Revision: 7013
http://ipcop.svn.sourceforge.net/ipcop/?rev=7013&view=rev
Author: gespinasse
Date: 2013-04-26 06:03:52 +0000 (Fri, 26 Apr 2013)
Log Message:
-----------
Upgrade libxml2 to 2.9.1
This fix some issues, at least CVE-2013-1969, CVE-2013-0338
Hack Makefile.in to obtain what should have resulted from --docdir usage
Remove 'rm -f' hack as the fix has been include upstream
Modified Paths:
--------------
ipcop/trunk/config/rootfiles/common/libxml2
ipcop/trunk/lfs/libxml2
ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
ipcop/trunk/updates/2.1.0/information.xml
ipcop/trunk/updates/2.1.0/setup
Removed Paths:
-------------
ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch
Modified: ipcop/trunk/config/rootfiles/common/libxml2
===================================================================
--- ipcop/trunk/config/rootfiles/common/libxml2 2013-04-22 05:50:55 UTC (rev
7012)
+++ ipcop/trunk/config/rootfiles/common/libxml2 2013-04-26 06:03:52 UTC (rev
7013)
@@ -53,18 +53,17 @@
#usr/lib/libxml2.la
#usr/lib/libxml2.so
usr/lib/libxml2.so.2
-usr/lib/libxml2.so.2.9.0
+usr/lib/libxml2.so.2.9.1
#usr/lib/pkgconfig/libxml-2.0.pc
#usr/lib/xml2Conf.sh
#usr/share/aclocal/libxml.m4
#usr/share/doc/libxml2
-#usr/share/doc/libxml2-2.9.0
-#usr/share/doc/libxml2-2.9.0/Copyright
-#usr/share/doc/libxml2-2.9.0/examples
-#usr/share/doc/libxml2-2.9.0/examples/testHTML.c
-#usr/share/doc/libxml2-2.9.0/examples/testSAX.c
-#usr/share/doc/libxml2-2.9.0/examples/testXPath.c
-#usr/share/doc/libxml2-2.9.0/examples/xmllint.c
+#usr/share/doc/libxml2/Copyright
+#usr/share/doc/libxml2/examples
+#usr/share/doc/libxml2/examples/testHTML.c
+#usr/share/doc/libxml2/examples/testSAX.c
+#usr/share/doc/libxml2/examples/testXPath.c
+#usr/share/doc/libxml2/examples/xmllint.c
#usr/share/doc/libxml2/html
#usr/share/doc/libxml2/html/DOM.gif
#usr/share/doc/libxml2/html/FAQ.html
@@ -126,6 +125,7 @@
#usr/share/doc/libxml2/html/html/libxml-xpath.html
#usr/share/doc/libxml2/html/html/libxml-xpathInternals.html
#usr/share/doc/libxml2/html/html/libxml-xpointer.html
+#usr/share/doc/libxml2/html/html/libxml-xzlib.html
#usr/share/doc/libxml2/html/html/right.png
#usr/share/doc/libxml2/html/html/up.png
#usr/share/doc/libxml2/html/index.html
Modified: ipcop/trunk/lfs/libxml2
===================================================================
--- ipcop/trunk/lfs/libxml2 2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/lfs/libxml2 2013-04-26 06:03:52 UTC (rev 7013)
@@ -33,7 +33,7 @@
include Config
PKG_NAME := libxml2
-VER := 2.9.0
+VER := 2.9.1
HOST_ARCH := all
OTHER_SRC := yes
@@ -55,7 +55,7 @@
$(DL_FILE) := $(DL_FROM)/$(DL_FILE)
$(XMLTEST) := http://www.w3.org/XML/Test/$(XMLTEST)
-$(DL_FILE)_MD5 := 5b9bebf4f5d2200ae2c4efe8fa6103f7
+$(DL_FILE)_MD5 := 9c0cfef285d5c4a5c80d00904ddab380
$(XMLTEST)_MD5 := ae3d1ebe000a3972afa104ca7f0e1b4a
install : $(TARGET)
@@ -86,19 +86,17 @@
$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/$(THISAPP)_CVE-2012-5134.patch
- # --docdir does nothing on 2.7.8
+
# --with-minimum is broken on 2.7.8, not on 2.7.7 but hard to know what
to test
# maybe we could reduce more the lib, who know?
# Removing version from --with-html-subdir limit the noise on upgrade
# --without-python because we don't need python support
# --without-zlib because no prog use that feature
# --without-threads because this is not needed, (and it remove a lot of
warnings) rrdtool test only for xmlParseFile feature
- # ac_cv_path_RM='rm -f' prevent "cannot remove" messages, explanation
at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523750
- # remove the ac_cv_path_RM workaround after 2.9.0
- cd $(DIR_APP) && ac_cv_path_RM='rm -f' \
- ./configure \
+ # --docdir does not work as it should as Copyright, examples goes to
hardcoded doc/libxml2-$VERSION
+ cd $(DIR_APP) && sed -i 's/^DOC_MODULE.*/DOC_MODULE=libxml2/'
Makefile.in
+ cd $(DIR_APP) && ./configure \
--prefix=/usr \
--disable-static \
--with-html-subdir=$(PKG_NAME)/html \
Deleted: ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch
===================================================================
--- ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch 2013-04-22
05:50:55 UTC (rev 7012)
+++ ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch 2013-04-26
06:03:52 UTC (rev 7013)
@@ -1,19 +0,0 @@
-commit 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
-Author: Daniel Veillard <[email protected]>
-Date: Mon Oct 29 10:39:55 2012 +0800
-
- Fix potential out of bound access
-
-diff --git a/parser.c b/parser.c
-index 0d8d7f2..bd634e9 100644
---- a/parser.c
-+++ b/parser.c
-@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int
*attlen, int normalize) {
- goto error;
-
- if ((in_space) && (normalize)) {
-- while (buf[len - 1] == 0x20) len--;
-+ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
- }
- buf[len] = 0;
- if (RAW == '<') {
Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2013-04-22 05:50:55 UTC
(rev 7012)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2013-04-26 06:03:52 UTC
(rev 7013)
@@ -464,9 +464,9 @@
/usr/lib/libusb-1.0.so.0
/usr/lib/libusb-1.0.so.0.1.0
##
-## libxml2-2.9.0
+## libxml2-2.9.1
/usr/lib/libxml2.so.2
-/usr/lib/libxml2.so.2.9.0
+/usr/lib/libxml2.so.2.9.1
##
## logrotate-3.8.1
/usr/sbin/logrotate
Modified: ipcop/trunk/updates/2.1.0/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.0/information.xml 2013-04-22 05:50:55 UTC (rev
7012)
+++ ipcop/trunk/updates/2.1.0/information.xml 2013-04-26 06:03:52 UTC (rev
7013)
@@ -15,7 +15,7 @@
hdparm to 9.39, httpd to 2.2.24, krb5 to 1.10.3,
less to 451, libffi to 3.0.13, libgd to 2.0.36~rc1, libgcrypt to
1.5.1, libnet to 1.1.6,
libnfnetlink to 1.0.1, libnetfiltercontrack to 1.0.2, libnl to
3.2.16, libpcap to 1.3.0, libpng to 1.5.15,
- libusb to 1.0.9, libusb-compat to 0.1.4, libtool to 2.4.2, libxml2
to 2.9.0, logrotate to 3.8.1, lsof to 4.87,
+ libusb to 1.0.9, libusb-compat to 0.1.4, libtool to 2.4.2, libxml2
to 2.9.1, logrotate to 3.8.1, lsof to 4.87,
mdadm to 3.2.6, net-tools to 1.60-p20120127084908, openldap to
2.4.35, openssh to 6.1, openssl to 1.0.1e, openswan to 2.6.38,
parted to 3.1, pciutils to 3.1.10, pcre to 8.32, pixman to 0.24.4,
procps to 3.3.7, psmisc to 22.20,
rsyslog to 5.8.13, sed to 4.2.2, shadow to 4.1.5.1, smartmontools
to 6.0, sqlite to 3.7.13
Modified: ipcop/trunk/updates/2.1.0/setup
===================================================================
--- ipcop/trunk/updates/2.1.0/setup 2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/updates/2.1.0/setup 2013-04-26 06:03:52 UTC (rev 7013)
@@ -145,7 +145,7 @@
/bin/rm -f /usr/lib/libpixman-1.so.0.22.2
/bin/rm -f /usr/lib/libpng15.so.15.{8,9,10,11,12,14}.0
/bin/rm -f /usr/lib/libusb-1.0.so.0.0.0
-/bin/rm -f /usr/lib/libxml2.so.2.{7.8,8.0}
+/bin/rm -f /usr/lib/libxml2.so.2.{7.8,8.0,9.0}
# Remove devel lib that should not be needed
/bin/rm -f /usr/lib/libatm.so
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
