| #
ebc59d3f |
| 30-Sep-2020 |
Don Lewis |
libxml2 bug fixes from upstream
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
libxml2 bug fixes from upstream
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Thu, 12 Dec 2019 17:30:55 +0800
Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities
When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
return NULL which cause a infinite loop in xmlStringLenDecodeEntities
Found with libFuzzer.
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 7 Aug 2020 21:54:27 +0200
Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout'
Make sure that truncated UTF-8 sequences don't cause an out-of-bounds
array access.
Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for
the report.
Fixes #178.
From: Zhipeng Xie <xiezhipeng1@huawei.com>
Date: Tue, 20 Aug 2019 16:33:06 +0800
Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
vctxt->xsiAssemble to 0 again which cause the alloced schema
can not be freed anymore.
Found with libFuzzer.
Patch by: Zhipeng Xie <xiezhipeng1@huawei.com> via gnome.org
Patch by: Nick Wellnhofer <wellnhofer@aevum.de> via gnome.org
show more ...
|
|
Revision tags: 420-Dev2-m2 |
|
| #
fb46da01 |
| 13-Nov-2019 |
Don Lewis |
Upgrade libxslt to version 1.1.34 and libxml2 to version 2.9.10.
This version of libxslt contains the bugfix and three CVE patches that
we had cherry picked from upstream.
|
| #
193e2a48 |
| 08-Oct-2019 |
Don Lewis |
Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.
libxml2-nan-inf-fix.patch has been incorporated upstream.
Cherry-pick four upstream post 1.1.33 libxslt commits to ad
Upgrade libxml2 to version 2.9.9 and libxslt to version 1.1.33.
libxml2-nan-inf-fix.patch has been incorporated upstream.
Cherry-pick four upstream post 1.1.33 libxslt commits to address three
CVEs and one functionality regression. Without the latter fix, xsltproc
generates bad code for the writerfilter module causing a build failure.
show more ...
|
|
Revision tags: AOO417, AOO420-Dev-m1, AOO416, AOO416-RC1 |
|
| #
d095bc29 |
| 25-Aug-2018 |
Don Lewis |
Upgrade bundled libxml2 to version 2.9.8 and libxslt to version
1.1.32. Some of the patches for the previous version of libxml2
have been picked up upstream and are no longer needed. One ne
Upgrade bundled libxml2 to version 2.9.8 and libxslt to version
1.1.32. Some of the patches for the previous version of libxml2
have been picked up upstream and are no longer needed. One new
patch is needed for clean builds on Windows, so cherrypick it from
upstream.
git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1839130 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|
|
Revision tags: AOO415, AOO414, AOO413 |
|
| #
8aefc987 |
| 28-Aug-2016 |
truckman |
Upgrade bundled libxml2 from version 2.9.3 to version 2.9.4 to fix:
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
Upgrade bundled libxml2 from version 2.9.3 to version 2.9.4 to fix:
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4449
CVE-2016-4483
It is not known whether any of these affect OpenOffice.
Import a post-2.9.4 patch from the upstream git repo to fix a build
problem on systems with pre-C99 compilers.
git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1758150 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|
|
Revision tags: AOO4121 |
|
| #
4a0a8088 |
| 15-Jun-2016 |
truckman |
#i126893#: Upgrade bundled libxml2 version to 2.9.3 and libxslt to 1.1.28
These security vulnerabilities have been fixed since the release of
libxml2-2.7.8 which is bundled with OpenOffi
#i126893#: Upgrade bundled libxml2 version to 2.9.3 and libxslt to 1.1.28
These security vulnerabilities have been fixed since the release of
libxml2-2.7.8 which is bundled with OpenOffice:
CVE-2011-3202
CVE-2011-3919
CVE-2013-0338
CVE-2013-0339
CVE-2013-2877
CVE-2014-0191
CVE-2014-3660
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499
CVE-2015-7500
CVE-2015-7941
CVE-2015-7942
CVE-2015-8035
CVE-2015-8241
CVE-2015-8242
This vulnerability has been fixed since the release of libxslt-1.1.26:
CVE-2015-7995
Upgrade libxml2 to version 2.9.3 which has no publicly disclosed
vulnerabilities at this time.
Rebase libxml2-configure.patch to the new version of libxml2. The
freebsd-elf change to ltmain.sh is no longer necessary and is eliminated
from the patch. The fixes in libxml2-fixes.patch were either fixed
upstream or don't seem to apply anymore, so this patch file was deleted.
The fixes in libxml2-testapi.patch and libxml2-runtest.patch are in now
in the upstream source, so these patch files have been deleted.
The libxml2-mingw.patch and Solaris-specific libxml2-global-symbols.patch
were not updated and are disconnected from the build. Several of the
fixes in libxml2-long-path.patch are now fixed upstream.
Upgrade libxslt to version 1.1.28 and add libxslt-CVE-2015-7995.patch,
which is imported from the FreeBSD port and which appears to have been
cherry picked from upstream.
Rebase libxslt-configure.patch to the new version of libxslt, with
the libtool-related changes coming from the libxslt port to FreeBSD.
The fixes in libxslt-bsd.patch are now present in the upstream
source, so this patch was deleted.
Tested by: kschenk
git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1748497 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|
|
Revision tags: AOO412, SNAPSHOT, AOO411, AOO410, AOO410_Beta, AOO401, AOO400 |
|
| #
887c5134 |
| 20-Dec-2012 |
Pedro Giffuni |
i121528 - Update internal libxml2 to version 2.7.8.
Despite not being the latest version, 2.7.8 has been relatively well
tested and introduces no API changes.
The last update to
i121528 - Update internal libxml2 to version 2.7.8.
Despite not being the latest version, 2.7.8 has been relatively well
tested and introduces no API changes.
The last update to our internal XML C parser was done in Oct 6 2009,
so the list of enhancements is quite big:
http://xmlsoft.org/news.html
In addition to the normal updates we include a couple of vulnerability
fixes from FreeBSD.
git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1424721 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|
|
Revision tags: AOO340 |
|
| #
c6c5eeba |
| 31-May-2012 |
Jian Fang Zhang |
Restore the incorrectly removed message in libxml2 makefile.mk
git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1344546 13f79535-47bb-0310-9956-ffa450edef68
|
| #
00bc49ba |
| 31-May-2012 |
Jian Fang Zhang |
Fix issue #93433: build breaks in libxml2 on Korean Windows due to special character
* /libmxl2/libxml2-testapi.patch : replaced '\248' encoded in ISO-8859-1 with '\xf8'
* /libmxl2/libxm
Fix issue #93433: build breaks in libxml2 on Korean Windows due to special character
* /libmxl2/libxml2-testapi.patch : replaced '\248' encoded in ISO-8859-1 with '\xf8'
* /libmxl2/libxml2-runtest.patch : replaced 'e' encoded in ISO-8859-1 as in 'resume' with \xe9
Patch by: tora3@nichoume.com
git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1344534 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|
| #
752c0af7 |
| 15-Feb-2012 |
Herbert Dürr |
remove svn:executable properties from make and pack files
git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1244512 13f79535-47bb-0310-9956-ffa450edef68
|
| #
7871dc3e |
| 11-Jan-2012 |
Andrew Rist |
Update headers to Alv2 headers
git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1229815 13f79535-47bb-0310-9956-ffa450edef68
|
| #
cdf0e10c |
| 16-Aug-2011 |
rcweir |
Initial import of the old OOo hg repository tip revision.
.../trunk/main is a copy of (currently tip-most)
http://hg.services.openoffice.org/OOO340/rev/c904c1944462
.../trunk/
Initial import of the old OOo hg repository tip revision.
.../trunk/main is a copy of (currently tip-most)
http://hg.services.openoffice.org/OOO340/rev/c904c1944462
.../trunk/extras/l10n is a copy of (currently tip-most)
http://hg.services.openoffice.org/master_l10n/OOO340/rev/af6bc9467af5
Note that the following files with line-end and/or encoding anomalies were left out (they will need to be to be checked in separately):
/ooo/trunk/core/dictionaries/de_DE/README_hyph_de_DE.txt
/ooo/trunk/core/dictionaries/de_CH/README_hyph_de_CH.txt
/ooo/trunk/core/dictionaries/de_AT/README_hyph_de_AT.txt
/ooo/trunk/core/gettext/gettext-0.18.1.1.patch
/ooo/trunk/core/apache-commons/patches/codec.patch
/ooo/trunk/core/libcroco/libcroco-0.6.2.patch
/ooo/trunk/core/testautomation/writer/optional/input/import/mactext.txt
/ooo/trunk/core/graphite/graphite-2.3.1.patch
/ooo/trunk/core/hwpfilter/source/hwpeq.cpp
/ooo/trunk/core/solenv/bin/cwstouched.pl
/ooo/trunk/core/readlicense_oo/html/THIRDPARTYLICENSEREADME.html
/ooo/trunk/core/writerfilter/source/doctok/escher.html
/ooo/trunk/core/writerfilter/source/odiapi/qname/resource/office2003/WordprocessingML Schemas/xsdlib.xsd
/ooo/trunk/core/writerfilter/source/odiapi/qname/resource/office2003/WordprocessingML Schemas/wordnetaux.xsd
/ooo/trunk/core/filter/source/xslt/odf2xhtml/export/common/body.xsl
/ooo/trunk/core/filter/source/xslt/odf2xhtml/export/common/styles/style_mapping_css.xsl
Also: Repository.mk from the l10n toplevel
git-svn-id: https://svn.apache.org/repos/asf/incubator/ooo/trunk@1162288 13f79535-47bb-0310-9956-ffa450edef68
show more ...
|