This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 7f0c3cd1e23e801580a7eea7d906ddff90588461 (commit) via 6eae5ef3869284548e8c5c4ccd4f5533c0ee3215 (commit) via 6927560ccd4eb5c2825a26fc520d598060936cde (commit) via 8cbb2a5262b0fd9f8eca4f98cc9c3a5527ac1a6f (commit) via 306c2c0ed073450b17740d442020d665e1e7ec26 (commit) from e4990aee4077e2877b7409236d7192ca85349318 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7f0c3cd1e23e801580a7eea7d906ddff90588461 Merge: 6927560 6eae5ef Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 10 22:05:32 2012 +0100
Merge remote-tracking branch 'stevee/qtermwidget'
commit 6eae5ef3869284548e8c5c4ccd4f5533c0ee3215 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 10 19:43:44 2012 +0100
qtermwidget: Make package work on x86_64.
commit 6927560ccd4eb5c2825a26fc520d598060936cde Merge: 306c2c0e 8cbb2a5 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 10 19:51:33 2012 +0100
Merge remote-tracking branch 'stevee/libxml2'
commit 8cbb2a5262b0fd9f8eca4f98cc9c3a5527ac1a6f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 10 18:48:10 2012 +0100
libxml2: Add patch to fix a double free in XPath.
This fixes CVE-2010-4494.
commit 306c2c0ed073450b17740d442020d665e1e7ec26 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 10 18:40:24 2012 +0100
file: Update to 5.11.
-----------------------------------------------------------------------
Summary of changes: file/file.nm | 2 +- libxml2/libxml2.nm | 18 ++++++++-------- .../patches/libxml2-2.7.7-xpath-double-free.patch | 22 ++++++++++++++++++++ qtermwidget/qtermwidget.nm | 11 ++++----- 4 files changed, 37 insertions(+), 16 deletions(-) create mode 100644 libxml2/patches/libxml2-2.7.7-xpath-double-free.patch
Difference in files: diff --git a/file/file.nm b/file/file.nm index 4dbf3b1..a0bd7ef 100644 --- a/file/file.nm +++ b/file/file.nm @@ -4,7 +4,7 @@ ###############################################################################
name = file -version = 5.10 +version = 5.11 release = 1
groups = System/Tools diff --git a/libxml2/libxml2.nm b/libxml2/libxml2.nm index 8eb4ebf..b907dbf 100644 --- a/libxml2/libxml2.nm +++ b/libxml2/libxml2.nm @@ -5,7 +5,7 @@
name = libxml2 version = 2.7.8 -release = 1 +release = 2
groups = System/Libraries url = http://xmlsoft.org/ @@ -13,14 +13,14 @@ license = MIT summary = Library providing XML and HTML support.
description - This library allows to manipulate XML files. It includes support \ - to read, modify and write XML and HTML files. There is DTDs support \ - this includes parsing and validation even with complex DtDs, either \ - at parse time or later once the document has been modified. The output \ - can be a simple SAX stream or and in-memory DOM like representations. \ - In this case one can use the built-in XPath and XPointer implementation \ - to select subnodes or ranges. A flexible Input/Output mechanism is \ - available, with existing HTTP and FTP modules and combined to an URI \ + This library allows to manipulate XML files. It includes support + to read, modify and write XML and HTML files. There is DTDs support + this includes parsing and validation even with complex DtDs, either + at parse time or later once the document has been modified. The output + can be a simple SAX stream or and in-memory DOM like representations. + In this case one can use the built-in XPath and XPointer implementation + to select subnodes or ranges. A flexible Input/Output mechanism is + available, with existing HTTP and FTP modules and combined to an URI library. end
diff --git a/libxml2/patches/libxml2-2.7.7-xpath-double-free.patch b/libxml2/patches/libxml2-2.7.7-xpath-double-free.patch new file mode 100644 index 0000000..c5dbbee --- /dev/null +++ b/libxml2/patches/libxml2-2.7.7-xpath-double-free.patch @@ -0,0 +1,22 @@ +--- a/xpath.c ++++ a/xpath.c +@@ -11763,11 +11763,16 @@ xmlXPathCompOpEvalPositionalPredicate(xmlXPathParserContextPtr ctxt, + + if ((ctxt->error != XPATH_EXPRESSION_OK) || (res == -1)) { + xmlXPathObjectPtr tmp; +- /* pop the result */ ++ /* pop the result if any */ + tmp = valuePop(ctxt); +- xmlXPathReleaseObject(xpctxt, tmp); +- /* then pop off contextObj, which will be freed later */ +- valuePop(ctxt); ++ if (tmp != contextObj) { ++ /* ++ * Free up the result ++ * then pop off contextObj, which will be freed later ++ */ ++ xmlXPathReleaseObject(xpctxt, tmp); ++ valuePop(ctxt); ++ } + goto evaluation_error; + } diff --git a/qtermwidget/qtermwidget.nm b/qtermwidget/qtermwidget.nm index e5cf76a..fd95ab5 100644 --- a/qtermwidget/qtermwidget.nm +++ b/qtermwidget/qtermwidget.nm @@ -5,7 +5,7 @@
name = qtermwidget version = 0.1 -release = 2 +release = 3
groups = /Tools url = http://qtermwidget.sourceforge.net/ @@ -19,7 +19,7 @@ description console (or terminal emulation widget). end
-source_dl = +source_dl = http://sourceforge.net/projects/%%7Bname%7D/files/sources/%%7Bversion%7D/
build requires @@ -44,15 +44,14 @@ build cp -vf lib/*.h %{BUILDROOT}/usr/include/%{name}
# Only install the library - mkdir -pv %{BUILDROOT}/usr/lib - cp -vf libqtermwidget.so.0 %{BUILDROOT}/usr/lib - ln -svf libqtermwidget.so.0 %{BUILDROOT}/usr/lib/libqtermwidget.so + mkdir -pv %{BUILDROOT}%{libdir} + cp -vf libqtermwidget.so.0 %{BUILDROOT}%{libdir} + ln -svf libqtermwidget.so.0 %{BUILDROOT}%{libdir}/libqtermwidget.so end end
packages package %{name} - end
package %{name}-devel template DEVEL
hooks/post-receive -- IPFire 3.x development tree