2.46 bump

2019-09-24 10:00:19 +02:00 · 2019-09-24 10:00:19 +02:00 · b50a6bcb26
commit b50a6bcb26
parent 5563b10fe9
4 changed files with 9 additions and 72 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ XML-Parser-2.36.tar.gz
 /XML-Parser-2.41.tar.gz
 /XML-Parser-2.43.tar.gz
 /XML-Parser-2.44.tar.gz
+/XML-Parser-2.46.tar.gz
--- a/XML-Parser-2.44_01-Fix-a-buffer-overwrite-in-parse_stream.patch
+++ b/XML-Parser-2.44_01-Fix-a-buffer-overwrite-in-parse_stream.patch
@ -1,64 +0,0 @@
-From 53e71571fc0b1f8dbad5f7ff6e9eeeb233496c13 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
-Date: Thu, 13 Dec 2018 13:05:07 +0100
-Subject: [PATCH] Fix a buffer overwrite in parse_stream()
-
-The parse_stream() function allocates BUFSIZE-byte long output buffer. Then it
-reads a string using PerlIO's read() with a maximal string length tsiz=BUFSIZE
-characters into a temporary buffer. And then it retrieves a length of the string
-in the temporary buffer in bytes and copies the strings from the temporary
-buffer to the output buffer.
-
-While it works for byte-stream file handles, when using UTF-8 handles, length
-in bytes can be greater than length in characters, thus the temporary buffer
-can contain more bytes than the size of the output buffer and we have a buffer
-overwrite. This corrupts memory, especially metadata for libc memory
-management and subsequent free() aborts with "free(): invalid next size
-(normal)".
-
-Minimal reproducer: Execute this code with an UTF-8 encoded file with non-ASCII
-charcters on the standard input:
-
-use XML::XPath;
-use open ':std', ':encoding(UTF-8)';
-my $xpath = XML::XPath->new(ioref => \*STDIN);
-$xpath->find('/');
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1473368
-https://bugzilla.redhat.com/show_bug.cgi?id=1658512
---
- Expat/Expat.xs | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/Expat/Expat.xs b/Expat/Expat.xs
-index ed66531..dbad380 100644
--- a/Expat/Expat.xs
-+++ b/Expat/Expat.xs
-@@ -343,8 +343,8 @@ parse_stream(XML_Parser parser, SV * ioref)
-   }
-   else {
-     tbuff = newSV(0);
-    tsiz = newSViv(BUFSIZE);
-    buffsize = BUFSIZE;
-+    tsiz = newSViv(BUFSIZE); /* in UTF-8 characters */
-+    buffsize = BUFSIZE * 6; /* in bytes that encode an UTF-8 string */
-   }
- 
-   while (! done)
-@@ -386,9 +386,11 @@ parse_stream(XML_Parser parser, SV * ioref)
- 	  croak("read error");
- 
- 	tb = SvPV(tbuff, br);
-	if (br > 0)
-+	if (br > 0) {
-+	  if (br > buffsize)
-+	    croak("The input buffer is not large enough for read UTF-8 decoded string");
- 	  Copy(tb, buffer, br, char);
-	else
-+	} else
- 	  done = 1;
- 
- 	PUTBACK ;
-- 
-2.18.1
-
--- a/perl-XML-Parser.spec
+++ b/perl-XML-Parser.spec
@ -1,14 +1,11 @@
 Name:           perl-XML-Parser
-Version:        2.44
-Release:        17%{?dist}
+Version:        2.46
+Release:        1%{?dist}
 Summary:        Perl module for parsing XML documents

 License:        GPL+ or Artistic
 Url:            https://metacpan.org/release/XML-Parser
 Source0:        https://cpan.metacpan.org/authors/id/T/TO/TODDR/XML-Parser-%{version}.tar.gz
-# Fix a buffer overwrite in parse_stream() with wide characters on the standard
-# input, bug #1473368, CPAN RT#128006
-Patch0:         XML-Parser-2.44_01-Fix-a-buffer-overwrite-in-parse_stream.patch

 BuildRequires:  coreutils
 BuildRequires:  findutils
@ -23,6 +20,7 @@ BuildRequires:  perl(Config)
 BuildRequires:  perl(Devel::CheckLib)
 BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.76
 BuildRequires:  perl(FileHandle)
+BuildRequires:  perl(File::Spec)
 BuildRequires:  perl(if)
 BuildRequires:  perl(IO::File)
 BuildRequires:  perl(IO::Handle)
@ -30,8 +28,8 @@ BuildRequires:  perl(lib)
 BuildRequires:  perl(strict)
 BuildRequires:  perl(Test)
 BuildRequires:  perl(Test::More)
-BuildRequires:  perl(vars)
 BuildRequires:  perl(warnings)
+BuildRequires:  perl(XSLoader)
 BuildRequires:  expat-devel
 # The script LWPExternEnt.pl is loaded by Parser.pm
 BuildRequires:  perl(LWP::UserAgent)
@ -59,7 +57,6 @@ creation time.

 %prep
 %setup -q -n XML-Parser-%{version} 
-%patch0 -p1
 chmod 644 samples/{canonical,xml*}
 perl -pi -e 's|^#!/usr/local/bin/perl\b|#!%{__perl}|' samples/{canonical,xml*}

@ -93,6 +90,9 @@ make test


 %changelog
+* Tue Sep 24 2019 Jitka Plesnikova <jplesnik@redhat.com> - 2.46-1
+- 2.46 bump
+
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.44-17
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-af4813fe3952362451201ced6fbce379  XML-Parser-2.44.tar.gz
+SHA512 (XML-Parser-2.46.tar.gz) = c4609495cc5ca34952f61876a690ef76d42eee6689d1bedb8036c9eab918525ec5213f1639c7178c029ee0f8765a2ca5eb0197f6e39b8be6d5dbc3f3c1d0b389