From d03dc20a3da274ed2dc6ef12089f0133c0ae5660 Mon Sep 17 00:00:00 2001 From: Fredrik Fornwall Date: Fri, 13 Nov 2015 21:51:08 -0500 Subject: [PATCH] libxml2: Add two patches --- ...ing-initialization-for-the-catalog-module.patch | 29 ++++++++++++++++++++ ...-missing-entities-after-CVE-2014-3660-fix.patch | 31 ++++++++++++++++++++++ packages/libxml2/build.sh | 2 +- 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 packages/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch create mode 100644 packages/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch diff --git a/packages/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch b/packages/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch new file mode 100644 index 00000000..9f5c31a0 --- /dev/null +++ b/packages/libxml2/0001-Revert-Missing-initialization-for-the-catalog-module.patch @@ -0,0 +1,29 @@ +From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Fri, 17 Oct 2014 17:13:41 +0800 +Subject: [PATCH] Revert "Missing initialization for the catalog module" + +This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. +As this break xmlcatalog command +https://bugzilla.redhat.com/show_bug.cgi?id=1153753 +--- + parser.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/parser.c b/parser.c +index 1d93967..67c9dfd 100644 +--- a/parser.c ++++ b/parser.c +@@ -14830,9 +14830,6 @@ xmlInitParser(void) { + #ifdef LIBXML_XPATH_ENABLED + xmlXPathInit(); + #endif +-#ifdef LIBXML_CATALOG_ENABLED +- xmlInitializeCatalog(); +-#endif + xmlParserInitialized = 1; + #ifdef LIBXML_THREAD_ENABLED + } +-- +2.1.2 + diff --git a/packages/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch b/packages/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch new file mode 100644 index 00000000..f8e76ffe --- /dev/null +++ b/packages/libxml2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch @@ -0,0 +1,31 @@ +From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Thu, 23 Oct 2014 11:35:36 +0800 +Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix + +For https://bugzilla.gnome.org/show_bug.cgi?id=738805 + +The fix for CVE-2014-3660 introduced a regression in some case +where entity substitution is required and the entity is used +first in anotther entity referenced from an attribute value +--- + parser.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/parser.c b/parser.c +index 67c9dfd..a8d1b67 100644 +--- a/parser.c ++++ b/parser.c +@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + * far more secure as the parser will only process data coming from + * the document entity by default. + */ +- if ((ent->checked == 0) && ++ if (((ent->checked == 0) || ++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { + unsigned long oldnbent = ctxt->nbentities; +-- +2.1.2 + diff --git a/packages/libxml2/build.sh b/packages/libxml2/build.sh index 9c8f1eeb..3181969d 100644 --- a/packages/libxml2/build.sh +++ b/packages/libxml2/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://www.xmlsoft.org TERMUX_PKG_DESCRIPTION="Library for parsing XML documents" TERMUX_PKG_VERSION=2.9.2 -TERMUX_PKG_BUILD_REVISION=1 +TERMUX_PKG_BUILD_REVISION=2 TERMUX_PKG_SRCURL=ftp://xmlsoft.org/libxml2/libxml2-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--without-python" TERMUX_PKG_RM_AFTER_INSTALL="share/gtk-doc bin/xml2-config bin/xmlcatalog lib/xml2Conf.sh share/man/man1/xml2-config.1 share/man/man1/xmlcatalog.1" -- 2.11.0