Change-Id: I4769bb18a83e8843d33f6489c8318d243dfaa5a3
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4070
Reviewed-by: Sharath George
Tested-by: Sharath George
1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,14 +0,0 @@ |
1 |
-diff -dupr a/parser.c b/parser.c |
|
2 |
-+++ b/parser.c 2017-08-09 16:30:55.562343926 -0700 |
|
3 |
-@@ -12714,6 +12714,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) { |
|
4 |
- } |
|
5 |
- ctxt->input->cur = BAD_CAST""; |
|
6 |
- ctxt->input->base = ctxt->input->cur; |
|
7 |
-+ if (ctxt->input->buf) { |
|
8 |
-+ xmlBufEmpty (ctxt->input->buf->buffer); |
|
9 |
-+ } else |
|
10 |
-+ ctxt->input->length = 0; |
|
11 |
- } |
|
12 |
- } |
|
13 |
- |
14 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,177 +0,0 @@ |
1 |
-diff --git a/elfgcchack.h b/elfgcchack.h |
|
2 |
-index 8c52884..1b81dcd 100644 |
|
3 |
-+++ b/elfgcchack.h |
|
4 |
-@@ -6547,6 +6547,16 @@ extern __typeof (xmlNoNetExternalEntityLoader) xmlNoNetExternalEntityLoader__int |
|
5 |
- #endif |
|
6 |
- #endif |
|
7 |
- |
|
8 |
-+#ifdef bottom_xmlIO |
|
9 |
-+#undef xmlNoXxeExternalEntityLoader |
|
10 |
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader __attribute((alias("xmlNoXxeExternalEntityLoader__internal_alias"))); |
|
11 |
-+#else |
|
12 |
-+#ifndef xmlNoXxeExternalEntityLoader |
|
13 |
-+extern __typeof (xmlNoXxeExternalEntityLoader) xmlNoXxeExternalEntityLoader__internal_alias __attribute((visibility("hidden"))); |
|
14 |
-+#define xmlNoXxeExternalEntityLoader xmlNoXxeExternalEntityLoader__internal_alias |
|
15 |
-+#endif |
|
16 |
-+#endif |
|
17 |
-+ |
|
18 |
- #ifdef bottom_tree |
|
19 |
- #undef xmlNodeAddContent |
|
20 |
- extern __typeof (xmlNodeAddContent) xmlNodeAddContent __attribute((alias("xmlNodeAddContent__internal_alias"))); |
|
21 |
-diff --git a/include/libxml/parser.h b/include/libxml/parser.h |
|
22 |
-index 47fbec0..4cced91 100644 |
|
23 |
-+++ b/include/libxml/parser.h |
|
24 |
-@@ -1111,7 +1111,8 @@ typedef enum { |
|
25 |
- XML_PARSE_HUGE = 1<<19,/* relax any hardcoded limit from the parser */ |
|
26 |
- XML_PARSE_OLDSAX = 1<<20,/* parse using SAX2 interface before 2.7.0 */ |
|
27 |
- XML_PARSE_IGNORE_ENC= 1<<21,/* ignore internal document encoding hint */ |
|
28 |
-- XML_PARSE_BIG_LINES = 1<<22 /* Store big lines numbers in text PSVI field */ |
|
29 |
-+ XML_PARSE_BIG_LINES = 1<<22,/* Store big lines numbers in text PSVI field */ |
|
30 |
-+ XML_PARSE_NOXXE = 1<<23 /* Forbid any external entity substitution */ |
|
31 |
- } xmlParserOption; |
|
32 |
- |
|
33 |
- XMLPUBFUN void XMLCALL |
|
34 |
-diff --git a/include/libxml/xmlIO.h b/include/libxml/xmlIO.h |
|
35 |
-index 3e41744..8d3fdef 100644 |
|
36 |
-+++ b/include/libxml/xmlIO.h |
|
37 |
-@@ -300,6 +300,14 @@ XMLPUBFUN xmlParserInputPtr XMLCALL |
|
38 |
- xmlParserCtxtPtr ctxt); |
|
39 |
- |
|
40 |
- /* |
|
41 |
-+ * A predefined entity loader external entity expansion |
|
42 |
-+ */ |
|
43 |
-+XMLPUBFUN xmlParserInputPtr XMLCALL |
|
44 |
-+ xmlNoXxeExternalEntityLoader (const char *URL, |
|
45 |
-+ const char *ID, |
|
46 |
-+ xmlParserCtxtPtr ctxt); |
|
47 |
-+ |
|
48 |
-+/* |
|
49 |
- * xmlNormalizeWindowsPath is obsolete, don't use it. |
|
50 |
- * Check xmlCanonicPath in uri.h for a better alternative. |
|
51 |
- */ |
|
52 |
-diff --git a/include/libxml/xmlerror.h b/include/libxml/xmlerror.h |
|
53 |
-index 037c16d..3036062 100644 |
|
54 |
-+++ b/include/libxml/xmlerror.h |
|
55 |
-@@ -470,6 +470,7 @@ typedef enum { |
|
56 |
- XML_IO_EADDRINUSE, /* 1554 */ |
|
57 |
- XML_IO_EALREADY, /* 1555 */ |
|
58 |
- XML_IO_EAFNOSUPPORT, /* 1556 */ |
|
59 |
-+ XML_IO_ILLEGAL_XXE, /* 1557 */ |
|
60 |
- XML_XINCLUDE_RECURSION=1600, |
|
61 |
- XML_XINCLUDE_PARSE_VALUE, /* 1601 */ |
|
62 |
- XML_XINCLUDE_ENTITY_DEF_MISMATCH, /* 1602 */ |
|
63 |
-diff --git a/parser.c b/parser.c |
|
64 |
-index 53a6b7f..5220bd1 100644 |
|
65 |
-+++ b/parser.c |
|
66 |
-@@ -15350,6 +15350,10 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi |
|
67 |
- ctxt->options |= XML_PARSE_NONET; |
|
68 |
- options -= XML_PARSE_NONET; |
|
69 |
- } |
|
70 |
-+ if (options & XML_PARSE_NOXXE) { |
|
71 |
-+ ctxt->options |= XML_PARSE_NOXXE; |
|
72 |
-+ options -= XML_PARSE_NOXXE; |
|
73 |
-+ } |
|
74 |
- if (options & XML_PARSE_COMPACT) { |
|
75 |
- ctxt->options |= XML_PARSE_COMPACT; |
|
76 |
- options -= XML_PARSE_COMPACT; |
|
77 |
-diff --git a/xmlIO.c b/xmlIO.c |
|
78 |
-index 300ee47..7d3d142 100644 |
|
79 |
-+++ b/xmlIO.c |
|
80 |
-@@ -210,6 +210,7 @@ static const char *IOerr[] = { |
|
81 |
- "adddress in use", /* EADDRINUSE */ |
|
82 |
- "already in use", /* EALREADY */ |
|
83 |
- "unknown address familly", /* EAFNOSUPPORT */ |
|
84 |
-+ "Attempt to load external entity %s", /* XML_IO_ILLEGAL_XXE */ |
|
85 |
- }; |
|
86 |
- |
|
87 |
- #if defined(_WIN32) || defined (__DJGPP__) && !defined (__CYGWIN__) |
|
88 |
-@@ -4053,13 +4054,22 @@ xmlDefaultExternalEntityLoader(const char *URL, const char *ID, |
|
89 |
- xmlGenericError(xmlGenericErrorContext, |
|
90 |
- "xmlDefaultExternalEntityLoader(%s, xxx)\n", URL); |
|
91 |
- #endif |
|
92 |
-- if ((ctxt != NULL) && (ctxt->options & XML_PARSE_NONET)) { |
|
93 |
-+ if (ctxt != NULL) { |
|
94 |
- int options = ctxt->options; |
|
95 |
- |
|
96 |
-- ctxt->options -= XML_PARSE_NONET; |
|
97 |
-- ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
|
98 |
-- ctxt->options = options; |
|
99 |
-- return(ret); |
|
100 |
-+ if (options & XML_PARSE_NOXXE) { |
|
101 |
-+ ctxt->options -= XML_PARSE_NOXXE; |
|
102 |
-+ ret = xmlNoXxeExternalEntityLoader(URL, ID, ctxt); |
|
103 |
-+ ctxt->options = options; |
|
104 |
-+ return(ret); |
|
105 |
-+ } |
|
106 |
-+ |
|
107 |
-+ if (options & XML_PARSE_NONET) { |
|
108 |
-+ ctxt->options -= XML_PARSE_NONET; |
|
109 |
-+ ret = xmlNoNetExternalEntityLoader(URL, ID, ctxt); |
|
110 |
-+ ctxt->options = options; |
|
111 |
-+ return(ret); |
|
112 |
-+ } |
|
113 |
- } |
|
114 |
- #ifdef LIBXML_CATALOG_ENABLED |
|
115 |
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
|
116 |
-@@ -4160,6 +4170,13 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
|
117 |
- xmlParserInputPtr input = NULL; |
|
118 |
- xmlChar *resource = NULL; |
|
119 |
- |
|
120 |
-+ if (ctxt == NULL) { |
|
121 |
-+ return(NULL); |
|
122 |
-+ } |
|
123 |
-+ if (ctxt->input_id == 1) { |
|
124 |
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
|
125 |
-+ } |
|
126 |
-+ |
|
127 |
- #ifdef LIBXML_CATALOG_ENABLED |
|
128 |
- resource = xmlResolveResourceFromCatalog(URL, ID, ctxt); |
|
129 |
- #endif |
|
130 |
-@@ -4182,5 +4199,18 @@ xmlNoNetExternalEntityLoader(const char *URL, const char *ID, |
|
131 |
- return(input); |
|
132 |
- } |
|
133 |
- |
|
134 |
-+xmlParserInputPtr |
|
135 |
-+xmlNoXxeExternalEntityLoader(const char *URL, const char *ID, |
|
136 |
-+ xmlParserCtxtPtr ctxt) { |
|
137 |
-+ if (ctxt == NULL) { |
|
138 |
-+ return(NULL); |
|
139 |
-+ } |
|
140 |
-+ if (ctxt->input_id == 1) { |
|
141 |
-+ return xmlDefaultExternalEntityLoader((const char *) URL, ID, ctxt); |
|
142 |
-+ } |
|
143 |
-+ xmlIOErr(XML_IO_ILLEGAL_XXE, (const char *) URL); |
|
144 |
-+ return(NULL); |
|
145 |
-+} |
|
146 |
-+ |
|
147 |
- #define bottom_xmlIO |
|
148 |
- #include "elfgcchack.h" |
|
149 |
-diff --git a/xmllint.c b/xmllint.c |
|
150 |
-index 67f7adb..2252cc0 100644 |
|
151 |
-+++ b/xmllint.c |
|
152 |
-@@ -3019,6 +3019,7 @@ static void usage(const char *name) { |
|
153 |
- printf("\t--path 'paths': provide a set of paths for resources\n"); |
|
154 |
- printf("\t--load-trace : print trace of all external entities loaded\n"); |
|
155 |
- printf("\t--nonet : refuse to fetch DTDs or entities over network\n"); |
|
156 |
-+ printf("\t--noxxe : forbid any external entity substitution\n"); |
|
157 |
- printf("\t--nocompact : do not generate compact text nodes\n"); |
|
158 |
- printf("\t--htmlout : output results as HTML\n"); |
|
159 |
- printf("\t--nowrap : do not put HTML doc wrapper\n"); |
|
160 |
-@@ -3461,6 +3462,10 @@ main(int argc, char **argv) { |
|
161 |
- (!strcmp(argv[i], "--nonet"))) { |
|
162 |
- options |= XML_PARSE_NONET; |
|
163 |
- xmlSetExternalEntityLoader(xmlNoNetExternalEntityLoader); |
|
164 |
-+ } else if ((!strcmp(argv[i], "-noxxe")) || |
|
165 |
-+ (!strcmp(argv[i], "--noxxe"))) { |
|
166 |
-+ options |= XML_PARSE_NOXXE; |
|
167 |
-+ xmlSetExternalEntityLoader(xmlNoXxeExternalEntityLoader); |
|
168 |
- } else if ((!strcmp(argv[i], "-nocompact")) || |
|
169 |
- (!strcmp(argv[i], "--nocompact"))) { |
|
170 |
- options &= ~XML_PARSE_COMPACT; |
171 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,171 +0,0 @@ |
1 |
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Wellnhofer <wellnhofer@aevum.de> |
|
3 |
-Date: Tue, 28 Jun 2016 14:22:23 +0200 |
|
4 |
-Subject: Fix XPointer paths beginning with range-to |
|
5 |
- |
|
6 |
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to |
|
7 |
-isn't really a function but a special kind of location step. Remove |
|
8 |
-this function and always handle range-to in the XPath code. |
|
9 |
- |
|
10 |
-The old xmlXPtrRangeToFunction could also be abused to trigger a |
|
11 |
-use-after-free error with the potential for remote code execution. |
|
12 |
- |
|
13 |
-Found with afl-fuzz. |
|
14 |
- |
|
15 |
-Fixes CVE-2016-5131. |
|
16 |
- result/XPath/xptr/vidbase | 13 ++++++++ |
|
17 |
- test/XPath/xptr/vidbase | 1 + |
|
18 |
- xpath.c | 7 ++++- |
|
19 |
- xpointer.c | 76 ++++------------------------------------------- |
|
20 |
- 4 files changed, 26 insertions(+), 71 deletions(-) |
|
21 |
- |
|
22 |
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase |
|
23 |
-index 8b9e92d..f19193e 100644 |
|
24 |
-+++ b/result/XPath/xptr/vidbase |
|
25 |
-@@ -17,3 +17,16 @@ Object is a Location Set: |
|
26 |
- To node |
|
27 |
- ELEMENT p |
|
28 |
- |
|
29 |
-+ |
|
30 |
-+======================== |
|
31 |
-+Expression: xpointer(range-to(id('chapter2'))) |
|
32 |
-+Object is a Location Set: |
|
33 |
-+1 : Object is a range : |
|
34 |
-+ From node |
|
35 |
-+ / |
|
36 |
-+ To node |
|
37 |
-+ ELEMENT chapter |
|
38 |
-+ ATTRIBUTE id |
|
39 |
-+ TEXT |
|
40 |
-+ content=chapter2 |
|
41 |
-+ |
|
42 |
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase |
|
43 |
-index b146383..884b106 100644 |
|
44 |
-+++ b/test/XPath/xptr/vidbase |
|
45 |
-@@ -1,2 +1,3 @@ |
|
46 |
- xpointer(id('chapter1')/p) |
|
47 |
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2])) |
|
48 |
-+xpointer(range-to(id('chapter2'))) |
|
49 |
-diff --git a/xpath.c b/xpath.c |
|
50 |
-index d992841..5a01b1b 100644 |
|
51 |
-+++ b/xpath.c |
|
52 |
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) { |
|
53 |
- lc = 1; |
|
54 |
- break; |
|
55 |
- } else if ((NXT(len) == '(')) { |
|
56 |
-- /* Note Type or Function */ |
|
57 |
-+ /* Node Type or Function */ |
|
58 |
- if (xmlXPathIsNodeType(name)) { |
|
59 |
- #ifdef DEBUG_STEP |
|
60 |
- xmlGenericError(xmlGenericErrorContext, |
|
61 |
- "PathExpr: Type search\n"); |
|
62 |
- #endif |
|
63 |
- lc = 1; |
|
64 |
-+#ifdef LIBXML_XPTR_ENABLED |
|
65 |
-+ } else if (ctxt->xptr && |
|
66 |
-+ xmlStrEqual(name, BAD_CAST "range-to")) { |
|
67 |
-+ lc = 1; |
|
68 |
-+#endif |
|
69 |
- } else { |
|
70 |
- #ifdef DEBUG_STEP |
|
71 |
- xmlGenericError(xmlGenericErrorContext, |
|
72 |
-diff --git a/xpointer.c b/xpointer.c |
|
73 |
-index 676c510..d74174a 100644 |
|
74 |
-+++ b/xpointer.c |
|
75 |
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) { |
|
76 |
- ret->here = here; |
|
77 |
- ret->origin = origin; |
|
78 |
- |
|
79 |
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to", |
|
80 |
-- xmlXPtrRangeToFunction); |
|
81 |
- xmlXPathRegisterFunc(ret, (xmlChar *)"range", |
|
82 |
- xmlXPtrRangeFunction); |
|
83 |
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside", |
|
84 |
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) { |
|
85 |
- * @nargs: the number of args |
|
86 |
- * |
|
87 |
- * Implement the range-to() XPointer function |
|
88 |
-+ * |
|
89 |
-+ * Obsolete. range-to is not a real function but a special type of location |
|
90 |
-+ * step which is handled in xpath.c. |
|
91 |
- */ |
|
92 |
- void |
|
93 |
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) { |
|
94 |
-- xmlXPathObjectPtr range; |
|
95 |
-- const xmlChar *cur; |
|
96 |
-- xmlXPathObjectPtr res, obj; |
|
97 |
-- xmlXPathObjectPtr tmp; |
|
98 |
-- xmlLocationSetPtr newset = NULL; |
|
99 |
-- xmlNodeSetPtr oldset; |
|
100 |
-- int i; |
|
101 |
-- |
|
102 |
-- if (ctxt == NULL) return; |
|
103 |
-- CHECK_ARITY(1); |
|
104 |
-- /* |
|
105 |
-- * Save the expression pointer since we will have to evaluate |
|
106 |
-- * it multiple times. Initialize the new set. |
|
107 |
-- */ |
|
108 |
-- CHECK_TYPE(XPATH_NODESET); |
|
109 |
-- obj = valuePop(ctxt); |
|
110 |
-- oldset = obj->nodesetval; |
|
111 |
-- ctxt->context->node = NULL; |
|
112 |
-- |
|
113 |
-- cur = ctxt->cur; |
|
114 |
-- newset = xmlXPtrLocationSetCreate(NULL); |
|
115 |
-- |
|
116 |
-- for (i = 0; i < oldset->nodeNr; i++) { |
|
117 |
-- ctxt->cur = cur; |
|
118 |
-- |
|
119 |
-- /* |
|
120 |
-- * Run the evaluation with a node list made of a single item |
|
121 |
-- * in the nodeset. |
|
122 |
-- */ |
|
123 |
-- ctxt->context->node = oldset->nodeTab[i]; |
|
124 |
-- tmp = xmlXPathNewNodeSet(ctxt->context->node); |
|
125 |
-- valuePush(ctxt, tmp); |
|
126 |
-- |
|
127 |
-- xmlXPathEvalExpr(ctxt); |
|
128 |
-- CHECK_ERROR; |
|
129 |
-- |
|
130 |
-- /* |
|
131 |
-- * The result of the evaluation need to be tested to |
|
132 |
-- * decided whether the filter succeeded or not |
|
133 |
-- */ |
|
134 |
-- res = valuePop(ctxt); |
|
135 |
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res); |
|
136 |
-- if (range != NULL) { |
|
137 |
-- xmlXPtrLocationSetAdd(newset, range); |
|
138 |
-- } |
|
139 |
-- |
|
140 |
-- /* |
|
141 |
-- * Cleanup |
|
142 |
-- */ |
|
143 |
-- if (res != NULL) |
|
144 |
-- xmlXPathFreeObject(res); |
|
145 |
-- if (ctxt->value == tmp) { |
|
146 |
-- res = valuePop(ctxt); |
|
147 |
-- xmlXPathFreeObject(res); |
|
148 |
-- } |
|
149 |
-- |
|
150 |
-- ctxt->context->node = NULL; |
|
151 |
-- } |
|
152 |
-- |
|
153 |
-- /* |
|
154 |
-- * The result is used as the new evaluation set. |
|
155 |
-- */ |
|
156 |
-- xmlXPathFreeObject(obj); |
|
157 |
-- ctxt->context->node = NULL; |
|
158 |
-- ctxt->context->contextSize = -1; |
|
159 |
-- ctxt->context->proximityPosition = -1; |
|
160 |
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset)); |
|
161 |
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, |
|
162 |
-+ int nargs ATTRIBUTE_UNUSED) { |
|
163 |
-+ XP_ERROR(XPATH_EXPR_ERROR); |
|
164 |
- } |
|
165 |
- |
|
166 |
- /** |
167 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,172 +0,0 @@ |
1 |
-From d77e5fc4bcdb7da748c9cca116a601ae4df60d21 |
|
2 |
-To a005199330b86dada19d162cae15ef9bdcb6baa8 |
|
3 |
-Bring upstream patches to support CVE-2016-5131 fix |
|
4 |
-as one of the tests failed with just applying the CVE fix. |
|
5 |
- |
|
6 |
-diff --git a/relaxng.c b/relaxng.c |
|
7 |
-index 56a3344..3d3e69c 100644 |
|
8 |
-+++ b/relaxng.c |
|
9 |
-@@ -2088,6 +2088,7 @@ xmlRelaxNGGetErrorString(xmlRelaxNGValidErr err, const xmlChar * arg1, |
|
10 |
- const xmlChar * arg2) |
|
11 |
- { |
|
12 |
- char msg[1000]; |
|
13 |
-+ xmlChar *result; |
|
14 |
- |
|
15 |
- if (arg1 == NULL) |
|
16 |
- arg1 = BAD_CAST ""; |
|
17 |
-@@ -2215,7 +2216,7 @@ xmlRelaxNGGetErrorString(xmlRelaxNGValidErr err, const xmlChar * arg1, |
|
18 |
- snprintf(msg, 1000, "Unknown error code %d\n", err); |
|
19 |
- } |
|
20 |
- msg[1000 - 1] = 0; |
|
21 |
-- xmlChar *result = xmlCharStrdup(msg); |
|
22 |
-+ result = xmlCharStrdup(msg); |
|
23 |
- return (xmlEscapeFormatString(&result)); |
|
24 |
- } |
|
25 |
- |
|
26 |
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror |
|
27 |
-new file mode 100644 |
|
28 |
-index 0000000..d589882 |
|
29 |
-+++ b/result/XPath/xptr/viderror |
|
30 |
-@@ -0,0 +1,4 @@ |
|
31 |
-+ |
|
32 |
-+======================== |
|
33 |
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) |
|
34 |
-+Object is empty (NULL) |
|
35 |
-diff --git a/runtest.c b/runtest.c |
|
36 |
-index bb74d2a..1861577 100644 |
|
37 |
-+++ b/runtest.c |
|
38 |
-@@ -2317,10 +2317,19 @@ static FILE *xpathOutput; |
|
39 |
- static xmlDocPtr xpathDocument; |
|
40 |
- |
|
41 |
- static void |
|
42 |
-+ignoreGenericError(void *ctx ATTRIBUTE_UNUSED, |
|
43 |
-+ const char *msg ATTRIBUTE_UNUSED, ...) { |
|
44 |
-+} |
|
45 |
-+ |
|
46 |
-+static void |
|
47 |
- testXPath(const char *str, int xptr, int expr) { |
|
48 |
-+ xmlGenericErrorFunc handler = ignoreGenericError; |
|
49 |
- xmlXPathObjectPtr res; |
|
50 |
- xmlXPathContextPtr ctxt; |
|
51 |
- |
|
52 |
-+ /* Don't print generic errors to stderr. */ |
|
53 |
-+ initGenericErrorDefaultFunc(&handler); |
|
54 |
-+ |
|
55 |
- nb_tests++; |
|
56 |
- #if defined(LIBXML_XPTR_ENABLED) |
|
57 |
- if (xptr) { |
|
58 |
-@@ -2349,6 +2358,9 @@ testXPath(const char *str, int xptr, int expr) { |
|
59 |
- xmlXPathDebugDumpObject(xpathOutput, res, 0); |
|
60 |
- xmlXPathFreeObject(res); |
|
61 |
- xmlXPathFreeContext(ctxt); |
|
62 |
-+ |
|
63 |
-+ /* Reset generic error handler. */ |
|
64 |
-+ initGenericErrorDefaultFunc(NULL); |
|
65 |
- } |
|
66 |
- |
|
67 |
- /** |
|
68 |
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror |
|
69 |
-new file mode 100644 |
|
70 |
-index 0000000..da8c53b |
|
71 |
-+++ b/test/XPath/xptr/viderror |
|
72 |
-@@ -0,0 +1 @@ |
|
73 |
-+xpointer(non-existing-fn()/range-to(id('chapter2'))) |
|
74 |
-diff --git a/xmlschemas.c b/xmlschemas.c |
|
75 |
-index e1b3a4f..d42afb7 100644 |
|
76 |
-+++ b/xmlschemas.c |
|
77 |
-@@ -3168,8 +3168,8 @@ xmlSchemaPSimpleTypeErr(xmlSchemaParserCtxtPtr ctxt, |
|
78 |
- "valid."); |
|
79 |
- } |
|
80 |
- if (expected) { |
|
81 |
-- msg = xmlStrcat(msg, BAD_CAST " Expected is '"); |
|
82 |
- xmlChar *expectedEscaped = xmlCharStrdup(expected); |
|
83 |
-+ msg = xmlStrcat(msg, BAD_CAST " Expected is '"); |
|
84 |
- msg = xmlStrcat(msg, xmlEscapeFormatString(&expectedEscaped)); |
|
85 |
- FREE_AND_NULL(expectedEscaped); |
|
86 |
- msg = xmlStrcat(msg, BAD_CAST "'.\n"); |
|
87 |
-@@ -27391,6 +27391,7 @@ xmlSchemaSAXHandleStartElementNs(void *ctx, |
|
88 |
- * attributes yet. |
|
89 |
- */ |
|
90 |
- if (nb_attributes != 0) { |
|
91 |
-+ int valueLen, k, l; |
|
92 |
- xmlChar *value; |
|
93 |
- |
|
94 |
- for (j = 0, i = 0; i < nb_attributes; i++, j += 5) { |
|
95 |
-@@ -27400,12 +27401,31 @@ xmlSchemaSAXHandleStartElementNs(void *ctx, |
|
96 |
- * libxml2 differs from normal SAX here in that it escapes all ampersands |
|
97 |
- * as & instead of delivering the raw converted string. Changing the |
|
98 |
- * behavior at this point would break applications that use this API, so |
|
99 |
-- * we are forced to work around it. There is no danger of accidentally |
|
100 |
-- * decoding some entity other than & in this step because without |
|
101 |
-- * unescaped ampersands there can be no other entities in the string. |
|
102 |
-+ * we are forced to work around it. |
|
103 |
- */ |
|
104 |
-- value = xmlStringLenDecodeEntities(vctxt->parserCtxt, attributes[j+3], |
|
105 |
-- attributes[j+4] - attributes[j+3], XML_SUBSTITUTE_REF, 0, 0, 0); |
|
106 |
-+ valueLen = attributes[j+4] - attributes[j+3]; |
|
107 |
-+ value = xmlMallocAtomic(valueLen + 1); |
|
108 |
-+ if (value == NULL) { |
|
109 |
-+ xmlSchemaVErrMemory(vctxt, |
|
110 |
-+ "allocating string for decoded attribute", |
|
111 |
-+ NULL); |
|
112 |
-+ goto internal_error; |
|
113 |
-+ } |
|
114 |
-+ for (k = 0, l = 0; k < valueLen; l++) { |
|
115 |
-+ if (k < valueLen - 4 && |
|
116 |
-+ attributes[j+3][k+0] == '&' && |
|
117 |
-+ attributes[j+3][k+1] == '#' && |
|
118 |
-+ attributes[j+3][k+2] == '3' && |
|
119 |
-+ attributes[j+3][k+3] == '8' && |
|
120 |
-+ attributes[j+3][k+4] == ';') { |
|
121 |
-+ value[l] = '&'; |
|
122 |
-+ k += 5; |
|
123 |
-+ } else { |
|
124 |
-+ value[l] = attributes[j+3][k]; |
|
125 |
-+ k++; |
|
126 |
-+ } |
|
127 |
-+ } |
|
128 |
-+ value[l] = '\0'; |
|
129 |
- /* |
|
130 |
- * TODO: Set the node line. |
|
131 |
- */ |
|
132 |
-diff --git a/xpath.c b/xpath.c |
|
133 |
-index 113bce6..d992841 100644 |
|
134 |
-+++ b/xpath.c |
|
135 |
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) { |
|
136 |
- * compute depth to root |
|
137 |
- */ |
|
138 |
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { |
|
139 |
-- if (cur == node1) |
|
140 |
-+ if (cur->parent == node1) |
|
141 |
- return(1); |
|
142 |
- depth2++; |
|
143 |
- } |
|
144 |
- root = cur; |
|
145 |
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { |
|
146 |
-- if (cur == node2) |
|
147 |
-+ if (cur->parent == node2) |
|
148 |
- return(-1); |
|
149 |
- depth1++; |
|
150 |
- } |
|
151 |
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) |
|
152 |
- xmlNodeSetPtr oldset; |
|
153 |
- int i, j; |
|
154 |
- |
|
155 |
-- if (op->ch1 != -1) |
|
156 |
-+ if (op->ch1 != -1) { |
|
157 |
- total += |
|
158 |
- xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); |
|
159 |
-+ CHECK_ERROR0; |
|
160 |
-+ } |
|
161 |
-+ if (ctxt->value == NULL) { |
|
162 |
-+ XP_ERROR0(XPATH_INVALID_OPERAND); |
|
163 |
-+ } |
|
164 |
- if (op->ch2 == -1) |
|
165 |
- return (total); |
|
166 |
- |
167 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,116 +0,0 @@ |
1 |
-From 932cc9896ab41475d4aa429c27d9afd175959d74 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Wellnhofer <wellnhofer@aevum.de> |
|
3 |
-Date: Sat, 3 Jun 2017 02:01:29 +0200 |
|
4 |
-Subject: Fix buffer size checks in xmlSnprintfElementContent |
|
5 |
-MIME-Version: 1.0 |
|
6 |
-Content-Type: text/plain; charset=UTF-8 |
|
7 |
-Content-Transfer-Encoding: 8bit |
|
8 |
- |
|
9 |
-xmlSnprintfElementContent failed to correctly check the available |
|
10 |
-buffer space in two locations. |
|
11 |
- |
|
12 |
-Fixes bug 781333 (CVE-2017-9047) and bug 781701 (CVE-2017-9048). |
|
13 |
- |
|
14 |
-Thanks to Marcel Bรถhme and Thuan Pham for the report. |
|
15 |
- result/valid/781333.xml | 5 +++++ |
|
16 |
- result/valid/781333.xml.err | 3 +++ |
|
17 |
- result/valid/781333.xml.err.rdr | 6 ++++++ |
|
18 |
- test/valid/781333.xml | 4 ++++ |
|
19 |
- valid.c | 20 +++++++++++--------- |
|
20 |
- 5 files changed, 29 insertions(+), 9 deletions(-) |
|
21 |
- create mode 100644 result/valid/781333.xml |
|
22 |
- create mode 100644 result/valid/781333.xml.err |
|
23 |
- create mode 100644 result/valid/781333.xml.err.rdr |
|
24 |
- create mode 100644 test/valid/781333.xml |
|
25 |
- |
|
26 |
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml |
|
27 |
-new file mode 100644 |
|
28 |
-index 0000000..45dc451 |
|
29 |
-+++ b/result/valid/781333.xml |
|
30 |
-@@ -0,0 +1,5 @@ |
|
31 |
-+<?xml version="1.0"?> |
|
32 |
-+<!DOCTYPE a [ |
|
33 |
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> |
|
34 |
-+]> |
|
35 |
-+<a/> |
|
36 |
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err |
|
37 |
-new file mode 100644 |
|
38 |
-index 0000000..b401b49 |
|
39 |
-+++ b/result/valid/781333.xml.err |
|
40 |
-@@ -0,0 +1,3 @@ |
|
41 |
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got |
|
42 |
-+<a/> |
|
43 |
-+ ^ |
|
44 |
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr |
|
45 |
-new file mode 100644 |
|
46 |
-index 0000000..5ff5699 |
|
47 |
-+++ b/result/valid/781333.xml.err.rdr |
|
48 |
-@@ -0,0 +1,6 @@ |
|
49 |
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got |
|
50 |
-+<a/> |
|
51 |
-+ ^ |
|
52 |
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child |
|
53 |
-+ |
|
54 |
-+^ |
|
55 |
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml |
|
56 |
-new file mode 100644 |
|
57 |
-index 0000000..b29e5a6 |
|
58 |
-+++ b/test/valid/781333.xml |
|
59 |
-@@ -0,0 +1,4 @@ |
|
60 |
-+<!DOCTYPE a [ |
|
61 |
-+ <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)> |
|
62 |
-+]> |
|
63 |
-+<a/> |
|
64 |
-diff --git a/valid.c b/valid.c |
|
65 |
-index 19f84b8..9b2df56 100644 |
|
66 |
-+++ b/valid.c |
|
67 |
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int |
|
68 |
- case XML_ELEMENT_CONTENT_PCDATA: |
|
69 |
- strcat(buf, "#PCDATA"); |
|
70 |
- break; |
|
71 |
-- case XML_ELEMENT_CONTENT_ELEMENT: |
|
72 |
-+ case XML_ELEMENT_CONTENT_ELEMENT: { |
|
73 |
-+ int qnameLen = xmlStrlen(content->name); |
|
74 |
-+ |
|
75 |
-+ if (content->prefix != NULL) |
|
76 |
-+ qnameLen += xmlStrlen(content->prefix) + 1; |
|
77 |
-+ if (size - len < qnameLen + 10) { |
|
78 |
-+ strcat(buf, " ..."); |
|
79 |
-+ return; |
|
80 |
-+ } |
|
81 |
- if (content->prefix != NULL) { |
|
82 |
-- if (size - len < xmlStrlen(content->prefix) + 10) { |
|
83 |
-- strcat(buf, " ..."); |
|
84 |
-- return; |
|
85 |
-- } |
|
86 |
- strcat(buf, (char *) content->prefix); |
|
87 |
- strcat(buf, ":"); |
|
88 |
- } |
|
89 |
-- if (size - len < xmlStrlen(content->name) + 10) { |
|
90 |
-- strcat(buf, " ..."); |
|
91 |
-- return; |
|
92 |
-- } |
|
93 |
- if (content->name != NULL) |
|
94 |
- strcat(buf, (char *) content->name); |
|
95 |
- break; |
|
96 |
-+ } |
|
97 |
- case XML_ELEMENT_CONTENT_SEQ: |
|
98 |
- if ((content->c1->type == XML_ELEMENT_CONTENT_OR) || |
|
99 |
- (content->c1->type == XML_ELEMENT_CONTENT_SEQ)) |
|
100 |
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int |
|
101 |
- xmlSnprintfElementContent(buf, size, content->c2, 0); |
|
102 |
- break; |
|
103 |
- } |
|
104 |
-+ if (size - strlen(buf) <= 2) return; |
|
105 |
- if (englob) |
|
106 |
- strcat(buf, ")"); |
|
107 |
- switch (content->ocur) { |
|
108 |
-cgit v0.12 |
|
109 |
- |
110 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,10 +0,0 @@ |
1 |
-+++ b/result/errors10/781205.xml.err 2017-08-08 01:17:16.715694488 +0000 |
|
2 |
-@@ -16,6 +16,6 @@ |
|
3 |
- ^ |
|
4 |
- <:0000 |
|
5 |
- ^ |
|
6 |
--./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 |
|
7 |
-+./test/errors10/781205.xml:4: parser error : Start tag doesn't start and stop in the same entity |
|
8 |
- |
|
9 |
- ^ |
10 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,316 +0,0 @@ |
1 |
-From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Nick Wellnhofer <wellnhofer@aevum.de> |
|
3 |
-Date: Mon, 5 Jun 2017 15:37:17 +0200 |
|
4 |
-Subject: Fix handling of parameter-entity references |
|
5 |
-MIME-Version: 1.0 |
|
6 |
-Content-Type: text/plain; charset=UTF-8 |
|
7 |
-Content-Transfer-Encoding: 8bit |
|
8 |
- |
|
9 |
-There were two bugs where parameter-entity references could lead to an |
|
10 |
-unexpected change of the input buffer in xmlParseNameComplex and |
|
11 |
-xmlDictLookup being called with an invalid pointer. |
|
12 |
- |
|
13 |
-Percent sign in DTD Names |
|
14 |
-========================= |
|
15 |
- |
|
16 |
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing |
|
17 |
-"complex" names inside the DTD, this could result in entity expansion |
|
18 |
-which created a new input buffer. The fix is to simply remove the call |
|
19 |
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because |
|
20 |
-no users of the macro require expansion of parameter entities. |
|
21 |
- |
|
22 |
-- xmlParseNameComplex |
|
23 |
-- xmlParseNCNameComplex |
|
24 |
-- xmlParseNmtoken |
|
25 |
- |
|
26 |
-The percent sign is not allowed in names, which are grammatical tokens. |
|
27 |
- |
|
28 |
-- xmlParseEntityValue |
|
29 |
- |
|
30 |
-Parameter-entity references in entity values are expanded but this |
|
31 |
-happens in a separate step in this function. |
|
32 |
- |
|
33 |
-- xmlParseSystemLiteral |
|
34 |
- |
|
35 |
-Parameter-entity references are ignored in the system literal. |
|
36 |
- |
|
37 |
-- xmlParseAttValueComplex |
|
38 |
-- xmlParseCharDataComplex |
|
39 |
-- xmlParseCommentComplex |
|
40 |
-- xmlParsePI |
|
41 |
-- xmlParseCDSect |
|
42 |
- |
|
43 |
-Parameter-entity references are ignored outside the DTD. |
|
44 |
- |
|
45 |
-- xmlLoadEntityContent |
|
46 |
- |
|
47 |
-This function is only called from xmlStringLenDecodeEntities and |
|
48 |
-entities are replaced in a separate step immediately after the function |
|
49 |
-call. |
|
50 |
- |
|
51 |
-This bug could also be triggered with an internal subset and double |
|
52 |
-entity expansion. |
|
53 |
- |
|
54 |
-This fixes bug 766956 initially reported by Wei Lei and independently by |
|
55 |
-Chromium's ClusterFuzz, Hanno Bรถck, and Marco Grassi. Thanks to everyone |
|
56 |
-involved. |
|
57 |
- |
|
58 |
-xmlParseNameComplex with XML_PARSE_OLD10 |
|
59 |
-======================================== |
|
60 |
- |
|
61 |
-When parsing Names inside an expanded parameter entity with the |
|
62 |
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the |
|
63 |
-GROW macro if the input buffer was exhausted. At the end of the |
|
64 |
-parameter entity's replacement text, this function would then call |
|
65 |
-xmlPopInput which invalidated the input buffer. |
|
66 |
- |
|
67 |
-There should be no need to invoke GROW in this situation because the |
|
68 |
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and, |
|
69 |
-at least for UTF-8, in xmlCurrentChar. This also matches the code path |
|
70 |
-executed when XML_PARSE_OLD10 is not set. |
|
71 |
- |
|
72 |
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050). |
|
73 |
-Thanks to Marcel Bรถhme and Thuan Pham for the report. |
|
74 |
- |
|
75 |
-Additional hardening |
|
76 |
-==================== |
|
77 |
- |
|
78 |
-A separate check was added in xmlParseNameComplex to validate the |
|
79 |
-buffer size. |
|
80 |
- Makefile.am | 18 ++++++++++++++++++ |
|
81 |
- parser.c | 18 ++++++++++-------- |
|
82 |
- result/errors10/781205.xml | 0 |
|
83 |
- result/errors10/781205.xml.err | 21 +++++++++++++++++++++ |
|
84 |
- result/errors10/781361.xml | 0 |
|
85 |
- result/errors10/781361.xml.err | 13 +++++++++++++ |
|
86 |
- result/valid/766956.xml | 0 |
|
87 |
- result/valid/766956.xml.err | 9 +++++++++ |
|
88 |
- result/valid/766956.xml.err.rdr | 10 ++++++++++ |
|
89 |
- runtest.c | 3 +++ |
|
90 |
- test/errors10/781205.xml | 3 +++ |
|
91 |
- test/errors10/781361.xml | 3 +++ |
|
92 |
- test/valid/766956.xml | 2 ++ |
|
93 |
- test/valid/dtds/766956.dtd | 2 ++ |
|
94 |
- 14 files changed, 94 insertions(+), 8 deletions(-) |
|
95 |
- create mode 100644 result/errors10/781205.xml |
|
96 |
- create mode 100644 result/errors10/781205.xml.err |
|
97 |
- create mode 100644 result/errors10/781361.xml |
|
98 |
- create mode 100644 result/errors10/781361.xml.err |
|
99 |
- create mode 100644 result/valid/766956.xml |
|
100 |
- create mode 100644 result/valid/766956.xml.err |
|
101 |
- create mode 100644 result/valid/766956.xml.err.rdr |
|
102 |
- create mode 100644 test/errors10/781205.xml |
|
103 |
- create mode 100644 test/errors10/781361.xml |
|
104 |
- create mode 100644 test/valid/766956.xml |
|
105 |
- create mode 100644 test/valid/dtds/766956.dtd |
|
106 |
- |
|
107 |
-diff --git a/Makefile.am b/Makefile.am |
|
108 |
-index 6fc8ffa..10e716a 100644 |
|
109 |
-+++ b/Makefile.am |
|
110 |
-@@ -422,6 +422,24 @@ |
|
111 |
- if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \ |
|
112 |
- rm result.$$name error.$$name ; \ |
|
113 |
- fi ; fi ; done) |
|
114 |
-+ @echo "## Error cases regression tests (old 1.0)" |
|
115 |
-+ -@(for i in $(srcdir)/test/errors10/*.xml ; do \ |
|
116 |
-+ name=`basename $$i`; \ |
|
117 |
-+ if [ ! -d $$i ] ; then \ |
|
118 |
-+ if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \ |
|
119 |
-+ echo New test file $$name ; \ |
|
120 |
-+ $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \ |
|
121 |
-+ 2> $(srcdir)/result/errors10/$$name.err \ |
|
122 |
-+ > $(srcdir)/result/errors10/$$name ; \ |
|
123 |
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ |
|
124 |
-+ else \ |
|
125 |
-+ log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \ |
|
126 |
-+ grep "MORY ALLO" .memdump | grep -v "MEMORY ALLOCATED : 0"; \ |
|
127 |
-+ diff $(srcdir)/result/errors10/$$name result.$$name ; \ |
|
128 |
-+ diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \ |
|
129 |
-+ if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \ |
|
130 |
-+ rm result.$$name error.$$name ; \ |
|
131 |
-+ fi ; fi ; done) |
|
132 |
- @echo "## Error cases stream regression tests" |
|
133 |
- -@(for i in $(srcdir)/test/errors/*.xml ; do \ |
|
134 |
- name=`basename $$i`; \ |
|
135 |
-diff --git a/parser.c b/parser.c |
|
136 |
-index df2efa5..a175ac4 100644 |
|
137 |
-+++ b/parser.c |
|
138 |
-@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) { |
|
139 |
- ctxt->input->line++; ctxt->input->col = 1; \ |
|
140 |
- } else ctxt->input->col++; \ |
|
141 |
- ctxt->input->cur += l; \ |
|
142 |
-- if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt); \ |
|
143 |
- } while (0) |
|
144 |
- |
|
145 |
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l) |
|
146 |
-@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { |
|
147 |
- len += l; |
|
148 |
- NEXTL(l); |
|
149 |
- c = CUR_CHAR(l); |
|
150 |
-- if (c == 0) { |
|
151 |
-- count = 0; |
|
152 |
-- GROW; |
|
153 |
-- if (ctxt->instate == XML_PARSER_EOF) |
|
154 |
-- return(NULL); |
|
155 |
-- c = CUR_CHAR(l); |
|
156 |
-- } |
|
157 |
- } |
|
158 |
- } |
|
159 |
- if ((len > XML_MAX_NAME_LENGTH) && |
|
160 |
-@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { |
|
161 |
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); |
|
162 |
- return(NULL); |
|
163 |
- } |
|
164 |
-+ if (ctxt->input->cur - ctxt->input->base < len) { |
|
165 |
-+ /* |
|
166 |
-+ * There were a couple of bugs where PERefs lead to to a change |
|
167 |
-+ * of the buffer. Check the buffer size to avoid passing an invalid |
|
168 |
-+ * pointer to xmlDictLookup. |
|
169 |
-+ */ |
|
170 |
-+ xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, |
|
171 |
-+ "unexpected change of input buffer"); |
|
172 |
-+ return (NULL); |
|
173 |
-+ } |
|
174 |
- if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r')) |
|
175 |
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len)); |
|
176 |
- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); |
|
177 |
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml |
|
178 |
-new file mode 100644 |
|
179 |
-index 0000000..e69de29 |
|
180 |
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err |
|
181 |
-new file mode 100644 |
|
182 |
-index 0000000..da15c3f |
|
183 |
-+++ b/result/errors10/781205.xml.err |
|
184 |
-@@ -0,0 +1,21 @@ |
|
185 |
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration |
|
186 |
-+ |
|
187 |
-+ %a; |
|
188 |
-+ ^ |
|
189 |
-+Entity: line 1: |
|
190 |
-+<:0000 |
|
191 |
-+^ |
|
192 |
-+Entity: line 1: parser error : DOCTYPE improperly terminated |
|
193 |
-+ %a; |
|
194 |
-+ ^ |
|
195 |
-+Entity: line 1: |
|
196 |
-+<:0000 |
|
197 |
-+^ |
|
198 |
-+namespace error : Failed to parse QName ':0000' |
|
199 |
-+ %a; |
|
200 |
-+ ^ |
|
201 |
-+<:0000 |
|
202 |
-+ ^ |
|
203 |
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1 |
|
204 |
-+ |
|
205 |
-+^ |
|
206 |
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml |
|
207 |
-new file mode 100644 |
|
208 |
-index 0000000..e69de29 |
|
209 |
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err |
|
210 |
-new file mode 100644 |
|
211 |
-index 0000000..655f41a |
|
212 |
-+++ b/result/errors10/781361.xml.err |
|
213 |
-@@ -0,0 +1,13 @@ |
|
214 |
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected |
|
215 |
-+ |
|
216 |
-+^ |
|
217 |
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration |
|
218 |
-+ |
|
219 |
-+ |
|
220 |
-+^ |
|
221 |
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated |
|
222 |
-+ |
|
223 |
-+^ |
|
224 |
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found |
|
225 |
-+ |
|
226 |
-+^ |
|
227 |
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml |
|
228 |
-new file mode 100644 |
|
229 |
-index 0000000..e69de29 |
|
230 |
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err |
|
231 |
-new file mode 100644 |
|
232 |
-index 0000000..34b1dae |
|
233 |
-+++ b/result/valid/766956.xml.err |
|
234 |
-@@ -0,0 +1,9 @@ |
|
235 |
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' |
|
236 |
-+%รค%ent; |
|
237 |
-+ ^ |
|
238 |
-+Entity: line 1: parser error : Content error in the external subset |
|
239 |
-+ %ent; |
|
240 |
-+ ^ |
|
241 |
-+Entity: line 1: |
|
242 |
-+value |
|
243 |
-+^ |
|
244 |
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr |
|
245 |
-new file mode 100644 |
|
246 |
-index 0000000..7760346 |
|
247 |
-+++ b/result/valid/766956.xml.err.rdr |
|
248 |
-@@ -0,0 +1,10 @@ |
|
249 |
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';' |
|
250 |
-+%รค%ent; |
|
251 |
-+ ^ |
|
252 |
-+Entity: line 1: parser error : Content error in the external subset |
|
253 |
-+ %ent; |
|
254 |
-+ ^ |
|
255 |
-+Entity: line 1: |
|
256 |
-+value |
|
257 |
-+^ |
|
258 |
-+./test/valid/766956.xml : failed to parse |
|
259 |
-diff --git a/runtest.c b/runtest.c |
|
260 |
-index b2ce693..378b38e 100644 |
|
261 |
-+++ b/runtest.c |
|
262 |
-@@ -4214,6 +4214,9 @@ testDesc testDescriptions[] = { |
|
263 |
- { "Error cases regression tests", |
|
264 |
- errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err", |
|
265 |
- 0 }, |
|
266 |
-+ { "Error cases regression tests (old 1.0)", |
|
267 |
-+ errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err", |
|
268 |
-+ XML_PARSE_OLD10 }, |
|
269 |
- #ifdef LIBXML_READER_ENABLED |
|
270 |
- { "Error cases stream regression tests", |
|
271 |
- streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str", |
|
272 |
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml |
|
273 |
-new file mode 100644 |
|
274 |
-index 0000000..d9e9e83 |
|
275 |
-+++ b/test/errors10/781205.xml |
|
276 |
-@@ -0,0 +1,3 @@ |
|
277 |
-+<!DOCTYPE D [ |
|
278 |
-+ <!ENTITY % a "<:0000"> |
|
279 |
-+ %a; |
|
280 |
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml |
|
281 |
-new file mode 100644 |
|
282 |
-index 0000000..67476bc |
|
283 |
-+++ b/test/errors10/781361.xml |
|
284 |
-@@ -0,0 +1,3 @@ |
|
285 |
-+<!DOCTYPE doc [ |
|
286 |
-+ <!ENTITY % elem "<!ELEMENT e0000000000"> |
|
287 |
-+ %elem; |
|
288 |
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml |
|
289 |
-new file mode 100644 |
|
290 |
-index 0000000..19a95a0 |
|
291 |
-+++ b/test/valid/766956.xml |
|
292 |
-@@ -0,0 +1,2 @@ |
|
293 |
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd"> |
|
294 |
-+<test/> |
|
295 |
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd |
|
296 |
-new file mode 100644 |
|
297 |
-index 0000000..dddde68 |
|
298 |
-+++ b/test/valid/dtds/766956.dtd |
|
299 |
-@@ -0,0 +1,2 @@ |
|
300 |
-+<!ENTITY % ent "value"> |
|
301 |
-+%รค%ent; |
|
302 |
-cgit v0.12 |
|
303 |
- |
... | ... |
@@ -3,28 +3,17 @@ |
3 | 3 |
|
4 | 4 |
Summary: Libxml2 |
5 | 5 |
Name: libxml2 |
6 |
-Version: 2.9.4 |
|
7 |
-Release: 12%{?dist} |
|
6 |
+Version: 2.9.6 |
|
7 |
+Release: 1%{?dist} |
|
8 | 8 |
License: MIT |
9 | 9 |
URL: http://xmlsoft.org/ |
10 | 10 |
Group: System Environment/General Libraries |
11 | 11 |
Vendor: VMware, Inc. |
12 | 12 |
Distribution: Photon |
13 | 13 |
Source0: ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz |
14 |
-Patch0: libxml2-2.9.4-support-cve-2016-5131.patch |
|
15 |
-Patch1: libxml2-2.9.4-cve-2016-5131.patch |
|
16 |
-# Proposed patch from https://bugzilla.gnome.org/show_bug.cgi?id=772726#c17 |
|
17 |
-# Fix for CVE-2016-9318 |
|
18 |
-Patch2: cve-2016-9318.patch |
|
19 |
-# Fix for CVE-2017-9047 and CVE-2017-9048 |
|
20 |
-Patch3: libxml2-fix-buffer-size-checks.patch |
|
21 |
-# Fix for CVE-2017-9049 and CVE-2017-9050 |
|
22 |
-Patch4: libxml2-fix-handling-of-parameter-entity-references.patch |
|
23 |
-Patch5: libxml2-fix-handling-of-parameter-entity-references-test.patch |
|
24 |
-Patch6: CVE-2017-8872.patch |
|
25 | 14 |
#https://bugs.python.org/issue23524 |
26 |
-Patch7: libxml2-2.9.4-remove-_PyVerify_fd-call.patch |
|
27 |
-%define sha1 libxml2=958ae70baf186263a4bd801a81dd5d682aedd1db |
|
15 |
+Patch0: libxml2-2.9.4-remove-_PyVerify_fd-call.patch |
|
16 |
+%define sha1 libxml2=4ab4605fce0f82a004c3b2aeb368efc8f356e020 |
|
28 | 17 |
Provides: pkgconfig(libxml-2.0) |
29 | 18 |
|
30 | 19 |
%description |
... | ... |
@@ -62,13 +51,6 @@ Static libraries and header files for the support library for libxml |
62 | 62 |
%prep |
63 | 63 |
%setup -q |
64 | 64 |
%patch0 -p1 |
65 |
-%patch1 -p1 |
|
66 |
-%patch2 -p1 |
|
67 |
-%patch3 -p1 |
|
68 |
-%patch4 -p1 |
|
69 |
-%patch5 -p1 |
|
70 |
-%patch6 -p1 |
|
71 |
-%patch7 -p1 |
|
72 | 65 |
sed \ |
73 | 66 |
-e /xmlInitializeCatalog/d \ |
74 | 67 |
-e 's/((ent->checked =.*&&/(((ent->checked == 0) ||\ |
... | ... |
@@ -132,8 +114,9 @@ rm -rf %{buildroot}/* |
132 | 132 |
%{_libdir}/pkgconfig/libxml-2.0.pc |
133 | 133 |
%{_libdir}/cmake/libxml2/libxml2-config.cmake |
134 | 134 |
|
135 |
- |
|
136 | 135 |
%changelog |
136 |
+* Wed Oct 18 2017 Xiaolin Li <xiaolinl@vmware.com> 2.9.6-1 |
|
137 |
+- Update to version 2.9.6 |
|
137 | 138 |
* Mon Oct 2 2017 Anish Swaminathan <anishs@vmware.com> 2.9.4-12 |
138 | 139 |
- Remove call to _PyVerify_fd |
139 | 140 |
* Wed Aug 09 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.9.4-11 |