On Fri, Oct 13, 2006 at 12:17:10AM +0400, Alexey M. Tourbin wrote: > commit e20032dc9365f0dbca96940b5f40f50ab8b7722a > Author: Alexey Tourbin > Date: Sat Aug 12 07:22:42 2006 +0000 > > 2.34-alt5 > > - fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411) > - fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860) > > > Full changes since `2.34-alt4' follow: > diff --git a/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch > new file mode 100644 > index 0000000..cb1176f > --- /dev/null > +++ b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch > @@ -0,0 +1,84 @@ > +--- XML-Parser-2.34/Expat/Expat.xs.orig 2003-07-28 16:41:10.000000000 +0200 > ++++ XML-Parser-2.34/Expat/Expat.xs 2006-08-07 10:37:40.000000000 +0200 > +@@ -289,11 +289,10 @@ > + SV * tbuff; > + SV * tsiz; > + char * linebuff; > + STRLEN lblen; > + STRLEN br = 0; > +- int buffsize; > + int done = 0; > + int ret = 1; > + char * msg = NULL; > + CallbackVector * cbv; > + char *buff = (char *) 0; > +@@ -334,37 +333,31 @@ > + && strnEQ(++chk, cbv->delim + 1, cbv->delimlen - 1)) > + lblen -= cbv->delimlen + 1; > + } > + > + PUTBACK ; > +- buffsize = lblen; > + done = lblen == 0; > + } > + else { > + tbuff = newSV(0); > + tsiz = newSViv(BUFSIZE); > +- buffsize = BUFSIZE; > + } > + > + while (! done) > + { > +- char *buffer = XML_GetBuffer(parser, buffsize); > +- > +- if (! buffer) > +- croak("Ran out of memory for input buffer"); > ++ char *buffer, *tb; > + > + SAVETMPS; > + > + if (cbv->delim) { > +- Copy(linebuff, buffer, lblen, char); > ++ tb = linebuff; > + br = lblen; > + done = 1; > + } > + else { > + int cnt; > + SV * rdres; > +- char * tb; > + > + PUSHMARK(SP); > + EXTEND(SP, 3); > + PUSHs(ioref); > + PUSHs(tbuff); > +@@ -382,18 +375,26 @@ > + > + if (! SvOK(rdres)) > + croak("read error"); > + > + tb = SvPV(tbuff, br); > +- if (br > 0) > +- Copy(tb, buffer, br, char); > +- else > ++ /* br == number of bytes read from stream > ++ Note that it is possible that br > BUFSIZE if the input stream > ++ is decoding a non-ASCII source. */ > ++ if (br <= 0) > + done = 1; > + > + PUTBACK ; > + } > + > ++ buffer = XML_GetBuffer(parser, br); > ++ if (! buffer) > ++ croak("Ran out of memory for input buffer"); > ++ > ++ if (br > 0) > ++ Copy(tb, buffer, br, char); > ++ > + ret = XML_ParseBuffer(parser, br, done); > + > + SPAGAIN; /* resync local SP in case callbacks changed global stack */ > + > + if (! ret) > diff --git a/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch > new file mode 100644 > index 0000000..14017af > --- /dev/null > +++ b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch > @@ -0,0 +1,16 @@ > +diff -urN -U 5 XML-Parser-2.34.orig/Expat/Expat.xs XML-Parser-2.34/Expat/Expat.xs > +--- XML-Parser-2.34.orig/Expat/Expat.xs 2003-07-28 16:41:10.000000000 +0200 > ++++ XML-Parser-2.34/Expat/Expat.xs 2006-06-13 11:23:40.000000000 +0200 > +@@ -493,11 +493,11 @@ > + resume_callbacks(cbv); > + cbv->skip_until = 0; > + } > + } > + > +- if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) { > ++ if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) { > + unsigned int newsize = cbv->st_serial_stacksize + 512; > + > + Renew(cbv->st_serial_stack, newsize, unsigned int); > + cbv->st_serial_stacksize = newsize; > + } > diff --git a/perl-XML-Parser.spec b/perl-XML-Parser.spec > index cd0f58b..0ee7aa3 100644 > --- a/perl-XML-Parser.spec > +++ b/perl-XML-Parser.spec > @@ -1,7 +1,7 @@ > %define dist XML-Parser > Name: perl-%dist > Version: 2.34 > -Release: alt4 > +Release: alt5 > > Summary: Perl module for parsing XML files > License: GPL or Artistic > @@ -13,10 +13,12 @@ Source0: %dist-%version.tar.bz2 > # http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/XML/Parser/Encodings/ > Source1: %name-encodings.tar.bz2 > > -Patch0: %name-2.34-alt-style-subs.patch > -Patch1: %name-2.34-alt-XSLoader.patch > +Patch0: perl-XML-Parser-2.34-alt-style-subs.patch > +Patch1: perl-XML-Parser-2.34-alt-XSLoader.patch > +Patch2: perl-XML-Parser-2.34-cpan19859-unicodecrash.patch > +Patch3: perl-XML-Parser-2.34-cpan19860-stackoveflow.patch > > -# Added by buildreq2 on Mon Jun 13 2005 > +# Added by buildreq2 on Sat Aug 12 2006 > BuildRequires: libexpat-devel perl-devel perl-libwww > > %description > @@ -26,12 +28,12 @@ a lower level interface to James Clark's > > %prep > %setup -q -n %dist-%version -a1 > -%__cp -av Encodings/*.enc Parser/Encodings/ > +cp -pv Encodings/*.enc Parser/Encodings/ > %patch0 -p1 > %patch1 -p1 > Позор! В результате иморта в git увидел, что забыл приложить патчи. > -%__cp -av samples examples > -%__rm -fv examples/REC-xml-19980210.xml > +cp -av samples examples > +rm -fv examples/REC-xml-19980210.xml > > %build > %perl_vendor_build > @@ -45,6 +47,10 @@ a lower level interface to James Clark's > %perl_vendor_autolib/XML > > %changelog > +* Sat Aug 12 2006 Alexey Tourbin 2.34-alt5 > +- fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411) > +- fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860) > + > * Sun Jun 26 2005 Alexey Tourbin 2.34-alt4 > - added support for XSLoader (cpan #13420) >