Package: libxml2 / 2.9.4+dfsg1-7

Metadata

Package Version Patches format
libxml2 2.9.4+dfsg1-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 modify xml2 config and pkgconfig behaviour.patch | (download)

configure.ac | 2 1 + 1 - 0 !
libxml-2.0-uninstalled.pc.in | 3 2 + 1 - 0 !
xml2-config.1 | 4 4 + 0 - 0 !
xml2-config.in | 22 10 + 12 - 0 !
4 files changed, 17 insertions(+), 14 deletions(-)

 modify xml2-config and pkgconfig behaviour


0002 fix python multiarch includes.patch | (download)

python/Makefile.am | 2 1 + 1 - 0 !
python/Makefile.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 fix python multiarch includes


0003 Fix NULL pointer deref in XPointer range to.patch | (download)

result/XPath/xptr/viderror | 4 4 + 0 - 0 !
test/XPath/xptr/viderror | 1 1 + 0 - 0 !
xpath.c | 7 6 + 1 - 0 !
3 files changed, 11 insertions(+), 1 deletion(-)

 fix null pointer deref in xpointer range-to

- Check for errors after evaluating first operand.
- Add sanity check for empty stack.

Found with afl-fuzz.

0004 Fix comparison with root node in xmlXPathCmpNodes.patch | (download)

xpath.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] fix comparison with root node in xmlxpathcmpnodes

This change has already been made in xmlXPathCmpNodesExt but not in
xmlXPathCmpNodes.

0005 Fix XPointer paths beginning with range to.patch | (download)

xpath.c | 7 6 + 1 - 0 !
xpointer.c | 76 6 + 70 - 0 !
2 files changed, 12 insertions(+), 71 deletions(-)

 [patch] fix xpointer paths beginning with range-to

The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.

The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.

Found with afl-fuzz.

Fixes CVE-2016-5131.

0006 Disallow namespace nodes in XPointer ranges.patch | (download)

xpointer.c | 149 56 + 93 - 0 !
1 file changed, 56 insertions(+), 93 deletions(-)

 [patch] disallow namespace nodes in xpointer ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Found with afl-fuzz.

Fixes CVE-2016-4658.

0007 Fix more NULL pointer derefs in xpointer.c.patch | (download)

xpointer.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 [patch] fix more null pointer derefs in xpointer.c

Found with afl-fuzz.

0008 Fix attribute decoding during XML schema validation.patch | (download)

xmlschemas.c | 30 25 + 5 - 0 !
1 file changed, 25 insertions(+), 5 deletions(-)

 [patch] fix attribute decoding during xml schema validation

For https://bugzilla.gnome.org/show_bug.cgi?id=766834

vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
so this function can't call xmlStringLenDecodeEntities to decode the
entities.

0009 Increase buffer space for port in HTTP redirect supp.patch | (download)

nanohttp.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 increase buffer space for port in http redirect support
0010 Prevent unwanted external entity reference.patch | (download)

parser.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 prevent unwanted external entity reference
0011 Fix handling of parameter entity references.patch | (download)

Makefile.am | 18 18 + 0 - 0 !
parser.c | 18 10 + 8 - 0 !
result/errors10/781205.xml.err | 21 21 + 0 - 0 !
result/errors10/781361.xml.err | 13 13 + 0 - 0 !
result/valid/766956.xml.err | 9 9 + 0 - 0 !
result/valid/766956.xml.err.rdr | 10 10 + 0 - 0 !
runtest.c | 3 3 + 0 - 0 !
test/errors10/781205.xml | 3 3 + 0 - 0 !
test/errors10/781361.xml | 3 3 + 0 - 0 !
test/valid/766956.xml | 2 2 + 0 - 0 !
test/valid/dtds/766956.dtd | 2 2 + 0 - 0 !
11 files changed, 94 insertions(+), 8 deletions(-)

 fix handling of parameter-entity references
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
0012 Fix buffer size checks in xmlSnprintfElementContent.patch | (download)

result/valid/781333.xml | 5 5 + 0 - 0 !
result/valid/781333.xml.err | 3 3 + 0 - 0 !
result/valid/781333.xml.err.rdr | 6 6 + 0 - 0 !
test/valid/781333.xml | 4 4 + 0 - 0 !
valid.c | 20 11 + 9 - 0 !
5 files changed, 29 insertions(+), 9 deletions(-)

 fix buffer size checks in xmlsnprintfelementcontent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
0013 Fix type confusion in xmlValidateOneNamespace.patch | (download)

valid.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 fix type confusion in xmlvalidateonenamespace
0014 Fix NULL pointer deref in xmlDumpElementContent.patch | (download)

valid.c | 24 14 + 10 - 0 !
1 file changed, 14 insertions(+), 10 deletions(-)

 fix null pointer deref in xmldumpelementcontent
0015 Check for integer overflow in memory debug code.patch | (download)

xmlmemory.c | 21 21 + 0 - 0 !
1 file changed, 21 insertions(+)

 check for integer overflow in memory debug code
0016 Fix copy paste errors in error messages.patch | (download)

xmlmemory.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix copy-paste errors in error messages
0017 python remove single use of _PyVerify_fd.patch | (download)

python/types.c | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 python: remove single use of _pyverify_fd
0018 Fix XPath stack frame logic.patch | (download)

xpath.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix xpath stack frame logic
0019 CVE 2017 8872.patch | (download)

parser.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 out-of-bounds read in htmlparsetryorfinish