |
| 1005 |
- * as & instead of delivering the raw converted string. Changing the |
| 1006 |
- * behavior at this point would break applications that use this API, so |
| 1007 |
-- * we are forced to work around it. There is no danger of accidentally |
| 1008 |
-- * decoding some entity other than & in this step because without |
| 1009 |
-- * unescaped ampersands there can be no other entities in the string. |
| 1010 |
-+ * we are forced to work around it. |
| 1011 |
- */ |
| 1012 |
-- value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3], |
| 1013 |
-- attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0); |
| 1014 |
-+ valueLen = attributes[j+4] - attributes[j+3]; |
| 1015 |
-+ value = xmlMallocAtomic(valueLen + 1); |
| 1016 |
-+ if (value == NULL) { |
| 1017 |
-+ xmlSchemaVErrMemory(vctxt, |
| 1018 |
-+ "allocating string for decoded attribute", |
| 1019 |
-+ NULL); |
| 1020 |
-+ goto internal_error; |
| 1021 |
-+ } |
| 1022 |
-+ for (k = 0, l = 0; k < valueLen; l++) { |
| 1023 |
-+ if (k < valueLen - 4 && |
| 1024 |
-+ attributes[j+3][k+0] == '&' && |
| 1025 |
-+ attributes[j+3][k+1] == '#' && |
| 1026 |
-+ attributes[j+3][k+2] == '3' && |
| 1027 |
-+ attributes[j+3][k+3] == '8' && |
| 1028 |
-+ attributes[j+3][k+4] == ';') { |
| 1029 |
-+ value[l] = '&'; |
| 1030 |
-+ k += 5; |
| 1031 |
-+ } else { |
| 1032 |
-+ value[l] = attributes[j+3][k]; |
| 1033 |
-+ k++; |
| 1034 |
-+ } |
| 1035 |
-+ } |
| 1036 |
-+ value[l] = '\0'; |
| 1037 |
- /* |
| 1038 |
- * TODO: Set the node line. |
| 1039 |
- */ |
| 1040 |
--- |
| 1041 |
-2.14.1 |
| 1042 |
- |
Archives