From: Alexey Tourbin <at@altlinux.ru>
To: devel@lists.altlinux.org
Subject: Re: [devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5
Date: Fri, 13 Oct 2006 00:19:23 +0400
Message-ID: <20061012201923.GD8008@localhost.localdomain> (raw)
In-Reply-To: <20061012201710.A04DF42C09AA@git.altlinux.org>
[-- Attachment #1: Type: text/plain, Size: 5742 bytes --]
On Fri, Oct 13, 2006 at 12:17:10AM +0400, Alexey M. Tourbin wrote:
> commit e20032dc9365f0dbca96940b5f40f50ab8b7722a
> Author: Alexey Tourbin <at@altlinux.ru>
> Date: Sat Aug 12 07:22:42 2006 +0000
>
> 2.34-alt5
>
> - fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
> - fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
>
>
> Full changes since `2.34-alt4' follow:
> diff --git a/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> new file mode 100644
> index 0000000..cb1176f
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> @@ -0,0 +1,84 @@
> +--- XML-Parser-2.34/Expat/Expat.xs.orig 2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs 2006-08-07 10:37:40.000000000 +0200
> +@@ -289,11 +289,10 @@
> + SV * tbuff;
> + SV * tsiz;
> + char * linebuff;
> + STRLEN lblen;
> + STRLEN br = 0;
> +- int buffsize;
> + int done = 0;
> + int ret = 1;
> + char * msg = NULL;
> + CallbackVector * cbv;
> + char *buff = (char *) 0;
> +@@ -334,37 +333,31 @@
> + && strnEQ(++chk, cbv->delim + 1, cbv->delimlen - 1))
> + lblen -= cbv->delimlen + 1;
> + }
> +
> + PUTBACK ;
> +- buffsize = lblen;
> + done = lblen == 0;
> + }
> + else {
> + tbuff = newSV(0);
> + tsiz = newSViv(BUFSIZE);
> +- buffsize = BUFSIZE;
> + }
> +
> + while (! done)
> + {
> +- char *buffer = XML_GetBuffer(parser, buffsize);
> +-
> +- if (! buffer)
> +- croak("Ran out of memory for input buffer");
> ++ char *buffer, *tb;
> +
> + SAVETMPS;
> +
> + if (cbv->delim) {
> +- Copy(linebuff, buffer, lblen, char);
> ++ tb = linebuff;
> + br = lblen;
> + done = 1;
> + }
> + else {
> + int cnt;
> + SV * rdres;
> +- char * tb;
> +
> + PUSHMARK(SP);
> + EXTEND(SP, 3);
> + PUSHs(ioref);
> + PUSHs(tbuff);
> +@@ -382,18 +375,26 @@
> +
> + if (! SvOK(rdres))
> + croak("read error");
> +
> + tb = SvPV(tbuff, br);
> +- if (br > 0)
> +- Copy(tb, buffer, br, char);
> +- else
> ++ /* br == number of bytes read from stream
> ++ Note that it is possible that br > BUFSIZE if the input stream
> ++ is decoding a non-ASCII source. */
> ++ if (br <= 0)
> + done = 1;
> +
> + PUTBACK ;
> + }
> +
> ++ buffer = XML_GetBuffer(parser, br);
> ++ if (! buffer)
> ++ croak("Ran out of memory for input buffer");
> ++
> ++ if (br > 0)
> ++ Copy(tb, buffer, br, char);
> ++
> + ret = XML_ParseBuffer(parser, br, done);
> +
> + SPAGAIN; /* resync local SP in case callbacks changed global stack */
> +
> + if (! ret)
> diff --git a/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> new file mode 100644
> index 0000000..14017af
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> @@ -0,0 +1,16 @@
> +diff -urN -U 5 XML-Parser-2.34.orig/Expat/Expat.xs XML-Parser-2.34/Expat/Expat.xs
> +--- XML-Parser-2.34.orig/Expat/Expat.xs 2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs 2006-06-13 11:23:40.000000000 +0200
> +@@ -493,11 +493,11 @@
> + resume_callbacks(cbv);
> + cbv->skip_until = 0;
> + }
> + }
> +
> +- if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) {
> ++ if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) {
> + unsigned int newsize = cbv->st_serial_stacksize + 512;
> +
> + Renew(cbv->st_serial_stack, newsize, unsigned int);
> + cbv->st_serial_stacksize = newsize;
> + }
> diff --git a/perl-XML-Parser.spec b/perl-XML-Parser.spec
> index cd0f58b..0ee7aa3 100644
> --- a/perl-XML-Parser.spec
> +++ b/perl-XML-Parser.spec
> @@ -1,7 +1,7 @@
> %define dist XML-Parser
> Name: perl-%dist
> Version: 2.34
> -Release: alt4
> +Release: alt5
>
> Summary: Perl module for parsing XML files
> License: GPL or Artistic
> @@ -13,10 +13,12 @@ Source0: %dist-%version.tar.bz2
> # http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/XML/Parser/Encodings/
> Source1: %name-encodings.tar.bz2
>
> -Patch0: %name-2.34-alt-style-subs.patch
> -Patch1: %name-2.34-alt-XSLoader.patch
> +Patch0: perl-XML-Parser-2.34-alt-style-subs.patch
> +Patch1: perl-XML-Parser-2.34-alt-XSLoader.patch
> +Patch2: perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> +Patch3: perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
>
> -# Added by buildreq2 on Mon Jun 13 2005
> +# Added by buildreq2 on Sat Aug 12 2006
> BuildRequires: libexpat-devel perl-devel perl-libwww
>
> %description
> @@ -26,12 +28,12 @@ a lower level interface to James Clark's
>
> %prep
> %setup -q -n %dist-%version -a1
> -%__cp -av Encodings/*.enc Parser/Encodings/
> +cp -pv Encodings/*.enc Parser/Encodings/
> %patch0 -p1
> %patch1 -p1
>
Позор! В результате иморта в git увидел, что забыл приложить патчи.
> -%__cp -av samples examples
> -%__rm -fv examples/REC-xml-19980210.xml
> +cp -av samples examples
> +rm -fv examples/REC-xml-19980210.xml
>
> %build
> %perl_vendor_build
> @@ -45,6 +47,10 @@ a lower level interface to James Clark's
> %perl_vendor_autolib/XML
>
> %changelog
> +* Sat Aug 12 2006 Alexey Tourbin <at@altlinux.ru> 2.34-alt5
> +- fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
> +- fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
> +
> * Sun Jun 26 2005 Alexey Tourbin <at@altlinux.ru> 2.34-alt4
> - added support for XSLoader (cpan #13420)
>
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
parent reply other threads:[~2006-10-12 20:19 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <20061012201710.A04DF42C09AA@git.altlinux.org>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061012201923.GD8008@localhost.localdomain \
--to=at@altlinux.ru \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git