'[Ipcop-svn] SF.net SVN: ipcop:[7013] ipcop/trunk'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-svn
Subject:    [Ipcop-svn] SF.net SVN: ipcop:[7013] ipcop/trunk
From:       gespinasse () users ! sourceforge ! net
Date:       2013-04-26 6:03:55
Message-ID: E1UVblD-0008Dh-9d () sfp-svn-4 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 7013
          http://ipcop.svn.sourceforge.net/ipcop/?rev=7013&view=rev
Author:   gespinasse
Date:     2013-04-26 06:03:52 +0000 (Fri, 26 Apr 2013)
Log Message:
-----------
Upgrade libxml2 to 2.9.1
This fix some issues, at least CVE-2013-1969, CVE-2013-0338
Hack Makefile.in to obtain what should have resulted from --docdir usage
Remove 'rm -f' hack as the fix has been include upstream

Modified Paths:
--------------
    ipcop/trunk/config/rootfiles/common/libxml2
    ipcop/trunk/lfs/libxml2
    ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
    ipcop/trunk/updates/2.1.0/information.xml
    ipcop/trunk/updates/2.1.0/setup

Removed Paths:
-------------
    ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch

Modified: ipcop/trunk/config/rootfiles/common/libxml2
===================================================================
--- ipcop/trunk/config/rootfiles/common/libxml2	2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/config/rootfiles/common/libxml2	2013-04-26 06:03:52 UTC (rev 7013)
@@ -53,18 +53,17 @@
 #usr/lib/libxml2.la
 #usr/lib/libxml2.so
 usr/lib/libxml2.so.2
-usr/lib/libxml2.so.2.9.0
+usr/lib/libxml2.so.2.9.1
 #usr/lib/pkgconfig/libxml-2.0.pc
 #usr/lib/xml2Conf.sh
 #usr/share/aclocal/libxml.m4
 #usr/share/doc/libxml2
-#usr/share/doc/libxml2-2.9.0
-#usr/share/doc/libxml2-2.9.0/Copyright
-#usr/share/doc/libxml2-2.9.0/examples
-#usr/share/doc/libxml2-2.9.0/examples/testHTML.c
-#usr/share/doc/libxml2-2.9.0/examples/testSAX.c
-#usr/share/doc/libxml2-2.9.0/examples/testXPath.c
-#usr/share/doc/libxml2-2.9.0/examples/xmllint.c
+#usr/share/doc/libxml2/Copyright
+#usr/share/doc/libxml2/examples
+#usr/share/doc/libxml2/examples/testHTML.c
+#usr/share/doc/libxml2/examples/testSAX.c
+#usr/share/doc/libxml2/examples/testXPath.c
+#usr/share/doc/libxml2/examples/xmllint.c
 #usr/share/doc/libxml2/html
 #usr/share/doc/libxml2/html/DOM.gif
 #usr/share/doc/libxml2/html/FAQ.html
@@ -126,6 +125,7 @@
 #usr/share/doc/libxml2/html/html/libxml-xpath.html
 #usr/share/doc/libxml2/html/html/libxml-xpathInternals.html
 #usr/share/doc/libxml2/html/html/libxml-xpointer.html
+#usr/share/doc/libxml2/html/html/libxml-xzlib.html
 #usr/share/doc/libxml2/html/html/right.png
 #usr/share/doc/libxml2/html/html/up.png
 #usr/share/doc/libxml2/html/index.html

Modified: ipcop/trunk/lfs/libxml2
===================================================================
--- ipcop/trunk/lfs/libxml2	2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/lfs/libxml2	2013-04-26 06:03:52 UTC (rev 7013)
@@ -33,7 +33,7 @@
 include Config
 
 PKG_NAME   := libxml2
-VER        := 2.9.0
+VER        := 2.9.1
 HOST_ARCH  := all
 OTHER_SRC  := yes
 
@@ -55,7 +55,7 @@
 $(DL_FILE) := $(DL_FROM)/$(DL_FILE)
 $(XMLTEST) := http://www.w3.org/XML/Test/$(XMLTEST)
 
-$(DL_FILE)_MD5 := 5b9bebf4f5d2200ae2c4efe8fa6103f7
+$(DL_FILE)_MD5 := 9c0cfef285d5c4a5c80d00904ddab380
 $(XMLTEST)_MD5 := ae3d1ebe000a3972afa104ca7f0e1b4a
 
 install : $(TARGET)
@@ -86,19 +86,17 @@
 $(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -p1 -i $(DIR_PATCHES)/$(THISAPP)_CVE-2012-5134.patch
 
-	# --docdir does nothing on 2.7.8
+
 	# --with-minimum is broken on 2.7.8, not on 2.7.7 but hard to know what to test
 	# maybe we could reduce more the lib, who know?
 	# Removing version from --with-html-subdir limit the noise on upgrade
 	# --without-python because we don't need python support
 	# --without-zlib because no prog use that feature
 	# --without-threads because this is not needed, (and it remove a lot of warnings) \
                rrdtool test only for xmlParseFile feature
-	# ac_cv_path_RM='rm -f' prevent "cannot remove" messages, explanation at \
                http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523750
-	# remove the ac_cv_path_RM workaround after 2.9.0	
-	cd $(DIR_APP) && ac_cv_path_RM='rm -f'	\
-			./configure		\
+	# --docdir does not work as it should as Copyright, examples goes to hardcoded \
doc/libxml2-$VERSION +	cd $(DIR_APP) && sed -i 's/^DOC_MODULE.*/DOC_MODULE=libxml2/' \
Makefile.in +	cd $(DIR_APP) && ./configure		\
 				--prefix=/usr \
 				--disable-static \
 				--with-html-subdir=$(PKG_NAME)/html \

Deleted: ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch
===================================================================
--- ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch	2013-04-22 05:50:55 UTC \
                (rev 7012)
+++ ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch	2013-04-26 06:03:52 UTC \
(rev 7013) @@ -1,19 +0,0 @@
-commit 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
-Author: Daniel Veillard <veillard@redhat.com>
-Date:   Mon Oct 29 10:39:55 2012 +0800
-
-    Fix potential out of bound access
-
-diff --git a/parser.c b/parser.c
-index 0d8d7f2..bd634e9 100644
---- a/parser.c
-+++ b/parser.c
-@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, \
                int normalize) {
-         goto error;
- 
-     if ((in_space) && (normalize)) {
--        while (buf[len - 1] == 0x20) len--;
-+        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
-     }
-     buf[len] = 0;
-     if (RAW == '<') {

Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0	2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0	2013-04-26 06:03:52 UTC (rev 7013)
@@ -464,9 +464,9 @@
 /usr/lib/libusb-1.0.so.0
 /usr/lib/libusb-1.0.so.0.1.0
 ##
-## libxml2-2.9.0
+## libxml2-2.9.1
 /usr/lib/libxml2.so.2
-/usr/lib/libxml2.so.2.9.0
+/usr/lib/libxml2.so.2.9.1
 ##
 ## logrotate-3.8.1
 /usr/sbin/logrotate

Modified: ipcop/trunk/updates/2.1.0/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.0/information.xml	2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/updates/2.1.0/information.xml	2013-04-26 06:03:52 UTC (rev 7013)
@@ -15,7 +15,7 @@
             hdparm to 9.39, httpd to 2.2.24, krb5 to 1.10.3,
             less to 451, libffi to 3.0.13, libgd to 2.0.36~rc1, libgcrypt to 1.5.1, \
                libnet to 1.1.6,
             libnfnetlink to 1.0.1, libnetfiltercontrack to 1.0.2, libnl to 3.2.16, \
                libpcap to 1.3.0, libpng to 1.5.15,
-            libusb to 1.0.9, libusb-compat to 0.1.4, libtool to 2.4.2, libxml2 to \
2.9.0, logrotate to 3.8.1, lsof to 4.87, +            libusb to 1.0.9, libusb-compat \
                to 0.1.4, libtool to 2.4.2, libxml2 to 2.9.1, logrotate to 3.8.1, \
                lsof to 4.87,
             mdadm to 3.2.6, net-tools to 1.60-p20120127084908, openldap to 2.4.35, \
                openssh to 6.1, openssl to 1.0.1e, openswan to 2.6.38,
             parted to 3.1, pciutils to 3.1.10, pcre to 8.32, pixman to 0.24.4, \
                procps to 3.3.7, psmisc to 22.20,
             rsyslog to 5.8.13, sed to 4.2.2, shadow to 4.1.5.1, smartmontools to \
6.0, sqlite to 3.7.13

Modified: ipcop/trunk/updates/2.1.0/setup
===================================================================
--- ipcop/trunk/updates/2.1.0/setup	2013-04-22 05:50:55 UTC (rev 7012)
+++ ipcop/trunk/updates/2.1.0/setup	2013-04-26 06:03:52 UTC (rev 7013)
@@ -145,7 +145,7 @@
 /bin/rm -f /usr/lib/libpixman-1.so.0.22.2
 /bin/rm -f /usr/lib/libpng15.so.15.{8,9,10,11,12,14}.0
 /bin/rm -f /usr/lib/libusb-1.0.so.0.0.0
-/bin/rm -f /usr/lib/libxml2.so.2.{7.8,8.0}
+/bin/rm -f /usr/lib/libxml2.so.2.{7.8,8.0,9.0}
 
 # Remove devel lib that should not be needed
 /bin/rm -f /usr/lib/libatm.so

This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.


------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic