--- /dev/null
+From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+ vctxt->nberrors = 0;
+ vctxt->depth = -1;
+ vctxt->skipDepth = -1;
+- vctxt->xsiAssemble = 0;
+ vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+ vctxt->createIDCNodeTables = 1;
+--
+2.24.1
+
--- /dev/null
+From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Thu, 12 Dec 2019 17:30:55 +0800
+Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
+
+When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
+return NULL which cause a infinite loop in xmlStringLenDecodeEntities
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ parser.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/parser.c b/parser.c
+index d1c31963..a34bb6cd 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+ else
+ c = 0;
+ while ((c != 0) && (c != end) && /* non input consuming loop */
+- (c != end2) && (c != end3)) {
++ (c != end2) && (c != end3) &&
++ (ctxt->instate != XML_PARSER_EOF)) {
+
+ if (c == 0) break;
+ if ((c == '&') && (str[1] == '#')) {
+--
+2.24.1
+
--- /dev/null
+From 0815302dee2b78139832c2080348086a0564836b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 6 Dec 2019 12:27:29 +0100
+Subject: [PATCH] Fix freeing of nested documents
+
+Apparently, some libxslt RVTs can contain nested document nodes, see
+issue #132. I'm not sure how this happens exactly but it can cause a
+segfault in xmlFreeNodeList after the changes in commit 0762c9b6.
+
+Make sure not to touch the (nonexistent) `content` member of xmlDocs.
+---
+ tree.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/tree.c b/tree.c
+index 070670f1..0d7fc98c 100644
+--- a/tree.c
++++ b/tree.c
+@@ -3708,6 +3708,11 @@ xmlFreeNodeList(xmlNodePtr cur) {
+ (cur->type != XML_XINCLUDE_START) &&
+ (cur->type != XML_XINCLUDE_END) &&
+ (cur->type != XML_ENTITY_REF_NODE) &&
++ (cur->type != XML_DOCUMENT_NODE) &&
++#ifdef LIBXML_DOCB_ENABLED
++ (cur->type != XML_DOCB_DOCUMENT_NODE) &&
++#endif
++ (cur->type != XML_HTML_DOCUMENT_NODE) &&
+ (cur->content != (xmlChar *) &(cur->properties))) {
+ DICT_FREE(cur->content)
+ }
+--
+2.22.0
+
--- /dev/null
+From edc7b6abb0c125eeb888748c334897f60aab0854 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
+Date: Fri, 28 Feb 2020 12:48:14 +0100
+Subject: [PATCH] Parenthesize Py<type>_Check() in ifs
+
+In C, if expressions should be parenthesized.
+PyLong_Check, PyUnicode_Check etc. happened to expand to a parenthesized
+expression before, but that's not API to rely on.
+
+Since Python 3.9.0a4 it needs to be parenthesized explicitly.
+
+Fixes https://gitlab.gnome.org/GNOME/libxml2/issues/149
+---
+ python/libxml.c | 4 ++--
+ python/types.c | 12 ++++++------
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/python/libxml.c b/python/libxml.c
+index bc676c4e..81e709f3 100644
+--- a/python/libxml.c
++++ b/python/libxml.c
+@@ -294,7 +294,7 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) {
+ lenread = PyBytes_Size(ret);
+ data = PyBytes_AsString(ret);
+ #ifdef PyUnicode_Check
+- } else if PyUnicode_Check (ret) {
++ } else if (PyUnicode_Check (ret)) {
+ #if PY_VERSION_HEX >= 0x03030000
+ Py_ssize_t size;
+ const char *tmp;
+@@ -359,7 +359,7 @@ xmlPythonFileRead (void * context, char * buffer, int len) {
+ lenread = PyBytes_Size(ret);
+ data = PyBytes_AsString(ret);
+ #ifdef PyUnicode_Check
+- } else if PyUnicode_Check (ret) {
++ } else if (PyUnicode_Check (ret)) {
+ #if PY_VERSION_HEX >= 0x03030000
+ Py_ssize_t size;
+ const char *tmp;
+diff --git a/python/types.c b/python/types.c
+index c2bafeb1..ed284ec7 100644
+--- a/python/types.c
++++ b/python/types.c
+@@ -602,16 +602,16 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
+ if (obj == NULL) {
+ return (NULL);
+ }
+- if PyFloat_Check (obj) {
++ if (PyFloat_Check (obj)) {
+ ret = xmlXPathNewFloat((double) PyFloat_AS_DOUBLE(obj));
+- } else if PyLong_Check(obj) {
++ } else if (PyLong_Check(obj)) {
+ #ifdef PyLong_AS_LONG
+ ret = xmlXPathNewFloat((double) PyLong_AS_LONG(obj));
+ #else
+ ret = xmlXPathNewFloat((double) PyInt_AS_LONG(obj));
+ #endif
+ #ifdef PyBool_Check
+- } else if PyBool_Check (obj) {
++ } else if (PyBool_Check (obj)) {
+
+ if (obj == Py_True) {
+ ret = xmlXPathNewBoolean(1);
+@@ -620,14 +620,14 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
+ ret = xmlXPathNewBoolean(0);
+ }
+ #endif
+- } else if PyBytes_Check (obj) {
++ } else if (PyBytes_Check (obj)) {
+ xmlChar *str;
+
+ str = xmlStrndup((const xmlChar *) PyBytes_AS_STRING(obj),
+ PyBytes_GET_SIZE(obj));
+ ret = xmlXPathWrapString(str);
+ #ifdef PyUnicode_Check
+- } else if PyUnicode_Check (obj) {
++ } else if (PyUnicode_Check (obj)) {
+ #if PY_VERSION_HEX >= 0x03030000
+ xmlChar *str;
+ const char *tmp;
+@@ -650,7 +650,7 @@ libxml_xmlXPathObjectPtrConvert(PyObject *obj)
+ ret = xmlXPathWrapString(str);
+ #endif
+ #endif
+- } else if PyList_Check (obj) {
++ } else if (PyList_Check (obj)) {
+ int i;
+ PyObject *node;
+ xmlNodePtr cur;
+--
+2.24.1
+
--- /dev/null
+Index: libxml2-2.9.5/python/libxml.c
+===================================================================
+--- libxml2-2.9.5.orig/python/libxml.c
++++ libxml2-2.9.5/python/libxml.c
+@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+ PyObject *message;
+ PyObject *result;
+ char str[1000];
++ unsigned char *ptr = (unsigned char *)str;
+
+ #ifdef DEBUG_ERROR
+ printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
+@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU
+ str[999] = 0;
+ va_end(ap);
+
++#if PY_MAJOR_VERSION >= 3
++ /* Ensure the error string doesn't start at UTF8 continuation. */
++ while (*ptr && (*ptr & 0xc0) == 0x80)
++ ptr++;
++#endif
++
+ list = PyTuple_New(2);
+ PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt);
+ Py_XINCREF(libxml_xmlPythonErrorFuncCtxt);
+- message = libxml_charPtrConstWrap(str);
++ message = libxml_charPtrConstWrap(ptr);
+ PyTuple_SetItem(list, 1, message);
+ result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list);
++ /* Forget any errors caused in the error handler. */
++ PyErr_Clear();
+ Py_XDECREF(list);
+ Py_XDECREF(result);
+ }
Summary(pt_BR.UTF-8): Biblioteca libXML versão 2
Name: libxml2
Version: 2.9.10
-Release: 1
+Release: 2
Epoch: 1
License: MIT
Group: Libraries
Patch0: %{name}-man_fixes.patch
Patch1: %{name}-open.gz.patch
Patch2: %{name}-largefile.patch
-
-Patch4: %{name}-libx32.patch
+Patch3: %{name}-libx32.patch
+# Fedora patches
+# https://bugzilla.gnome.org/show_bug.cgi?id=789714
+Patch11: %{name}-python3-unicode-errors.patch
+# https://gitlab.gnome.org/GNOME/libxml2/commit/0815302dee2b78139832c2080348086a0564836b.patch
+Patch12: %{name}-fix-relaxed-approach-to-nested-documents.patch
+# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
+Patch13: libxml2-CVE-2019-20388.patch
+# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/63
+Patch14: libxml2-CVE-2020-7595.patch
+# https://gitlab.gnome.org/GNOME/libxml2/merge_requests/71
+Patch15: libxml2-parenthesize-type-checks.patch
URL: http://xmlsoft.org/
BuildRequires: autoconf >= 2.68
BuildRequires: automake >= 1.4
Summary(pl.UTF-8): Dokumentacja API libxml2
Group: Documentation
Requires: gtk-doc-common
-%if "%{_rpmversion}" >= "5"
+%if "%{_rpmversion}" >= "4.6"
BuildArch: noarch
%endif
%patch1 -p1
%endif
%patch2 -p1
-
-%patch4 -p1
+%patch3 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
%build
%{__libtoolize}
%{py_sitedir}/drv_libxml2.py[co]
%{py_sitedir}/libxml2.py[co]
%if "%{py_ver}" > "2.4"
-%{py_sitedir}/libxml2_python-*.egg-info
+%{py_sitedir}/libxml2_python-%{version}-py*.egg-info
%endif
%endif
projects / packages / libxml2.git / commitdiff