diff --git a/.cvsignore b/.cvsignore index 2a68361..ac2cbaf 100644 --- a/.cvsignore +++ b/.cvsignore @@ -21,3 +21,4 @@ libxml2-2.6.32.tar.gz libxml2-2.7.0.tar.gz libxml2-2.7.1.tar.gz libxml2-2.7.2.tar.gz +libxml2-2.7.3.tar.gz diff --git a/CVE-2008-4225.patch b/CVE-2008-4225.patch deleted file mode 100644 index 0666795..0000000 --- a/CVE-2008-4225.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- tree.c.orig 2008-10-31 18:14:00.000000000 -0700 -+++ tree.c 2008-10-31 18:14:35.000000000 -0700 -@@ -14,7 +14,7 @@ - #include "libxml.h" - - #include /* for memset() only ! */ -- -+#include - #ifdef HAVE_CTYPE_H - #include - #endif -@@ -6996,7 +6996,13 @@ - case XML_BUFFER_ALLOC_DOUBLEIT: - /*take care of empty case*/ - newSize = (buf->size ? buf->size*2 : size + 10); -- while (size > newSize) newSize *= 2; -+ while (size > newSize) { -+ if (newSize > UINT_MAX / 2) { -+ xmlTreeErrMemory("growing buffer"); -+ return 0; -+ } -+ newSize *= 2; -+ } - break; - case XML_BUFFER_ALLOC_EXACT: - newSize = size+10; diff --git a/CVE-2008-4226.patch b/CVE-2008-4226.patch deleted file mode 100644 index 79e808b..0000000 --- a/CVE-2008-4226.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- SAX2.c.orig 2008-01-25 08:10:04.000000000 -0500 -+++ SAX2.c 2008-11-07 05:07:34.000000000 -0500 -@@ -11,6 +11,7 @@ - #include "libxml.h" - #include - #include -+#include - #include - #include - #include -@@ -26,6 +27,11 @@ - #include - #include - -+/* Define SIZE_T_MAX unless defined through . */ -+#ifndef SIZE_T_MAX -+# define SIZE_T_MAX ((size_t)-1) -+#endif /* !SIZE_T_MAX */ -+ - /* #define DEBUG_SAX2 */ - /* #define DEBUG_SAX2_TREE */ - -@@ -2445,9 +2451,14 @@ - (xmlDictOwns(ctxt->dict, lastChild->content))) { - lastChild->content = xmlStrdup(lastChild->content); - } -+ if ((size_t)ctxt->nodelen > SIZE_T_MAX - (size_t)len || -+ (size_t)ctxt->nodemem + (size_t)len > SIZE_T_MAX / 2) { -+ xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented"); -+ return; -+ } - if (ctxt->nodelen + len >= ctxt->nodemem) { - xmlChar *newbuf; -- int size; -+ size_t size; - - size = ctxt->nodemem + len; - size *= 2; diff --git a/libxml2.spec b/libxml2.spec index a069152..71ded79 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 -Version: 2.7.2 -Release: 7%{?dist}%{?extra_release} +Version: 2.7.3 +Release: 1%{?dist}%{?extra_release} License: MIT Group: Development/Libraries Source: ftp://xmlsoft.org/libxml2/libxml2-%{version}.tar.gz @@ -9,8 +9,6 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python python-devel zlib-devel pkgconfig URL: http://xmlsoft.org/ Patch0: libxml2-multilib.patch -Patch1: CVE-2008-4225.patch -Patch2: CVE-2008-4226.patch %description This library allows to manipulate XML files. It includes support @@ -69,8 +67,6 @@ at parse time or later once the document has been modified. %prep %setup -q %patch0 -p1 -%patch1 -p0 -%patch2 -p0 %build %configure @@ -145,6 +141,12 @@ rm -fr %{buildroot} %doc doc/python.html %changelog +* Sun Jan 18 2009 Daniel Veillard - 2.7.3-1 +- new release 2.7.3 +- limit default max size of text nodes +- special parser mode for PHP +- bug fixes and more compiler checks + * Wed Dec 3 2008 Ignacio Vazquez-Abrams - 2.7.2-7 - Pull back into Python 2.6 diff --git a/sources b/sources index d73196d..3f929d0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -dc43ff7ae6aded45f578c87b7b0c8766 libxml2-2.7.2.tar.gz +8f4fda3969237c2a33bdb1583b5d06b2 libxml2-2.7.3.tar.gz