From 44c151e7b321dfcd45b40fa3ec20220ed144cac5 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie Date: Tue, 29 Nov 2022 14:39:34 +0800 Subject: [PATCH 1/2] update patch names Signed-off-by: Zhipeng Xie --- ...Ds-containing-unexpanded-entity-reference.patch | 0 ...kport-Remove-unneeded-code-in-xmlreader.c.patch | 0 ... backport-Rework-validation-context-flags.patch | 0 libxml2.spec | 14 ++++++++++---- 4 files changed, 10 insertions(+), 4 deletions(-) rename Don-t-add-IDs-containing-unexpanded-entity-reference.patch => backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch (100%) rename Remove-unneeded-code-in-xmlreader.c.patch => backport-Remove-unneeded-code-in-xmlreader.c.patch (100%) rename Rework-validation-context-flags.patch => backport-Rework-validation-context-flags.patch (100%) diff --git a/Don-t-add-IDs-containing-unexpanded-entity-reference.patch b/backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch similarity index 100% rename from Don-t-add-IDs-containing-unexpanded-entity-reference.patch rename to backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch diff --git a/Remove-unneeded-code-in-xmlreader.c.patch b/backport-Remove-unneeded-code-in-xmlreader.c.patch similarity index 100% rename from Remove-unneeded-code-in-xmlreader.c.patch rename to backport-Remove-unneeded-code-in-xmlreader.c.patch diff --git a/Rework-validation-context-flags.patch b/backport-Rework-validation-context-flags.patch similarity index 100% rename from Rework-validation-context-flags.patch rename to backport-Rework-validation-context-flags.patch diff --git a/libxml2.spec b/libxml2.spec index 655b7aa..2a91906 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,15 +1,15 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.14 -Release: 5 +Release: 6 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz Patch0: libxml2-multilib.patch -Patch1: Rework-validation-context-flags.patch -Patch2: Remove-unneeded-code-in-xmlreader.c.patch -Patch3: Don-t-add-IDs-containing-unexpanded-entity-reference.patch +Patch1: backport-Rework-validation-context-flags.patch +Patch2: backport-Remove-unneeded-code-in-xmlreader.c.patch +Patch3: backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch Patch4: Fix-memleaks-in-xmlXIncludeProcessFlags.patch Patch5: Fix-memory-leaks-for-xmlACatalogAdd.patch Patch6: Fix-memory-leaks-in-xmlACatalogAdd-when-xmlHashAddEntry-failed.patch @@ -172,6 +172,12 @@ rm -fr %{buildroot} %changelog +* Tue Nov 29 2022 Zhipeng Xie - 2.9.14-6 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:modify patch names + * Tue Nov 29 2022 Wentao Fan - 2.9.14-5 - Type:bugfix - CVE:NA -- Gitee From 1513472492903bd3336d58b5ffd4be864dd540d2 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie Date: Tue, 29 Nov 2022 15:28:15 +0800 Subject: [PATCH 2/2] backport upstream patches Signed-off-by: Zhipeng Xie --- backport-Add-XML_DEPRECATED-macro.patch | 65 ++++++++++ ...alid-redeclarations-of-predefined-en.patch | 112 ++++++++++++++++++ libxml2.spec | 24 ++-- 3 files changed, 193 insertions(+), 8 deletions(-) create mode 100644 backport-Add-XML_DEPRECATED-macro.patch create mode 100644 backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch diff --git a/backport-Add-XML_DEPRECATED-macro.patch b/backport-Add-XML_DEPRECATED-macro.patch new file mode 100644 index 0000000..ac1f3a2 --- /dev/null +++ b/backport-Add-XML_DEPRECATED-macro.patch @@ -0,0 +1,65 @@ +From a2fe74c08a9bd03cf5515b9e44d2005538b9f619 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sun, 20 Feb 2022 18:19:27 +0100 +Subject: [PATCH 3/3] Add XML_DEPRECATED macro + +__attribute__((deprecated)) is available since at least GCC 3.1, so an +exact version check is probably unnecessary. +--- + include/libxml/xmlversion.h.in | 18 ++++++++++++++++++ + testapi.c | 3 +++ + 2 files changed, 21 insertions(+) + +diff --git a/include/libxml/xmlversion.h.in b/include/libxml/xmlversion.h.in +index f9f79a2f..b1d2a208 100644 +--- a/include/libxml/xmlversion.h.in ++++ b/include/libxml/xmlversion.h.in +@@ -456,6 +456,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); + # define LIBXML_ATTR_FORMAT(fmt,args) + #endif + ++#ifndef XML_DEPRECATED ++# ifdef IN_LIBXML ++# define XML_DEPRECATED ++# else ++/* Available since at least GCC 3.1 */ ++# define XML_DEPRECATED __attribute__((deprecated)) ++# endif ++#endif ++ + #else /* ! __GNUC__ */ + /** + * ATTRIBUTE_UNUSED: +@@ -475,6 +484,15 @@ XMLPUBFUN void XMLCALL xmlCheckVersion(int version); + * Macro used to indicate to GCC the parameter are printf like + */ + #define LIBXML_ATTR_FORMAT(fmt,args) ++/** ++ * XML_DEPRECATED: ++ * ++ * Macro used to indicate that a function, variable, type or struct member ++ * is deprecated. ++ */ ++#ifndef XML_DEPRECATED ++#define XML_DEPRECATED ++#endif + #endif /* __GNUC__ */ + + #ifdef __cplusplus +diff --git a/testapi.c b/testapi.c +index 4b091f0c..3a4dc2fe 100644 +--- a/testapi.c ++++ b/testapi.c +@@ -8,6 +8,9 @@ + * daniel@veillard.com + */ + ++/* Disable deprecation warnings */ ++#define XML_DEPRECATED ++ + #include "libxml.h" + #include + +-- +2.27.0 + diff --git a/backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch b/backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch new file mode 100644 index 0000000..060cfea --- /dev/null +++ b/backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch @@ -0,0 +1,112 @@ +From ce0871e15cdb68e505ccd9d9c96ff8455ed936ab Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sun, 20 Feb 2022 16:44:41 +0100 +Subject: [PATCH 1/3] Only warn on invalid redeclarations of predefined + entities + +Downgrade the error message to a warning since the error was ignored, +anyway. Also print the name of redeclared entity. For a proper fix that +also shows filename and line number of the invalid redeclaration, we'd +have to + +- pass the parser context to the entity functions somehow, or +- make these functions return distinct error codes. + +Partial fix for #308. +--- + entities.c | 21 +++++++++++++++++++-- + result/errors/ent_redecl.xml | 3 +++ + result/errors/ent_redecl.xml.ent | 1 + + result/errors/ent_redecl.xml.err | 1 + + result/errors/ent_redecl.xml.str | 1 + + test/errors/ent_redecl.xml | 4 ++++ + 6 files changed, 29 insertions(+), 2 deletions(-) + create mode 100644 result/errors/ent_redecl.xml + create mode 100644 result/errors/ent_redecl.xml.ent + create mode 100644 result/errors/ent_redecl.xml.err + create mode 100644 result/errors/ent_redecl.xml.str + create mode 100644 test/errors/ent_redecl.xml + +diff --git a/entities.c b/entities.c +index 1a8f86f0..a27209d1 100644 +--- a/entities.c ++++ b/entities.c +@@ -94,6 +94,23 @@ xmlEntitiesErr(xmlParserErrors code, const char *msg) + __xmlSimpleError(XML_FROM_TREE, code, NULL, msg, NULL); + } + ++/** ++ * xmlEntitiesWarn: ++ * @code: the error code ++ * @msg: the message ++ * ++ * Handle an out of memory condition ++ */ ++static void LIBXML_ATTR_FORMAT(2,0) ++xmlEntitiesWarn(xmlParserErrors code, const char *msg, const xmlChar *str1) ++{ ++ __xmlRaiseError(NULL, NULL, NULL, ++ NULL, NULL, XML_FROM_TREE, code, ++ XML_ERR_WARNING, NULL, 0, ++ (const char *)str1, NULL, NULL, 0, 0, ++ msg, (const char *)str1, NULL); ++} ++ + /* + * xmlFreeEntity : clean-up an entity record. + */ +@@ -255,9 +272,9 @@ xmlAddEntity(xmlDtdPtr dtd, const xmlChar *name, int type, + } + } + if (!valid) { +- xmlEntitiesErr(XML_ERR_ENTITY_PROCESSING, ++ xmlEntitiesWarn(XML_ERR_ENTITY_PROCESSING, + "xmlAddEntity: invalid redeclaration of predefined" +- " entity"); ++ " entity '%s'", name); + return(NULL); + } + } +diff --git a/result/errors/ent_redecl.xml b/result/errors/ent_redecl.xml +new file mode 100644 +index 00000000..04216b65 +--- /dev/null ++++ b/result/errors/ent_redecl.xml +@@ -0,0 +1,3 @@ ++ ++ ++ +diff --git a/result/errors/ent_redecl.xml.ent b/result/errors/ent_redecl.xml.ent +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.ent +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/result/errors/ent_redecl.xml.err b/result/errors/ent_redecl.xml.err +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.err +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/result/errors/ent_redecl.xml.str b/result/errors/ent_redecl.xml.str +new file mode 100644 +index 00000000..31908b05 +--- /dev/null ++++ b/result/errors/ent_redecl.xml.str +@@ -0,0 +1 @@ ++warning : xmlAddEntity: invalid redeclaration of predefined entity 'lt' +diff --git a/test/errors/ent_redecl.xml b/test/errors/ent_redecl.xml +new file mode 100644 +index 00000000..e446681b +--- /dev/null ++++ b/test/errors/ent_redecl.xml +@@ -0,0 +1,4 @@ ++ ++]> ++ +-- +2.27.0 + diff --git a/libxml2.spec b/libxml2.spec index 2a91906..73461c1 100644 --- a/libxml2.spec +++ b/libxml2.spec @@ -1,7 +1,7 @@ Summary: Library providing XML and HTML support Name: libxml2 Version: 2.9.14 -Release: 6 +Release: 7 License: MIT Group: Development/Libraries Source: https://download.gnome.org/sources/%{name}/2.9/%{name}-%{version}.tar.xz @@ -10,13 +10,15 @@ Patch0: libxml2-multilib.patch Patch1: backport-Rework-validation-context-flags.patch Patch2: backport-Remove-unneeded-code-in-xmlreader.c.patch Patch3: backport-Don-t-add-IDs-containing-unexpanded-entity-reference.patch -Patch4: Fix-memleaks-in-xmlXIncludeProcessFlags.patch -Patch5: Fix-memory-leaks-for-xmlACatalogAdd.patch -Patch6: Fix-memory-leaks-in-xmlACatalogAdd-when-xmlHashAddEntry-failed.patch -Patch7: backport-CVE-2022-40303-Fix-integer-overflows-with-XML_PARSE_.patch -Patch8: backport-CVE-2022-40304-Fix-dict-corruption-caused-by-entity-.patch -Patch9: backport-schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch -Patch10: backport-parser-Fix-potential-memory-leak-in-xmlParseAttValue.patch +Patch4: backport-Only-warn-on-invalid-redeclarations-of-predefined-en.patch +Patch5: backport-Add-XML_DEPRECATED-macro.patch +Patch6: Fix-memleaks-in-xmlXIncludeProcessFlags.patch +Patch7: Fix-memory-leaks-for-xmlACatalogAdd.patch +Patch8: Fix-memory-leaks-in-xmlACatalogAdd-when-xmlHashAddEntry-failed.patch +Patch9: backport-CVE-2022-40303-Fix-integer-overflows-with-XML_PARSE_.patch +Patch10: backport-CVE-2022-40304-Fix-dict-corruption-caused-by-entity-.patch +Patch11: backport-schemas-Fix-null-pointer-deref-in-xmlSchemaCheckCOSS.patch +Patch12: backport-parser-Fix-potential-memory-leak-in-xmlParseAttValue.patch BuildRoot: %{_tmppath}/%{name}-%{version}-root BuildRequires: python3-devel @@ -172,6 +174,12 @@ rm -fr %{buildroot} %changelog +* Tue Nov 29 2022 Zhipeng Xie - 2.9.14-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport upstream patches + * Tue Nov 29 2022 Zhipeng Xie - 2.9.14-6 - Type:bugfix - CVE:NA -- Gitee