diff options
Diffstat (limited to 'abs')
-rw-r--r-- | abs/core/libxml2/PKGBUILD | 42 | ||||
-rw-r--r-- | abs/core/libxml2/fix-CVE-2014-3660.patch | 28 | ||||
-rw-r--r-- | abs/core/libxml2/revert-catalog-initialize.patch | 26 |
3 files changed, 80 insertions, 16 deletions
diff --git a/abs/core/libxml2/PKGBUILD b/abs/core/libxml2/PKGBUILD index 58c4756..0949823 100644 --- a/abs/core/libxml2/PKGBUILD +++ b/abs/core/libxml2/PKGBUILD @@ -1,38 +1,48 @@ -# $Id: PKGBUILD 165211 2012-08-13 09:09:13Z jgc $ +# $Id$ # Maintainer: Jan de Groot <jgc@archlinux.org> +# Maintainer: Tom Gundersen <teg@jklm.no> # Contributor: John Proctor <jproctor@prium.net> pkgname=libxml2 -pkgver=2.8.0 -pkgrel=1 +pkgver=2.9.2 +pkgrel=2 pkgdesc="XML parsing library, version 2" arch=(i686 x86_64) -license=('custom') -depends=('zlib>=1.2.4' 'readline>=6.1' 'ncurses>=5.7' 'xz') +license=('MIT') +depends=('zlib' 'readline' 'ncurses' 'xz') makedepends=('python2') -options=('!libtool') +optdepends=('python2: python bindings to libxml') url="http://www.xmlsoft.org/" source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz - http://www.w3.org/XML/Test/xmlts20080205.tar.gz) -md5sums=('c62106f02ee00b6437f0fb9d370c1093' - 'b255be9a1c7f7021e52448e4ec8d7a0d') + http://www.w3.org/XML/Test/xmlts20080827.tar.gz + revert-catalog-initialize.patch + fix-CVE-2014-3660.patch) +md5sums=('9e6a9aca9d155737868b3dc5fd82f788' + 'ae3d1ebe000a3972afa104ca7f0e1b4a' + 'fdb2e26174ac9cced85ffbf4fb782187' + '71c88ee5a133461a8ab8aaa194899453') -build() { - cd "${srcdir}/${pkgname}-${pkgver}" +prepare() { + cd ${pkgname}-${pkgver} sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py - ./configure --prefix=/usr --with-threads --with-history \ - --with-python=/usr/bin/python2 + mv ../xmlconf . + patch -Np1 -i ../revert-catalog-initialize.patch + patch -Np1 -i ../fix-CVE-2014-3660.patch +} + +build() { + cd ${pkgname}-${pkgver} + ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2 make } check() { - cd "${srcdir}/${pkgname}-${pkgver}" - mv "${srcdir}/xmlconf" . + cd ${pkgname}-${pkgver} make check } package() { - cd "${srcdir}/${pkgname}-${pkgver}" + cd ${pkgname}-${pkgver} make DESTDIR="${pkgdir}" install install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" } diff --git a/abs/core/libxml2/fix-CVE-2014-3660.patch b/abs/core/libxml2/fix-CVE-2014-3660.patch new file mode 100644 index 0000000..9e6441c --- /dev/null +++ b/abs/core/libxml2/fix-CVE-2014-3660.patch @@ -0,0 +1,28 @@ +From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Thu, 23 Oct 2014 11:35:36 +0800 +Subject: Fix missing entities after CVE-2014-3660 fix + +For https://bugzilla.gnome.org/show_bug.cgi?id=738805 + +The fix for CVE-2014-3660 introduced a regression in some case +where entity substitution is required and the entity is used +first in anotther entity referenced from an attribute value + +diff --git a/parser.c b/parser.c +index 67c9dfd..a8d1b67 100644 +--- a/parser.c ++++ b/parser.c +@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + * far more secure as the parser will only process data coming from + * the document entity by default. + */ +- if ((ent->checked == 0) && ++ if (((ent->checked == 0) || ++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { + unsigned long oldnbent = ctxt->nbentities; +-- +cgit v0.10.1 + diff --git a/abs/core/libxml2/revert-catalog-initialize.patch b/abs/core/libxml2/revert-catalog-initialize.patch new file mode 100644 index 0000000..d98b382 --- /dev/null +++ b/abs/core/libxml2/revert-catalog-initialize.patch @@ -0,0 +1,26 @@ +From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veillard@redhat.com> +Date: Fri, 17 Oct 2014 17:13:41 +0800 +Subject: Revert "Missing initialization for the catalog module" + +This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. +As this break xmlcatalog command +https://bugzilla.redhat.com/show_bug.cgi?id=1153753 + +diff --git a/parser.c b/parser.c +index 1d93967..67c9dfd 100644 +--- a/parser.c ++++ b/parser.c +@@ -14830,9 +14830,6 @@ xmlInitParser(void) { + #ifdef LIBXML_XPATH_ENABLED + xmlXPathInit(); + #endif +-#ifdef LIBXML_CATALOG_ENABLED +- xmlInitializeCatalog(); +-#endif + xmlParserInitialized = 1; + #ifdef LIBXML_THREAD_ENABLED + } +-- +cgit v0.10.1 + |