rpms/mingw32-libxml2/devel libxml2-2.7.3-ficora-parse.patch, NONE, 1.1 mingw32-libxml2.spec, 1.6, 1.7
by Daniel Veillard
Author: veillard
Update of /cvs/pkgs/rpms/mingw32-libxml2/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13514
Modified Files:
mingw32-libxml2.spec
Added Files:
libxml2-2.7.3-ficora-parse.patch
Log Message:
- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
Daniel
libxml2-2.7.3-ficora-parse.patch:
parser.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 67 insertions(+), 12 deletions(-)
--- NEW FILE libxml2-2.7.3-ficora-parse.patch ---
diff --git a/parser.c b/parser.c
index a476060..b404722 100644
--- a/parser.c
+++ b/parser.c
@@ -5323,7 +5323,8 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
if (name == NULL) {
xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
"Name expected in NOTATION declaration\n");
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
tmp = ret;
while (tmp != NULL) {
@@ -5339,7 +5340,10 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
}
if (tmp == NULL) {
cur = xmlCreateEnumeration(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -5350,9 +5354,8 @@ xmlParseNotationType(xmlParserCtxtPtr ctxt) {
} while (RAW == '|');
if (RAW != ')') {
xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
- if ((last != NULL) && (last != ret))
- xmlFreeEnumeration(last);
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
NEXT;
return(ret);
@@ -5407,7 +5410,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr ctxt) {
cur = xmlCreateEnumeration(name);
if (!xmlDictOwns(ctxt->dict, name))
xmlFree(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -5775,9 +5781,10 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
}
/**
- * xmlParseElementChildrenContentDecl:
+ * xmlParseElementChildrenContentDeclPriv:
* @ctxt: an XML parser context
* @inputchk: the input used for the current entity, needed for boundary checks
+ * @depth: the level of recursion
*
* parse the declaration for a Mixed Element content
* The leading '(' and spaces have been skipped in xmlParseElementContentDecl
@@ -5805,12 +5812,20 @@ xmlParseElementMixedContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
* Returns the tree of xmlElementContentPtr describing the element
* hierarchy.
*/
-xmlElementContentPtr
-xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
+static xmlElementContentPtr
+xmlParseElementChildrenContentDeclPriv(xmlParserCtxtPtr ctxt, int inputchk,
+ int depth) {
xmlElementContentPtr ret = NULL, cur = NULL, last = NULL, op = NULL;
const xmlChar *elem;
xmlChar type = 0;
+ if (((depth > 128) && ((ctxt->options & XML_PARSE_HUGE) == 0)) ||
+ (depth > 2048)) {
+ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
+"xmlParseElementChildrenContentDecl : depth %d too deep, use XML_PARSE_HUGE\n",
+ depth);
+ return(NULL);
+ }
SKIP_BLANKS;
GROW;
if (RAW == '(') {
@@ -5819,7 +5834,8 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
/* Recurse on first child */
NEXT;
SKIP_BLANKS;
- cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ cur = ret = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
SKIP_BLANKS;
GROW;
} else {
@@ -5951,7 +5967,8 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
/* Recurse on second child */
NEXT;
SKIP_BLANKS;
- last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ last = xmlParseElementChildrenContentDeclPriv(ctxt, inputid,
+ depth + 1);
SKIP_BLANKS;
} else {
elem = xmlParseName(ctxt);
@@ -6062,6 +6079,44 @@ xmlParseElementChildrenContentDecl (xmlParserCtxtPtr ctxt, int inputchk) {
}
/**
+ *
+ * xmlParseElementChildrenContentDecl:
+ * @ctxt: an XML parser context
+ * @inputchk: the input used for the current entity, needed for boundary checks
+ * @depth: the level of recursion
+ *
+ * parse the declaration for a Mixed Element content
+ * The leading '(' and spaces have been skipped in xmlParseElementContentDecl
+ *
+ * [47] children ::= (choice | seq) ('?' | '*' | '+')?
+ *
+ * [48] cp ::= (Name | choice | seq) ('?' | '*' | '+')?
+ *
+ * [49] choice ::= '(' S? cp ( S? '|' S? cp )* S? ')'
+ *
+ * [50] seq ::= '(' S? cp ( S? ',' S? cp )* S? ')'
+ *
+ * [ VC: Proper Group/PE Nesting ] applies to [49] and [50]
+ * TODO Parameter-entity replacement text must be properly nested
+ * with parenthesized groups. That is to say, if either of the
+ * opening or closing parentheses in a choice, seq, or Mixed
+ * construct is contained in the replacement text for a parameter
+ * entity, both must be contained in the same replacement text. For
+ * interoperability, if a parameter-entity reference appears in a
+ * choice, seq, or Mixed construct, its replacement text should not
+ * be empty, and neither the first nor last non-blank character of
+ * the replacement text should be a connector (| or ,).
+ *
+ * Returns the tree of xmlElementContentPtr describing the element
+ * hierarchy.
+ */
+xmlElementContentPtr
+xmlParseElementChildrenContentDecl(xmlParserCtxtPtr ctxt, int inputchk) {
+ /* stub left for API/ABI compat */
+ return(xmlParseElementChildrenContentDeclPriv(ctxt, inputchk, 1));
+}
+
+/**
* xmlParseElementContentDecl:
* @ctxt: an XML parser context
* @name: the name of the element being defined.
@@ -6097,7 +6152,7 @@ xmlParseElementContentDecl(xmlParserCtxtPtr ctxt, const xmlChar *name,
tree = xmlParseElementMixedContentDecl(ctxt, inputid);
res = XML_ELEMENT_TYPE_MIXED;
} else {
- tree = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ tree = xmlParseElementChildrenContentDeclPriv(ctxt, inputid, 1);
res = XML_ELEMENT_TYPE_ELEMENT;
}
SKIP_BLANKS;
Index: mingw32-libxml2.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libxml2/devel/mingw32-libxml2.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- mingw32-libxml2.spec 25 Jul 2009 14:26:09 -0000 1.6
+++ mingw32-libxml2.spec 10 Aug 2009 16:16:23 -0000 1.7
@@ -17,6 +17,7 @@ BuildRoot: %{_tmppath}/%{name}-%{ve
# Not required for MinGW.
#Patch0: libxml2-multilib.patch
+Patch1: libxml2-2.7.3-ficora-parse.patch
# MinGW-specific patches.
Patch1000: mingw32-libxml2-2.7.2-with-modules.patch
@@ -54,6 +55,8 @@ Static version of the MinGW Windows XML
%prep
%setup -q -n libxml2-%{version}
+%patch1 -p1
+
%patch1000 -p1
%patch1001 -p0
@@ -126,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mingw32_libdir}/libxml2.a
%changelog
+* Mon Aug 10 2009 Daniel Veillard <veillard(a)redhat.com> - 2.7.3-3
+- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
14 years, 8 months
mingw32-ncompress spec and patches
by Michael Cronenworth
This is a data dump only. Sorry I can't be of more help and actually be
a packager.
The existing patch #7 from the Fedora SRPM was made incorrectly (used
post-patch source instead of original source). I've corrected that.
Spec and three patches are attached. I doubt the spec meets Fedora's
guidelines, but it should be close.
The only caveat is that the program doesn't interpret argv[0] correctly
and I haven't spent the time investigating why. You can use
"compress.exe -d" to uncompress as I've left out uncompress.exe since it
functions the same as compress.exe.
Mike
14 years, 8 months
[Bug 502689] Review Request: mingw32-cppunit - C++ unit testing framework
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=502689
Kalev Lember <kalev(a)smartlink.ee> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |kalev(a)smartlink.ee
Alias|cppunit |mingw32-cppunit
Flag| |fedora-review?
--- Comment #1 from Kalev Lember <kalev(a)smartlink.ee> 2009-08-02 13:15:06 EDT ---
Taking for review.
Some initial notes:
! Building the package fails in mock because of
missing BuildRequires mingw32-gcc-c++
! If doxygen is present in build host, building fails with:
error: Installed (but unpackaged) file(s) found:
/usr/i686-pc-mingw32/sys-root/mingw/share/doc/cppunit/FAQ
/usr/i686-pc-mingw32/sys-root/mingw/share/doc/cppunit/_additional_message_8cpp.html
/usr/i686-pc-mingw32/sys-root/mingw/share/doc/cppunit/_additional_message_8cpp__incl.map
<snip>
Please use explicit --disable-doxygen configure option to prevent that.
! cppunit-config.1 duplicates documentation of native cppunit package. As per
Fedora MinGW packaging guidelines[1], those man pages that are duplicates of
the ones found in native packages should be removed.
! rpmlint output:
$ rpmlint mingw32-cppunit-1.12.1-1.fc12.src.rpm
mingw32-cppunit-1.12.1-1.fc12.noarch.rpm
mingw32-cppunit.noarch: W: manpage-not-compressed-with-gzip
/usr/i686-pc-mingw32/sys-root/mingw/share/man/man1/cppunit-config.1
2 packages and 0 specfiles checked; 0 errors, 1 warnings.
That warning will go away if you remove cppunit-config.1 man page as discussed
above.
! All DLLs in %files section should be listed separately as per Fedora MinGW
packaging guidelines
! Fedora Packaging Guidelines prefer %global macro instead of %define. [2]
! description says:
MinGW Windows cppunit compression library.
It's not really a compression library, is it?
Also consider changing description from:
C++ unit testing framework
to:
MinGW Windows C++ unit testing framework
to better match other Fedora MinGW packages.
[1] http://fedoraproject.org/wiki/Packaging/MinGW
[2]
https://fedoraproject.org/wiki/Packaging:Guidelines#.25global_preferred_o...
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
14 years, 8 months
