[devel] [git update] packages/perl-XML-Parser: tags/2.34-alt5
Alexey Tourbin
=?iso-8859-1?q?at_=CE=C1_altlinux=2Eru?=
Пт Окт 13 00:19:23 MSD 2006
On Fri, Oct 13, 2006 at 12:17:10AM +0400, Alexey M. Tourbin wrote:
> commit e20032dc9365f0dbca96940b5f40f50ab8b7722a
> Author: Alexey Tourbin <at на altlinux.ru>
> Date: Sat Aug 12 07:22:42 2006 +0000
>
> 2.34-alt5
>
> - fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
> - fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
>
>
> Full changes since `2.34-alt4' follow:
> diff --git a/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> new file mode 100644
> index 0000000..cb1176f
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> @@ -0,0 +1,84 @@
> +--- XML-Parser-2.34/Expat/Expat.xs.orig 2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs 2006-08-07 10:37:40.000000000 +0200
> +@@ -289,11 +289,10 @@
> + SV * tbuff;
> + SV * tsiz;
> + char * linebuff;
> + STRLEN lblen;
> + STRLEN br = 0;
> +- int buffsize;
> + int done = 0;
> + int ret = 1;
> + char * msg = NULL;
> + CallbackVector * cbv;
> + char *buff = (char *) 0;
> +@@ -334,37 +333,31 @@
> + && strnEQ(++chk, cbv->delim + 1, cbv->delimlen - 1))
> + lblen -= cbv->delimlen + 1;
> + }
> +
> + PUTBACK ;
> +- buffsize = lblen;
> + done = lblen == 0;
> + }
> + else {
> + tbuff = newSV(0);
> + tsiz = newSViv(BUFSIZE);
> +- buffsize = BUFSIZE;
> + }
> +
> + while (! done)
> + {
> +- char *buffer = XML_GetBuffer(parser, buffsize);
> +-
> +- if (! buffer)
> +- croak("Ran out of memory for input buffer");
> ++ char *buffer, *tb;
> +
> + SAVETMPS;
> +
> + if (cbv->delim) {
> +- Copy(linebuff, buffer, lblen, char);
> ++ tb = linebuff;
> + br = lblen;
> + done = 1;
> + }
> + else {
> + int cnt;
> + SV * rdres;
> +- char * tb;
> +
> + PUSHMARK(SP);
> + EXTEND(SP, 3);
> + PUSHs(ioref);
> + PUSHs(tbuff);
> +@@ -382,18 +375,26 @@
> +
> + if (! SvOK(rdres))
> + croak("read error");
> +
> + tb = SvPV(tbuff, br);
> +- if (br > 0)
> +- Copy(tb, buffer, br, char);
> +- else
> ++ /* br == number of bytes read from stream
> ++ Note that it is possible that br > BUFSIZE if the input stream
> ++ is decoding a non-ASCII source. */
> ++ if (br <= 0)
> + done = 1;
> +
> + PUTBACK ;
> + }
> +
> ++ buffer = XML_GetBuffer(parser, br);
> ++ if (! buffer)
> ++ croak("Ran out of memory for input buffer");
> ++
> ++ if (br > 0)
> ++ Copy(tb, buffer, br, char);
> ++
> + ret = XML_ParseBuffer(parser, br, done);
> +
> + SPAGAIN; /* resync local SP in case callbacks changed global stack */
> +
> + if (! ret)
> diff --git a/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> new file mode 100644
> index 0000000..14017af
> --- /dev/null
> +++ b/perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
> @@ -0,0 +1,16 @@
> +diff -urN -U 5 XML-Parser-2.34.orig/Expat/Expat.xs XML-Parser-2.34/Expat/Expat.xs
> +--- XML-Parser-2.34.orig/Expat/Expat.xs 2003-07-28 16:41:10.000000000 +0200
> ++++ XML-Parser-2.34/Expat/Expat.xs 2006-06-13 11:23:40.000000000 +0200
> +@@ -493,11 +493,11 @@
> + resume_callbacks(cbv);
> + cbv->skip_until = 0;
> + }
> + }
> +
> +- if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) {
> ++ if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) {
> + unsigned int newsize = cbv->st_serial_stacksize + 512;
> +
> + Renew(cbv->st_serial_stack, newsize, unsigned int);
> + cbv->st_serial_stacksize = newsize;
> + }
> diff --git a/perl-XML-Parser.spec b/perl-XML-Parser.spec
> index cd0f58b..0ee7aa3 100644
> --- a/perl-XML-Parser.spec
> +++ b/perl-XML-Parser.spec
> @@ -1,7 +1,7 @@
> %define dist XML-Parser
> Name: perl-%dist
> Version: 2.34
> -Release: alt4
> +Release: alt5
>
> Summary: Perl module for parsing XML files
> License: GPL or Artistic
> @@ -13,10 +13,12 @@ Source0: %dist-%version.tar.bz2
> # http://cvs.livejournal.org/browse.cgi/livejournal/cgi-bin/XML/Parser/Encodings/
> Source1: %name-encodings.tar.bz2
>
> -Patch0: %name-2.34-alt-style-subs.patch
> -Patch1: %name-2.34-alt-XSLoader.patch
> +Patch0: perl-XML-Parser-2.34-alt-style-subs.patch
> +Patch1: perl-XML-Parser-2.34-alt-XSLoader.patch
> +Patch2: perl-XML-Parser-2.34-cpan19859-unicodecrash.patch
> +Patch3: perl-XML-Parser-2.34-cpan19860-stackoveflow.patch
>
> -# Added by buildreq2 on Mon Jun 13 2005
> +# Added by buildreq2 on Sat Aug 12 2006
> BuildRequires: libexpat-devel perl-devel perl-libwww
>
> %description
> @@ -26,12 +28,12 @@ a lower level interface to James Clark's
>
> %prep
> %setup -q -n %dist-%version -a1
> -%__cp -av Encodings/*.enc Parser/Encodings/
> +cp -pv Encodings/*.enc Parser/Encodings/
> %patch0 -p1
> %patch1 -p1
>
Позор! В результате иморта в git увидел, что забыл приложить патчи.
> -%__cp -av samples examples
> -%__rm -fv examples/REC-xml-19980210.xml
> +cp -av samples examples
> +rm -fv examples/REC-xml-19980210.xml
>
> %build
> %perl_vendor_build
> @@ -45,6 +47,10 @@ a lower level interface to James Clark's
> %perl_vendor_autolib/XML
>
> %changelog
> +* Sat Aug 12 2006 Alexey Tourbin <at на altlinux.ru> 2.34-alt5
> +- fix for carsh on utf8 stream (Joris van Rantwijk, cpan #19859, deb #378411)
> +- fix for off-by-one buffer overflow (Joris van Rantwijk, cpan #19860)
> +
> * Sun Jun 26 2005 Alexey Tourbin <at на altlinux.ru> 2.34-alt4
> - added support for XSLoader (cpan #13420)
>
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип : application/pgp-signature
Размер : 189 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url : <http://lists.altlinux.org/pipermail/devel/attachments/20061013/1694d466/attachment-0001.bin>
Подробная информация о списке рассылки Devel