diff options
-rw-r--r-- | abs/core/libxml2/CVE-2011-0216.patch | 31 | ||||
-rw-r--r-- | abs/core/libxml2/CVE-2011-1944.patch | 100 | ||||
-rw-r--r-- | abs/core/libxml2/CVE-2011-2834.patch | 61 | ||||
-rw-r--r-- | abs/core/libxml2/CVE-2011-3905.patch | 61 | ||||
-rw-r--r-- | abs/core/libxml2/CVE-2011-3919.patch | 19 | ||||
-rw-r--r-- | abs/core/libxml2/PKGBUILD | 53 | ||||
-rw-r--r-- | abs/core/libxml2/__changelog | 1 | ||||
-rw-r--r-- | abs/core/libxml2/libxml2-2.7.8-xpath-freeing.patch | 30 | ||||
-rw-r--r-- | abs/core/libxml2/libxml2-2.7.8-xpath-freeing2.patch | 26 | ||||
-rw-r--r-- | abs/core/libxml2/libxml2-2.7.8-xpath-hardening.patch | 223 | ||||
-rw-r--r-- | abs/core/libxml2/libxml2_fix_for_automake_1.12.patch | 11 |
11 files changed, 608 insertions, 8 deletions
diff --git a/abs/core/libxml2/CVE-2011-0216.patch b/abs/core/libxml2/CVE-2011-0216.patch new file mode 100644 index 0000000..dfc99d4 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-0216.patch @@ -0,0 +1,31 @@ +commit 69f04562f75212bfcabecd190ea8b06ace28ece2 +Author: Daniel Veillard <veillard@redhat.com> +Date: Fri Aug 19 11:05:04 2011 +0800 + + Fix an off by one error in encoding + + this off by one error doesn't seems to reproduce on linux + but the error is real. + +diff --git a/encoding.c b/encoding.c +index d1140bf..fb0c38a 100644 +--- a/encoding.c ++++ b/encoding.c +@@ -1928,7 +1928,7 @@ xmlCharEncFirstLineInt(xmlCharEncodingHandler *handler, xmlBufferPtr out, + if (in == NULL) return(-1); + + /* calculate space available */ +- written = out->size - out->use; ++ written = out->size - out->use - 1; /* count '\0' */ + toconv = in->use; + /* + * echo '<?xml version="1.0" encoding="UCS4"?>' | wc -c => 38 +@@ -2059,7 +2059,7 @@ xmlCharEncInFunc(xmlCharEncodingHandler * handler, xmlBufferPtr out, + toconv = in->use; + if (toconv == 0) + return (0); +- written = out->size - out->use; ++ written = out->size - out->use -1; /* count '\0' */ + if (toconv * 2 >= written) { + xmlBufferGrow(out, out->size + toconv * 2); + written = out->size - out->use - 1; diff --git a/abs/core/libxml2/CVE-2011-1944.patch b/abs/core/libxml2/CVE-2011-1944.patch new file mode 100644 index 0000000..62dd5d2 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-1944.patch @@ -0,0 +1,100 @@ +commit d7958b21e7f8c447a26bb2436f08402b2c308be4 +Author: Chris Evans <scarybeasts@gmail.com> +Date: Wed Mar 23 08:13:06 2011 +0800 + + Fix some potential problems on reallocation failures + + The count was incremented before the allocation + and not fixed in case of failure + * xpath.c: corrects a few instances where the available count of some + structure is updated before we know the allocation actually + succeeds + +diff --git a/xpath.c b/xpath.c +index 8b56189..608fe00 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -3522,13 +3522,13 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur, xmlNodePtr node, xmlNsPtr ns) { + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } ++ cur->nodeMax *= 2; + cur->nodeTab = temp; + } + cur->nodeTab[cur->nodeNr++] = xmlXPathNodeSetDupNs(node, ns); +@@ -3627,14 +3627,14 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr cur, xmlNodePtr val) { + } else if (cur->nodeNr == cur->nodeMax) { + xmlNodePtr *temp; + +- cur->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(cur->nodeTab, cur->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "growing nodeset\n"); + return; + } + cur->nodeTab = temp; ++ cur->nodeMax *= 2; + } + if (val->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) val; +@@ -3738,14 +3738,14 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1, xmlNodeSetPtr val2) { + } else if (val1->nodeNr == val1->nodeMax) { + xmlNodePtr *temp; + +- val1->nodeMax *= 2; +- temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * ++ temp = (xmlNodePtr *) xmlRealloc(val1->nodeTab, val1->nodeMax * 2 * + sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + val1->nodeTab = temp; ++ val1->nodeMax *= 2; + } + if (n2->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) n2; +@@ -3907,14 +3907,14 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetPtr set1, xmlNodeSetPtr set2, + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + set1->nodeTab = temp; ++ set1->nodeMax *= 2; + } + if (n2->type == XML_NAMESPACE_DECL) { + xmlNsPtr ns = (xmlNsPtr) n2; +@@ -3991,14 +3991,14 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlNodeSetPtr set1, xmlNodeSetPtr set2, + } else if (set1->nodeNr >= set1->nodeMax) { + xmlNodePtr *temp; + +- set1->nodeMax *= 2; + temp = (xmlNodePtr *) xmlRealloc( +- set1->nodeTab, set1->nodeMax * sizeof(xmlNodePtr)); ++ set1->nodeTab, set1->nodeMax * 2 * sizeof(xmlNodePtr)); + if (temp == NULL) { + xmlXPathErrMemory(NULL, "merging nodeset\n"); + return(NULL); + } + set1->nodeTab = temp; ++ set1->nodeMax *= 2; + } + set1->nodeTab[set1->nodeNr++] = n2; + } diff --git a/abs/core/libxml2/CVE-2011-2834.patch b/abs/core/libxml2/CVE-2011-2834.patch new file mode 100644 index 0000000..cfc61e0 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-2834.patch @@ -0,0 +1,61 @@ +commit 1d4526f6f4ec8d18c40e2a09b387652a6c1aa2cd +Author: Daniel Veillard <veillard@redhat.com> +Date: Tue Oct 11 16:34:34 2011 +0800 + + Fix missing error status in XPath evaluation + + Started by Chris Evans, I added a few more place where the + error should have been set in the evaluation context. + +diff --git a/xpath.c b/xpath.c +index bcee2ea..d9d902c 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -2485,6 +2485,7 @@ valuePush(xmlXPathParserContextPtr ctxt, xmlXPathObjectPtr value) + sizeof(ctxt->valueTab[0])); + if (tmp == NULL) { + xmlGenericError(xmlGenericErrorContext, "realloc failed !\n"); ++ ctxt->error = XPATH_MEMORY_ERROR; + return (0); + } + ctxt->valueMax *= 2; +@@ -9340,6 +9341,7 @@ xmlXPathTranslateFunction(xmlXPathParserContextPtr ctxt, int nargs) { + if ( (ch & 0xc0) != 0xc0 ) { + xmlGenericError(xmlGenericErrorContext, + "xmlXPathTranslateFunction: Invalid UTF8 string\n"); ++ /* not asserting an XPath error is probably better */ + break; + } + /* then skip over remaining bytes for this char */ +@@ -9347,6 +9349,7 @@ xmlXPathTranslateFunction(xmlXPathParserContextPtr ctxt, int nargs) { + if ( (*cptr++ & 0xc0) != 0x80 ) { + xmlGenericError(xmlGenericErrorContext, + "xmlXPathTranslateFunction: Invalid UTF8 string\n"); ++ /* not asserting an XPath error is probably better */ + break; + } + if (ch & 0x80) /* must have had error encountered */ +@@ -13410,6 +13413,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlGenericError(xmlGenericErrorContext, + "xmlXPathCompOpEval: variable %s bound to undefined prefix %s\n", + (char *) op->value4, (char *)op->value5); ++ ctxt->error = XPATH_UNDEF_PREFIX_ERROR; + return (total); + } + val = xmlXPathVariableLookupNS(ctxt->context, +@@ -13464,6 +13468,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + "xmlXPathCompOpEval: function %s bound to undefined prefix %s\n", + (char *)op->value4, (char *)op->value5); + xmlXPathPopFrame(ctxt, frame); ++ ctxt->error = XPATH_UNDEF_PREFIX_ERROR; + return (total); + } + func = xmlXPathFunctionLookupNS(ctxt->context, +@@ -14042,6 +14047,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + } + xmlGenericError(xmlGenericErrorContext, + "XPath: unknown precompiled operation %d\n", op->op); ++ ctxt->error = XPATH_INVALID_OPERAND; + return (total); + } + diff --git a/abs/core/libxml2/CVE-2011-3905.patch b/abs/core/libxml2/CVE-2011-3905.patch new file mode 100644 index 0000000..53373b7 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-3905.patch @@ -0,0 +1,61 @@ +commit 77404b8b69bc122d12231807abf1a837d121b551 +Author: Chris Evans <scarybeasts@gmail.com> +Date: Wed Dec 14 16:18:25 2011 +0800 + + Make sure the parser returns when getting a Stop order + + patch backported from chromiun bug fixes, assuming author is Chris + +diff --git a/parser.c b/parser.c +index 21d7aa3..4e5dcb9 100644 +--- a/parser.c ++++ b/parser.c +@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + (ctxt->sax->processingInstruction != NULL)) + ctxt->sax->processingInstruction(ctxt->userData, + target, NULL); +- ctxt->instate = state; ++ if (ctxt->instate != XML_PARSER_EOF) ++ ctxt->instate = state; + return; + } + buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar)); +@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + } else { + xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL); + } +- ctxt->instate = state; ++ if (ctxt->instate != XML_PARSER_EOF) ++ ctxt->instate = state; + } + } + +@@ -9589,6 +9591,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) { + else + name = xmlParseStartTag(ctxt); + #endif /* LIBXML_SAX1_ENABLED */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ return; + if (name == NULL) { + spacePop(ctxt); + return; +@@ -10975,6 +10979,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) { + else + name = xmlParseStartTag(ctxt); + #endif /* LIBXML_SAX1_ENABLED */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ goto done; + if (name == NULL) { + spacePop(ctxt); + ctxt->instate = XML_PARSER_EOF; +@@ -11161,7 +11167,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) { + else + xmlParseEndTag1(ctxt, 0); + #endif /* LIBXML_SAX1_ENABLED */ +- if (ctxt->nameNr == 0) { ++ if (ctxt->instate == XML_PARSER_EOF) { ++ /* Nothing */ ++ } else if (ctxt->nameNr == 0) { + ctxt->instate = XML_PARSER_EPILOG; + } else { + ctxt->instate = XML_PARSER_CONTENT; diff --git a/abs/core/libxml2/CVE-2011-3919.patch b/abs/core/libxml2/CVE-2011-3919.patch new file mode 100644 index 0000000..b307e57 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-3919.patch @@ -0,0 +1,19 @@ +commit 5bd3c061823a8499b27422aee04ea20aae24f03e +Author: Daniel Veillard <veillard@redhat.com> +Date: Fri Dec 16 18:53:35 2011 +0800 + + Fix an allocation error when copying entities + +diff --git a/parser.c b/parser.c +index 4e5dcb9..c55e41d 100644 +--- a/parser.c ++++ b/parser.c +@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, + + buffer[nbchars++] = '&'; + if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) { +- growBuffer(buffer, XML_PARSER_BUFFER_SIZE); ++ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE); + } + for (;i > 0;i--) + buffer[nbchars++] = *cur++; diff --git a/abs/core/libxml2/PKGBUILD b/abs/core/libxml2/PKGBUILD index 2566d0e..062f3be 100644 --- a/abs/core/libxml2/PKGBUILD +++ b/abs/core/libxml2/PKGBUILD @@ -1,10 +1,10 @@ -# $Id$ +# $Id: PKGBUILD 149232 2012-02-06 15:50:57Z jgc $ # Maintainer: Jan de Groot <jgc@archlinux.org> # Contributor: John Proctor <jproctor@prium.net> pkgname=libxml2 pkgver=2.7.8 -pkgrel=4 +pkgrel=2 pkgdesc="XML parsing library, version 2" arch=(i686 x86_64) license=('custom') @@ -13,24 +13,61 @@ makedepends=('python2') options=('!libtool') url="http://www.xmlsoft.org/" source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz - largefile64.patch shared_library_versionning.patch) -md5sums=('8127a65e8c3b08856093099b52599c86' - '5ad4915665608ebfa5b89f7908467a72' - '84aeb7c6db023eae044e95d9211dba53') + http://www.w3.org/XML/Test/xmlts20080205.tar.gz + largefile64.patch + shared_library_versionning.patch + libxml2-2.7.8-xpath-freeing.patch + libxml2-2.7.8-xpath-freeing2.patch + CVE-2011-1944.patch + libxml2-2.7.8-xpath-hardening.patch + CVE-2011-0216.patch + CVE-2011-2834.patch + CVE-2011-3905.patch + CVE-2011-3919.patch + libxml2_fix_for_automake_1.12.patch) build() { cd "${srcdir}/${pkgname}-${pkgver}" patch -Np1 -i "${srcdir}/largefile64.patch" patch -Np1 -i "${srcdir}/shared_library_versionning.patch" + patch -Np1 -i "${srcdir}/libxml2-2.7.8-xpath-freeing.patch" + patch -Np1 -i "${srcdir}/libxml2-2.7.8-xpath-freeing2.patch" + patch -Np1 -i "${srcdir}/CVE-2011-1944.patch" + patch -Np1 -i "${srcdir}/libxml2-2.7.8-xpath-hardening.patch" + patch -Np1 -i "${srcdir}/CVE-2011-0216.patch" + patch -Np1 -i "${srcdir}/CVE-2011-2834.patch" + patch -Np1 -i "${srcdir}/CVE-2011-3905.patch" + patch -Np1 -i "${srcdir}/CVE-2011-3919.patch" + patch -Np1 -i "${srcdir}/libxml2_fix_for_automake_1.12.patch" + autoreconf -fi + sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py ./configure --prefix=/usr --with-threads --with-history \ - --with-python=/usr/bin/python2.7 + --with-python=/usr/bin/python2 make } +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + mv "${srcdir}/xmlconf" . + make check +} + package() { cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR="${pkgdir}" install install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" } - +md5sums=('8127a65e8c3b08856093099b52599c86' + 'b255be9a1c7f7021e52448e4ec8d7a0d' + '5ad4915665608ebfa5b89f7908467a72' + '84aeb7c6db023eae044e95d9211dba53' + 'f1df70c66dac94233932baf2737465e0' + 'c22af2643840da65dea618bf6cd33b25' + 'd2b2b362a8681c30be98c4a2e7f2d2ea' + '5709a1408becc1f0c6f1c7513a254dd2' + '4f0f2d3a11329ebee0907be6002a160e' + '88e9c95a813d4f0cb392acc000bae366' + '28f3022a0d63ee408774eb5e4914b07e' + 'a9b901d9ff095a266d3a5c601db142b1' + '38311f3b3b99d8dccf95241865fa8702') diff --git a/abs/core/libxml2/__changelog b/abs/core/libxml2/__changelog new file mode 100644 index 0000000..68801b8 --- /dev/null +++ b/abs/core/libxml2/__changelog @@ -0,0 +1 @@ +added patch for libxml2 /libxml2_fix_for_automake_1.12.patch diff --git a/abs/core/libxml2/libxml2-2.7.8-xpath-freeing.patch b/abs/core/libxml2/libxml2-2.7.8-xpath-freeing.patch new file mode 100644 index 0000000..2844f4a --- /dev/null +++ b/abs/core/libxml2/libxml2-2.7.8-xpath-freeing.patch @@ -0,0 +1,30 @@ +commit df83c17e5a2646bd923f75e5e507bc80d73c9722 +Author: Daniel Veillard <veillard@redhat.com> +Date: Wed Nov 17 14:12:14 2010 +0100 + + Fix a potential freeing error in XPath + +diff --git a/xpath.c b/xpath.c +index 81e33f6..1447be5 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -11763,11 +11763,15 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { + xmlXPathObjectPtr tmp; +- /* pop the result */ ++ /* pop the result if any */ + tmp = valuePop(ctxt); +- xmlXPathReleaseObject(xpctxt, tmp); +- /* then pop off contextObj, which will be freed later */ +- valuePop(ctxt); ++ if (tmp != contextObj) ++ /* ++ * Free up the result ++ * then pop off contextObj, which will be freed later ++ */ ++ xmlXPathReleaseObject(xpctxt, tmp); ++ valuePop(ctxt); + goto evaluation_error; + } + diff --git a/abs/core/libxml2/libxml2-2.7.8-xpath-freeing2.patch b/abs/core/libxml2/libxml2-2.7.8-xpath-freeing2.patch new file mode 100644 index 0000000..714954d --- /dev/null +++ b/abs/core/libxml2/libxml2-2.7.8-xpath-freeing2.patch @@ -0,0 +1,26 @@ +commit fec31bcd452e77c10579467ca87a785b41115de6 +Author: Daniel Veillard <veillard@redhat.com> +Date: Thu Nov 18 11:07:24 2010 +0100 + + Small fix for previous commit + +diff --git a/xpath.c b/xpath.c +index 1447be5..8b56189 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -11765,13 +11765,14 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + xmlXPathObjectPtr tmp; + /* pop the result if any */ + tmp = valuePop(ctxt); +- if (tmp != contextObj) ++ if (tmp != contextObj) { + /* + * Free up the result + * then pop off contextObj, which will be freed later + */ + xmlXPathReleaseObject(xpctxt, tmp); + valuePop(ctxt); ++ } + goto evaluation_error; + } + diff --git a/abs/core/libxml2/libxml2-2.7.8-xpath-hardening.patch b/abs/core/libxml2/libxml2-2.7.8-xpath-hardening.patch new file mode 100644 index 0000000..7a4ad86 --- /dev/null +++ b/abs/core/libxml2/libxml2-2.7.8-xpath-hardening.patch @@ -0,0 +1,223 @@ +commit 0f136dcd18c287073a4d67b03fdb9696d7010940 +Author: Daniel Veillard <veillard@redhat.com> +Date: Thu Aug 18 17:10:13 2011 +0800 + + Hardening of XPath evaluation + + Add a mechanism of frame for XPath evaluation when entering a function + or a scoped evaluation, also fix a potential problem in predicate + evaluation. + +diff --git a/include/libxml/xpath.h b/include/libxml/xpath.h +index 1a9e30e..ddd9dd8 100644 +--- a/include/libxml/xpath.h ++++ b/include/libxml/xpath.h +@@ -68,7 +68,8 @@ typedef enum { + XPATH_UNDEF_PREFIX_ERROR, + XPATH_ENCODING_ERROR, + XPATH_INVALID_CHAR_ERROR, +- XPATH_INVALID_CTXT ++ XPATH_INVALID_CTXT, ++ XPATH_STACK_ERROR + } xmlXPathError; + + /* +@@ -380,6 +381,8 @@ struct _xmlXPathParserContext { + xmlXPathCompExprPtr comp; /* the precompiled expression */ + int xptr; /* it this an XPointer expression */ + xmlNodePtr ancestor; /* used for walking preceding axis */ ++ ++ int valueFrame; /* used to limit Pop on the stack */ + }; + + /************************************************************************ +diff --git a/xpath.c b/xpath.c +index b59ac5a..bcee2ea 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -252,6 +252,7 @@ static const char *xmlXPathErrorMessages[] = { + "Encoding error\n", + "Char out of XML range\n", + "Invalid or incomplete context\n", ++ "Stack usage errror\n", + "?? Unknown error ??\n" /* Must be last in the list! */ + }; + #define MAXERRNO ((int)(sizeof(xmlXPathErrorMessages) / \ +@@ -2398,6 +2399,42 @@ xmlXPathCacheConvertNumber(xmlXPathContextPtr ctxt, xmlXPathObjectPtr val) { + ************************************************************************/ + + /** ++ * xmlXPathSetFrame: ++ * @ctxt: an XPath parser context ++ * ++ * Set the callee evaluation frame ++ * ++ * Returns the previous frame value to be restored once done ++ */ ++static int ++xmlXPathSetFrame(xmlXPathParserContextPtr ctxt) { ++ int ret; ++ ++ if (ctxt == NULL) ++ return(0); ++ ret = ctxt->valueFrame; ++ ctxt->valueFrame = ctxt->valueNr; ++ return(ret); ++} ++ ++/** ++ * xmlXPathPopFrame: ++ * @ctxt: an XPath parser context ++ * @frame: the previous frame value ++ * ++ * Remove the callee evaluation frame ++ */ ++static void ++xmlXPathPopFrame(xmlXPathParserContextPtr ctxt, int frame) { ++ if (ctxt == NULL) ++ return; ++ if (ctxt->valueNr < ctxt->valueFrame) { ++ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR); ++ } ++ ctxt->valueFrame = frame; ++} ++ ++/** + * valuePop: + * @ctxt: an XPath evaluation context + * +@@ -2412,6 +2449,12 @@ valuePop(xmlXPathParserContextPtr ctxt) + + if ((ctxt == NULL) || (ctxt->valueNr <= 0)) + return (NULL); ++ ++ if (ctxt->valueNr <= ctxt->valueFrame) { ++ xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR); ++ return (NULL); ++ } ++ + ctxt->valueNr--; + if (ctxt->valueNr > 0) + ctxt->value = ctxt->valueTab[ctxt->valueNr - 1]; +@@ -6154,6 +6197,7 @@ xmlXPathCompParserContext(xmlXPathCompExprPtr comp, xmlXPathContextPtr ctxt) { + ret->valueNr = 0; + ret->valueMax = 10; + ret->value = NULL; ++ ret->valueFrame = 0; + + ret->context = ctxt; + ret->comp = comp; +@@ -11711,6 +11755,7 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + xmlXPathObjectPtr contextObj = NULL, exprRes = NULL; + xmlNodePtr oldContextNode, contextNode = NULL; + xmlXPathContextPtr xpctxt = ctxt->context; ++ int frame; + + #ifdef LIBXML_XPTR_ENABLED + /* +@@ -11730,6 +11775,8 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + */ + exprOp = &ctxt->comp->steps[op->ch2]; + for (i = 0; i < set->nodeNr; i++) { ++ xmlXPathObjectPtr tmp; ++ + if (set->nodeTab[i] == NULL) + continue; + +@@ -11757,23 +11804,25 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + xmlXPathNodeSetAddUnique(contextObj->nodesetval, + contextNode); + ++ frame = xmlXPathSetFrame(ctxt); + valuePush(ctxt, contextObj); + res = xmlXPathCompOpEvalToBoolean(ctxt, exprOp, 1); ++ tmp = valuePop(ctxt); ++ xmlXPathPopFrame(ctxt, frame); + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { +- xmlXPathObjectPtr tmp; +- /* pop the result if any */ +- tmp = valuePop(ctxt); +- if (tmp != contextObj) { ++ while (tmp != contextObj) { + /* + * Free up the result + * then pop off contextObj, which will be freed later + */ + xmlXPathReleaseObject(xpctxt, tmp); +- valuePop(ctxt); ++ tmp = valuePop(ctxt); + } + goto evaluation_error; + } ++ /* push the result back onto the stack */ ++ valuePush(ctxt, tmp); + + if (res) + pos++; +@@ -13377,7 +13426,9 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlXPathFunction func; + const xmlChar *oldFunc, *oldFuncURI; + int i; ++ int frame; + ++ frame = xmlXPathSetFrame(ctxt); + if (op->ch1 != -1) + total += + xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); +@@ -13385,15 +13436,18 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlGenericError(xmlGenericErrorContext, + "xmlXPathCompOpEval: parameter error\n"); + ctxt->error = XPATH_INVALID_OPERAND; ++ xmlXPathPopFrame(ctxt, frame); + return (total); + } +- for (i = 0; i < op->value; i++) ++ for (i = 0; i < op->value; i++) { + if (ctxt->valueTab[(ctxt->valueNr - 1) - i] == NULL) { + xmlGenericError(xmlGenericErrorContext, + "xmlXPathCompOpEval: parameter error\n"); + ctxt->error = XPATH_INVALID_OPERAND; ++ xmlXPathPopFrame(ctxt, frame); + return (total); + } ++ } + if (op->cache != NULL) + XML_CAST_FPTR(func) = op->cache; + else { +@@ -13409,6 +13463,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlGenericError(xmlGenericErrorContext, + "xmlXPathCompOpEval: function %s bound to undefined prefix %s\n", + (char *)op->value4, (char *)op->value5); ++ xmlXPathPopFrame(ctxt, frame); + return (total); + } + func = xmlXPathFunctionLookupNS(ctxt->context, +@@ -13430,6 +13485,7 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + func(ctxt, op->value); + ctxt->context->function = oldFunc; + ctxt->context->functionURI = oldFuncURI; ++ xmlXPathPopFrame(ctxt, frame); + return (total); + } + case XPATH_OP_ARG: +@@ -14333,6 +14389,7 @@ xmlXPathRunEval(xmlXPathParserContextPtr ctxt, int toBool) + ctxt->valueNr = 0; + ctxt->valueMax = 10; + ctxt->value = NULL; ++ ctxt->valueFrame = 0; + } + #ifdef XPATH_STREAMING + if (ctxt->comp->stream) { +diff --git a/xpointer.c b/xpointer.c +index 7a42d02..37afa3a 100644 +--- a/xpointer.c ++++ b/xpointer.c +@@ -1269,6 +1269,7 @@ xmlXPtrEvalXPointer(xmlXPathParserContextPtr ctxt) { + ctxt->valueNr = 0; + ctxt->valueMax = 10; + ctxt->value = NULL; ++ ctxt->valueFrame = 0; + } + SKIP_BLANKS; + if (CUR == '/') { diff --git a/abs/core/libxml2/libxml2_fix_for_automake_1.12.patch b/abs/core/libxml2/libxml2_fix_for_automake_1.12.patch new file mode 100644 index 0000000..cdd4af2 --- /dev/null +++ b/abs/core/libxml2/libxml2_fix_for_automake_1.12.patch @@ -0,0 +1,11 @@ +--- libxml2-2.7.8.orig/configure.in ++++ libxml2-2.7.8/configure.in +@@ -63,8 +63,6 @@ AC_PATH_PROG(WGET, wget, /usr/bin/wget) + AC_PATH_PROG(XMLLINT, xmllint, /usr/bin/xmllint) + AC_PATH_PROG(XSLTPROC, xsltproc, /usr/bin/xsltproc) + +-dnl Make sure we have an ANSI compiler +-AM_C_PROTOTYPES + test "x$U" != "x" && AC_MSG_ERROR(Compiler not ANSI compliant) + + AC_LIBTOOL_WIN32_DLL |