diff options
author | Alexander Dahl <post@lespocky.de> | 2015-11-23 15:15:11 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2015-12-09 20:36:59 +0100 |
commit | 214989337dc630883f76dbb8a7889f69958f463c (patch) | |
tree | ee9ae5712d3774aa071a3a38c2dbda77f1a344ab | |
parent | 6edcd186d05225740a2e270741aa11f988eadbf1 (diff) | |
download | ptxdist-214989337dc630883f76dbb8a7889f69958f463c.tar.gz ptxdist-214989337dc630883f76dbb8a7889f69958f463c.tar.xz |
libxml2: update from 2.9.2 to 2.9.3
this fixes some bugs, lots of them with a CVE assigned: CVE-2015-7941,
CVE-2015-1819, CVE-2015-7942, CVE-2015-8035, CVE-2015-7498,
CVE-2015-7497, CVE-2015-5312, CVE-2015-7499, CVE-2015-7500, and
CVE-2015-8242
patch series was recreated, patches gone upstream removed
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | patches/libxml2-2.9.2/0001-Revert-Missing-initialization-for-the-catalog-module.patch | 25 | ||||
-rw-r--r-- | patches/libxml2-2.9.2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch | 27 | ||||
-rw-r--r-- | patches/libxml2-2.9.2/series | 8 | ||||
-rw-r--r-- | patches/libxml2-2.9.3/0200-xml2-config-is-not-SYSROOT-aware.patch (renamed from patches/libxml2-2.9.2/0200-xml2-config-is-not-SYSROOT-aware.patch) | 2 | ||||
-rw-r--r-- | patches/libxml2-2.9.3/series | 6 | ||||
-rw-r--r-- | rules/libxml2.make | 4 |
6 files changed, 9 insertions, 63 deletions
diff --git a/patches/libxml2-2.9.2/0001-Revert-Missing-initialization-for-the-catalog-module.patch b/patches/libxml2-2.9.2/0001-Revert-Missing-initialization-for-the-catalog-module.patch deleted file mode 100644 index 9377a64a1..000000000 --- a/patches/libxml2-2.9.2/0001-Revert-Missing-initialization-for-the-catalog-module.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 17 Oct 2014 17:13:41 +0800 -Subject: [PATCH] Revert "Missing initialization for the catalog module" - -This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. -As this break xmlcatalog command -https://bugzilla.redhat.com/show_bug.cgi?id=1153753 ---- - parser.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/parser.c b/parser.c -index 1d9396786ba7..67c9dfd9ad9f 100644 ---- a/parser.c -+++ b/parser.c -@@ -14830,9 +14830,6 @@ xmlInitParser(void) { - #ifdef LIBXML_XPATH_ENABLED - xmlXPathInit(); - #endif --#ifdef LIBXML_CATALOG_ENABLED -- xmlInitializeCatalog(); --#endif - xmlParserInitialized = 1; - #ifdef LIBXML_THREAD_ENABLED - } diff --git a/patches/libxml2-2.9.2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch b/patches/libxml2-2.9.2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch deleted file mode 100644 index 845610a01..000000000 --- a/patches/libxml2-2.9.2/0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Daniel Veillard <veillard@redhat.com> -Date: Thu, 23 Oct 2014 11:35:36 +0800 -Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix - -For https://bugzilla.gnome.org/show_bug.cgi?id=738805 - -The fix for CVE-2014-3660 introduced a regression in some case -where entity substitution is required and the entity is used -first in anotther entity referenced from an attribute value ---- - parser.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index 67c9dfd9ad9f..a8d1b6731681 100644 ---- a/parser.c -+++ b/parser.c -@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - * far more secure as the parser will only process data coming from - * the document entity by default. - */ -- if ((ent->checked == 0) && -+ if (((ent->checked == 0) || -+ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && - ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || - (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { - unsigned long oldnbent = ctxt->nbentities; diff --git a/patches/libxml2-2.9.2/series b/patches/libxml2-2.9.2/series deleted file mode 100644 index e8eef47fa..000000000 --- a/patches/libxml2-2.9.2/series +++ /dev/null @@ -1,8 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -#tag:upstream --start-number 1 -0001-Revert-Missing-initialization-for-the-catalog-module.patch -0002-Fix-missing-entities-after-CVE-2014-3660-fix.patch -#tag:ptx --start-number 200 -0200-xml2-config-is-not-SYSROOT-aware.patch -# 42924c0b78c90f6e07e0a460d25ef885 - git-ptx-patches magic diff --git a/patches/libxml2-2.9.2/0200-xml2-config-is-not-SYSROOT-aware.patch b/patches/libxml2-2.9.3/0200-xml2-config-is-not-SYSROOT-aware.patch index d096e3c51..81a76383b 100644 --- a/patches/libxml2-2.9.2/0200-xml2-config-is-not-SYSROOT-aware.patch +++ b/patches/libxml2-2.9.3/0200-xml2-config-is-not-SYSROOT-aware.patch @@ -6,7 +6,7 @@ This patch adds $SYSROOT support to xml2-config. Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> --- - xml2-config.in | 2 +- + xml2-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml2-config.in b/xml2-config.in diff --git a/patches/libxml2-2.9.3/series b/patches/libxml2-2.9.3/series new file mode 100644 index 000000000..05ba5ddea --- /dev/null +++ b/patches/libxml2-2.9.3/series @@ -0,0 +1,6 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +#tag:upstream --start-number 1 +#tag:ptx --start-number 200 +0200-xml2-config-is-not-SYSROOT-aware.patch +# b6720be956d1b4619bc1c347a0ceb1dd - git-ptx-patches magic diff --git a/rules/libxml2.make b/rules/libxml2.make index 1b1b0428b..6d27af589 100644 --- a/rules/libxml2.make +++ b/rules/libxml2.make @@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_LIBXML2) += libxml2 # # Paths and names # -LIBXML2_VERSION := 2.9.2 -LIBXML2_MD5 := 9e6a9aca9d155737868b3dc5fd82f788 +LIBXML2_VERSION := 2.9.3 +LIBXML2_MD5 := daece17e045f1c107610e137ab50c179 LIBXML2 := libxml2-$(LIBXML2_VERSION) LIBXML2_SUFFIX := tar.gz LIBXML2_SOURCE := $(SRCDIR)/$(LIBXML2).$(LIBXML2_SUFFIX) |