From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <at@altlinux.ru>
Date: Fri, 13 Oct 2006 00:19:23 +0400
From: Alexey Tourbin <at@altlinux.ru>
To: devel@lists.altlinux.org
Message-ID: <20061012201923.GD8008@localhost.localdomain>
Mail-Followup-To: devel@lists.altlinux.org
References: <20061012201710.A04DF42C09AA@git.altlinux.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="YWfczjhUm04al3kG"
Content-Disposition: inline
In-Reply-To: <20061012201710.A04DF42C09AA@git.altlinux.org>
Subject: Re: [devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Devel discussion list <devel@lists.altlinux.org>
List-Id: ALT Devel discussion list <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2006 20:19:21 -0000
Archived-At: <http://lore.altlinux.org/devel/20061012201923.GD8008@localhost.localdomain/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--YWfczjhUm04al3kG
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 13, 2006 at 12:17:10AM +0400, Alexey M. Tourbin wrote:
> commit e20032dc9365f0dbca96940b5f40f50ab8b7722a
> Author: Alexey Tourbin <at@altlinux.ru>
> Date:   Sat Aug 12 07:22:42 2006 +0000
>=20
>     2.34-alt5
>    =20
>     - fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb =
#378411)
>     - fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
>=20
>=20
> Full changes since `2.34-alt4' follow:
> diff --git a/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch b/perl-XML=
-Parser-2.34-cpan19859-unicodecrash.patch
> new file mode 100644
> index 0000000..cb1176f
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> @@ -0,0 +1,84 @@
> +--- XML-Parser-2.34/Expat/Expat.xs.orig	2003-07-28 16:41:10.000000000 +0=
200
> ++++ XML-Parser-2.34/Expat/Expat.xs	2006-08-07 10:37:40.000000000 +0200
> +@@ -289,11 +289,10 @@
> +   SV *		tbuff;
> +   SV *		tsiz;
> +   char *	linebuff;
> +   STRLEN	lblen;
> +   STRLEN	br =3D 0;
> +-  int		buffsize;
> +   int		done =3D 0;
> +   int		ret =3D 1;
> +   char *	msg =3D NULL;
> +   CallbackVector * cbv;
> +   char		*buff =3D (char *) 0;
> +@@ -334,37 +333,31 @@
> + 	  && strnEQ(++chk, cbv->delim + 1, cbv->delimlen - 1))
> + 	lblen -=3D cbv->delimlen + 1;
> +     }
> +=20
> +     PUTBACK ;
> +-    buffsize =3D lblen;
> +     done =3D lblen =3D=3D 0;
> +   }
> +   else {
> +     tbuff =3D newSV(0);
> +     tsiz =3D newSViv(BUFSIZE);
> +-    buffsize =3D BUFSIZE;
> +   }
> +=20
> +   while (! done)
> +     {
> +-      char *buffer =3D XML_GetBuffer(parser, buffsize);
> +-
> +-      if (! buffer)
> +-	croak("Ran out of memory for input buffer");
> ++      char *buffer, *tb;
> +=20
> +       SAVETMPS;
> +=20
> +       if (cbv->delim) {
> +-	Copy(linebuff, buffer, lblen, char);
> ++	tb =3D linebuff;
> + 	br =3D lblen;
> + 	done =3D 1;
> +       }
> +       else {
> + 	int cnt;
> + 	SV * rdres;
> +-	char * tb;
> +=20
> + 	PUSHMARK(SP);
> + 	EXTEND(SP, 3);
> + 	PUSHs(ioref);
> + 	PUSHs(tbuff);
> +@@ -382,18 +375,26 @@
> +=20
> + 	if (! SvOK(rdres))
> + 	  croak("read error");
> +=20
> + 	tb =3D SvPV(tbuff, br);
> +-	if (br > 0)
> +-	  Copy(tb, buffer, br, char);
> +-	else
> ++	/* br =3D=3D number of bytes read from stream
> ++	   Note that it is possible that br > BUFSIZE if the input stream
> ++	   is decoding a non-ASCII source. */
> ++	if (br <=3D 0)
> + 	  done =3D 1;
> +=20
> + 	PUTBACK ;
> +       }
> +=20
> ++      buffer =3D XML_GetBuffer(parser, br);
> ++      if (! buffer)
> ++	croak("Ran out of memory for input buffer");
> ++
> ++      if (br > 0)
> ++        Copy(tb, buffer, br, char);
> ++
> +       ret =3D XML_ParseBuffer(parser, br, done);
> +=20
> +       SPAGAIN; /* resync local SP in case callbacks changed global stac=
k */
> +=20
> +       if (! ret)
> diff --git a/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch b/perl-XML=
-Parser-2.34-cpan19860-stackoveflow.patch
> new file mode 100644
> index 0000000..14017af
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> @@ -0,0 +1,16 @@
> +diff -urN -U 5 XML-Parser-2.34.orig/Expat/Expat.xs XML-Parser-2.34/Expat=
/Expat.xs
> +--- XML-Parser-2.34.orig/Expat/Expat.xs	2003-07-28 16:41:10.000000000 +0=
200
> ++++ XML-Parser-2.34/Expat/Expat.xs	2006-06-13 11:23:40.000000000 +0200
> +@@ -493,11 +493,11 @@
> +       resume_callbacks(cbv);
> +       cbv->skip_until =3D 0;
> +     }
> +   }
> +=20
> +-  if (cbv->st_serial_stackptr >=3D cbv->st_serial_stacksize) {
> ++  if (cbv->st_serial_stackptr + 1 >=3D cbv->st_serial_stacksize) {
> +     unsigned int newsize =3D cbv->st_serial_stacksize + 512;
> +=20
> +     Renew(cbv->st_serial_stack, newsize, unsigned int);
> +     cbv->st_serial_stacksize =3D newsize;
> +   }
> diff --git a/perl-XML-Parser.spec b/perl-XML-Parser.spec
> index cd0f58b..0ee7aa3 100644
> --- a/perl-XML-Parser.spec
> +++ b/perl-XML-Parser.spec
> @@ -1,7 +1,7 @@
>  %define dist XML-Parser
>  Name: perl-%dist
>  Version: 2.34
> -Release: alt4
> +Release: alt5
> =20
>  Summary: Perl module for parsing XML files
>  License: GPL or Artistic
> @@ -13,10 +13,12 @@ Source0: %dist-%version.tar.bz2
>  # http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/XML/Parser/E=
ncodings/
>  Source1: %name-encodings.tar.bz2
> =20
> -Patch0: %name-2.34-alt-style-subs.patch
> -Patch1: %name-2.34-alt-XSLoader.patch
> +Patch0: perl-XML-Parser-2.34-alt-style-subs.patch
> +Patch1: perl-XML-Parser-2.34-alt-XSLoader.patch
> +Patch2: perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> +Patch3: perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> =20
> -# Added by buildreq2 on Mon Jun 13 2005
> +# Added by buildreq2 on Sat Aug 12 2006
>  BuildRequires: libexpat-devel perl-devel perl-libwww
> =20
>  %description
> @@ -26,12 +28,12 @@ a lower level interface to James Clark's
> =20
>  %prep
>  %setup -q -n %dist-%version -a1
> -%__cp -av Encodings/*.enc Parser/Encodings/
> +cp -pv Encodings/*.enc Parser/Encodings/
>  %patch0 -p1
>  %patch1 -p1
> =20

=F0=CF=DA=CF=D2!  =F7 =D2=C5=DA=D5=CC=D8=D4=C1=D4=C5 =C9=CD=CF=D2=D4=C1 =D7=
 git =D5=D7=C9=C4=C5=CC, =DE=D4=CF =DA=C1=C2=D9=CC =D0=D2=C9=CC=CF=D6=C9=D4=
=D8 =D0=C1=D4=DE=C9.

> -%__cp -av samples examples
> -%__rm -fv examples/REC-xml-19980210.xml
> +cp -av samples examples
> +rm -fv examples/REC-xml-19980210.xml
> =20
>  %build
>  %perl_vendor_build
> @@ -45,6 +47,10 @@ a lower level interface to James Clark's
>  %perl_vendor_autolib/XML
> =20
>  %changelog
> +* Sat Aug 12 2006 Alexey Tourbin <at@altlinux.ru> 2.34-alt5
> +- fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #37=
8411)
> +- fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
> +
>  * Sun Jun 26 2005 Alexey Tourbin <at@altlinux.ru> 2.34-alt4
>  - added support for XSLoader (cpan #13420)
> =20

--YWfczjhUm04al3kG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFLqNLfBKgtDjnu0YRAm7lAKCanh4V0alxsmQkAOmCLccD7l+WvwCbBeqa
v1v+M3DAH14da4TqO3ZrZik=
=mmxy
-----END PGP SIGNATURE-----

--YWfczjhUm04al3kG--