Package: libxml2 / 2.9.1+dfsg1-5+deb8u6
Metadata
Package | Version | Patches format |
---|---|---|
libxml2 | 2.9.1+dfsg1-5+deb8u6 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 modify xml2 config and pkgconfig behaviour.patch | (download) |
configure.in |
2 1 + 1 - 0 ! |
modify xml2-config and pkgconfig behaviour |
0002 fix python multiarch includes.patch | (download) |
python/Makefile.am |
2 1 + 1 - 0 ! |
fix python multiarch includes |
0003 Fix an error in xmlCleanupParser.patch | (download) |
parser.c |
2 1 + 1 - 0 ! |
fix an error in xmlcleanupparser https://bugzilla.gnome.org/show_bug.cgi?id=698582 xmlCleanupParser calls xmlCleanupGlobals() and then xmlResetLastError() but the later reallocate the global data freed by previous call. Just swap the two calls. |
0004 Fix missing break on last function for attributes.patch | (download) |
python/libxml.c |
1 1 + 0 - 0 ! |
fix missing break on last() function for attributes pointed out by cppcheck |
0005 xmllint memory should fail on empty files.patch | (download) |
xmllint.c |
5 4 + 1 - 0 ! |
xmllint --memory should fail on empty files Exposed by https://bugzilla.gnome.org/show_bug.cgi?id=699896 when doing analysis but a priori unrelated. |
0006 properly quote the namespace uris written out during.patch | (download) |
c14n.c |
9 5 + 4 - 0 ! |
properly quote the namespace uris written out during c14n |
0007 Fix a parsing bug on non ascii element and CR LF usa.patch | (download) |
parser.c |
6 5 + 1 - 0 ! |
fix a parsing bug on non-ascii element and cr/lf usage https://bugzilla.gnome.org/show_bug.cgi?id=698550 Somehow the behaviour of the internal parser routine changed slightly when encountering CR/LF, which led to a bug when parsing document with non-ascii Names |
0008 missing else in xlink.c.patch | (download) |
xlink.c |
2 1 + 1 - 0 ! |
missing else in xlink.c Obviously forgotten |
0009 Catch malloc error and exit accordingly.patch | (download) |
xmllint.c |
4 4 + 0 - 0 ! |
catch malloc error and exit accordingly As pointed privately by Bill Parker <wp02855@gmail.com> |
0010 Fix handling of mmap errors.patch | (download) |
xmllint.c |
13 11 + 2 - 0 ! |
fix handling of mmap errors https://bugzilla.gnome.org/show_bug.cgi?id=702320 as raised by Gaurav <ya1gaurav@gmail.com> |
0011 Avoid crash if allocation fails.patch | (download) |
xmlschemastypes.c |
4 4 + 0 - 0 ! |
avoid crash if allocation fails https://bugzilla.gnome.org/show_bug.cgi?id=704527 xmlSchemaNewValue() may fail on OOM error |
0012 Fix a possible NULL dereference.patch | (download) |
SAX2.c |
4 2 + 2 - 0 ! |
fix a possible null dereference https://bugzilla.gnome.org/show_bug.cgi?id=705400 In case of allocation error the pointer was dereferenced before the test for a failure |
0013 Clear up a potential NULL dereference.patch | (download) |
parserInternals.c |
3 2 + 1 - 0 ! |
clear up a potential null dereference https://bugzilla.gnome.org/show_bug.cgi?id=705399 if ctxt->node_seq.buffer is null then ctxt->node_seq.maximum ought to be zero but it's better to clarify the check in the code directly. |
0014 Fix XPath optimization with predicates.patch | (download) |
xpath.c |
5 3 + 2 - 0 ! |
fix xpath '//' optimization with predicates My attempt to optimize XPath expressions containing '//' caused a regression reported in bug #695699. This commit disables the optimization for expressions of the form '//foo[predicate]'. |
0015 xmllint pretty crashed without following numeric arg.patch | (download) |
xmllint.c |
12 7 + 5 - 0 ! |
xmllint --pretty crashed without following numeric argument https://bugzilla.gnome.org/show_bug.cgi?id=674789 We need to check for NULL argument before calling atoi() |
0016 Fix potential NULL pointer dereferences in regexp co.patch | (download) |
xmlregexp.c |
8 5 + 3 - 0 ! |
fix potential null pointer dereferences in regexp code https://bugzilla.gnome.org/show_bug.cgi?id=707749 Fix 3 cases where we might dereference NULL |
0017 Fix a potential NULL dereference in tree code.patch | (download) |
tree.c |
3 2 + 1 - 0 ! |
fix a potential null dereference in tree code https://bugzilla.gnome.org/show_bug.cgi?id=707750 Also reported by Gaurav, simple fix to check the pointer before dereference |
0018 Fix pointer dereferenced before null check.patch | (download) |
valid.c |
2 1 + 1 - 0 ! |
fix pointer dereferenced before null check for https://bugzilla.gnome.org/show_bug.cgi?id=708364 xmlValidateElementContent is a private function but should still check the ctxt argument before dereferencing |
0019 Fix a bug loading some compressed files.patch | (download) |
xzlib.c |
26 22 + 4 - 0 ! |
fix a bug loading some compressed files For https://bugzilla.gnome.org/show_bug.cgi?id=712528 Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567 There is a bug in xzlib.c which causes certain compressed XML files to fail to load correctly. The code in xz_decomp which attempts to verify the checksum and length of the expanded data fails if the checksum or length at the end of the file crosses a 1024 byte boundary. It calls gz_next4 to get those two values. This function uses the stream state in state->zstrm, but calls xz_avail which uses the state->strm stream info. This causes gz_next4 to signal a premature EOF if the data it is fetching crosses a 1024 byte boundary. |
0020 Avoid a possibility of dangling encoding handler.patch | (download) |
encoding.c |
16 14 + 2 - 0 ! |
avoid a possibility of dangling encoding handler For https://bugzilla.gnome.org/show_bug.cgi?id=711149 In Function: int xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) If the freed handler is any one of handlers[i] list, then it will make that hanldlers[i] as dangling. This may lead to crash issues at places where handlers is read. |
0021 Fix a couple of missing NULL checks.patch | (download) |
tree.c |
2 2 + 0 - 0 ! |
fix a couple of missing null checks For https://bugzilla.gnome.org/show_bug.cgi?id=708681 |
0022 adding init calls to xml and html Read parsing entry.patch | (download) |
HTMLparser.c |
6 6 + 0 - 0 ! |
adding init calls to xml and html read parsing entry points As pointed out by "Tassyns, Bram <BramT@enfocus.com>" on the list some call had it other didn't, clean it up and add to all missing ones |
0023 Handling of XPath function arguments in error case.patch | (download) |
xpath.c |
9 7 + 2 - 0 ! |
handling of xpath function arguments in error case The XPath engine tries to guarantee that every XPath function can pop 'nargs' non-NULL values off the stack. libxslt, for example, relies on this assumption. But the check isn't thorough enough if there are errors during the evaluation of arguments. This can lead to segfaults: https://mail.gnome.org/archives/xslt/2013-December/msg00005.html This commit makes the handling of function arguments more robust. * Bail out early when evaluation of XPath function arguments fails. * Make sure that there are 'nargs' arguments in the current call frame. |
0024 Missing initialization for the catalog module.patch | (download) |
parser.c |
3 3 + 0 - 0 ! |
missing initialization for the catalog module |
0025 Fix an fd leak in an error case.patch | (download) |
catalog.c |
5 5 + 0 - 0 ! |
fix an fd leak in an error case |
0026 fixing a ptotential uninitialized access.patch | (download) |
valid.c |
2 1 + 1 - 0 ! |
fixing a ptotential uninitialized access |
0027 Fix xmlTextWriterWriteElement when a null content is.patch | (download) |
xmlwriter.c |
10 6 + 4 - 0 ! |
fix xmltextwriterwriteelement when a null content is given |
0028 Avoid a possible NULL pointer dereference.patch | (download) |
xmlmodule.c |
2 1 + 1 - 0 ! |
avoid a possible null pointer dereference For https://bugzilla.gnome.org/show_bug.cgi?id=708355 |
0029 Do not fetch external parameter entities.patch | (download) |
parser.c |
14 14 + 0 - 0 ! |
do not fetch external parameter entities Unless explicitely asked for when validating or replacing entities with their value. Problem pointed out by Daniel Berrange <berrange@redhat.com> |
0030 Avoid Possible null pointer dereference in memory de.patch | (download) |
xmlmemory.c |
6 4 + 2 - 0 ! |
avoid possible null pointer dereference in memory debug mode Fix a use before check on pointer For https://bugzilla.gnome.org/show_bug.cgi?id=729849 |
0031 xmllint was not parsing the c14n11 flag.patch | (download) |
xmllint.c |
2 1 + 1 - 0 ! |
xmllint was not parsing the --c14n11 flag Cut and paste error, using the wrong variable |
0032 Fix regressions introduced by CVE 2014 0191 patch.patch | (download) |
parser.c |
13 11 + 2 - 0 ! |
fix regressions introduced by cve-2014-0191 patch A number of issues have been raised after the fix, and this patch tries to correct all of them, though most were related to postvalidation. https://bugzilla.gnome.org/show_bug.cgi?id=730290 and other reports on list, off-list and on Red Hat bugzilla |
0033 Adding some missing NULL checks.patch | (download) |
HTMLparser.c |
4 2 + 2 - 0 ! |
adding some missing null checks in SAX2 DOM building code and in the HTML parser |
0034 xmlSaveUri incorrectly recomposes URIs with rootless.patch | (download) |
uri.c |
2 0 + 2 - 0 ! |
xmlsaveuri() incorrectly recomposes uris with rootless paths For https://bugzilla.gnome.org/show_bug.cgi?id=731063 xmlSaveUri() of libxml2 (snapshot 2014-05-31 and earlier) returns bogus values when called with URIs that have rootless paths (e.g. "urx:b:b" becomes "urx://b%3Ab" where "urx:b%3Ab" would be correct) |
0035 Adding a check in case of allocation error.patch | (download) |
relaxng.c |
4 4 + 0 - 0 ! |
adding a check in case of allocation error For https://bugzilla.gnome.org/show_bug.cgi?id=733043 There is missing Null condition in xmlRelaxNGValidateInterleave of relaxng.c Dereferencing it may cause a crash. |
0036 Add a missing argument check.patch | (download) |
relaxng.c |
2 1 + 1 - 0 ! |
add a missing argument check For https://bugzilla.gnome.org/show_bug.cgi?id=733042 the states argument of xmlRelaxNGAddStates() ought to be checked too |
0037 Add a couple of misisng check in xmlRelaxNGCleanupTr.patch | (download) |
relaxng.c |
7 4 + 3 - 0 ! |
add a couple of misisng check in xmlrelaxngcleanuptree For https://bugzilla.gnome.org/show_bug.cgi?id=733041 check cur->parent before dereferencing the pointer even if a null parent there should not happen Also fix a typo |
0038 Fix a potential NULL dereference.patch | (download) |
parser.c |
6 6 + 0 - 0 ! |
fix a potential null dereference For https://bugzilla.gnome.org/show_bug.cgi?id=733040 xmlDictLookup() may return NULL in case of allocation error, though very unlikely it need to be checked. |
0039 Fix processing in SAX2 in case of an allocation fail.patch | (download) |
SAX2.c |
1 1 + 0 - 0 ! |
fix processing in sax2 in case of an allocation failure Related to https://bugzilla.gnome.org/show_bug.cgi?id=731360 |
0040 Avoid Possible Null Pointer in trio.c.patch | (download) |
trio.c |
10 8 + 2 - 0 ! |
avoid possible null pointer in trio.c For https://bugzilla.gnome.org/show_bug.cgi?id=730005 While using assert in libxml2 is really not a good idea, it's still better to assert than crash |
0041 Check for tmon in _xmlSchemaDateAdd is incorrect.patch | (download) |
xmlschemastypes.c |
4 2 + 2 - 0 ! |
check for tmon in _xmlschemadateadd() is incorrect For https://bugzilla.gnome.org/show_bug.cgi?id=732705 In _xmlSchemaDateAdd(), the check for |tmon| should be the following since MAX_DAYINMONTH() expects a month in the range [1,12]: if (tmon < 1) tmon = 1; Regression introduced in https://git.gnome.org/browse/libxml2/commit/?id=14b5643947845df089376106517c4f7ba061e4b0 |
0042 HTMLparser Correctly initialise a stack allocated st.patch | (download) |
HTMLparser.c |
2 1 + 1 - 0 ! |
htmlparser: correctly initialise a stack allocated structure MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit If not initialised, the node member remains undefined. Coverity issue: #60466 https://bugzilla.gnome.org/show_bug.cgi?id=731990 |
0043 xmlcatalog Fix a memory leak on quit.patch | (download) |
xmlcatalog.c |
11 6 + 5 - 0 ! |
xmlcatalog: fix a memory leak on quit Coverity issue: #60442 https://bugzilla.gnome.org/show_bug.cgi?id=731990 |
0044 xmlschemastypes Fix potential array overflow.patch | (download) |
xmlschemastypes.c |
3 2 + 1 - 0 ! |
xmlschemastypes: fix potential array overflow The year and month need validating before being put into the MAX_DAYINMONTH macro. Coverity issue: #60436 https://bugzilla.gnome.org/show_bug.cgi?id=731990 |
0045 Add couple of missing Null checks.patch | (download) |
relaxng.c |
7 6 + 1 - 0 ! |
add couple of missing null checks For https://bugzilla.gnome.org/show_bug.cgi?id=733710 |
0046 Couple of Missing Null checks.patch | (download) |
valid.c |
4 4 + 0 - 0 ! |
couple of missing null checks For https://bugzilla.gnome.org/show_bug.cgi?id=734328 Missing Null check could cause crash, if a pointer is dereferenced. Found problem at two places in valid.c |
0047 Fix Enum check and missing break.patch | (download) |
xmlreader.c |
5 3 + 2 - 0 ! |
fix enum check and missing break for https://bugzilla.gnome.org/show_bug.cgi?id=737403 In file xmlreader.c 1. An enum is checked to proper value instead of checking like a boolean. 2. Missing break statement added. |
0048 Possible overflow in HTMLParser.c.patch | (download) |
HTMLparser.c |
16 10 + 6 - 0 ! |
possible overflow in htmlparser.c For https://bugzilla.gnome.org/show_bug.cgi?id=720615 make sure that the encoding string passed is of reasonable size |
0049 Leak of struct addrinfo in xmlNanoFTPConnect.patch | (download) |
nanoftp.c |
2 2 + 0 - 0 ! |
leak of struct addrinfo in xmlnanoftpconnect() For https://bugzilla.gnome.org/show_bug.cgi?id=732352 in case of error condition in IPv6 support, the early return here doesn't call freeaddrinfo(result), thus leaking memory. |
0050 Pointer dereferenced before null check.patch | (download) |
xmlreader.c |
17 13 + 4 - 0 ! |
pointer dereferenced before null check For https://bugzilla.gnome.org/show_bug.cgi?id=707027 A few pointer dereference before NULL check fixed. Removed a useless test |
0051 xpointer fixing Null Pointers.patch | (download) |
xpointer.c |
28 28 + 0 - 0 ! |
xpointer : fixing null pointers For https://bugzilla.gnome.org/show_bug.cgi?id=738053 At many places in xpointer.c Null check is missing which is dereferenced at later places. |
0052 xmlmemory handle realloc properly.patch | (download) |
xmlmemory.c |
8 5 + 3 - 0 ! |
xmlmemory: handle realloc properly If realloc fails, free original pointer. Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> |
0053 fix memory leak xml header encoding field with XML_P.patch | (download) |
parser.c |
6 4 + 2 - 0 ! |
fix memory leak xml header encoding field with xml_parse_ignore_enc When the xml parser encounters an xml encoding in an xml header while configured with option XML_PARSE_IGNORE_ENC, it fails to free memory allocated for storing the encoding. The patch below fixes this. How to reproduce: 1. Change doc/examples/parse4.c to add xmlCtxtUseOptions(ctxt, XML_PARSE_IGNORE_ENC); after the call to xmlCreatePushParserCtxt. 2. Rebuild 3. run the following command from the top libxml2 directory: LD_LIBRARY_PATH=.libs/ valgrind --leak-check=full ./doc/examples/.libs/parse4 ./test.xml , where test.xml contains following input: <?xml version="1.0" encoding="UTF-81" ?><hi/> valgrind will report: ==1964== 10 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==1964== at 0x4C272DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==1964== by 0x4E88497: xmlParseEncName (parser.c:10224) ==1964== by 0x4E888FE: xmlParseEncodingDecl (parser.c:10295) ==1964== by 0x4E89630: xmlParseXMLDecl (parser.c:10534) ==1964== by 0x4E8B737: xmlParseTryOrFinish (parser.c:11293) ==1964== by 0x4E8E775: xmlParseChunk (parser.c:12283) Signed-off-by: Bart De Schuymer <bart at amplidata com> |
0054 Fix for CVE 2014 3660.patch | (download) |
parser.c |
42 38 + 4 - 0 ! |
fix for cve-2014-3660 Issues related to the billion laugh entity expansion which happened to escape the initial set of fixes |
0055 Fix missing entities after CVE 2014 3660 fix.patch | (download) |
parser.c |
3 2 + 1 - 0 ! |
fix missing entities after cve-2014-3660 fix For https://bugzilla.gnome.org/show_bug.cgi?id=738805 The fix for CVE-2014-3660 introduced a regression in some case where entity substitution is required and the entity is used first in anotther entity referenced from an attribute value |
0056 Stop parsing on entities boundaries errors.patch | (download) |
parser.c |
1 1 + 0 - 0 ! |
[patch] stop parsing on entities boundaries errors For https://bugzilla.gnome.org/show_bug.cgi?id=744980 There are times, like on unterminated entities that it's preferable to stop parsing, even if that means less error reporting. Entities are feeding the parser on further processing, and if they are ill defined then it's possible to get the parser to bug. Also do the same on Conditional Sections if the input is broken, as the structure of the document can't be guessed. |
0057 Cleanup conditional section error handling.patch | (download) |
parser.c |
6 6 + 0 - 0 ! |
[patch] cleanup conditional section error handling For https://bugzilla.gnome.org/show_bug.cgi?id=744980 The error handling of Conditional Section also need to be straightened as the structure of the document can't be guessed on a failure there and it's better to stop parsing as further errors are likely to be irrelevant. |
0058 CVE 2015 1819 Enforce the reader to run in constant .patch | (download) |
buf.c |
43 42 + 1 - 0 ! |
[patch] cve-2015-1819 enforce the reader to run in constant memory One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect. |
0059 Do not process encoding values if the declaration if.patch | (download) |
parser.c |
4 4 + 0 - 0 ! |
[patch 1/2] do not process encoding values if the declaration if broken For https://bugzilla.gnome.org/show_bug.cgi?id=751603 If the string is not properly terminated do not try to convert to the given encoding. |
0060 Fail parsing early on if encoding conversion failed.patch | (download) |
parser.c |
6 5 + 1 - 0 ! |
[patch 2/2] fail parsing early on if encoding conversion failed For https://bugzilla.gnome.org/show_bug.cgi?id=751631 If we fail conversing the current input stream while processing the encoding declaration of the XMLDecl then it's safer to just abort there and not try to report further errors. |