Compare commits
No commits in common. "280bd3d8e82d4490d8dc33392191e7a9e66716fd" and "7ad853138b41a9a751db72ce4a6e7f9fd8c328fc" have entirely different histories.
280bd3d8e8
...
7ad853138b
@ -1,14 +0,0 @@
|
||||
diff -Naur tinyxml/tinyxml.h tinyxml_new/tinyxml.h
|
||||
--- tinyxml/tinyxml.h 2011-05-15 10:24:57.000000000 +0800
|
||||
+++ tinyxml_new/tinyxml.h 2023-04-27 20:10:36.533804686 +0800
|
||||
@@ -26,6 +26,10 @@
|
||||
#ifndef TINYXML_INCLUDED
|
||||
#define TINYXML_INCLUDED
|
||||
|
||||
+#ifndef TIXML_USE_STL
|
||||
+#define TIXML_USE_STL
|
||||
+#endif
|
||||
+
|
||||
#ifdef _MSC_VER
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 4530 )
|
||||
@ -1,32 +0,0 @@
|
||||
From f7ca0035d17a663f55668e662b840afce7b86112 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Voegl <cvoegl@suse.com>
|
||||
Date: Wed, 27 Oct 2021 11:25:18 +0200
|
||||
Subject: [PATCH] In stamp always advance the pointer if *p= 0xef
|
||||
|
||||
The current implementation only advanced if 0xef is followed
|
||||
by two non-zero bytes. In case of malformed input (0xef should be
|
||||
the start byte of a three byte character) this leads to an infinite
|
||||
loop. (CVE-2021-42260)
|
||||
---
|
||||
tinyxmlparser.cpp | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
|
||||
index 81b7eae..8aa0dfa 100755
|
||||
--- a/tinyxmlparser.cpp
|
||||
+++ b/tinyxmlparser.cpp
|
||||
@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
|
||||
else
|
||||
{ p +=3; ++col; } // A normal character.
|
||||
}
|
||||
+ else
|
||||
+ {
|
||||
+ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
|
||||
+ // there is something wrong here. Just advance the pointer to evade infinite loops
|
||||
+ ++p;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
--
|
||||
2.33.0
|
||||
@ -1,28 +0,0 @@
|
||||
From: Guilhem Moulin <guilhem@debian.org>
|
||||
Date: Sat, 30 Dec 2023 14:15:54 +0100
|
||||
Subject: Avoid reachable assertion via crafted XML document with a '\0'
|
||||
located after whitespace
|
||||
|
||||
Bug: https://www.forescout.com/resources/sierra21-vulnerabilities
|
||||
Bug-Debian: https://bugs.debian.org/1059315
|
||||
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-34194
|
||||
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2023-40462
|
||||
---
|
||||
tinyxmlparser.cpp | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
|
||||
index 8aa0dfa..1601962 100644
|
||||
--- a/tinyxmlparser.cpp
|
||||
+++ b/tinyxmlparser.cpp
|
||||
@@ -1606,6 +1606,10 @@ const char* TiXmlDeclaration::Parse( const char* p, TiXmlParsingData* data, TiXm
|
||||
}
|
||||
|
||||
p = SkipWhiteSpace( p, _encoding );
|
||||
+ if ( !p || !*p )
|
||||
+ {
|
||||
+ break;
|
||||
+ }
|
||||
if ( StringEqual( p, "version", true, _encoding ) )
|
||||
{
|
||||
TiXmlAttribute attrib;
|
||||
32
tinyxml.spec
32
tinyxml.spec
@ -1,13 +1,10 @@
|
||||
Name: tinyxml
|
||||
Version: 2.6.2
|
||||
Release: 25
|
||||
Release: 20
|
||||
Summary: C++ XML parser
|
||||
License: zlib
|
||||
URL: http://www.grinninglizard.com/tinyxml/
|
||||
Source0: http://downloads.sourceforge.net/tinyxml/tinyxml_2_6_2.tar.gz
|
||||
Patch0001: CVE-2021-42260.patch
|
||||
Patch0002: 2-fix-devel-package-error.patch
|
||||
Patch0003: CVE-2023-34194.patch
|
||||
BuildRequires: gcc-c++
|
||||
|
||||
%description
|
||||
@ -26,15 +23,15 @@ The devel package contains development files for tinyxml.
|
||||
It provides header files and libraries for tinyxml.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n tinyxml
|
||||
%autosetup -n tinyxml
|
||||
touch tinyxml.h
|
||||
|
||||
%build
|
||||
%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxml.cpp.o -c tinyxml.cpp
|
||||
%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinystr.cpp.o -c tinystr.cpp
|
||||
%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxmlerror.cpp.o -c tinyxmlerror.cpp
|
||||
%{__cxx} $RPM_OPT_FLAGS -fPIC -o tinyxmlparser.cpp.o -c tinyxmlparser.cpp
|
||||
%{__cxx} $RPM_LD_FLAGS -shared -o libtinyxml.so.0.%{version} -Wl,-soname,libtinyxml.so.0 *.cpp.o
|
||||
g++ $RPM_OPT_FLAGS -fPIC -o tinyxml.cpp.o -c tinyxml.cpp
|
||||
g++ $RPM_OPT_FLAGS -fPIC -o tinystr.cpp.o -c tinystr.cpp
|
||||
g++ $RPM_OPT_FLAGS -fPIC -o tinyxmlerror.cpp.o -c tinyxmlerror.cpp
|
||||
g++ $RPM_OPT_FLAGS -fPIC -o tinyxmlparser.cpp.o -c tinyxmlparser.cpp
|
||||
g++ $RPM_LD_FLAGS -shared -o libtinyxml.so.0.%{version} -Wl,-soname,libtinyxml.so.0 *.cpp.o
|
||||
|
||||
|
||||
%install
|
||||
@ -66,21 +63,6 @@ mkdir -p %{buildroot}%{_libdir}/pkgconfig
|
||||
%{_libdir}/*.so
|
||||
|
||||
%changelog
|
||||
* Wed Jan 08 2025 Suyun <ziyu.oerv@isrc.iscas.ac.cn> - 2.6.2-25
|
||||
- Use __cxx marco to support Clang
|
||||
|
||||
* Tue Dec 24 2024 Jianmin <jianmin@iscas.ac.cn> - 2.6.2-24
|
||||
- fix CVE-2023-34194
|
||||
|
||||
* Fri Apr 28 2023 will_niutao <huawei2@huawei.com> - 2.6.2-23
|
||||
- fix the devel package error
|
||||
|
||||
* Thu Jan 27 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-22
|
||||
- Change the patch name to CVE-2021-42260.patch.
|
||||
|
||||
* Mon Nov 1 2021 Zhiyi Weng <zhiyi@iscas.ac.cn> - 2.6.2-21
|
||||
- Fix CVE-2021-42260
|
||||
|
||||
* Tue Oct 26 2021 chenchen <chen_aka_jan@163.com> - 2.6.2-20
|
||||
- change the spec file name to be the same as the repo name
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user