From d5d6ab20a82566c3b9e20a626df186fe4e670c70 Mon Sep 17 00:00:00 2001 From: Aron Xu Date: Mon, 21 Sep 2015 22:55:14 +0800 Subject: Revert "Revert "Remove no-longer-needed upstream patches"" This reverts commit 3b14c3fd6410716d407178e48972b1c1bea48c29. --- .../0003-Fix-an-error-in-xmlCleanupParser.patch | 27 ---- ...ing-break-on-last-function-for-attributes.patch | 21 --- ...xmllint-memory-should-fail-on-empty-files.patch | 27 ---- ...ote-the-namespace-uris-written-out-during.patch | 32 ----- ...ng-bug-on-non-ascii-element-and-CR-LF-usa.patch | 57 -------- debian/patches/0008-missing-else-in-xlink.c.patch | 22 --- ...9-Catch-malloc-error-and-exit-accordingly.patch | 24 ---- .../patches/0010-Fix-handling-of-mmap-errors.patch | 51 ------- .../0011-Avoid-crash-if-allocation-fails.patch | 25 ---- .../0012-Fix-a-possible-NULL-dereference.patch | 30 ----- ...013-Clear-up-a-potential-NULL-dereference.patch | 26 ---- ...14-Fix-XPath-optimization-with-predicates.patch | 27 ---- ...tty-crashed-without-following-numeric-arg.patch | 34 ----- ...al-NULL-pointer-dereferences-in-regexp-co.patch | 45 ------- ...a-potential-NULL-dereference-in-tree-code.patch | 26 ---- ...ix-pointer-dereferenced-before-null-check.patch | 25 ---- ...9-Fix-a-bug-loading-some-compressed-files.patch | 69 ---------- ...-possibility-of-dangling-encoding-handler.patch | 57 -------- .../0021-Fix-a-couple-of-missing-NULL-checks.patch | 29 ---- ...-calls-to-xml-and-html-Read-parsing-entry.patch | 148 --------------------- ...of-XPath-function-arguments-in-error-case.patch | 41 ------ ...ing-initialization-for-the-catalog-module.patch | 22 --- .../0025-Fix-an-fd-leak-in-an-error-case.patch | 24 ---- ...-fixing-a-ptotential-uninitialized-access.patch | 21 --- ...WriterWriteElement-when-a-null-content-is.patch | 29 ---- ...Avoid-a-possible-NULL-pointer-dereference.patch | 22 --- ...-Do-not-fetch-external-parameter-entities.patch | 35 ----- ...ble-null-pointer-dereference-in-memory-de.patch | 32 ----- ...1-xmllint-was-not-parsing-the-c14n11-flag.patch | 22 --- ...essions-introduced-by-CVE-2014-0191-patch.patch | 58 -------- debian/patches/series | 31 +---- 31 files changed, 1 insertion(+), 1138 deletions(-) delete mode 100644 debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch delete mode 100644 debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch delete mode 100644 debian/patches/0005-xmllint-memory-should-fail-on-empty-files.patch delete mode 100644 debian/patches/0006-properly-quote-the-namespace-uris-written-out-during.patch delete mode 100644 debian/patches/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch delete mode 100644 debian/patches/0008-missing-else-in-xlink.c.patch delete mode 100644 debian/patches/0009-Catch-malloc-error-and-exit-accordingly.patch delete mode 100644 debian/patches/0010-Fix-handling-of-mmap-errors.patch delete mode 100644 debian/patches/0011-Avoid-crash-if-allocation-fails.patch delete mode 100644 debian/patches/0012-Fix-a-possible-NULL-dereference.patch delete mode 100644 debian/patches/0013-Clear-up-a-potential-NULL-dereference.patch delete mode 100644 debian/patches/0014-Fix-XPath-optimization-with-predicates.patch delete mode 100644 debian/patches/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch delete mode 100644 debian/patches/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch delete mode 100644 debian/patches/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch delete mode 100644 debian/patches/0018-Fix-pointer-dereferenced-before-null-check.patch delete mode 100644 debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch delete mode 100644 debian/patches/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch delete mode 100644 debian/patches/0021-Fix-a-couple-of-missing-NULL-checks.patch delete mode 100644 debian/patches/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch delete mode 100644 debian/patches/0023-Handling-of-XPath-function-arguments-in-error-case.patch delete mode 100644 debian/patches/0024-Missing-initialization-for-the-catalog-module.patch delete mode 100644 debian/patches/0025-Fix-an-fd-leak-in-an-error-case.patch delete mode 100644 debian/patches/0026-fixing-a-ptotential-uninitialized-access.patch delete mode 100644 debian/patches/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch delete mode 100644 debian/patches/0028-Avoid-a-possible-NULL-pointer-dereference.patch delete mode 100644 debian/patches/0029-Do-not-fetch-external-parameter-entities.patch delete mode 100644 debian/patches/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch delete mode 100644 debian/patches/0031-xmllint-was-not-parsing-the-c14n11-flag.patch delete mode 100644 debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch (limited to 'debian') diff --git a/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch b/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch deleted file mode 100644 index 03bf447..0000000 --- a/debian/patches/0003-Fix-an-error-in-xmlCleanupParser.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Alexander Pastukhov -Date: Tue, 23 Apr 2013 05:02:11 +0000 -Subject: Fix an error in xmlCleanupParser - -https://bugzilla.gnome.org/show_bug.cgi?id=698582 - -xmlCleanupParser calls xmlCleanupGlobals() and then -xmlResetLastError() but the later reallocate the global -data freed by previous call. Just swap the two calls. ---- - parser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index ee429f3..b9df6d8 100644 ---- a/parser.c -+++ b/parser.c -@@ -14763,8 +14763,8 @@ xmlCleanupParser(void) { - xmlSchemaCleanupTypes(); - xmlRelaxNGCleanupTypes(); - #endif -- xmlCleanupGlobals(); - xmlResetLastError(); -+ xmlCleanupGlobals(); - xmlCleanupThreads(); /* must be last if called not from the main thread */ - xmlCleanupMemory(); - xmlParserInitialized = 0; diff --git a/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch b/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch deleted file mode 100644 index cff8b72..0000000 --- a/debian/patches/0004-Fix-missing-break-on-last-function-for-attributes.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: dcb -Date: Thu, 2 May 2013 08:11:46 +0000 -Subject: Fix missing break on last() function for attributes - -pointed out by cppcheck ---- - python/libxml.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/python/libxml.c b/python/libxml.c -index 03cfb9f..3338b83 100644 ---- a/python/libxml.c -+++ b/python/libxml.c -@@ -2683,6 +2683,7 @@ libxml_last(ATTRIBUTE_UNUSED PyObject * self, PyObject * args) - xmlAttrPtr attr = (xmlAttrPtr) cur; - - res = attr->last; -+ break; - } - default: - res = NULL; diff --git a/debian/patches/0005-xmllint-memory-should-fail-on-empty-files.patch b/debian/patches/0005-xmllint-memory-should-fail-on-empty-files.patch deleted file mode 100644 index e1a2197..0000000 --- a/debian/patches/0005-xmllint-memory-should-fail-on-empty-files.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Daniel Veillard -Date: Wed, 8 May 2013 05:45:48 +0000 -Subject: xmllint --memory should fail on empty files - -Exposed by https://bugzilla.gnome.org/show_bug.cgi?id=699896 -when doing analysis but a priori unrelated. ---- - xmllint.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/xmllint.c b/xmllint.c -index 26d8db1..c0196ab 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -2338,8 +2338,11 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) { - if ((fd = open(filename, O_RDONLY)) < 0) - return; - base = mmap(NULL, info.st_size, PROT_READ, MAP_SHARED, fd, 0) ; -- if (base == (void *) MAP_FAILED) -+ if (base == (void *) MAP_FAILED) { -+ fprintf(stderr, "mmap failure for file %s\n", filename); -+ progresult = XMLLINT_ERR_RDFILE; - return; -+ } - - if (rectxt == NULL) - doc = xmlReadMemory((char *) base, info.st_size, diff --git a/debian/patches/0006-properly-quote-the-namespace-uris-written-out-during.patch b/debian/patches/0006-properly-quote-the-namespace-uris-written-out-during.patch deleted file mode 100644 index 6f4c4c8..0000000 --- a/debian/patches/0006-properly-quote-the-namespace-uris-written-out-during.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Aleksey Sanin -Date: Thu, 9 May 2013 16:02:16 +0000 -Subject: properly quote the namespace uris written out during c14n - ---- - c14n.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/c14n.c b/c14n.c -index afd95b3..ca77f92 100644 ---- a/c14n.c -+++ b/c14n.c -@@ -547,14 +547,15 @@ xmlC14NPrintNamespaces(const xmlNsPtr ns, xmlC14NCtxPtr ctx) - if (ns->prefix != NULL) { - xmlOutputBufferWriteString(ctx->buf, " xmlns:"); - xmlOutputBufferWriteString(ctx->buf, (const char *) ns->prefix); -- xmlOutputBufferWriteString(ctx->buf, "=\""); -+ xmlOutputBufferWriteString(ctx->buf, "="); - } else { -- xmlOutputBufferWriteString(ctx->buf, " xmlns=\""); -+ xmlOutputBufferWriteString(ctx->buf, " xmlns="); - } - if(ns->href != NULL) { -- xmlOutputBufferWriteString(ctx->buf, (const char *) ns->href); -+ xmlBufWriteQuotedString(ctx->buf->buffer, ns->href); -+ } else { -+ xmlOutputBufferWriteString(ctx->buf, "\"\""); - } -- xmlOutputBufferWriteString(ctx->buf, "\""); - return (1); - } - diff --git a/debian/patches/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch b/debian/patches/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch deleted file mode 100644 index 442fd11..0000000 --- a/debian/patches/0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Daniel Veillard -Date: Wed, 22 May 2013 20:56:45 +0000 -Subject: Fix a parsing bug on non-ascii element and CR/LF usage - -https://bugzilla.gnome.org/show_bug.cgi?id=698550 - -Somehow the behaviour of the internal parser routine changed -slightly when encountering CR/LF, which led to a bug when -parsing document with non-ascii Names ---- - parser.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index b9df6d8..dd00399 100644 ---- a/parser.c -+++ b/parser.c -@@ -3404,6 +3404,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - int len = 0, l; - int c; - int count = 0; -+ const xmlChar *end; /* needed because CUR_CHAR() can move cur on \r\n */ - - #ifdef DEBUG - nbParseNCNameComplex++; -@@ -3413,6 +3414,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - * Handler for more complex cases - */ - GROW; -+ end = ctxt->input->cur; - c = CUR_CHAR(l); - if ((c == ' ') || (c == '>') || (c == '/') || /* accelerators */ - (!xmlIsNameStartChar(ctxt, c) || (c == ':'))) { -@@ -3434,12 +3436,14 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - } - len += l; - NEXTL(l); -+ end = ctxt->input->cur; - c = CUR_CHAR(l); - if (c == 0) { - count = 0; - GROW; - if (ctxt->instate == XML_PARSER_EOF) - return(NULL); -+ end = ctxt->input->cur; - c = CUR_CHAR(l); - } - } -@@ -3448,7 +3452,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); - return(NULL); - } -- return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); -+ return(xmlDictLookup(ctxt->dict, end - len, len)); - } - - /** diff --git a/debian/patches/0008-missing-else-in-xlink.c.patch b/debian/patches/0008-missing-else-in-xlink.c.patch deleted file mode 100644 index 88a4e86..0000000 --- a/debian/patches/0008-missing-else-in-xlink.c.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Ami Fischman -Date: Tue, 2 Jul 2013 09:47:26 +0800 -Subject: missing else in xlink.c - -Obviously forgotten ---- - xlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xlink.c b/xlink.c -index 3566e06..c0e4ff3 100644 ---- a/xlink.c -+++ b/xlink.c -@@ -150,7 +150,7 @@ xlinkIsLink (xmlDocPtr doc, xmlNodePtr node) { - if (type != NULL) { - if (xmlStrEqual(type, BAD_CAST "simple")) { - ret = XLINK_TYPE_SIMPLE; -- } if (xmlStrEqual(type, BAD_CAST "extended")) { -+ } else if (xmlStrEqual(type, BAD_CAST "extended")) { - role = xmlGetNsProp(node, BAD_CAST "role", XLINK_NAMESPACE); - if (role != NULL) { - xmlNsPtr xlink; diff --git a/debian/patches/0009-Catch-malloc-error-and-exit-accordingly.patch b/debian/patches/0009-Catch-malloc-error-and-exit-accordingly.patch deleted file mode 100644 index 3f93a57..0000000 --- a/debian/patches/0009-Catch-malloc-error-and-exit-accordingly.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Daniel Veillard -Date: Thu, 11 Jul 2013 15:41:22 +0800 -Subject: Catch malloc error and exit accordingly - -As pointed privately by Bill Parker ---- - xmllint.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xmllint.c b/xmllint.c -index c0196ab..4d464e4 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -3090,6 +3090,10 @@ static void usage(const char *name) { - static void registerNode(xmlNodePtr node) - { - node->_private = malloc(sizeof(long)); -+ if (node->_private == NULL) { -+ fprintf(stderr, "Out of memory in xmllint:registerNode()\n"); -+ exit(XMLLINT_ERR_MEM); -+ } - *(long*)node->_private = (long) 0x81726354; - nbregister++; - } diff --git a/debian/patches/0010-Fix-handling-of-mmap-errors.patch b/debian/patches/0010-Fix-handling-of-mmap-errors.patch deleted file mode 100644 index 0c55cfe..0000000 --- a/debian/patches/0010-Fix-handling-of-mmap-errors.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Daniel Veillard -Date: Fri, 12 Jul 2013 12:08:40 +0800 -Subject: Fix handling of mmap errors - -https://bugzilla.gnome.org/show_bug.cgi?id=702320 - -as raised by Gaurav ---- - xmllint.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/xmllint.c b/xmllint.c -index 4d464e4..92e6b03 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -1837,8 +1837,12 @@ static void streamFile(char *filename) { - if ((fd = open(filename, O_RDONLY)) < 0) - return; - base = mmap(NULL, info.st_size, PROT_READ, MAP_SHARED, fd, 0) ; -- if (base == (void *) MAP_FAILED) -+ if (base == (void *) MAP_FAILED) { -+ close(fd); -+ fprintf(stderr, "mmap failure for file %s\n", filename); -+ progresult = XMLLINT_ERR_RDFILE; - return; -+ } - - reader = xmlReaderForMemory(base, info.st_size, filename, - NULL, options); -@@ -2223,8 +2227,12 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) { - if ((fd = open(filename, O_RDONLY)) < 0) - return; - base = mmap(NULL, info.st_size, PROT_READ, MAP_SHARED, fd, 0) ; -- if (base == (void *) MAP_FAILED) -+ if (base == (void *) MAP_FAILED) { -+ close(fd); -+ fprintf(stderr, "mmap failure for file %s\n", filename); -+ progresult = XMLLINT_ERR_RDFILE; - return; -+ } - - doc = htmlReadMemory((char *) base, info.st_size, filename, - NULL, options); -@@ -2339,6 +2347,7 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) { - return; - base = mmap(NULL, info.st_size, PROT_READ, MAP_SHARED, fd, 0) ; - if (base == (void *) MAP_FAILED) { -+ close(fd); - fprintf(stderr, "mmap failure for file %s\n", filename); - progresult = XMLLINT_ERR_RDFILE; - return; diff --git a/debian/patches/0011-Avoid-crash-if-allocation-fails.patch b/debian/patches/0011-Avoid-crash-if-allocation-fails.patch deleted file mode 100644 index e4e7206..0000000 --- a/debian/patches/0011-Avoid-crash-if-allocation-fails.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Daniel Veillard -Date: Mon, 22 Jul 2013 14:28:20 +0800 -Subject: Avoid crash if allocation fails - -https://bugzilla.gnome.org/show_bug.cgi?id=704527 -xmlSchemaNewValue() may fail on OOM error ---- - xmlschemastypes.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xmlschemastypes.c b/xmlschemastypes.c -index a9edc03..ec403e8 100644 ---- a/xmlschemastypes.c -+++ b/xmlschemastypes.c -@@ -242,6 +242,10 @@ xmlSchemaNewMinLengthFacet(int value) - } - ret->type = XML_SCHEMA_FACET_MINLENGTH; - ret->val = xmlSchemaNewValue(XML_SCHEMAS_NNINTEGER); -+ if (ret->val == NULL) { -+ xmlFree(ret); -+ return(NULL); -+ } - ret->val->value.decimal.lo = value; - return (ret); - } diff --git a/debian/patches/0012-Fix-a-possible-NULL-dereference.patch b/debian/patches/0012-Fix-a-possible-NULL-dereference.patch deleted file mode 100644 index 9a7cf6f..0000000 --- a/debian/patches/0012-Fix-a-possible-NULL-dereference.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Gaurav -Date: Sat, 3 Aug 2013 22:16:02 +0800 -Subject: Fix a possible NULL dereference - -https://bugzilla.gnome.org/show_bug.cgi?id=705400 -In case of allocation error the pointer was dereferenced before the -test for a failure ---- - SAX2.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/SAX2.c b/SAX2.c -index 4adf202..33d167e 100644 ---- a/SAX2.c -+++ b/SAX2.c -@@ -994,12 +994,12 @@ xmlSAX2StartDocument(void *ctx) - #ifdef LIBXML_HTML_ENABLED - if (ctxt->myDoc == NULL) - ctxt->myDoc = htmlNewDocNoDtD(NULL, NULL); -- ctxt->myDoc->properties = XML_DOC_HTML; -- ctxt->myDoc->parseFlags = ctxt->options; - if (ctxt->myDoc == NULL) { - xmlSAX2ErrMemory(ctxt, "xmlSAX2StartDocument"); - return; - } -+ ctxt->myDoc->properties = XML_DOC_HTML; -+ ctxt->myDoc->parseFlags = ctxt->options; - #else - xmlGenericError(xmlGenericErrorContext, - "libxml2 built without HTML support\n"); diff --git a/debian/patches/0013-Clear-up-a-potential-NULL-dereference.patch b/debian/patches/0013-Clear-up-a-potential-NULL-dereference.patch deleted file mode 100644 index a18dfaf..0000000 --- a/debian/patches/0013-Clear-up-a-potential-NULL-dereference.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Daniel Veillard -Date: Sat, 3 Aug 2013 22:25:13 +0800 -Subject: Clear up a potential NULL dereference - -https://bugzilla.gnome.org/show_bug.cgi?id=705399 - -if ctxt->node_seq.buffer is null then ctxt->node_seq.maximum ought -to be zero but it's better to clarify the check in the code directly. ---- - parserInternals.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/parserInternals.c b/parserInternals.c -index f8a7041..98a5836 100644 ---- a/parserInternals.c -+++ b/parserInternals.c -@@ -1990,7 +1990,8 @@ xmlParserAddNodeInfo(xmlParserCtxtPtr ctxt, - - /* Otherwise, we need to add new node to buffer */ - else { -- if (ctxt->node_seq.length + 1 > ctxt->node_seq.maximum) { -+ if ((ctxt->node_seq.length + 1 > ctxt->node_seq.maximum) || -+ (ctxt->node_seq.buffer == NULL)) { - xmlParserNodeInfo *tmp_buffer; - unsigned int byte_size; - diff --git a/debian/patches/0014-Fix-XPath-optimization-with-predicates.patch b/debian/patches/0014-Fix-XPath-optimization-with-predicates.patch deleted file mode 100644 index f24424a..0000000 --- a/debian/patches/0014-Fix-XPath-optimization-with-predicates.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Nick Wellnhofer -Date: Sun, 4 Aug 2013 22:15:11 +0000 -Subject: Fix XPath '//' optimization with predicates - -My attempt to optimize XPath expressions containing '//' caused a -regression reported in bug #695699. This commit disables the -optimization for expressions of the form '//foo[predicate]'. ---- - xpath.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index 97410e7..a676989 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -14719,8 +14719,9 @@ xmlXPathOptimizeExpression(xmlXPathCompExprPtr comp, xmlXPathStepOpPtr op) - * internal representation. - */ - -- if ((op->ch1 != -1) && -- (op->op == XPATH_OP_COLLECT /* 11 */)) -+ if ((op->op == XPATH_OP_COLLECT /* 11 */) && -+ (op->ch1 != -1) && -+ (op->ch2 == -1 /* no predicate */)) - { - xmlXPathStepOpPtr prevop = &comp->steps[op->ch1]; - diff --git a/debian/patches/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch b/debian/patches/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch deleted file mode 100644 index b910c3a..0000000 --- a/debian/patches/0015-xmllint-pretty-crashed-without-following-numeric-arg.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Tim Galeckas -Date: Thu, 29 Aug 2013 16:44:33 +0800 -Subject: xmllint --pretty crashed without following numeric argument - -https://bugzilla.gnome.org/show_bug.cgi?id=674789 - -We need to check for NULL argument before calling atoi() ---- - xmllint.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/xmllint.c b/xmllint.c -index 92e6b03..d69722c 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -3388,11 +3388,13 @@ main(int argc, char **argv) { - (!strcmp(argv[i], "--pretty"))) { - i++; - #ifdef LIBXML_OUTPUT_ENABLED -- format = atoi(argv[i]); -- if (format == 1) { -- noblanks++; -- xmlKeepBlanksDefault(0); -- } -+ if (argv[i] != NULL) { -+ format = atoi(argv[i]); -+ if (format == 1) { -+ noblanks++; -+ xmlKeepBlanksDefault(0); -+ } -+ } - #endif /* LIBXML_OUTPUT_ENABLED */ - } - #ifdef LIBXML_READER_ENABLED diff --git a/debian/patches/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch b/debian/patches/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch deleted file mode 100644 index fa8a176..0000000 --- a/debian/patches/0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: Gaurav -Date: Wed, 11 Sep 2013 14:59:06 +0800 -Subject: Fix potential NULL pointer dereferences in regexp code - -https://bugzilla.gnome.org/show_bug.cgi?id=707749 - -Fix 3 cases where we might dereference NULL ---- - xmlregexp.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/xmlregexp.c b/xmlregexp.c -index 1f9911c..8e63d74 100644 ---- a/xmlregexp.c -+++ b/xmlregexp.c -@@ -3162,8 +3162,10 @@ xmlFARegExecRollBack(xmlRegExecCtxtPtr exec) { - exec->status = -6; - return; - } -- memcpy(exec->counts, exec->rollbacks[exec->nbRollbacks].counts, -+ if (exec->counts) { -+ memcpy(exec->counts, exec->rollbacks[exec->nbRollbacks].counts, - exec->comp->nbCounters * sizeof(int)); -+ } - } - - #ifdef DEBUG_REGEXP_EXEC -@@ -4091,7 +4093,7 @@ rollback: - */ - exec->determinist = 0; - xmlFARegExecRollBack(exec); -- if (exec->status == 0) { -+ if ((exec->inputStack != NULL ) && (exec->status == 0)) { - value = exec->inputStack[exec->index].value; - data = exec->inputStack[exec->index].data; - #ifdef DEBUG_PUSH -@@ -4306,7 +4308,7 @@ xmlRegExecGetValues(xmlRegExecCtxtPtr exec, int err, - (*nbval)++; - } - } else { -- if ((exec->comp->states[trans->to] != NULL) && -+ if ((exec->comp != NULL) && (exec->comp->states[trans->to] != NULL) && - (exec->comp->states[trans->to]->type != - XML_REGEXP_SINK_STATE)) { - if (atom->neg) diff --git a/debian/patches/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch b/debian/patches/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch deleted file mode 100644 index 2c55813..0000000 --- a/debian/patches/0017-Fix-a-potential-NULL-dereference-in-tree-code.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Daniel Veillard -Date: Wed, 11 Sep 2013 15:11:27 +0800 -Subject: Fix a potential NULL dereference in tree code - -https://bugzilla.gnome.org/show_bug.cgi?id=707750 - -Also reported by Gaurav, simple fix to check the pointer before -dereference ---- - tree.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tree.c b/tree.c -index 7e5af26..efc3ca2 100644 ---- a/tree.c -+++ b/tree.c -@@ -9780,7 +9780,8 @@ leave_node: - if (clone->parent != NULL) - clone->parent->last = clone; - clone = clone->parent; -- parentClone = clone->parent; -+ if (clone != NULL) -+ parentClone = clone->parent; - /* - * Process parent --> next; - */ diff --git a/debian/patches/0018-Fix-pointer-dereferenced-before-null-check.patch b/debian/patches/0018-Fix-pointer-dereferenced-before-null-check.patch deleted file mode 100644 index 3ae1c59..0000000 --- a/debian/patches/0018-Fix-pointer-dereferenced-before-null-check.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Gaurav -Date: Mon, 30 Sep 2013 10:43:47 +0800 -Subject: Fix pointer dereferenced before null check - -for https://bugzilla.gnome.org/show_bug.cgi?id=708364 - -xmlValidateElementContent is a private function but should still -check the ctxt argument before dereferencing ---- - valid.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/valid.c b/valid.c -index 6e53a76..e0832e7 100644 ---- a/valid.c -+++ b/valid.c -@@ -5236,7 +5236,7 @@ xmlValidateElementContent(xmlValidCtxtPtr ctxt, xmlNodePtr child, - xmlElementContentPtr cont; - const xmlChar *name; - -- if ((elemDecl == NULL) || (parent == NULL)) -+ if ((elemDecl == NULL) || (parent == NULL) || (ctxt == NULL)) - return(-1); - cont = elemDecl->content; - name = elemDecl->name; diff --git a/debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch b/debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch deleted file mode 100644 index 48b4fa4..0000000 --- a/debian/patches/0019-Fix-a-bug-loading-some-compressed-files.patch +++ /dev/null @@ -1,69 +0,0 @@ -From: Mike Alexander -Date: Thu, 28 Nov 2013 23:21:23 +0800 -Subject: Fix a bug loading some compressed files - -For https://bugzilla.gnome.org/show_bug.cgi?id=712528 -Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567 - -There is a bug in xzlib.c which causes certain compressed XML files to fail to -load correctly. The code in xz_decomp which attempts to verify the checksum -and length of the expanded data fails if the checksum or length at the end of -the file crosses a 1024 byte boundary. It calls gz_next4 to get those two -values. This function uses the stream state in state->zstrm, but calls -xz_avail which uses the state->strm stream info. This causes gz_next4 to -signal a premature EOF if the data it is fetching crosses a 1024 byte boundary. ---- - xzlib.c | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/xzlib.c b/xzlib.c -index 928bd17..cd045fa 100644 ---- a/xzlib.c -+++ b/xzlib.c -@@ -245,6 +245,20 @@ xz_avail(xz_statep state) - return 0; - } - -+#ifdef HAVE_ZLIB_H -+static int -+xz_avail_zstrm(xz_statep state) -+{ -+ int ret; -+ state->strm.avail_in = state->zstrm.avail_in; -+ state->strm.next_in = state->zstrm.next_in; -+ ret = xz_avail(state); -+ state->zstrm.avail_in = (uInt) state->strm.avail_in; -+ state->zstrm.next_in = (Bytef *) state->strm.next_in; -+ return ret; -+} -+#endif -+ - static int - is_format_xz(xz_statep state) - { -@@ -314,6 +328,10 @@ is_format_lzma(xz_statep state) - #define NEXT() ((strm->avail_in == 0 && xz_avail(state) == -1) ? -1 : \ - (strm->avail_in == 0 ? -1 : \ - (strm->avail_in--, *(strm->next_in)++))) -+/* Same thing, but from zstrm */ -+#define NEXTZ() ((strm->avail_in == 0 && xz_avail_zstrm(state) == -1) ? -1 : \ -+ (strm->avail_in == 0 ? -1 : \ -+ (strm->avail_in--, *(strm->next_in)++))) - - /* Get a four-byte little-endian integer and return 0 on success and the value - in *ret. Otherwise -1 is returned and *ret is not modified. */ -@@ -324,10 +342,10 @@ gz_next4(xz_statep state, unsigned long *ret) - unsigned long val; - z_streamp strm = &(state->zstrm); - -- val = NEXT(); -- val += (unsigned) NEXT() << 8; -- val += (unsigned long) NEXT() << 16; -- ch = NEXT(); -+ val = NEXTZ(); -+ val += (unsigned) NEXTZ() << 8; -+ val += (unsigned long) NEXTZ() << 16; -+ ch = NEXTZ(); - if (ch == -1) - return -1; - val += (unsigned long) ch << 24; diff --git a/debian/patches/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch b/debian/patches/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch deleted file mode 100644 index ab0bde8..0000000 --- a/debian/patches/0020-Avoid-a-possibility-of-dangling-encoding-handler.patch +++ /dev/null @@ -1,57 +0,0 @@ -From: Gaurav -Date: Fri, 29 Nov 2013 23:10:50 +0800 -Subject: Avoid a possibility of dangling encoding handler - -For https://bugzilla.gnome.org/show_bug.cgi?id=711149 - -In Function: -int xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) - -If the freed handler is any one of handlers[i] list, then it will make that -hanldlers[i] as dangling. This may lead to crash issues at places where -handlers is read. ---- - encoding.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/encoding.c b/encoding.c -index 7330e90..d4fc45f 100644 ---- a/encoding.c -+++ b/encoding.c -@@ -2851,14 +2851,25 @@ int - xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) { - int ret = 0; - int tofree = 0; -+ int i, handler_in_list = 0; -+ - if (handler == NULL) return(-1); - if (handler->name == NULL) return(-1); -+ if (handlers != NULL) { -+ for (i = 0;i < nbCharEncodingHandler; i++) { -+ if (handler == handlers[i]) { -+ handler_in_list = 1; -+ break; -+ } -+ } -+ } - #ifdef LIBXML_ICONV_ENABLED - /* - * Iconv handlers can be used only once, free the whole block. - * and the associated icon resources. - */ -- if ((handler->iconv_out != NULL) || (handler->iconv_in != NULL)) { -+ if ((handler_in_list == 0) && -+ ((handler->iconv_out != NULL) || (handler->iconv_in != NULL))) { - tofree = 1; - if (handler->iconv_out != NULL) { - if (iconv_close(handler->iconv_out)) -@@ -2873,7 +2884,8 @@ xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) { - } - #endif /* LIBXML_ICONV_ENABLED */ - #ifdef LIBXML_ICU_ENABLED -- if ((handler->uconv_out != NULL) || (handler->uconv_in != NULL)) { -+ if ((handler_in_list == 0) && -+ ((handler->uconv_out != NULL) || (handler->uconv_in != NULL))) { - tofree = 1; - if (handler->uconv_out != NULL) { - closeIcuConverter(handler->uconv_out); diff --git a/debian/patches/0021-Fix-a-couple-of-missing-NULL-checks.patch b/debian/patches/0021-Fix-a-couple-of-missing-NULL-checks.patch deleted file mode 100644 index 6771dbb..0000000 --- a/debian/patches/0021-Fix-a-couple-of-missing-NULL-checks.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Gaurav -Date: Fri, 29 Nov 2013 23:28:21 +0800 -Subject: Fix a couple of missing NULL checks - -For https://bugzilla.gnome.org/show_bug.cgi?id=708681 ---- - tree.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/tree.c b/tree.c -index efc3ca2..43c3c57 100644 ---- a/tree.c -+++ b/tree.c -@@ -4294,6 +4294,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { - } - if (doc->intSubset == NULL) { - q = (xmlNodePtr) xmlCopyDtd( (xmlDtdPtr) node ); -+ if (q == NULL) return(NULL); - q->doc = doc; - q->parent = parent; - doc->intSubset = (xmlDtdPtr) q; -@@ -4305,6 +4306,7 @@ xmlStaticCopyNodeList(xmlNodePtr node, xmlDocPtr doc, xmlNodePtr parent) { - } else - #endif /* LIBXML_TREE_ENABLED */ - q = xmlStaticCopyNode(node, doc, parent, 1); -+ if (q == NULL) return(NULL); - if (ret == NULL) { - q->prev = NULL; - ret = p = q; diff --git a/debian/patches/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch b/debian/patches/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch deleted file mode 100644 index 7820411..0000000 --- a/debian/patches/0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch +++ /dev/null @@ -1,148 +0,0 @@ -From: Daniel Veillard -Date: Mon, 9 Dec 2013 15:23:40 +0800 -Subject: adding init calls to xml and html Read parsing entry points - -As pointed out by "Tassyns, Bram " on the list -some call had it other didn't, clean it up and add to all missing -ones ---- - HTMLparser.c | 6 ++++++ - parser.c | 10 ++++++++++ - 2 files changed, 16 insertions(+) - -diff --git a/HTMLparser.c b/HTMLparser.c -index dd0c1ea..44c1a3c 100644 ---- a/HTMLparser.c -+++ b/HTMLparser.c -@@ -6808,6 +6808,7 @@ htmlReadFd(int fd, const char *URL, const char *encoding, int options) - - if (fd < 0) - return (NULL); -+ xmlInitParser(); - - xmlInitParser(); - input = xmlParserInputBufferCreateFd(fd, XML_CHAR_ENCODING_NONE); -@@ -6898,6 +6899,7 @@ htmlCtxtReadDoc(htmlParserCtxtPtr ctxt, const xmlChar * cur, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - htmlCtxtReset(ctxt); - -@@ -6931,6 +6933,7 @@ htmlCtxtReadFile(htmlParserCtxtPtr ctxt, const char *filename, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - htmlCtxtReset(ctxt); - -@@ -6967,6 +6970,7 @@ htmlCtxtReadMemory(htmlParserCtxtPtr ctxt, const char *buffer, int size, - return (NULL); - if (buffer == NULL) - return (NULL); -+ xmlInitParser(); - - htmlCtxtReset(ctxt); - -@@ -7009,6 +7013,7 @@ htmlCtxtReadFd(htmlParserCtxtPtr ctxt, int fd, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - htmlCtxtReset(ctxt); - -@@ -7053,6 +7058,7 @@ htmlCtxtReadIO(htmlParserCtxtPtr ctxt, xmlInputReadCallback ioread, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - htmlCtxtReset(ctxt); - -diff --git a/parser.c b/parser.c -index dd00399..ad400f4 100644 ---- a/parser.c -+++ b/parser.c -@@ -15217,6 +15217,7 @@ xmlReadDoc(const xmlChar * cur, const char *URL, const char *encoding, int optio - - if (cur == NULL) - return (NULL); -+ xmlInitParser(); - - ctxt = xmlCreateDocParserCtxt(cur); - if (ctxt == NULL) -@@ -15239,6 +15240,7 @@ xmlReadFile(const char *filename, const char *encoding, int options) - { - xmlParserCtxtPtr ctxt; - -+ xmlInitParser(); - ctxt = xmlCreateURLParserCtxt(filename, options); - if (ctxt == NULL) - return (NULL); -@@ -15262,6 +15264,7 @@ xmlReadMemory(const char *buffer, int size, const char *URL, const char *encodin - { - xmlParserCtxtPtr ctxt; - -+ xmlInitParser(); - ctxt = xmlCreateMemoryParserCtxt(buffer, size); - if (ctxt == NULL) - return (NULL); -@@ -15290,6 +15293,7 @@ xmlReadFd(int fd, const char *URL, const char *encoding, int options) - - if (fd < 0) - return (NULL); -+ xmlInitParser(); - - input = xmlParserInputBufferCreateFd(fd, XML_CHAR_ENCODING_NONE); - if (input == NULL) -@@ -15333,6 +15337,7 @@ xmlReadIO(xmlInputReadCallback ioread, xmlInputCloseCallback ioclose, - - if (ioread == NULL) - return (NULL); -+ xmlInitParser(); - - input = xmlParserInputBufferCreateIO(ioread, ioclose, ioctx, - XML_CHAR_ENCODING_NONE); -@@ -15379,6 +15384,7 @@ xmlCtxtReadDoc(xmlParserCtxtPtr ctxt, const xmlChar * cur, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - xmlCtxtReset(ctxt); - -@@ -15412,6 +15418,7 @@ xmlCtxtReadFile(xmlParserCtxtPtr ctxt, const char *filename, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - xmlCtxtReset(ctxt); - -@@ -15448,6 +15455,7 @@ xmlCtxtReadMemory(xmlParserCtxtPtr ctxt, const char *buffer, int size, - return (NULL); - if (buffer == NULL) - return (NULL); -+ xmlInitParser(); - - xmlCtxtReset(ctxt); - -@@ -15492,6 +15500,7 @@ xmlCtxtReadFd(xmlParserCtxtPtr ctxt, int fd, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - xmlCtxtReset(ctxt); - -@@ -15537,6 +15546,7 @@ xmlCtxtReadIO(xmlParserCtxtPtr ctxt, xmlInputReadCallback ioread, - return (NULL); - if (ctxt == NULL) - return (NULL); -+ xmlInitParser(); - - xmlCtxtReset(ctxt); - diff --git a/debian/patches/0023-Handling-of-XPath-function-arguments-in-error-case.patch b/debian/patches/0023-Handling-of-XPath-function-arguments-in-error-case.patch deleted file mode 100644 index cc18db7..0000000 --- a/debian/patches/0023-Handling-of-XPath-function-arguments-in-error-case.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Nick Wellnhofer -Date: Fri, 20 Dec 2013 00:01:53 +0100 -Subject: Handling of XPath function arguments in error case - -The XPath engine tries to guarantee that every XPath function can pop -'nargs' non-NULL values off the stack. libxslt, for example, relies on -this assumption. But the check isn't thorough enough if there are errors -during the evaluation of arguments. This can lead to segfaults: - -https://mail.gnome.org/archives/xslt/2013-December/msg00005.html - -This commit makes the handling of function arguments more robust. - -* Bail out early when evaluation of XPath function arguments fails. -* Make sure that there are 'nargs' arguments in the current call frame. ---- - xpath.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index a676989..a75df9b 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -13512,10 +13512,15 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) - int frame; - - frame = xmlXPathSetFrame(ctxt); -- if (op->ch1 != -1) -+ if (op->ch1 != -1) { - total += - xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); -- if (ctxt->valueNr < op->value) { -+ if (ctxt->error != XPATH_EXPRESSION_OK) { -+ xmlXPathPopFrame(ctxt, frame); -+ return (total); -+ } -+ } -+ if (ctxt->valueNr < ctxt->valueFrame + op->value) { - xmlGenericError(xmlGenericErrorContext, - "xmlXPathCompOpEval: parameter error\n"); - ctxt->error = XPATH_INVALID_OPERAND; diff --git a/debian/patches/0024-Missing-initialization-for-the-catalog-module.patch b/debian/patches/0024-Missing-initialization-for-the-catalog-module.patch deleted file mode 100644 index c5a5d16..0000000 --- a/debian/patches/0024-Missing-initialization-for-the-catalog-module.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Daniel Veillard -Date: Sun, 26 Jan 2014 15:02:25 +0100 -Subject: Missing initialization for the catalog module - ---- - parser.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/parser.c b/parser.c -index ad400f4..7381a78 100644 ---- a/parser.c -+++ b/parser.c -@@ -14720,6 +14720,9 @@ xmlInitParser(void) { - #ifdef LIBXML_XPATH_ENABLED - xmlXPathInit(); - #endif -+#ifdef LIBXML_CATALOG_ENABLED -+ xmlInitializeCatalog(); -+#endif - xmlParserInitialized = 1; - #ifdef LIBXML_THREAD_ENABLED - } diff --git a/debian/patches/0025-Fix-an-fd-leak-in-an-error-case.patch b/debian/patches/0025-Fix-an-fd-leak-in-an-error-case.patch deleted file mode 100644 index edf1752..0000000 --- a/debian/patches/0025-Fix-an-fd-leak-in-an-error-case.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Daniel Veillard -Date: Thu, 6 Feb 2014 10:38:00 +0100 -Subject: Fix an fd leak in an error case - ---- - catalog.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/catalog.c b/catalog.c -index 8e34cd2..56991da 100644 ---- a/catalog.c -+++ b/catalog.c -@@ -994,6 +994,11 @@ xmlLoadFileContent(const char *filename) - content = (xmlChar*)xmlMallocAtomic(size + 10); - if (content == NULL) { - xmlCatalogErrMemory("allocating catalog data"); -+#ifdef HAVE_STAT -+ close(fd); -+#else -+ fclose(fd); -+#endif - return (NULL); - } - #ifdef HAVE_STAT diff --git a/debian/patches/0026-fixing-a-ptotential-uninitialized-access.patch b/debian/patches/0026-fixing-a-ptotential-uninitialized-access.patch deleted file mode 100644 index 65eae92..0000000 --- a/debian/patches/0026-fixing-a-ptotential-uninitialized-access.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Daniel Veillard -Date: Thu, 6 Feb 2014 10:47:20 +0100 -Subject: fixing a ptotential uninitialized access - ---- - valid.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/valid.c b/valid.c -index e0832e7..114bb72 100644 ---- a/valid.c -+++ b/valid.c -@@ -6948,7 +6948,7 @@ xmlValidGetValidElements(xmlNode *prev, xmlNode *next, const xmlChar **names, - int max) { - xmlValidCtxt vctxt; - int nb_valid_elements = 0; -- const xmlChar *elements[256]; -+ const xmlChar *elements[256]={0}; - int nb_elements = 0, i; - const xmlChar *name; - diff --git a/debian/patches/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch b/debian/patches/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch deleted file mode 100644 index 22d206a..0000000 --- a/debian/patches/0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Daniel Veillard -Date: Sat, 8 Feb 2014 02:22:35 +0800 -Subject: Fix xmlTextWriterWriteElement when a null content is given - ---- - xmlwriter.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/xmlwriter.c b/xmlwriter.c -index d3f29f8..27209b9 100644 ---- a/xmlwriter.c -+++ b/xmlwriter.c -@@ -2238,10 +2238,12 @@ xmlTextWriterWriteElement(xmlTextWriterPtr writer, const xmlChar * name, - if (count == -1) - return -1; - sum += count; -- count = xmlTextWriterWriteString(writer, content); -- if (count == -1) -- return -1; -- sum += count; -+ if (content != NULL) { -+ count = xmlTextWriterWriteString(writer, content); -+ if (count == -1) -+ return -1; -+ sum += count; -+ } - count = xmlTextWriterEndElement(writer); - if (count == -1) - return -1; diff --git a/debian/patches/0028-Avoid-a-possible-NULL-pointer-dereference.patch b/debian/patches/0028-Avoid-a-possible-NULL-pointer-dereference.patch deleted file mode 100644 index 219d13a..0000000 --- a/debian/patches/0028-Avoid-a-possible-NULL-pointer-dereference.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Gaurav -Date: Tue, 18 Feb 2014 11:47:43 +0800 -Subject: Avoid a possible NULL pointer dereference - -For https://bugzilla.gnome.org/show_bug.cgi?id=708355 ---- - xmlmodule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xmlmodule.c b/xmlmodule.c -index 7fe5bc2..50ed666 100644 ---- a/xmlmodule.c -+++ b/xmlmodule.c -@@ -115,7 +115,7 @@ xmlModuleSymbol(xmlModulePtr module, const char *name, void **symbol) - { - int rc = -1; - -- if ((NULL == module) || (symbol == NULL)) { -+ if ((NULL == module) || (symbol == NULL) || (name == NULL)) { - __xmlRaiseError(NULL, NULL, NULL, NULL, NULL, XML_FROM_MODULE, - XML_MODULE_OPEN, XML_ERR_FATAL, NULL, 0, 0, - NULL, NULL, 0, 0, "null parameter\n"); diff --git a/debian/patches/0029-Do-not-fetch-external-parameter-entities.patch b/debian/patches/0029-Do-not-fetch-external-parameter-entities.patch deleted file mode 100644 index 06ec27c..0000000 --- a/debian/patches/0029-Do-not-fetch-external-parameter-entities.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Daniel Veillard -Date: Tue, 22 Apr 2014 15:30:56 +0800 -Subject: Do not fetch external parameter entities - -Unless explicitely asked for when validating or replacing entities -with their value. Problem pointed out by Daniel Berrange ---- - parser.c | 14 ++++++++++++++ - 1 file changed, 14 insertions(+) - -diff --git a/parser.c b/parser.c -index 7381a78..8aad7b4 100644 ---- a/parser.c -+++ b/parser.c -@@ -2595,6 +2595,20 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - xmlCharEncoding enc; - - /* -+ * Note: external parsed entities will not be loaded, it is -+ * not required for a non-validating parser, unless the -+ * option of validating, or substituting entities were -+ * given. Doing so is far more secure as the parser will -+ * only process data coming from the document entity by -+ * default. -+ */ -+ if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && -+ ((ctxt->options & XML_PARSE_NOENT) == 0) && -+ ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ (ctxt->validate == 0)) -+ return; -+ -+ /* - * handle the extra spaces added before and after - * c.f. http://www.w3.org/TR/REC-xml#as-PE - * this is done independently. diff --git a/debian/patches/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch b/debian/patches/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch deleted file mode 100644 index 8a84731..0000000 --- a/debian/patches/0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Gaurav -Date: Fri, 9 May 2014 17:00:08 +0800 -Subject: Avoid Possible null pointer dereference in memory debug mode - -Fix a use before check on pointer -For https://bugzilla.gnome.org/show_bug.cgi?id=729849 ---- - xmlmemory.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/xmlmemory.c b/xmlmemory.c -index 25d9318..37dcf3b 100644 ---- a/xmlmemory.c -+++ b/xmlmemory.c -@@ -583,13 +583,15 @@ xmlMemBlocks(void) { - static void - xmlMemContentShow(FILE *fp, MEMHDR *p) - { -- int i,j,k,len = p->mh_size; -- const char *buf = (const char *) HDR_2_CLIENT(p); -+ int i,j,k,len; -+ const char *buf; - - if (p == NULL) { - fprintf(fp, " NULL"); - return; - } -+ len = p->mh_size; -+ buf = (const char *) HDR_2_CLIENT(p); - - for (i = 0;i < len;i++) { - if (buf[i] == 0) break; diff --git a/debian/patches/0031-xmllint-was-not-parsing-the-c14n11-flag.patch b/debian/patches/0031-xmllint-was-not-parsing-the-c14n11-flag.patch deleted file mode 100644 index 7b24f6b..0000000 --- a/debian/patches/0031-xmllint-was-not-parsing-the-c14n11-flag.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: =?UTF-8?q?S=C3=A9rgio=20Batista?= -Date: Mon, 9 Jun 2014 22:10:15 +0800 -Subject: xmllint was not parsing the --c14n11 flag - -Cut and paste error, using the wrong variable ---- - xmllint.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xmllint.c b/xmllint.c -index d69722c..4a5d043 100644 ---- a/xmllint.c -+++ b/xmllint.c -@@ -2573,7 +2573,7 @@ static void parseAndPrintFile(char *filename, xmlParserCtxtPtr rectxt) { - fprintf(stderr, "Failed to canonicalize\n"); - progresult = XMLLINT_ERR_OUT; - } -- } else if (canonical) { -+ } else if (canonical_11) { - xmlChar *result = NULL; - int size; - diff --git a/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch b/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch deleted file mode 100644 index d9fc108..0000000 --- a/debian/patches/0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: Daniel Veillard -Date: Wed, 11 Jun 2014 16:54:32 +0800 -Subject: Fix regressions introduced by CVE-2014-0191 patch - -A number of issues have been raised after the fix, and this patch -tries to correct all of them, though most were related to -postvalidation. -https://bugzilla.gnome.org/show_bug.cgi?id=730290 -and other reports on list, off-list and on Red Hat bugzilla ---- - parser.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/parser.c b/parser.c -index 8aad7b4..ea0ea65 100644 ---- a/parser.c -+++ b/parser.c -@@ -2595,8 +2595,8 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - xmlCharEncoding enc; - - /* -- * Note: external parsed entities will not be loaded, it is -- * not required for a non-validating parser, unless the -+ * Note: external parameter entities will not be loaded, it -+ * is not required for a non-validating parser, unless the - * option of validating, or substituting entities were - * given. Doing so is far more secure as the parser will - * only process data coming from the document entity by -@@ -2605,6 +2605,9 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) { - if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) && - ((ctxt->options & XML_PARSE_NOENT) == 0) && - ((ctxt->options & XML_PARSE_DTDVALID) == 0) && -+ ((ctxt->options & XML_PARSE_DTDLOAD) == 0) && -+ ((ctxt->options & XML_PARSE_DTDATTR) == 0) && -+ (ctxt->replaceEntities == 0) && - (ctxt->validate == 0)) - return; - -@@ -12609,6 +12612,9 @@ xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlParserInputBufferPtr input, - return(NULL); - } - -+ /* We are loading a DTD */ -+ ctxt->options |= XML_PARSE_DTDLOAD; -+ - /* - * Set-up the SAX context - */ -@@ -12736,6 +12742,9 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID, - return(NULL); - } - -+ /* We are loading a DTD */ -+ ctxt->options |= XML_PARSE_DTDLOAD; -+ - /* - * Set-up the SAX context - */ diff --git a/debian/patches/series b/debian/patches/series index ce6e665..631a2bf 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,32 +1,3 @@ 0001-modify-xml2-config-and-pkgconfig-behaviour.patch 0002-fix-python-multiarch-includes.patch -0003-Fix-an-error-in-xmlCleanupParser.patch -0004-Fix-missing-break-on-last-function-for-attributes.patch -0005-xmllint-memory-should-fail-on-empty-files.patch -0006-properly-quote-the-namespace-uris-written-out-during.patch -0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch -0008-missing-else-in-xlink.c.patch -0009-Catch-malloc-error-and-exit-accordingly.patch -0010-Fix-handling-of-mmap-errors.patch -0011-Avoid-crash-if-allocation-fails.patch -0012-Fix-a-possible-NULL-dereference.patch -0013-Clear-up-a-potential-NULL-dereference.patch -0014-Fix-XPath-optimization-with-predicates.patch -0015-xmllint-pretty-crashed-without-following-numeric-arg.patch -0016-Fix-potential-NULL-pointer-dereferences-in-regexp-co.patch -0017-Fix-a-potential-NULL-dereference-in-tree-code.patch -0018-Fix-pointer-dereferenced-before-null-check.patch -0019-Fix-a-bug-loading-some-compressed-files.patch -0020-Avoid-a-possibility-of-dangling-encoding-handler.patch -0021-Fix-a-couple-of-missing-NULL-checks.patch -0022-adding-init-calls-to-xml-and-html-Read-parsing-entry.patch -0023-Handling-of-XPath-function-arguments-in-error-case.patch -0024-Missing-initialization-for-the-catalog-module.patch -0025-Fix-an-fd-leak-in-an-error-case.patch -0026-fixing-a-ptotential-uninitialized-access.patch -0027-Fix-xmlTextWriterWriteElement-when-a-null-content-is.patch -0028-Avoid-a-possible-NULL-pointer-dereference.patch -0029-Do-not-fetch-external-parameter-entities.patch -0030-Avoid-Possible-null-pointer-dereference-in-memory-de.patch -0031-xmllint-was-not-parsing-the-c14n11-flag.patch -0032-Fix-regressions-introduced-by-CVE-2014-0191-patch.patch +0003-Fix-missing-entities-after-CVE-2014-3660-fix.patch -- cgit v1.2.3