Re: [devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5

ALT Linux Team development discussions
 help / color / mirror / Atom feed

* Re: [devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5
  @ 2006-10-12 20:19 ` Alexey Tourbin
  0 siblings, 0 replies; only message in thread
From: Alexey Tourbin @ 2006-10-12 20:19 UTC (permalink / raw)
  To: devel

[-- Attachment #1: Type: text/plain, Size: 5742 bytes --]

On Fri, Oct 13, 2006 at 12:17:10AM +0400, Alexey M. Tourbin wrote:
> commit e20032dc9365f0dbca96940b5f40f50ab8b7722a
> Author: Alexey Tourbin <at@altlinux.ru>
> Date:   Sat Aug 12 07:22:42 2006 +0000
> 
>     2.34-alt5
>     
>     - fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
>     - fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
> 
> 
> Full changes since `2.34-alt4' follow:
> diff --git a/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> new file mode 100644
> index 0000000..cb1176f
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> @@ -0,0 +1,84 @@
> +--- XML-Parser-2.34/Expat/Expat.xs.orig	2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs	2006-08-07 10:37:40.000000000 +0200
> +@@ -289,11 +289,10 @@
> +   SV *		tbuff;
> +   SV *		tsiz;
> +   char *	linebuff;
> +   STRLEN	lblen;
> +   STRLEN	br = 0;
> +-  int		buffsize;
> +   int		done = 0;
> +   int		ret = 1;
> +   char *	msg = NULL;
> +   CallbackVector * cbv;
> +   char		*buff = (char *) 0;
> +@@ -334,37 +333,31 @@
> + 	  && strnEQ(++chk, cbv->delim + 1, cbv->delimlen - 1))
> + 	lblen -= cbv->delimlen + 1;
> +     }
> + 
> +     PUTBACK ;
> +-    buffsize = lblen;
> +     done = lblen == 0;
> +   }
> +   else {
> +     tbuff = newSV(0);
> +     tsiz = newSViv(BUFSIZE);
> +-    buffsize = BUFSIZE;
> +   }
> + 
> +   while (! done)
> +     {
> +-      char *buffer = XML_GetBuffer(parser, buffsize);
> +-
> +-      if (! buffer)
> +-	croak("Ran out of memory for input buffer");
> ++      char *buffer, *tb;
> + 
> +       SAVETMPS;
> + 
> +       if (cbv->delim) {
> +-	Copy(linebuff, buffer, lblen, char);
> ++	tb = linebuff;
> + 	br = lblen;
> + 	done = 1;
> +       }
> +       else {
> + 	int cnt;
> + 	SV * rdres;
> +-	char * tb;
> + 
> + 	PUSHMARK(SP);
> + 	EXTEND(SP, 3);
> + 	PUSHs(ioref);
> + 	PUSHs(tbuff);
> +@@ -382,18 +375,26 @@
> + 
> + 	if (! SvOK(rdres))
> + 	  croak("read error");
> + 
> + 	tb = SvPV(tbuff, br);
> +-	if (br > 0)
> +-	  Copy(tb, buffer, br, char);
> +-	else
> ++	/* br == number of bytes read from stream
> ++	   Note that it is possible that br > BUFSIZE if the input stream
> ++	   is decoding a non-ASCII source. */
> ++	if (br <= 0)
> + 	  done = 1;
> + 
> + 	PUTBACK ;
> +       }
> + 
> ++      buffer = XML_GetBuffer(parser, br);
> ++      if (! buffer)
> ++	croak("Ran out of memory for input buffer");
> ++
> ++      if (br > 0)
> ++        Copy(tb, buffer, br, char);
> ++
> +       ret = XML_ParseBuffer(parser, br, done);
> + 
> +       SPAGAIN; /* resync local SP in case callbacks changed global stack */
> + 
> +       if (! ret)
> diff --git a/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> new file mode 100644
> index 0000000..14017af
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> @@ -0,0 +1,16 @@
> +diff -urN -U 5 XML-Parser-2.34.orig/Expat/Expat.xs XML-Parser-2.34/Expat/Expat.xs
> +--- XML-Parser-2.34.orig/Expat/Expat.xs	2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs	2006-06-13 11:23:40.000000000 +0200
> +@@ -493,11 +493,11 @@
> +       resume_callbacks(cbv);
> +       cbv->skip_until = 0;
> +     }
> +   }
> + 
> +-  if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) {
> ++  if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) {
> +     unsigned int newsize = cbv->st_serial_stacksize + 512;
> + 
> +     Renew(cbv->st_serial_stack, newsize, unsigned int);
> +     cbv->st_serial_stacksize = newsize;
> +   }
> diff --git a/perl-XML-Parser.spec b/perl-XML-Parser.spec
> index cd0f58b..0ee7aa3 100644
> --- a/perl-XML-Parser.spec
> +++ b/perl-XML-Parser.spec
> @@ -1,7 +1,7 @@
>  %define dist XML-Parser
>  Name: perl-%dist
>  Version: 2.34
> -Release: alt4
> +Release: alt5
>  
>  Summary: Perl module for parsing XML files
>  License: GPL or Artistic
> @@ -13,10 +13,12 @@ Source0: %dist-%version.tar.bz2
>  # http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/XML/Parser/Encodings/
>  Source1: %name-encodings.tar.bz2
>  
> -Patch0: %name-2.34-alt-style-subs.patch
> -Patch1: %name-2.34-alt-XSLoader.patch
> +Patch0: perl-XML-Parser-2.34-alt-style-subs.patch
> +Patch1: perl-XML-Parser-2.34-alt-XSLoader.patch
> +Patch2: perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> +Patch3: perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
>  
> -# Added by buildreq2 on Mon Jun 13 2005
> +# Added by buildreq2 on Sat Aug 12 2006
>  BuildRequires: libexpat-devel perl-devel perl-libwww
>  
>  %description
> @@ -26,12 +28,12 @@ a lower level interface to James Clark's
>  
>  %prep
>  %setup -q -n %dist-%version -a1
> -%__cp -av Encodings/*.enc Parser/Encodings/
> +cp -pv Encodings/*.enc Parser/Encodings/
>  %patch0 -p1
>  %patch1 -p1
>  

Позор!  В результате иморта в git увидел, что забыл приложить патчи.

> -%__cp -av samples examples
> -%__rm -fv examples/REC-xml-19980210.xml
> +cp -av samples examples
> +rm -fv examples/REC-xml-19980210.xml
>  
>  %build
>  %perl_vendor_build
> @@ -45,6 +47,10 @@ a lower level interface to James Clark's
>  %perl_vendor_autolib/XML
>  
>  %changelog
> +* Sat Aug 12 2006 Alexey Tourbin <at@altlinux.ru> 2.34-alt5
> +- fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
> +- fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
> +
>  * Sun Jun 26 2005 Alexey Tourbin <at@altlinux.ru> 2.34-alt4
>  - added support for XSLoader (cpan #13420)
>  

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2006-10-12 20:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-10-12 20:19 ` [devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5 Alexey Tourbin

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git