~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH] main/libxml: new upstream version 2.9.3

Christian Kampka <christian@kampka.net>
Details
Message ID
<1448742017-6864-1-git-send-email-christian@kampka.net>
Sender timestamp
1448742017
DKIM signature
missing
Download raw message
Patch: +7 -63
---
 main/libxml2/APKBUILD              | 23 +++++++----------------
 main/libxml2/CVE-2014-0191.patch   | 36 ------------------------------------
 main/libxml2/libxml2-pthread.patch | 11 -----------
 3 files changed, 7 insertions(+), 63 deletions(-)
 delete mode 100644 main/libxml2/CVE-2014-0191.patch
 delete mode 100644 main/libxml2/libxml2-pthread.patch

diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index b8f142c..096d326 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libxml2
pkgver=2.9.2
pkgrel=2
pkgver=2.9.3
pkgrel=0
pkgdesc="XML parsing library, version 2"
url="http://www.xmlsoft.org/"
arch="all"
@@ -11,10 +11,7 @@ depends=
depends_dev="zlib-dev"
makedepends="$depends_dev python-dev"
subpackages="$pkgname-doc $pkgname-dev py-$pkgname:py $pkgname-utils"
source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
	libxml2-pthread.patch
	CVE-2014-0191.patch
	"
source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz"

options="!strip"

@@ -45,7 +42,7 @@ build() {
package() {
	cd "$_builddir"
	make -j1 DESTDIR="$pkgdir" install
		

	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}

@@ -69,12 +66,6 @@ utils() {
}


md5sums="9e6a9aca9d155737868b3dc5fd82f788  libxml2-2.9.2.tar.gz
cc0da520c5296e87407d24166480da73  libxml2-pthread.patch
e6f432aea642badcb848e5791bcf6df7  CVE-2014-0191.patch"
sha256sums="5178c30b151d044aefb1b08bf54c3003a0ac55c59c866763997529d60770d5bc  libxml2-2.9.2.tar.gz
97d5e152580774483c47b28483282a4180c2c375bb7716a807ec859e59c3ec2f  libxml2-pthread.patch
288a762e8b115cecc02d920e4b36ebfa5249b8a6713a1a948e344d881d094ea8  CVE-2014-0191.patch"
sha512sums="a4e3b20e2efceed39c20379b32b746d4a1cf65c0cf7719d26c9bf7483c1f04a4e5a442ae2f36dc4ae8a4d011b67cfb58d9f6d0be034fa3e897a49059c9289565  libxml2-2.9.2.tar.gz
bda49c5e09605acc2bb36203521f750903d81345cc38af54b977e3ce71e288267fb3ab98f1813d846ab45461490482337f7af8b0f1a8a5e0b2c09e03bbadc7f7  libxml2-pthread.patch
41b6737b5cfe6392e3d781ebde48db0bf221bde89701742408afe625a88a67f6f6aed5cf04c1983ba2e7e04c2d819a8011908d23060365225571691c5e61cf11  CVE-2014-0191.patch"
md5sums="daece17e045f1c107610e137ab50c179  libxml2-2.9.3.tar.gz"
sha256sums="4de9e31f46b44d34871c22f54bfc54398ef124d6f7cafb1f4a5958fbcd3ba12d  libxml2-2.9.3.tar.gz"
sha512sums="078afa65229de4f23e6538767253fb4f9f61d96cb72e445179c71d536b224d54922f22972a2b71434796f83f8c99f6a46c3b8813cb4582ad9fca696d141e0abb  libxml2-2.9.3.tar.gz"
diff --git a/main/libxml2/CVE-2014-0191.patch b/main/libxml2/CVE-2014-0191.patch
deleted file mode 100644
index 4d5fe1a..0000000
--- a/main/libxml2/CVE-2014-0191.patch
@@ -1,36 +0,0 @@
From 9cd1c3cfbd32655d60572c0a413e017260c854df Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 22 Apr 2014 15:30:56 +0800
Subject: Do not fetch external parameter entities

Unless explicitely asked for when validating or replacing entities
with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com>

diff --git a/parser.c b/parser.c
index 9347ac9..c0dea05 100644
--- a/parser.c
+++ b/parser.c
@@ -2598,6 +2598,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
 		    xmlCharEncoding enc;
 
 		    /*
+		     * Note: external parsed entities will not be loaded, it is
+		     * not required for a non-validating parser, unless the
+		     * option of validating, or substituting entities were
+		     * given. Doing so is far more secure as the parser will
+		     * only process data coming from the document entity by
+		     * default.
+		     */
+                    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
+		        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
+			((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
+			(ctxt->validate == 0))
+			return;
+
+		    /*
 		     * handle the extra spaces added before and after
 		     * c.f. http://www.w3.org/TR/REC-xml#as-PE
 		     * this is done independently.
--- 
cgit v0.10.1

diff --git a/main/libxml2/libxml2-pthread.patch b/main/libxml2/libxml2-pthread.patch
deleted file mode 100644
index 77d7b38..0000000
--- a/main/libxml2/libxml2-pthread.patch
@@ -1,11 +0,0 @@
--- libxml2-2.9.1/threads.c.orig
+++ libxml2-2.9.1/threads.c
@@ -47,7 +47,7 @@
 #ifdef HAVE_PTHREAD_H
 
 static int libxml_is_threaded = -1;
-#ifdef __GNUC__
+#if defined(__GNUC__) && defined(__GLIBC__)
 #ifdef linux
 #if (__GNUC__ == 3 && __GNUC_MINOR__ >= 3) || (__GNUC__ > 3)
 extern int pthread_once (pthread_once_t *__once_control,
-- 
2.6.2



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)