1 *** misc/libxml2-2.6.31/configure Fri Jan 11 09:01:56 2008
2 --- misc/build/libxml2-2.6.31/configure Thu Mar 27 14:09:56 2008
6 elif test $ac_cv_prog_cc_g = yes; then
7 if test "$GCC" = yes; then
13 if test "$GCC" = yes; then
19 { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
21 CFLAGS=$ac_save_CFLAGS
22 elif test $ac_cv_prog_cc_g = yes; then
23 if test "$GCC" = yes; then
24 ! CFLAGS="$ADDCFLAGS -g -O2"
26 ! CFLAGS="$ADDCFLAGS -g"
29 if test "$GCC" = yes; then
30 ! CFLAGS="$ADDCFLAGS -O2"
35 { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
39 { echo "$as_me:$LINENO: checking for library containing setsockopt" >&5
40 echo $ECHO_N "checking for library containing setsockopt... $ECHO_C" >&6; }
41 ! if test "${ac_cv_search_setsockopt+set}" = set; then
42 ! echo $ECHO_N "(cached) $ECHO_C" >&6
44 ac_func_search_save_LIBS=$LIBS
45 cat >conftest.$ac_ext <<_ACEOF
49 { echo "$as_me:$LINENO: checking for library containing setsockopt" >&5
50 echo $ECHO_N "checking for library containing setsockopt... $ECHO_C" >&6; }
51 ! #if test "${ac_cv_search_setsockopt+set}" = set; then
52 ! # echo $ECHO_N "(cached) $ECHO_C" >&6
54 ac_func_search_save_LIBS=$LIBS
55 cat >conftest.$ac_ext <<_ACEOF
61 LIBS=$ac_func_search_save_LIBS
63 { echo "$as_me:$LINENO: result: $ac_cv_search_setsockopt" >&5
64 echo "${ECHO_T}$ac_cv_search_setsockopt" >&6; }
65 ac_res=$ac_cv_search_setsockopt
69 LIBS=$ac_func_search_save_LIBS
71 { echo "$as_me:$LINENO: result: $ac_cv_search_setsockopt" >&5
72 echo "${ECHO_T}$ac_cv_search_setsockopt" >&6; }
73 ac_res=$ac_cv_search_setsockopt
74 *** misc/libxml2-2.6.31/ltmain.sh Wed Aug 29 14:28:46 2007
75 --- misc/build/libxml2-2.6.31/ltmain.sh Thu Mar 27 13:54:03 2008
82 ! versuffix=".$current";
90 ! major=.`expr $current - $age`
91 ! versuffix=".$major.$age.$revision";
95 *** misc/libxml2-2.6.31/xml2-config.in Fri Jan 11 08:22:32 2008
96 --- misc/build/libxml2-2.6.31/xml2-config.in Wed Apr 2 11:56:17 2008
102 ! exec_prefix=@exec_prefix@
103 ! includedir=@includedir@
113 ! #exec_prefix=@exec_prefix@
114 ! #includedir=@includedir@
117 + prefix=${SOLARVERSION}/${INPATH}
118 + exec_prefix=${SOLARVERSION}/${INPATH}
119 + includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
120 + libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
130 ! echo @XML_INCLUDEDIR@ @XML_CFLAGS@
138 ! echo -I${includedir}
139 ! # echo @XML_INCLUDEDIR@ @XML_CFLAGS@
148 ! if [ "`uname`" = "Linux" ]
150 ! if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
154 ! echo @XML_LIBDIR@ @XML_LIBS@
157 ! echo @XML_LIBDIR@ @XML_LIBS@ @WIN32_EXTRA_LIBADD@
168 ! echo -L${libdir} ${LIBXML2LIB} ${ZLIB3RDLIB} -lm
169 ! # if [ "`uname`" = "Linux" ]
171 ! # if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
175 ! # echo @XML_LIBDIR@ @XML_LIBS@
178 ! # echo @XML_LIBDIR@ @XML_LIBS@ @WIN32_EXTRA_LIBADD@
182 + print) # ugly configure hack
189 *** misc/libxml2-2.6.31/include/win32config.h Wed Apr 18 09:51:54 2007
190 --- misc/build/libxml2-2.6.31/include/win32config.h Mon Mar 31 19:09:09 2008
194 #if defined(_MSC_VER)
195 #define mkdir(p,m) _mkdir(p)
196 #define snprintf _snprintf
197 + #if _MSC_VER < 1500
198 #define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
200 #elif defined(__MINGW32__)
201 #define mkdir(p,m) _mkdir(p)
203 *** misc/libxml2-2.6.31/include/wsockcompat.h Wed Jan 3 14:07:30 2007
204 --- misc/build/libxml2-2.6.31/include/wsockcompat.h Thu Apr 3 10:15:50 2008
209 /* Check if ws2tcpip.h is a recent version which provides getaddrinfo() */
210 #if defined(GetAddrInfo)
211 + #include <wspiapi.h>
212 #define HAVE_GETADDRINFO
215 *** misc/libxml2-2.6.31/include/libxml/xmlversion.h Fri Jan 11 10:11:19 2008
216 --- misc/build/libxml2-2.6.31/include/libxml/xmlversion.h Thu Mar 27 13:54:03 2008
220 * Whether iconv support is available
223 #define LIBXML_ICONV_ENABLED
228 * Whether iconv support is available
231 #define LIBXML_ICONV_ENABLED
237 * Whether Debugging module is configured in
240 #define LIBXML_DEBUG_ENABLED
245 * Whether Debugging module is configured in
248 #define LIBXML_DEBUG_ENABLED
254 * Whether the memory debugging is configured in
257 #define DEBUG_MEMORY_LOCATION
262 * Whether the memory debugging is configured in
265 #define DEBUG_MEMORY_LOCATION
271 * Whether the runtime debugging is configured in
274 #define LIBXML_DEBUG_RUNTIME
279 * Whether the runtime debugging is configured in
282 #define LIBXML_DEBUG_RUNTIME
285 diff -r -cN misc/libxml2-2.6.31/changelog misc/build/libxml2-2.6.31/changelog
286 *** misc/libxml2-2.6.31/changelog
287 --- misc/build/libxml2-2.6.31/changelog
291 + libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high
293 + * Non-maintainer upload by the Security Team.
294 + * Fix multiple use-after-free flaws when parsing notation and
295 + enumeration attribute types (CVE-2009-2416).
296 + * Fix stack overflow when parsing root XML document element DTD
297 + definition (CVE-2009-2414).
299 + -- Nico Golde <nion@debian.org> Thu, 06 Aug 2009 13:04:00 +0000
301 diff -r -cN misc/libxml2-2.6.31/parser.c misc/build/libxml2-2.6.31/parser.c
302 *** misc/libxml2-2.6.31/parser.c
303 --- misc/build/libxml2-2.6.31/parser.c
307 xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
308 "Name expected in NOTATION declaration\n");
311 cur = xmlCreateEnumeration(name);
312 ! if (cur == NULL) return(ret);
313 if (last == NULL) ret = last = cur;
318 xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
319 "Name expected in NOTATION declaration\n");
320 ! xmlFreeEnumeration(ret);
323 cur = xmlCreateEnumeration(name);
325 ! xmlFreeEnumeration(ret);
329 if (last == NULL) ret = last = cur;
334 } while (RAW == '|');
336 xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
337 ! if ((last != NULL) && (last != ret))
338 ! xmlFreeEnumeration(last);
344 } while (RAW == '|');
346 xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
347 ! xmlFreeEnumeration(ret);
355 cur = xmlCreateEnumeration(name);
357 ! if (cur == NULL) return(ret);
358 if (last == NULL) ret = last = cur;
363 cur = xmlCreateEnumeration(name);
366 ! xmlFreeEnumeration(ret);
370 if (last == NULL) ret = last = cur;
379 + if (ctxt->depth > 128) {
380 + xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
381 + "xmlParseElementChildrenContentDecl : depth %d too deep\n",
392 /* Recurse on first child */
396 cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
404 /* Recurse on second child */
408 last = xmlParseElementChildrenContentDecl(ctxt, inputid);
412 elem = xmlParseName(ctxt);