Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libxml2 for openSUSE:Factory checked
in at 2022-10-18 12:44:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxml2 (Old)
and /work/SRC/openSUSE:Factory/.libxml2.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2"
Tue Oct 18 12:44:38 2022 rev:114 rq:1014116 version:2.10.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2022-09-15
22:58:40.781128877 +0200
+++ /work/SRC/openSUSE:Factory/.libxml2.new.2275/libxml2.changes
2022-10-18 12:44:55.393713264 +0200
@@ -1,0 +2,12 @@
+Fri Oct 14 15:04:09 UTC 2022 - Bj??rn Lie <bjorn....@gmail.com>
+
+- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367,
CVE-2022-40304):
+ + Security:
+ - [CVE-2022-40304] Fix dict corruption caused by entity
+ reference cycles
+ - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
+ - Fix overflow check in SAX2.c
+ + Build system: cmake: Set SOVERSION
+- Rebase patches with quilt.
+
+-------------------------------------------------------------------
Old:
----
libxml2-2.10.2.tar.xz
New:
----
libxml2-2.10.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.yjn0PV/_old 2022-10-18 12:44:56.005714657 +0200
+++ /var/tmp/diff_new_pack.yjn0PV/_new 2022-10-18 12:44:56.009714666 +0200
@@ -25,7 +25,7 @@
%endif
Name: libxml2%{?dash}%{flavor}
-Version: 2.10.2
+Version: 2.10.3
Release: 0
License: MIT
Summary: A Library to Manipulate XML Files
++++++ libxml2-2.10.2.tar.xz -> libxml2-2.10.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/CMakeLists.txt
new/libxml2-2.10.3/CMakeLists.txt
--- old/libxml2-2.10.2/CMakeLists.txt 2022-08-25 13:03:49.000000000 +0200
+++ new/libxml2-2.10.3/CMakeLists.txt 2022-10-14 14:23:53.000000000 +0200
@@ -449,6 +449,7 @@
POSITION_INDEPENDENT_CODE ON
PREFIX lib
VERSION ${PROJECT_VERSION}
+ SOVERSION ${LIBXML_MAJOR_VERSION}
)
if(MSVC)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/NEWS new/libxml2-2.10.3/NEWS
--- old/libxml2-2.10.2/NEWS 2022-08-29 15:20:29.000000000 +0200
+++ new/libxml2-2.10.3/NEWS 2022-10-14 14:30:33.000000000 +0200
@@ -1,5 +1,22 @@
NEWS file for libxml2
+v2.10.3: Oct 14 2022
+
+### Security
+
+- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
+- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
+- Fix overflow check in SAX2.c
+
+### Portability
+
+- win32: Fix build with VS2013
+
+### Build system
+
+- cmake: Set SOVERSION
+
+
v2.10.2: Aug 29 2022
### Improvements
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/SAX2.c new/libxml2-2.10.3/SAX2.c
--- old/libxml2-2.10.2/SAX2.c 2022-08-29 15:16:31.000000000 +0200
+++ new/libxml2-2.10.3/SAX2.c 2022-10-14 14:22:16.000000000 +0200
@@ -28,11 +28,6 @@
#include <libxml/HTMLtree.h>
#include <libxml/globals.h>
-/* Define SIZE_T_MAX unless defined through <limits.h>. */
-#ifndef SIZE_T_MAX
-# define SIZE_T_MAX ((size_t)-1)
-#endif /* !SIZE_T_MAX */
-
/* #define DEBUG_SAX2 */
/* #define DEBUG_SAX2_TREE */
@@ -2596,22 +2591,23 @@
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: xmlStrdup returned
NULL");
return;
}
- if (((size_t)ctxt->nodelen + (size_t)len > XML_MAX_TEXT_LENGTH) &&
+ if (ctxt->nodelen > INT_MAX - len) {
+ xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented");
+ return;
+ }
+ if ((ctxt->nodelen + len > XML_MAX_TEXT_LENGTH) &&
((ctxt->options & XML_PARSE_HUGE) == 0)) {
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: huge text node");
return;
}
- if ((size_t)ctxt->nodelen > SIZE_T_MAX - (size_t)len ||
- (size_t)ctxt->nodemem + (size_t)len > SIZE_T_MAX / 2) {
- xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented");
- return;
- }
if (ctxt->nodelen + len >= ctxt->nodemem) {
xmlChar *newbuf;
- size_t size;
+ int size;
- size = ctxt->nodemem + len;
- size *= 2;
+ size = ctxt->nodemem > INT_MAX - len ?
+ INT_MAX :
+ ctxt->nodemem + len;
+ size = size > INT_MAX / 2 ? INT_MAX : size * 2;
newbuf = (xmlChar *) xmlRealloc(lastChild->content,size);
if (newbuf == NULL) {
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/configure new/libxml2-2.10.3/configure
--- old/libxml2-2.10.2/configure 2022-08-29 15:20:53.000000000 +0200
+++ new/libxml2-2.10.3/configure 2022-10-14 14:41:28.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for libxml2 2.10.2.
+# Generated by GNU Autoconf 2.71 for libxml2 2.10.3.
#
#
# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
@@ -618,8 +618,8 @@
# Identity of this package.
PACKAGE_NAME='libxml2'
PACKAGE_TARNAME='libxml2'
-PACKAGE_VERSION='2.10.2'
-PACKAGE_STRING='libxml2 2.10.2'
+PACKAGE_VERSION='2.10.3'
+PACKAGE_STRING='libxml2 2.10.3'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1521,7 +1521,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libxml2 2.10.2 to adapt to many kinds of systems.
+\`configure' configures libxml2 2.10.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1592,7 +1592,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libxml2 2.10.2:";;
+ short | recursive ) echo "Configuration of libxml2 2.10.3:";;
esac
cat <<\_ACEOF
@@ -1766,7 +1766,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libxml2 configure 2.10.2
+libxml2 configure 2.10.3
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2079,7 +2079,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libxml2 $as_me 2.10.2, which was
+It was created by libxml2 $as_me 2.10.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -2917,7 +2917,7 @@
LIBXML_MAJOR_VERSION=2
LIBXML_MINOR_VERSION=10
-LIBXML_MICRO_VERSION=2
+LIBXML_MICRO_VERSION=3
LIBXML_MICRO_VERSION_SUFFIX=
LIBXML_VERSION=$LIBXML_MAJOR_VERSION.$LIBXML_MINOR_VERSION.$LIBXML_MICRO_VERSION$LIBXML_MICRO_VERSION_SUFFIX
LIBXML_VERSION_INFO=`expr $LIBXML_MAJOR_VERSION +
$LIBXML_MINOR_VERSION`:$LIBXML_MICRO_VERSION:$LIBXML_MINOR_VERSION
@@ -3456,7 +3456,7 @@
# Define the identity of the package.
PACKAGE='libxml2'
- VERSION='2.10.2'
+ VERSION='2.10.3'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -17406,7 +17406,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libxml2 $as_me 2.10.2, which was
+This file was extended by libxml2 $as_me 2.10.3, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17474,7 +17474,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-libxml2 config.status 2.10.2
+libxml2 config.status 2.10.3
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/configure.ac
new/libxml2-2.10.3/configure.ac
--- old/libxml2-2.10.2/configure.ac 2022-08-29 15:16:48.000000000 +0200
+++ new/libxml2-2.10.3/configure.ac 2022-10-14 14:30:41.000000000 +0200
@@ -3,7 +3,7 @@
m4_define([MAJOR_VERSION], 2)
m4_define([MINOR_VERSION], 10)
-m4_define([MICRO_VERSION], 2)
+m4_define([MICRO_VERSION], 3)
AC_INIT([libxml2],[MAJOR_VERSION.MINOR_VERSION.MICRO_VERSION])
AC_CONFIG_SRCDIR([entities.c])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/entities.c
new/libxml2-2.10.3/entities.c
--- old/libxml2-2.10.2/entities.c 2022-08-29 15:16:31.000000000 +0200
+++ new/libxml2-2.10.3/entities.c 2022-10-14 14:26:52.000000000 +0200
@@ -128,36 +128,19 @@
if ((entity->children) && (entity->owner == 1) &&
(entity == (xmlEntityPtr) entity->children->parent))
xmlFreeNodeList(entity->children);
- if (dict != NULL) {
- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name)))
- xmlFree((char *) entity->name);
- if ((entity->ExternalID != NULL) &&
- (!xmlDictOwns(dict, entity->ExternalID)))
- xmlFree((char *) entity->ExternalID);
- if ((entity->SystemID != NULL) &&
- (!xmlDictOwns(dict, entity->SystemID)))
- xmlFree((char *) entity->SystemID);
- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI)))
- xmlFree((char *) entity->URI);
- if ((entity->content != NULL)
- && (!xmlDictOwns(dict, entity->content)))
- xmlFree((char *) entity->content);
- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig)))
- xmlFree((char *) entity->orig);
- } else {
- if (entity->name != NULL)
- xmlFree((char *) entity->name);
- if (entity->ExternalID != NULL)
- xmlFree((char *) entity->ExternalID);
- if (entity->SystemID != NULL)
- xmlFree((char *) entity->SystemID);
- if (entity->URI != NULL)
- xmlFree((char *) entity->URI);
- if (entity->content != NULL)
- xmlFree((char *) entity->content);
- if (entity->orig != NULL)
- xmlFree((char *) entity->orig);
- }
+ if ((entity->name != NULL) &&
+ ((dict == NULL) || (!xmlDictOwns(dict, entity->name))))
+ xmlFree((char *) entity->name);
+ if (entity->ExternalID != NULL)
+ xmlFree((char *) entity->ExternalID);
+ if (entity->SystemID != NULL)
+ xmlFree((char *) entity->SystemID);
+ if (entity->URI != NULL)
+ xmlFree((char *) entity->URI);
+ if (entity->content != NULL)
+ xmlFree((char *) entity->content);
+ if (entity->orig != NULL)
+ xmlFree((char *) entity->orig);
xmlFree(entity);
}
@@ -193,18 +176,12 @@
ret->SystemID = xmlStrdup(SystemID);
} else {
ret->name = xmlDictLookup(dict, name, -1);
- if (ExternalID != NULL)
- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1);
- if (SystemID != NULL)
- ret->SystemID = xmlDictLookup(dict, SystemID, -1);
+ ret->ExternalID = xmlStrdup(ExternalID);
+ ret->SystemID = xmlStrdup(SystemID);
}
if (content != NULL) {
ret->length = xmlStrlen(content);
- if ((dict != NULL) && (ret->length < 5))
- ret->content = (xmlChar *)
- xmlDictLookup(dict, content, ret->length);
- else
- ret->content = xmlStrndup(content, ret->length);
+ ret->content = xmlStrndup(content, ret->length);
} else {
ret->length = 0;
ret->content = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/include/win32config.h
new/libxml2-2.10.3/include/win32config.h
--- old/libxml2-2.10.2/include/win32config.h 2022-05-02 14:10:21.000000000
+0200
+++ new/libxml2-2.10.3/include/win32config.h 2022-10-14 14:24:05.000000000
+0200
@@ -12,9 +12,13 @@
#define HAVE_STDINT_H
#endif
-#if defined(_MSC_VER) && _MSC_VER < 1900
+#if defined(_MSC_VER)
+#if _MSC_VER < 1900
#define snprintf _snprintf
-#define vsnprintf _vsnprintf
+#endif
+#if _MSC_VER < 1500
+#define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
+#endif
#endif
#endif /* __LIBXML_WIN32_CONFIG__ */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxml2-2.10.2/parser.c new/libxml2-2.10.3/parser.c
--- old/libxml2-2.10.2/parser.c 2022-08-29 15:16:31.000000000 +0200
+++ new/libxml2-2.10.3/parser.c 2022-10-14 14:25:04.000000000 +0200
@@ -102,6 +102,8 @@
* *
************************************************************************/
+#define XML_MAX_HUGE_LENGTH 1000000000
+
#define XML_PARSER_BIG_ENTITY 1000
#define XML_PARSER_LOT_ENTITY 5000
@@ -552,7 +554,7 @@
errmsg = "Malformed declaration expecting version";
break;
case XML_ERR_NAME_TOO_LONG:
- errmsg = "Name too long use XML_PARSE_HUGE option";
+ errmsg = "Name too long";
break;
#if 0
case:
@@ -3202,6 +3204,9 @@
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNameComplex++;
@@ -3267,7 +3272,8 @@
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
}
@@ -3293,13 +3299,13 @@
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
return(NULL);
}
@@ -3338,7 +3344,10 @@
xmlParseName(xmlParserCtxtPtr ctxt) {
const xmlChar *in;
const xmlChar *ret;
- int count = 0;
+ size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
GROW;
@@ -3362,8 +3371,7 @@
in++;
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
- if ((count > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (count > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
return(NULL);
}
@@ -3384,6 +3392,9 @@
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
size_t startPosition = 0;
#ifdef DEBUG
@@ -3404,17 +3415,13 @@
while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */
(xmlIsNameChar(ctxt, c) && (c != ':'))) {
if (count++ > XML_PARSER_CHUNK_SIZE) {
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
- return(NULL);
- }
count = 0;
GROW;
if (ctxt->instate == XML_PARSER_EOF)
return(NULL);
}
- len += l;
+ if (len <= INT_MAX - l)
+ len += l;
NEXTL(l);
c = CUR_CHAR(l);
if (c == 0) {
@@ -3432,8 +3439,7 @@
c = CUR_CHAR(l);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3459,7 +3465,10 @@
xmlParseNCName(xmlParserCtxtPtr ctxt) {
const xmlChar *in, *e;
const xmlChar *ret;
- int count = 0;
+ size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNCName++;
@@ -3484,8 +3493,7 @@
goto complex;
if ((*in > 0) && (*in < 0x80)) {
count = in - ctxt->input->cur;
- if ((count > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (count > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3567,6 +3575,9 @@
const xmlChar *cur = *str;
int len = 0, l;
int c;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseStringName++;
@@ -3602,12 +3613,6 @@
if (len + 10 > max) {
xmlChar *tmp;
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
- xmlFree(buffer);
- return(NULL);
- }
max *= 2;
tmp = (xmlChar *) xmlRealloc(buffer,
max * sizeof(xmlChar));
@@ -3621,14 +3626,18 @@
COPY_BUF(l,buffer,len,c);
cur += l;
c = CUR_SCHAR(cur, l);
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
+ xmlFree(buffer);
+ return(NULL);
+ }
}
buffer[len] = 0;
*str = cur;
return(buffer);
}
}
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName");
return(NULL);
}
@@ -3655,6 +3664,9 @@
int len = 0, l;
int c;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
#ifdef DEBUG
nbParseNmToken++;
@@ -3706,12 +3718,6 @@
if (len + 10 > max) {
xmlChar *tmp;
- if ((max > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
- xmlFree(buffer);
- return(NULL);
- }
max *= 2;
tmp = (xmlChar *) xmlRealloc(buffer,
max * sizeof(xmlChar));
@@ -3725,6 +3731,11 @@
COPY_BUF(l,buffer,len,c);
NEXTL(l);
c = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
+ xmlFree(buffer);
+ return(NULL);
+ }
}
buffer[len] = 0;
return(buffer);
@@ -3732,8 +3743,7 @@
}
if (len == 0)
return(NULL);
- if ((len > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken");
return(NULL);
}
@@ -3759,6 +3769,9 @@
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
int c, l;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
xmlChar stop;
xmlChar *ret = NULL;
const xmlChar *cur = NULL;
@@ -3818,6 +3831,12 @@
GROW;
c = CUR_CHAR(l);
}
+
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED,
+ "entity value too long\n");
+ goto error;
+ }
}
buf[len] = 0;
if (ctxt->instate == XML_PARSER_EOF)
@@ -3905,6 +3924,9 @@
xmlChar *rep = NULL;
size_t len = 0;
size_t buf_size = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int c, l, in_space = 0;
xmlChar *current = NULL;
xmlEntityPtr ent;
@@ -3936,16 +3958,6 @@
while (((NXT(0) != limit) && /* checked */
(IS_CHAR(c)) && (c != '<')) &&
(ctxt->instate != XML_PARSER_EOF)) {
- /*
- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE
- * special option is given
- */
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
- "AttValue length too long\n");
- goto mem_error;
- }
if (c == '&') {
in_space = 0;
if (NXT(1) == '#') {
@@ -4093,6 +4105,11 @@
}
GROW;
c = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
+ "AttValue length too long\n");
+ goto mem_error;
+ }
}
if (ctxt->instate == XML_PARSER_EOF)
goto error;
@@ -4114,16 +4131,6 @@
} else
NEXT;
- /*
- * There we potentially risk an overflow, don't allow attribute value of
- * length more than INT_MAX it is a very reasonable assumption !
- */
- if (len >= INT_MAX) {
- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
- "AttValue length too long\n");
- goto mem_error;
- }
-
if (attlen != NULL) *attlen = (int) len;
return(buf);
@@ -4194,6 +4201,9 @@
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
int cur, l;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
xmlChar stop;
int state = ctxt->instate;
int count = 0;
@@ -4221,13 +4231,6 @@
if (len + 5 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
- xmlFree(buf);
- ctxt->instate = (xmlParserInputState) state;
- return(NULL);
- }
size *= 2;
tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
if (tmp == NULL) {
@@ -4256,6 +4259,12 @@
SHRINK;
cur = CUR_CHAR(l);
}
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral");
+ xmlFree(buf);
+ ctxt->instate = (xmlParserInputState) state;
+ return(NULL);
+ }
}
buf[len] = 0;
ctxt->instate = (xmlParserInputState) state;
@@ -4283,6 +4292,9 @@
xmlChar *buf = NULL;
int len = 0;
int size = XML_PARSER_BUFFER_SIZE;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_TEXT_LENGTH :
+ XML_MAX_NAME_LENGTH;
xmlChar cur;
xmlChar stop;
int count = 0;
@@ -4310,12 +4322,6 @@
if (len + 1 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_NAME_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
- xmlFree(buf);
- return(NULL);
- }
size *= 2;
tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar));
if (tmp == NULL) {
@@ -4343,6 +4349,11 @@
SHRINK;
cur = CUR;
}
+ if (len > maxLength) {
+ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID");
+ xmlFree(buf);
+ return(NULL);
+ }
}
buf[len] = 0;
if (cur != stop) {
@@ -4742,6 +4753,9 @@
int r, rl;
int cur, l;
size_t count = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int inputid;
inputid = ctxt->input->id;
@@ -4787,13 +4801,6 @@
if ((r == '-') && (q == '-')) {
xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL);
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
- "Comment too big found", NULL);
- xmlFree (buf);
- return;
- }
if (len + 5 >= size) {
xmlChar *new_buf;
size_t new_size;
@@ -4831,6 +4838,13 @@
GROW;
cur = CUR_CHAR(l);
}
+
+ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
+ "Comment too big found", NULL);
+ xmlFree (buf);
+ return;
+ }
}
buf[len] = 0;
if (cur == 0) {
@@ -4875,6 +4889,9 @@
xmlChar *buf = NULL;
size_t size = XML_PARSER_BUFFER_SIZE;
size_t len = 0;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
xmlParserInputState state;
const xmlChar *in;
size_t nbchar = 0;
@@ -4958,8 +4975,7 @@
buf[len] = 0;
}
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if (len > maxLength) {
xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
"Comment too big found", NULL);
xmlFree (buf);
@@ -5159,6 +5175,9 @@
xmlChar *buf = NULL;
size_t len = 0;
size_t size = XML_PARSER_BUFFER_SIZE;
+ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
int cur, l;
const xmlChar *target;
xmlParserInputState state;
@@ -5234,14 +5253,6 @@
return;
}
count = 0;
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
- "PI %s too big found", target);
- xmlFree(buf);
- ctxt->instate = state;
- return;
- }
}
COPY_BUF(l,buf,len,cur);
NEXTL(l);
@@ -5251,15 +5262,14 @@
GROW;
cur = CUR_CHAR(l);
}
+ if (len > maxLength) {
+ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
+ "PI %s too big found", target);
+ xmlFree(buf);
+ ctxt->instate = state;
+ return;
+ }
}
- if ((len > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
- "PI %s too big found", target);
- xmlFree(buf);
- ctxt->instate = state;
- return;
- }
buf[len] = 0;
if (cur != '?') {
xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED,
@@ -8954,6 +8964,9 @@
const xmlChar *in = NULL, *start, *end, *last;
xmlChar *ret = NULL;
int line, col;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
GROW;
in = (xmlChar *) CUR_PTR;
@@ -8993,8 +9006,7 @@
start = in;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9007,8 +9019,7 @@
if ((*in++ == 0x20) && (*in == 0x20)) break;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9041,16 +9052,14 @@
last = last + delta;
}
end = ctxt->input->end;
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
}
}
}
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9063,8 +9072,7 @@
col++;
if (in >= end) {
GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end)
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9072,8 +9080,7 @@
}
}
last = in;
- if (((in - start) > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+ if ((in - start) > maxLength) {
xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED,
"AttValue length too long\n");
return(NULL);
@@ -9763,6 +9770,9 @@
int s, sl;
int cur, l;
int count = 0;
+ int maxLength = (ctxt->options & XML_PARSE_HUGE) ?
+ XML_MAX_HUGE_LENGTH :
+ XML_MAX_TEXT_LENGTH;
/* Check 2.6.0 was NXT(0) not RAW */
if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) {
@@ -9796,13 +9806,6 @@
if (len + 5 >= size) {
xmlChar *tmp;
- if ((size > XML_MAX_TEXT_LENGTH) &&
- ((ctxt->options & XML_PARSE_HUGE) == 0)) {
- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
- "CData section too big found", NULL);
- xmlFree (buf);
- return;
- }
tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
if (tmp == NULL) {
xmlFree(buf);
@@ -9829,6 +9832,12 @@
}
NEXTL(l);
cur = CUR_CHAR(l);
+ if (len > maxLength) {
+ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
+ "CData section too big found\n");
+ xmlFree(buf);
+ return;
+ }
}
buf[len] = 0;
ctxt->instate = XML_PARSER_CONTENT;
++++++ libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch ++++++
--- /var/tmp/diff_new_pack.yjn0PV/_old 2022-10-18 12:44:57.205717389 +0200
+++ /var/tmp/diff_new_pack.yjn0PV/_new 2022-10-18 12:44:57.209717398 +0200
@@ -2,9 +2,11 @@
xpath.c | 40 +++++++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 11 deletions(-)
---- a/xpath.c
-+++ b/xpath.c
-@@ -126,14 +126,32 @@
+Index: libxml2-2.10.3/xpath.c
+===================================================================
+--- libxml2-2.10.3.orig/xpath.c
++++ libxml2-2.10.3/xpath.c
+@@ -113,14 +113,32 @@
#define XPATH_MAX_STACK_DEPTH 1000000
/*
@@ -42,7 +44,7 @@
/*
* XPATH_MAX_RECRUSION_DEPTH:
-@@ -3683,7 +3701,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
+@@ -3689,7 +3707,7 @@ xmlXPathNodeSetAddNs(xmlNodeSetPtr cur,
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -51,7 +53,7 @@
xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
return(-1);
}
-@@ -3739,7 +3757,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
+@@ -3745,7 +3763,7 @@ xmlXPathNodeSetAdd(xmlNodeSetPtr cur, xm
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -60,7 +62,7 @@
xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
return(-1);
}
-@@ -3794,7 +3812,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
+@@ -3800,7 +3818,7 @@ xmlXPathNodeSetAddUnique(xmlNodeSetPtr c
} else if (cur->nodeNr == cur->nodeMax) {
xmlNodePtr *temp;
@@ -69,7 +71,7 @@
xmlXPathErrMemory(NULL, "growing nodeset hit limit\n");
return(-1);
}
-@@ -3911,7 +3929,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
+@@ -3917,7 +3935,7 @@ xmlXPathNodeSetMerge(xmlNodeSetPtr val1,
} else if (val1->nodeNr == val1->nodeMax) {
xmlNodePtr *temp;
@@ -78,7 +80,7 @@
xmlXPathErrMemory(NULL, "merging nodeset hit limit\n");
return(NULL);
}
-@@ -3997,7 +4015,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
+@@ -4003,7 +4021,7 @@ xmlXPathNodeSetMergeAndClear(xmlNodeSetP
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
@@ -87,7 +89,7 @@
xmlXPathErrMemory(NULL, "merging nodeset hit limit\n");
return(NULL);
}
-@@ -4051,7 +4069,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
+@@ -4057,7 +4075,7 @@ xmlXPathNodeSetMergeAndClearNoDupls(xmlN
} else if (set1->nodeNr >= set1->nodeMax) {
xmlNodePtr *temp;
++++++ libxml2-python3-string-null-check.patch ++++++
--- /var/tmp/diff_new_pack.yjn0PV/_old 2022-10-18 12:44:57.221717426 +0200
+++ /var/tmp/diff_new_pack.yjn0PV/_new 2022-10-18 12:44:57.225717435 +0200
@@ -11,9 +11,11 @@
python/types.c | 4 ++++
1 file changed, 4 insertions(+)
---- a/python/types.c
-+++ b/python/types.c
-@@ -150,6 +150,10 @@ libxml_charPtrConstWrap(const char *str)
+Index: libxml2-2.10.3/python/types.c
+===================================================================
+--- libxml2-2.10.3.orig/python/types.c
++++ libxml2-2.10.3/python/types.c
+@@ -274,6 +274,10 @@ libxml_charPtrConstWrap(const char *str)
return (Py_None);
}
ret = PY_IMPORT_STRING(str);
