← Back to branch summary

~ubuntu-branches/ubuntu/wily/libxml2/wily-proposed

~ubuntu-branches/ubuntu/wily/libxml2/wily-proposed

« back to all changes in this revision

Viewing changes to debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch

Committer: Package Import Robot
Author(s): Aron Xu
Date: 2014-10-26 07:04:50 UTC
mfrom: (43.2.7 sid)
Revision ID: package-import@ubuntu.com-20141026070450-rmcqvcqn8peeuebs

Tags: 2.9.2+dfsg1-1

http://bugs.debian.org/765722

* New upstream release (Closes: #765722, CVE-2014-3660)
* Remove no-longer-needed upstream patches
* Update distro patch
* Std-ver: 3.9.5 -> 3.9.6, no change.

files added:
.pc/0001-modify-xml2-config-and-pkgconfig-behaviour.patch/configure.ac

configure.ac

libxml2-config.cmake.in

os400

os400/README400

os400/dlfcn

os400/dlfcn/dlfcn.c

os400/dlfcn/dlfcn.h

os400/iconv

os400/iconv/README.iconv

os400/iconv/bldcsndfa

os400/iconv/bldcsndfa/bldcsndfa.c

os400/iconv/bldcsndfa/ccsid_mibenum.dtd

os400/iconv/bldcsndfa/ccsid_mibenum.xml

os400/iconv/bldcsndfa/character-sets.xhtml

os400/iconv/ianatables.c

os400/iconv/iconv.c

os400/iconv/iconv.h

os400/initscript.sh

os400/libxmlrpg

os400/libxmlrpg/DOCBparser.rpgle

os400/libxmlrpg/HTMLparser.rpgle

os400/libxmlrpg/HTMLtree.rpgle

os400/libxmlrpg/SAX.rpgle

os400/libxmlrpg/SAX2.rpgle

os400/libxmlrpg/c14n.rpgle

os400/libxmlrpg/catalog.rpgle

os400/libxmlrpg/chvalid.rpgle

os400/libxmlrpg/debugXML.rpgle

os400/libxmlrpg/dict.rpgle

os400/libxmlrpg/encoding.rpgle

os400/libxmlrpg/entities.rpgle

os400/libxmlrpg/globals.rpgle

os400/libxmlrpg/hash.rpgle

os400/libxmlrpg/list.rpgle

os400/libxmlrpg/nanoftp.rpgle

os400/libxmlrpg/nanohttp.rpgle

os400/libxmlrpg/parser.rpgle

os400/libxmlrpg/parserInternals.rpgle

os400/libxmlrpg/pattern.rpgle

os400/libxmlrpg/relaxng.rpgle

os400/libxmlrpg/schemasInternals.rpgle

os400/libxmlrpg/schematron.rpgle

os400/libxmlrpg/threads.rpgle

os400/libxmlrpg/transcode.rpgle

os400/libxmlrpg/tree.rpgle

os400/libxmlrpg/uri.rpgle

os400/libxmlrpg/valid.rpgle

os400/libxmlrpg/xinclude.rpgle

os400/libxmlrpg/xlink.rpgle

os400/libxmlrpg/xmlIO.rpgle

os400/libxmlrpg/xmlautomata.rpgle

os400/libxmlrpg/xmlerror.rpgle

os400/libxmlrpg/xmlexports.rpgle

os400/libxmlrpg/xmlmemory.rpgle

os400/libxmlrpg/xmlmodule.rpgle

os400/libxmlrpg/xmlreader.rpgle

os400/libxmlrpg/xmlregexp.rpgle

os400/libxmlrpg/xmlsave.rpgle

os400/libxmlrpg/xmlschemas.rpgle

os400/libxmlrpg/xmlschemastypes.rpgle

os400/libxmlrpg/xmlstdarg.rpgle

os400/libxmlrpg/xmlstring.rpgle

os400/libxmlrpg/xmlunicode.rpgle

os400/libxmlrpg/xmlversion.rpgle.in

os400/libxmlrpg/xmlwriter.rpgle

os400/libxmlrpg/xpath.rpgle

os400/libxmlrpg/xpathInternals.rpgle

os400/libxmlrpg/xpointer.rpgle

os400/make-bldcsndfa.sh

os400/make-include.sh

os400/make-rpg.sh

os400/make-src.sh

os400/make.sh

os400/os400config.h.in

os400/rpgsupport.c

os400/rpgsupport.h

os400/transcode.c

os400/transcode.h

os400/wrappers.c

os400/wrappers.h

files removed:
.pc/0001-modify-xml2-config-and-pkgconfig-behaviour.patch/configure.in

.pc/0001-modify-xml2-config-and-pkgconfig-behaviour.patch/libxml-2.0.pc.in

.pc/0003-Fix-an-error-in-xmlCleanupParser.patch

.pc/0003-Fix-an-error-in-xmlCleanupParser.patch/parser.c

.pc/0004-Fix-missing-break-on-last-function-for-attributes.patch

.pc/0004-Fix-missing-break-on-last-function-for-attributes.patch/python

.pc/0004-Fix-missing-break-on-last-function-for-attributes.patch/python/libxml.c

.pc/0005-xmllint-memory-should-fail-on-empty-files.patch

.pc/0005-xmllint-memory-should-fail-on-empty-files.patch/xmllint.c

.pc/0006-properly-quote-the-namespace-uris-written-out-during.patch

.pc/0006-properly-quote-the-namespace-uris-written-out-during.patch/c14n.c

.pc/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch

.pc/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch/parser.c

.pc/0008-missing-else-in-xlink.c.patch

.pc/0008-missing-else-in-xlink.c.patch/xlink.c

.pc/0009-Catch-malloc-error-and-exit-accordingly.patch

.pc/0009-Catch-malloc-error-and-exit-accordingly.patch/xmllint.c

.pc/0010-Fix-handling-of-mmap-errors.patch

.pc/0010-Fix-handling-of-mmap-errors.patch/xmllint.c

.pc/0011-Avoid-crash-if-allocation-fails.patch

.pc/0011-Avoid-crash-if-allocation-fails.patch/xmlschemastypes.c

.pc/0012-Fix-a-possible-NULL-dereference.patch

.pc/0012-Fix-a-possible-NULL-dereference.patch/SAX2.c

.pc/0013-Clear-up-a-potential-NULL-dereference.patch

.pc/0013-Clear-up-a-potential-NULL-dereference.patch/parserInternals.c

.pc/0014-Fix-XPath-optimization-with-predicates.patch

.pc/0014-Fix-XPath-optimization-with-predicates.patch/xpath.c

.pc/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch

.pc/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch/xmllint.c

.pc/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch

.pc/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch/xmlregexp.c

.pc/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch

.pc/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch/tree.c

.pc/0018-Fix-pointer-dereferenced-before-null-check.patch

.pc/0018-Fix-pointer-dereferenced-before-null-check.patch/valid.c

.pc/0019-Fix-a-bug-loading-some-compressed-files.patch

.pc/0019-Fix-a-bug-loading-some-compressed-files.patch/xzlib.c

.pc/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch

.pc/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch/encoding.c

.pc/0021-Fix-a-couple-of-missing-NULL-checks.patch

.pc/0021-Fix-a-couple-of-missing-NULL-checks.patch/tree.c

.pc/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch

.pc/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch/HTMLparser.c

.pc/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch/parser.c

.pc/0023-Handling-of-XPath-function-arguments-in-error-case.patch

.pc/0023-Handling-of-XPath-function-arguments-in-error-case.patch/xpath.c

.pc/0024-Missing-initialization-for-the-catalog-module.patch

.pc/0024-Missing-initialization-for-the-catalog-module.patch/parser.c

.pc/0025-Fix-an-fd-leak-in-an-error-case.patch

.pc/0025-Fix-an-fd-leak-in-an-error-case.patch/catalog.c

.pc/0026-fixing-a-ptotential-uninitialized-access.patch

.pc/0026-fixing-a-ptotential-uninitialized-access.patch/valid.c

.pc/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch

.pc/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch/xmlwriter.c

.pc/0028-Avoid-a-possible-NULL-pointer-dereference.patch

.pc/0028-Avoid-a-possible-NULL-pointer-dereference.patch/xmlmodule.c

.pc/0029-Do-not-fetch-external-parameter-entities.patch

.pc/0029-Do-not-fetch-external-parameter-entities.patch/parser.c

.pc/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch

.pc/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch/xmlmemory.c

.pc/0031-xmllint-was-not-parsing-the-c14n11-flag.patch

.pc/0031-xmllint-was-not-parsing-the-c14n11-flag.patch/xmllint.c

.pc/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch

.pc/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch/parser.c

.pc/CVE-2014-3660.patch

.pc/CVE-2014-3660.patch/parser.c

configure.in

debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch

debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch

debian/patches/0005-xmllint-memory-should-fail-on-empty-files.patch

debian/patches/0006-properly-quote-the-namespace-uris-written-out-during.patch

debian/patches/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch

debian/patches/0008-missing-else-in-xlink.c.patch

debian/patches/0009-Catch-malloc-error-and-exit-accordingly.patch

debian/patches/0010-Fix-handling-of-mmap-errors.patch

debian/patches/0011-Avoid-crash-if-allocation-fails.patch

debian/patches/0012-Fix-a-possible-NULL-dereference.patch

debian/patches/0013-Clear-up-a-potential-NULL-dereference.patch

debian/patches/0014-Fix-XPath-optimization-with-predicates.patch

debian/patches/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch

debian/patches/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch

debian/patches/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch

debian/patches/0018-Fix-pointer-dereferenced-before-null-check.patch

debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch

debian/patches/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch

debian/patches/0021-Fix-a-couple-of-missing-NULL-checks.patch

debian/patches/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch

debian/patches/0023-Handling-of-XPath-function-arguments-in-error-case.patch

debian/patches/0024-Missing-initialization-for-the-catalog-module.patch

debian/patches/0025-Fix-an-fd-leak-in-an-error-case.patch

debian/patches/0026-fixing-a-ptotential-uninitialized-access.patch

debian/patches/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch

debian/patches/0028-Avoid-a-possible-NULL-pointer-dereference.patch

debian/patches/0029-Do-not-fetch-external-parameter-entities.patch

debian/patches/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch

debian/patches/0031-xmllint-was-not-parsing-the-c14n11-flag.patch

debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch

debian/patches/CVE-2014-3660.patch

files modified:
.pc/0001-modify-xml2-config-and-pkgconfig-behaviour.patch/libxml-2.0-uninstalled.pc.in

.pc/0002-fix-python-multiarch-includes.patch/python/Makefile.in

.pc/applied-patches

ChangeLog

HTMLparser.c

HTMLtree.c

INSTALL

Makefile.am

Makefile.in

NEWS

SAX2.c

aclocal.m4

buf.c

buf.h

catalog.c

config.guess

config.h.in

config.sub

configure

debian/changelog

debian/control

debian/libxml2.symbols

debian/patches/0001-modify-xml2-config-and-pkgconfig-behaviour.patch

debian/patches/0002-fix-python-multiarch-includes.patch

debian/patches/series

debian/rules

debugXML.c

depcomp

doc/APIchunk11.html

doc/APIchunk12.html

doc/APIchunk14.html

doc/APIchunk26.html

doc/APIfunctions.html

doc/FAQ.html

doc/Makefile.in

doc/architecture.html

doc/bugs.html

doc/catalog.html

doc/contribs.html

doc/devhelp/Makefile.in

doc/devhelp/libxml2-entities.html

doc/devhelp/libxml2-tree.html

doc/devhelp/libxml2-xmlerror.html

doc/devhelp/libxml2-xmlschemastypes.html

doc/docs.html

doc/downloads.html

doc/encoding.html

doc/example.html

doc/examples/Makefile.in

doc/help.html

doc/html/libxml-entities.html

doc/html/libxml-tree.html

doc/html/libxml-xmlerror.html

doc/html/libxml-xmlschemastypes.html

doc/index.html

doc/interface.html

doc/intro.html

doc/library.html

doc/libxml2-api.xml

doc/libxml2.xsa

doc/news.html

doc/python.html

doc/threads.html

doc/upgrade.html

doc/xml.html

doc/xmldtd.html

doc/xmlio.html

doc/xmllint.1

doc/xmllint.xml

doc/xmlmem.html

elfgcchack.h

encoding.c

entities.c

example/Makefile.in

hash.c

include/Makefile.in

include/libxml/Makefile.in

include/libxml/SAX2.h

include/libxml/entities.h

include/libxml/globals.h

include/libxml/relaxng.h

include/libxml/tree.h

include/libxml/xmlIO.h

include/libxml/xmlerror.h

include/libxml/xmlversion.h

include/win32config.h

install-sh

legacy.c

libxml-2.0-uninstalled.pc.in

libxml-2.0.pc.in

libxml.spec.in

libxml2.spec

m4/libtool.m4

missing

nanoftp.c

nanohttp.c

parser.c

parserInternals.c

python/Makefile.in

python/drv_libxml2.py

python/generator.py

python/libxml.c

python/libxml.py

python/libxml2-export.c

python/libxml2-py.c

python/libxml2-py.h

python/libxml2.py

python/libxml2class.py

python/libxml_wrap.h

python/setup.py

python/setup.py.in

python/tests/Makefile.in

python/tests/sync.py

python/types.c

relaxng.c

runtest.c

schematron.c

testapi.c

testlimits.c

threads.c

timsort.h

tree.c

trio.c

trio.h

triodef.h

triostr.c

uri.c

valid.c

vms/build_libxml.com

vms/config.vms

win32/Makefile.msvc

win32/libxml2.def.src

xinclude.c

xmlIO.c

xmlcatalog.c

xmllint.c

xmlmemory.c

xmlreader.c

xmlregexp.c

xmlschemas.c

xmlschemastypes.c

xmlwriter.c

xpath.c

xpointer.c

xstc/Makefile.in

xzlib.c

xzlib.h

Show diffs side-by-side

added added

removed removed

debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch

1

From: Daniel Veillard <veillard@redhat.com>

2

Date: Wed, 11 Jun 2014 16:54:32 +0800

3

Subject: Fix regressions introduced by CVE-2014-0191 patch

4

5

A number of issues have been raised after the fix, and this patch

6

tries to correct all of them, though most were related to

7

postvalidation.

8

https://bugzilla.gnome.org/show_bug.cgi?id=730290

9

and other reports on list, off-list and on Red Hat bugzilla

10

---

11

parser.c | 13 +++++++++++--

12

1 file changed, 11 insertions(+), 2 deletions(-)

13

14

diff --git a/parser.c b/parser.c

15

index 8aad7b4..ea0ea65 100644

16

--- a/parser.c

17

+++ b/parser.c

18

@@ -2595,8 +2595,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {

19

xmlCharEncoding enc;

20

21

/*

22

- * Note: external parsed entities will not be loaded, it is

23

- * not required for a non-validating parser, unless the

24

+ * Note: external parameter entities will not be loaded, it

25

+ * is not required for a non-validating parser, unless the

26

* option of validating, or substituting entities were

27

* given. Doing so is far more secure as the parser will

28

* only process data coming from the document entity by

29

@@ -2605,6 +2605,9 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {

30

if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&

31

((ctxt->options & XML_PARSE_NOENT) == 0) &&

32

((ctxt->options & XML_PARSE_DTDVALID) == 0) &&

33

+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&

34

+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) &&

35

+ (ctxt->replaceEntities == 0) &&

36

(ctxt->validate == 0))

37

return;

38

39

@@ -12609,6 +12612,9 @@ xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlParserInputBufferPtr input,

40

return(NULL);

41

}

42

43

+ /* We are loading a DTD */

44

+ ctxt->options |= XML_PARSE_DTDLOAD;

45

+

46

/*

47

* Set-up the SAX context

48

*/

49

@@ -12736,6 +12742,9 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID,

50

return(NULL);

51

}

52

53

+ /* We are loading a DTD */

54

+ ctxt->options |= XML_PARSE_DTDLOAD;

55

+

56

/*

57

* Set-up the SAX context

58

*/

Older »