Date: Monday, November 17, 2014 @ 20:48:07 Author: jgc Revision: 226351
archrelease: copy trunk to extra-i686, extra-x86_64 Added: libxml2/repos/extra-i686/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD) libxml2/repos/extra-i686/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch) libxml2/repos/extra-i686/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch) libxml2/repos/extra-x86_64/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD) libxml2/repos/extra-x86_64/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch) libxml2/repos/extra-x86_64/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch) Deleted: libxml2/repos/extra-i686/PKGBUILD libxml2/repos/extra-x86_64/PKGBUILD ----------------------------------------------+ /PKGBUILD | 96 +++++++++++++++++++++++++ extra-i686/PKGBUILD | 42 ---------- extra-i686/fix-CVE-2014-3660.patch | 28 +++++++ extra-i686/revert-catalog-initialize.patch | 26 ++++++ extra-x86_64/PKGBUILD | 42 ---------- extra-x86_64/fix-CVE-2014-3660.patch | 28 +++++++ extra-x86_64/revert-catalog-initialize.patch | 26 ++++++ 7 files changed, 204 insertions(+), 84 deletions(-) Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2014-11-17 19:47:58 UTC (rev 226350) +++ extra-i686/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351) @@ -1,42 +0,0 @@ -# $Id$ -# Maintainer: Jan de Groot <j...@archlinux.org> -# Maintainer: Tom Gundersen <t...@jklm.no> -# Contributor: John Proctor <jproc...@prium.net> - -pkgname=libxml2 -pkgver=2.9.2 -pkgrel=1 -pkgdesc="XML parsing library, version 2" -arch=(i686 x86_64) -license=('MIT') -depends=('zlib' 'readline' 'ncurses' 'xz') -makedepends=('python2') -optdepends=('python2: python bindings to libxml') -url="http://www.xmlsoft.org/" -source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz - http://www.w3.org/XML/Test/xmlts20080827.tar.gz) -md5sums=('9e6a9aca9d155737868b3dc5fd82f788' - 'ae3d1ebe000a3972afa104ca7f0e1b4a') - -prepare() { - cd ${pkgname}-${pkgver} - sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py - mv ../xmlconf . -} - -build() { - cd ${pkgname}-${pkgver} - ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2 - make -} - -check() { - cd ${pkgname}-${pkgver} - make check -} - -package() { - cd ${pkgname}-${pkgver} - make DESTDIR="${pkgdir}" install - install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" -} Copied: libxml2/repos/extra-i686/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,48 @@ +# $Id$ +# Maintainer: Jan de Groot <j...@archlinux.org> +# Maintainer: Tom Gundersen <t...@jklm.no> +# Contributor: John Proctor <jproc...@prium.net> + +pkgname=libxml2 +pkgver=2.9.2 +pkgrel=2 +pkgdesc="XML parsing library, version 2" +arch=(i686 x86_64) +license=('MIT') +depends=('zlib' 'readline' 'ncurses' 'xz') +makedepends=('python2') +optdepends=('python2: python bindings to libxml') +url="http://www.xmlsoft.org/" +source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz + http://www.w3.org/XML/Test/xmlts20080827.tar.gz + revert-catalog-initialize.patch + fix-CVE-2014-3660.patch) +md5sums=('9e6a9aca9d155737868b3dc5fd82f788' + 'ae3d1ebe000a3972afa104ca7f0e1b4a' + 'fdb2e26174ac9cced85ffbf4fb782187' + '71c88ee5a133461a8ab8aaa194899453') + +prepare() { + cd ${pkgname}-${pkgver} + sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py + mv ../xmlconf . + patch -Np1 -i ../revert-catalog-initialize.patch + patch -Np1 -i ../fix-CVE-2014-3660.patch +} + +build() { + cd ${pkgname}-${pkgver} + ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2 + make +} + +check() { + cd ${pkgname}-${pkgver} + make check +} + +package() { + cd ${pkgname}-${pkgver} + make DESTDIR="${pkgdir}" install + install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" +} Copied: libxml2/repos/extra-i686/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch) =================================================================== --- extra-i686/fix-CVE-2014-3660.patch (rev 0) +++ extra-i686/fix-CVE-2014-3660.patch 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,28 @@ +From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veill...@redhat.com> +Date: Thu, 23 Oct 2014 11:35:36 +0800 +Subject: Fix missing entities after CVE-2014-3660 fix + +For https://bugzilla.gnome.org/show_bug.cgi?id=738805 + +The fix for CVE-2014-3660 introduced a regression in some case +where entity substitution is required and the entity is used +first in anotther entity referenced from an attribute value + +diff --git a/parser.c b/parser.c +index 67c9dfd..a8d1b67 100644 +--- a/parser.c ++++ b/parser.c +@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + * far more secure as the parser will only process data coming from + * the document entity by default. + */ +- if ((ent->checked == 0) && ++ if (((ent->checked == 0) || ++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { + unsigned long oldnbent = ctxt->nbentities; +-- +cgit v0.10.1 + Copied: libxml2/repos/extra-i686/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch) =================================================================== --- extra-i686/revert-catalog-initialize.patch (rev 0) +++ extra-i686/revert-catalog-initialize.patch 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,26 @@ +From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veill...@redhat.com> +Date: Fri, 17 Oct 2014 17:13:41 +0800 +Subject: Revert "Missing initialization for the catalog module" + +This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. +As this break xmlcatalog command +https://bugzilla.redhat.com/show_bug.cgi?id=1153753 + +diff --git a/parser.c b/parser.c +index 1d93967..67c9dfd 100644 +--- a/parser.c ++++ b/parser.c +@@ -14830,9 +14830,6 @@ xmlInitParser(void) { + #ifdef LIBXML_XPATH_ENABLED + xmlXPathInit(); + #endif +-#ifdef LIBXML_CATALOG_ENABLED +- xmlInitializeCatalog(); +-#endif + xmlParserInitialized = 1; + #ifdef LIBXML_THREAD_ENABLED + } +-- +cgit v0.10.1 + Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2014-11-17 19:47:58 UTC (rev 226350) +++ extra-x86_64/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351) @@ -1,42 +0,0 @@ -# $Id$ -# Maintainer: Jan de Groot <j...@archlinux.org> -# Maintainer: Tom Gundersen <t...@jklm.no> -# Contributor: John Proctor <jproc...@prium.net> - -pkgname=libxml2 -pkgver=2.9.2 -pkgrel=1 -pkgdesc="XML parsing library, version 2" -arch=(i686 x86_64) -license=('MIT') -depends=('zlib' 'readline' 'ncurses' 'xz') -makedepends=('python2') -optdepends=('python2: python bindings to libxml') -url="http://www.xmlsoft.org/" -source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz - http://www.w3.org/XML/Test/xmlts20080827.tar.gz) -md5sums=('9e6a9aca9d155737868b3dc5fd82f788' - 'ae3d1ebe000a3972afa104ca7f0e1b4a') - -prepare() { - cd ${pkgname}-${pkgver} - sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py - mv ../xmlconf . -} - -build() { - cd ${pkgname}-${pkgver} - ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2 - make -} - -check() { - cd ${pkgname}-${pkgver} - make check -} - -package() { - cd ${pkgname}-${pkgver} - make DESTDIR="${pkgdir}" install - install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" -} Copied: libxml2/repos/extra-x86_64/PKGBUILD (from rev 226350, libxml2/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,48 @@ +# $Id$ +# Maintainer: Jan de Groot <j...@archlinux.org> +# Maintainer: Tom Gundersen <t...@jklm.no> +# Contributor: John Proctor <jproc...@prium.net> + +pkgname=libxml2 +pkgver=2.9.2 +pkgrel=2 +pkgdesc="XML parsing library, version 2" +arch=(i686 x86_64) +license=('MIT') +depends=('zlib' 'readline' 'ncurses' 'xz') +makedepends=('python2') +optdepends=('python2: python bindings to libxml') +url="http://www.xmlsoft.org/" +source=(ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz + http://www.w3.org/XML/Test/xmlts20080827.tar.gz + revert-catalog-initialize.patch + fix-CVE-2014-3660.patch) +md5sums=('9e6a9aca9d155737868b3dc5fd82f788' + 'ae3d1ebe000a3972afa104ca7f0e1b4a' + 'fdb2e26174ac9cced85ffbf4fb782187' + '71c88ee5a133461a8ab8aaa194899453') + +prepare() { + cd ${pkgname}-${pkgver} + sed -e 's|/usr/bin/python -u|/usr/bin/python2 -u|g' -e 's|/usr/bin/python$|/usr/bin/python2|g' -i python/tests/*.py + mv ../xmlconf . + patch -Np1 -i ../revert-catalog-initialize.patch + patch -Np1 -i ../fix-CVE-2014-3660.patch +} + +build() { + cd ${pkgname}-${pkgver} + ./configure --prefix=/usr --with-threads --with-history --with-python=/usr/bin/python2 + make +} + +check() { + cd ${pkgname}-${pkgver} + make check +} + +package() { + cd ${pkgname}-${pkgver} + make DESTDIR="${pkgdir}" install + install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" +} Copied: libxml2/repos/extra-x86_64/fix-CVE-2014-3660.patch (from rev 226350, libxml2/trunk/fix-CVE-2014-3660.patch) =================================================================== --- extra-x86_64/fix-CVE-2014-3660.patch (rev 0) +++ extra-x86_64/fix-CVE-2014-3660.patch 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,28 @@ +From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veill...@redhat.com> +Date: Thu, 23 Oct 2014 11:35:36 +0800 +Subject: Fix missing entities after CVE-2014-3660 fix + +For https://bugzilla.gnome.org/show_bug.cgi?id=738805 + +The fix for CVE-2014-3660 introduced a regression in some case +where entity substitution is required and the entity is used +first in anotther entity referenced from an attribute value + +diff --git a/parser.c b/parser.c +index 67c9dfd..a8d1b67 100644 +--- a/parser.c ++++ b/parser.c +@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { + * far more secure as the parser will only process data coming from + * the document entity by default. + */ +- if ((ent->checked == 0) && ++ if (((ent->checked == 0) || ++ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && + ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || + (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { + unsigned long oldnbent = ctxt->nbentities; +-- +cgit v0.10.1 + Copied: libxml2/repos/extra-x86_64/revert-catalog-initialize.patch (from rev 226350, libxml2/trunk/revert-catalog-initialize.patch) =================================================================== --- extra-x86_64/revert-catalog-initialize.patch (rev 0) +++ extra-x86_64/revert-catalog-initialize.patch 2014-11-17 19:48:07 UTC (rev 226351) @@ -0,0 +1,26 @@ +From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard <veill...@redhat.com> +Date: Fri, 17 Oct 2014 17:13:41 +0800 +Subject: Revert "Missing initialization for the catalog module" + +This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. +As this break xmlcatalog command +https://bugzilla.redhat.com/show_bug.cgi?id=1153753 + +diff --git a/parser.c b/parser.c +index 1d93967..67c9dfd 100644 +--- a/parser.c ++++ b/parser.c +@@ -14830,9 +14830,6 @@ xmlInitParser(void) { + #ifdef LIBXML_XPATH_ENABLED + xmlXPathInit(); + #endif +-#ifdef LIBXML_CATALOG_ENABLED +- xmlInitializeCatalog(); +-#endif + xmlParserInitialized = 1; + #ifdef LIBXML_THREAD_ENABLED + } +-- +cgit v0.10.1 +