[Pkg-tcltk-commits] r1370 - tdom/trunk/debian/patches

andrewshadoura-guest at alioth.debian.org andrewshadoura-guest at alioth.debian.org
Tue Jun 25 07:31:16 UTC 2013 

Author: andrewshadoura-guest
Date: 2013-06-25 07:31:16 +0000 (Tue, 25 Jun 2013)
New Revision: 1370

Added:
   tdom/trunk/debian/patches/04-xpath.patch
   tdom/trunk/debian/patches/05-pkgindex.patch
   tdom/trunk/debian/patches/06-memcpy.patch
   tdom/trunk/debian/patches/07-CVE-2009-3720.patch
Modified:
   tdom/trunk/debian/patches/series
Log:
Add patches from upstream


Added: tdom/trunk/debian/patches/04-xpath.patch
===================================================================
--- tdom/trunk/debian/patches/04-xpath.patch	                        (rev 0)
+++ tdom/trunk/debian/patches/04-xpath.patch	2013-06-25 07:31:16 UTC (rev 1370)
@@ -0,0 +1,69 @@
+Description:  The XPath function element-available() should, according to the rec,
+ return true "if and only if the <argument> is the name of an
+ instruction". That is, not for all known XSLT elements.
+
+diff --git a/lib/tdom.tcl b/lib/tdom.tcl
+index 5f0bcf8..c6bdd75 100644
+--- a/lib/tdom.tcl
++++ b/lib/tdom.tcl
+@@ -539,20 +539,33 @@ proc ::dom::xpathFunc::element-available { ctxNode pos
+     }
+     foreach { arg1Typ arg1Value } $args break
+     set str [::dom::xpathFuncHelper::coerce2string $arg1Typ $arg1Value ]
++    # The XSLT recommendation says: "The element-available
++    # function returns true if and only if the expanded-name
++    # is the name of an instruction." The following xsl
++    # elements are not in the category instruction.
++    # xsl:attribute-set 
++    # xsl:decimal-format 
++    # xsl:include
++    # xsl:key 
++    # xsl:namespace-alias
++    # xsl:output
++    # xsl:param
++    # xsl:strip-space
++    # xsl:preserve-space
++    # xsl:template
++    # xsl:import
++    # xsl:otherwise
++    # xsl:sort
++    # xsl:stylesheet
++    # xsl:transform
++    # xsl:with-param
++    # xsl:when
+     switch $str {
+-        xsl:stylesheet -
+-        xsl:transform -
+-        xsl:include -
+-        xsl:import -
+-        xsl:strip-space -
+-        xsl:preserve-space -
+-        xsl:template -
+         xsl:apply-templates -
+         xsl:apply-imports -
+         xsl:call-template -
+         xsl:element -
+         xsl:attribute -
+-        xsl:attribute-set -
+         xsl:text -
+         xsl:processing-instruction -
+         xsl:comment -
+@@ -562,18 +575,9 @@ proc ::dom::xpathFunc::element-available { ctxNode pos
+         xsl:for-each -
+         xsl:if -
+         xsl:choose -
+-        xsl:when -
+-        xsl:otherwise -
+-        xsl:sort -
+         xsl:variable -
+-        xsl:param -
+         xsl:copy-of -
+-        xsl:with-param -
+-        xsl:key -
+         xsl:message -
+-        xsl:decimal-format -
+-        xsl:namespace-alias -
+-        xsl:output -
+         xsl:fallback {
+             return [list bool true]
+         }

Added: tdom/trunk/debian/patches/05-pkgindex.patch
===================================================================
--- tdom/trunk/debian/patches/05-pkgindex.patch	                        (rev 0)
+++ tdom/trunk/debian/patches/05-pkgindex.patch	2013-06-25 07:31:16 UTC (rev 1370)
@@ -0,0 +1,16 @@
+Description: Added missing space in target pkgIndex.tcl-hand. Thanks to Gustaf
+ Neumann for reporting the problem and providing a fix.
+
+diff --git a/Makefile.in b/Makefile.in
+index b676873..3bf501a 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -306,7 +306,7 @@ VPATH = $(srcdir):$(srcdir)/expat:$(srcdir)/generic:$(srcdir)/unix:$(srcdir)/win
+ #========================================================================
+ 
+ pkgIndex.tcl-hand:
+-	@(echo 'package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION)\
++	@(echo 'package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \
+ 	"load [list [file join $$dir $(PKG_LIB_FILE)]];\
+          source [list [file join $$dir tdom.tcl]]"'\
+ 	) > pkgIndex.tcl

Added: tdom/trunk/debian/patches/06-memcpy.patch
===================================================================
--- tdom/trunk/debian/patches/06-memcpy.patch	                        (rev 0)
+++ tdom/trunk/debian/patches/06-memcpy.patch	2013-06-25 07:31:16 UTC (rev 1370)
@@ -0,0 +1,15 @@
+Description: Fixed wrong size on memcpy on 64 bit (when sizeof(int)!=sizeof(int*)) 
+
+diff --git a/generic/domxslt.c b/generic/domxslt.c
+index 85c30f6..8a6a9d2 100644
+--- a/generic/domxslt.c
++++ b/generic/domxslt.c
+@@ -2679,7 +2679,7 @@ static int fastMergeSort (
+         }
+     }
+     memcpy(a,    b,     size*sizeof(domNode*));
+-    memcpy(posa, posb,  size*sizeof(int*));
++    memcpy(posa, posb,  size*sizeof(int));
+     memcpy(vs,   vstmp, size*sizeof(char*));
+     memcpy(vd,   vdtmp, size*sizeof(double));
+     return 0;

Added: tdom/trunk/debian/patches/07-CVE-2009-3720.patch
===================================================================
--- tdom/trunk/debian/patches/07-CVE-2009-3720.patch	                        (rev 0)
+++ tdom/trunk/debian/patches/07-CVE-2009-3720.patch	2013-06-25 07:31:16 UTC (rev 1370)
@@ -0,0 +1,15 @@
+Description: Fix for possible DoS attack (see CVE-2009-3720)
+
+diff --git a/expat/xmltok_impl.c b/expat/xmltok_impl.c
+index 1268819..16dfb85 100644
+--- a/expat/xmltok_impl.c
++++ b/expat/xmltok_impl.c
+@@ -1744,7 +1744,7 @@
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \

Modified: tdom/trunk/debian/patches/series
===================================================================
--- tdom/trunk/debian/patches/series	2013-06-24 17:27:42 UTC (rev 1369)
+++ tdom/trunk/debian/patches/series	2013-06-25 07:31:16 UTC (rev 1370)
@@ -1,3 +1,7 @@
 01-shared-expat.patch
 02-kfreebsd.patch
 03-tcl8.6-compat.patch
+04-xpath.patch
+05-pkgindex.patch
+06-memcpy.patch
+07-CVE-2009-3720.patch

More information about the Pkg-tcltk-commits mailing list