summaryrefslogtreecommitdiffstats
path: root/abs
diff options
context:
space:
mode:
Diffstat (limited to 'abs')
-rw-r--r--abs/core/libxml2/PKGBUILD42
-rw-r--r--abs/core/libxml2/fix-CVE-2014-3660.patch28
-rw-r--r--abs/core/libxml2/revert-catalog-initialize.patch26
3 files changed, 80 insertions, 16 deletions
diff --git a/abs/core/libxml2/PKGBUILD b/abs/core/libxml2/PKGBUILD
index 58c4756..0949823 100644
--- a/abs/core/libxml2/PKGBUILD
+++ b/abs/core/libxml2/PKGBUILD
@@ -1,38 +1,48 @@
-# $Id: PKGBUILD 165211 2012-08-13 09:09:13Z jgc $
+# $Id$
# Maintainer: Jan de Groot <jgc@archlinux.org>
+# Maintainer: Tom Gundersen <teg@jklm.no>
# Contributor: John Proctor <jproctor@prium.net>
pkgname=libxml2
-pkgver=2.8.0
-pkgrel=1
+pkgver=2.9.2
+pkgrel=2
pkgdesc="XML parsing library, version 2"
arch=(i686 x86_64)
-license=('custom')
-depends=('zlib>=1.2.4' 'readline>=6.1' 'ncurses>=5.7' 'xz')
+license=('MIT')
+depends=('zlib' 'readline' 'ncurses' 'xz')
makedepends=('python2')
-options=('!libtool')
+optdepends=('python2: python bindings to libxml')
url="http://www.xmlsoft.org/"
source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
- http://www.w3.org/XML/Test/xmlts20080205.tar.gz)
-md5sums=('c62106f02ee00b6437f0fb9d370c1093'
- 'b255be9a1c7f7021e52448e4ec8d7a0d')
+ http://www.w3.org/XML/Test/xmlts20080827.tar.gz
+ revert-catalog-initialize.patch
+ fix-CVE-2014-3660.patch)
+md5sums=('9e6a9aca9d155737868b3dc5fd82f788'
+ 'ae3d1ebe000a3972afa104ca7f0e1b4a'
+ 'fdb2e26174ac9cced85ffbf4fb782187'
+ '71c88ee5a133461a8ab8aaa194899453')
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+prepare() {
+ cd ${pkgname}-${pkgver}
sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py
- ./configure --prefix=/usr --with-threads --with-history \
- --with-python=/usr/bin/python2
+ mv ../xmlconf .
+ patch -Np1 -i ../revert-catalog-initialize.patch
+ patch -Np1 -i ../fix-CVE-2014-3660.patch
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2
make
}
check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- mv "${srcdir}/xmlconf" .
+ cd ${pkgname}-${pkgver}
make check
}
package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
make DESTDIR="${pkgdir}" install
install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING"
}
diff --git a/abs/core/libxml2/fix-CVE-2014-3660.patch b/abs/core/libxml2/fix-CVE-2014-3660.patch
new file mode 100644
index 0000000..9e6441c
--- /dev/null
+++ b/abs/core/libxml2/fix-CVE-2014-3660.patch
@@ -0,0 +1,28 @@
+From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Thu, 23 Oct 2014 11:35:36 +0800
+Subject: Fix missing entities after CVE-2014-3660 fix
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=738805
+
+The fix for CVE-2014-3660 introduced a regression in some case
+where entity substitution is required and the entity is used
+first in anotther entity referenced from an attribute value
+
+diff --git a/parser.c b/parser.c
+index 67c9dfd..a8d1b67 100644
+--- a/parser.c
++++ b/parser.c
+@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
+ * far more secure as the parser will only process data coming from
+ * the document entity by default.
+ */
+- if ((ent->checked == 0) &&
++ if (((ent->checked == 0) ||
++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) &&
+ ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) ||
+ (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) {
+ unsigned long oldnbent = ctxt->nbentities;
+--
+cgit v0.10.1
+
diff --git a/abs/core/libxml2/revert-catalog-initialize.patch b/abs/core/libxml2/revert-catalog-initialize.patch
new file mode 100644
index 0000000..d98b382
--- /dev/null
+++ b/abs/core/libxml2/revert-catalog-initialize.patch
@@ -0,0 +1,26 @@
+From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 17 Oct 2014 17:13:41 +0800
+Subject: Revert "Missing initialization for the catalog module"
+
+This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7.
+As this break xmlcatalog command
+https://bugzilla.redhat.com/show_bug.cgi?id=1153753
+
+diff --git a/parser.c b/parser.c
+index 1d93967..67c9dfd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -14830,9 +14830,6 @@ xmlInitParser(void) {
+ #ifdef LIBXML_XPATH_ENABLED
+ xmlXPathInit();
+ #endif
+-#ifdef LIBXML_CATALOG_ENABLED
+- xmlInitializeCatalog();
+-#endif
+ xmlParserInitialized = 1;
+ #ifdef LIBXML_THREAD_ENABLED
+ }
+--
+cgit v0.10.1
+