summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/coreutils-cut-huge-range-test.patch33
-rw-r--r--gnu/packages/patches/gcc-fix-texi2pod.patch19
-rw-r--r--gnu/packages/patches/grep-gnulib-lock.patch32
-rw-r--r--gnu/packages/patches/libxml2-CVE-2016-4658.patch257
-rw-r--r--gnu/packages/patches/libxml2-CVE-2016-5131.patch218
-rw-r--r--gnu/packages/patches/libxslt-CVE-2016-4738.patch39
-rw-r--r--gnu/packages/patches/pcre-CVE-2017-7186.patch56
7 files changed, 19 insertions, 635 deletions
diff --git a/gnu/packages/patches/coreutils-cut-huge-range-test.patch b/gnu/packages/patches/coreutils-cut-huge-range-test.patch
deleted file mode 100644
index e3a0ef28eb..0000000000
--- a/gnu/packages/patches/coreutils-cut-huge-range-test.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-This patch fixes 100% reproducible test failures on arm-linux-gnueabihf in our
-the build environment chroot, as reported at <https://bugs.gnu.org/26253>,
-and now on x86_64-linux-gnu as well. It is a variant of this upstream patch:
-
- commit f5422009389678680dba9ff4ecb7d33632ee3383
- Author: Ludovic Courtès <[email protected]>
- Date: Mon Mar 27 20:34:39 2017 -0700
-
- tests: avoid false ulimit failure on some systems
-
- * tests/misc/cut-huge-range.sh: On some systems returns_ may
- use more memory, so incorporate that in the determination
- of the ulimit value to use. Noticed on ARMv7 with bash-4.4.12,
- and x86_64 with bash-4.2.37.
- Fixes http://bugs.gnu.org/26253
-
-... which appeared to be insufficient.
-
-diff --git a/tests/misc/cut-huge-range.sh b/tests/misc/cut-huge-range.sh
-index 6b3c5b6ed..55b7b640e 100755
---- a/tests/misc/cut-huge-range.sh
-+++ b/tests/misc/cut-huge-range.sh
-@@ -20,9 +20,9 @@
- print_ver_ cut
- getlimits_
-
--vm=$(get_min_ulimit_v_ cut -b1 /dev/null) \
-+vm=$(get_min_ulimit_v_ sh -c 'cut -b1 /dev/null') \
- || skip_ "this shell lacks ulimit support"
- vm=$(($vm + 1000)) # avoid spurious failures
-
- # sed script to subtract one from the input.
- # Each input line should consist of a positive decimal number.
diff --git a/gnu/packages/patches/gcc-fix-texi2pod.patch b/gnu/packages/patches/gcc-fix-texi2pod.patch
new file mode 100644
index 0000000000..28bd56a382
--- /dev/null
+++ b/gnu/packages/patches/gcc-fix-texi2pod.patch
@@ -0,0 +1,19 @@
+This patch was taken from the official GCC git repository.
+X-Git-Url: https://gcc.gnu.org/git/?p=gcc.git;a=blobdiff_plain;f=contrib%2Ftexi2pod.pl;h=91bdbb5cea933d0381f2924ab94490fca31d5800;hp=eba1bcaa3cffa78b46030b219d04fe7d68367658;hb=67b56c905078d49d3e4028085e5cb1e1fb87a8aa;hpb=2f508a78310caab123e9794d3dcfe41f2769449b
+
+It fixes a defect in the contrib/texi2pod.pl script that prevented generating
+manual pages. It was corrected in the GCC 6.X series.
+
+diff --git a/contrib/texi2pod.pl b/contrib/texi2pod.pl
+index eba1bca..91bdbb5 100755
+--- a/contrib/texi2pod.pl
++++ b/contrib/texi2pod.pl
+@@ -316,7 +316,7 @@ while(<$inf>) {
+ @columns = ();
+ for $column (split (/\s*\@tab\s*/, $1)) {
+ # @strong{...} is used a @headitem work-alike
+- $column =~ s/^\@strong{(.*)}$/$1/;
++ $column =~ s/^\@strong\{(.*)\}$/$1/;
+ push @columns, $column;
+ }
+ $_ = "\n=item ".join (" : ", @columns)."\n";
diff --git a/gnu/packages/patches/grep-gnulib-lock.patch b/gnu/packages/patches/grep-gnulib-lock.patch
deleted file mode 100644
index 68c33f1031..0000000000
--- a/gnu/packages/patches/grep-gnulib-lock.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-This patch fix error on 'gnulib' library required to build
-'grep' package on GNU/Hurd.
-The patch was adapted from upstream source repository:
-'<http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=4084b3a1094372b960ce4a97634e08f4538c8bdd>'
-
-Commit: 4084b3a1094372b960ce4a97634e08f4538c8bdd
-
-diff --git a/lib/glthread/lock.c b/lib/glthread/lock.c
-index 061562b..afc86f4 100644
---- a/lib/glthread/lock.c
-+++ b/lib/glthread/lock.c
-@@ -30,7 +30,7 @@
-
- /* ------------------------- gl_rwlock_t datatype ------------------------- */
-
--# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
-+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
-
- # ifdef PTHREAD_RWLOCK_INITIALIZER
-
-diff --git a/lib/glthread/lock.h b/lib/glthread/lock.h
-index ec16d39..67932aa 100644
---- a/lib/glthread/lock.h
-+++ b/lib/glthread/lock.h
-@@ -179,7 +179,7 @@ typedef pthread_mutex_t gl_lock_t;
-
- /* ------------------------- gl_rwlock_t datatype ------------------------- */
-
--# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (__GNU_LIBRARY__ > 1))
-+# if HAVE_PTHREAD_RWLOCK && (HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER || (defined PTHREAD_RWLOCK_WRITER_NONRECURSIVE_INITIALIZER_NP && (__GNU_LIBRARY__ > 1)))
-
- # ifdef PTHREAD_RWLOCK_INITIALIZER
diff --git a/gnu/packages/patches/libxml2-CVE-2016-4658.patch b/gnu/packages/patches/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index a4e1f31fae..0000000000
--- a/gnu/packages/patches/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,257 +0,0 @@
-Fix CVE-2016-4658:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
-
-From c1d1f7121194036608bf555f08d3062a36fd344b Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <[email protected]>
-Date: Tue, 28 Jun 2016 18:34:52 +0200
-Subject: [PATCH] Disallow namespace nodes in XPointer ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-4658.
----
- xpointer.c | 149 +++++++++++++++++++++++--------------------------------------
- 1 file changed, 56 insertions(+), 93 deletions(-)
-
-diff --git a/xpointer.c b/xpointer.c
-index a7b03fbd..694d120e 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
-
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start: the starting node
-+ * @startindex: the start index
-+ * @end: the ending point
-+ * @endindex: the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+ xmlNodePtr end, int endindex) {
-+ xmlXPathObjectPtr ret;
-+
-+ /*
-+ * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+ * Disallow them for now.
-+ */
-+ if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+ if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+ return(NULL);
-+
-+ ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+ if (ret == NULL) {
-+ xmlXPtrErrMemory("allocating range");
-+ return(NULL);
-+ }
-+ memset(ret, 0, sizeof(xmlXPathObject));
-+ ret->type = XPATH_RANGE;
-+ ret->user = start;
-+ ret->index = startindex;
-+ ret->user2 = end;
-+ ret->index2 = endindex;
-+ return(ret);
-+}
-+
-+/**
- * xmlXPtrNewRange:
- * @start: the starting node
- * @startindex: the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
- if (endindex < 0)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = startindex;
-- ret->user2 = end;
-- ret->index2 = endindex;
-+ ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+ end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
- if (start->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start->user;
-- ret->index = start->index;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
- if (end->type != XPATH_POINT)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
- if (end == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = end;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- if (start == NULL)
- return(NULL);
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- ret->user2 = NULL;
-- ret->index2 = -1;
-+ ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
- return(ret);
- }
-
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
- */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+ xmlNodePtr endNode;
-+ int endIndex;
- xmlXPathObjectPtr ret;
-
- if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- return(NULL);
- switch (end->type) {
- case XPATH_POINT:
-+ endNode = end->user;
-+ endIndex = end->index;
-+ break;
- case XPATH_RANGE:
-+ endNode = end->user2;
-+ endIndex = end->index2;
- break;
- case XPATH_NODESET:
- /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- */
- if (end->nodesetval->nodeNr <= 0)
- return(NULL);
-+ endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+ endIndex = -1;
- break;
- default:
- /* TODO */
- return(NULL);
- }
-
-- ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-- if (ret == NULL) {
-- xmlXPtrErrMemory("allocating range");
-- return(NULL);
-- }
-- memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
-- ret->type = XPATH_RANGE;
-- ret->user = start;
-- ret->index = -1;
-- switch (end->type) {
-- case XPATH_POINT:
-- ret->user2 = end->user;
-- ret->index2 = end->index;
-- break;
-- case XPATH_RANGE:
-- ret->user2 = end->user2;
-- ret->index2 = end->index2;
-- break;
-- case XPATH_NODESET: {
-- ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-- ret->index2 = -1;
-- break;
-- }
-- default:
-- STRANGE
-- return(NULL);
-- }
-+ ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
- xmlXPtrRangeCheckOrder(ret);
- return(ret);
- }
---
-2.11.0
-
diff --git a/gnu/packages/patches/libxml2-CVE-2016-5131.patch b/gnu/packages/patches/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 38938c8e3e..0000000000
--- a/gnu/packages/patches/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-Fix CVE-2016-5131:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
-
-Patches copied from upstream source repository (the test suite fails
-without the 2nd patch):
-
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
-
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <[email protected]>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase | 1 +
- xpath.c | 7 ++++-
- xpointer.c | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d6..f19193e7 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
- To node
- ELEMENT p
-
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 : Object is a range :
-+ From node
-+ /
-+ To node
-+ ELEMENT chapter
-+ ATTRIBUTE id
-+ TEXT
-+ content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b1463830..884b1065 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841e..5a01b1b3 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- lc = 1;
- break;
- } else if ((NXT(len) == '(')) {
-- /* Note Type or Function */
-+ /* Node Type or Function */
- if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
- "PathExpr: Type search\n");
- #endif
- lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+ } else if (ctxt->xptr &&
-+ xmlStrEqual(name, BAD_CAST "range-to")) {
-+ lc = 1;
-+#endif
- } else {
- #ifdef DEBUG_STEP
- xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c5105..d74174a3 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
- ret->here = here;
- ret->origin = origin;
-
-- xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
-- xmlXPtrRangeToFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- xmlXPtrRangeFunction);
- xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- * @nargs: the number of args
- *
- * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
- */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-- xmlXPathObjectPtr range;
-- const xmlChar *cur;
-- xmlXPathObjectPtr res, obj;
-- xmlXPathObjectPtr tmp;
-- xmlLocationSetPtr newset = NULL;
-- xmlNodeSetPtr oldset;
-- int i;
--
-- if (ctxt == NULL) return;
-- CHECK_ARITY(1);
-- /*
-- * Save the expression pointer since we will have to evaluate
-- * it multiple times. Initialize the new set.
-- */
-- CHECK_TYPE(XPATH_NODESET);
-- obj = valuePop(ctxt);
-- oldset = obj->nodesetval;
-- ctxt->context->node = NULL;
--
-- cur = ctxt->cur;
-- newset = xmlXPtrLocationSetCreate(NULL);
--
-- for (i = 0; i < oldset->nodeNr; i++) {
-- ctxt->cur = cur;
--
-- /*
-- * Run the evaluation with a node list made of a single item
-- * in the nodeset.
-- */
-- ctxt->context->node = oldset->nodeTab[i];
-- tmp = xmlXPathNewNodeSet(ctxt->context->node);
-- valuePush(ctxt, tmp);
--
-- xmlXPathEvalExpr(ctxt);
-- CHECK_ERROR;
--
-- /*
-- * The result of the evaluation need to be tested to
-- * decided whether the filter succeeded or not
-- */
-- res = valuePop(ctxt);
-- range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
-- if (range != NULL) {
-- xmlXPtrLocationSetAdd(newset, range);
-- }
--
-- /*
-- * Cleanup
-- */
-- if (res != NULL)
-- xmlXPathFreeObject(res);
-- if (ctxt->value == tmp) {
-- res = valuePop(ctxt);
-- xmlXPathFreeObject(res);
-- }
--
-- ctxt->context->node = NULL;
-- }
--
-- /*
-- * The result is used as the new evaluation set.
-- */
-- xmlXPathFreeObject(obj);
-- ctxt->context->node = NULL;
-- ctxt->context->contextSize = -1;
-- ctxt->context->proximityPosition = -1;
-- valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+ int nargs ATTRIBUTE_UNUSED) {
-+ XP_ERROR(XPATH_EXPR_ERROR);
- }
-
- /**
---
-2.11.0
-
-From a005199330b86dada19d162cae15ef9bdcb6baa8 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <[email protected]>
-Date: Tue, 28 Jun 2016 14:19:58 +0200
-Subject: [PATCH] Fix comparison with root node in xmlXPathCmpNodes
-
-This change has already been made in xmlXPathCmpNodesExt but not in
-xmlXPathCmpNodes.
----
- xpath.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/xpath.c b/xpath.c
-index 751665b8..d992841e 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
- * compute depth to root
- */
- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node1)
-+ if (cur->parent == node1)
- return(1);
- depth2++;
- }
- root = cur;
- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
-- if (cur == node2)
-+ if (cur->parent == node2)
- return(-1);
- depth1++;
- }
---
-2.11.0
-
diff --git a/gnu/packages/patches/libxslt-CVE-2016-4738.patch b/gnu/packages/patches/libxslt-CVE-2016-4738.patch
deleted file mode 100644
index a7537c66ca..0000000000
--- a/gnu/packages/patches/libxslt-CVE-2016-4738.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-4738:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738
-https://bugs.chromium.org/p/chromium/issues/detail?id=619006
-
-Patch copied from upstream source repository:
-https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
-
-From eb1030de31165b68487f288308f9d1810fed6880 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <[email protected]>
-Date: Fri, 10 Jun 2016 14:23:58 +0200
-Subject: [PATCH] Fix heap overread in xsltFormatNumberConversion
-
-An empty decimal-separator could cause a heap overread. This can be
-exploited to leak a couple of bytes after the buffer that holds the
-pattern string.
-
-Found with afl-fuzz and ASan.
----
- libxslt/numbers.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/libxslt/numbers.c b/libxslt/numbers.c
-index d1549b4..e78c46b 100644
---- a/libxslt/numbers.c
-+++ b/libxslt/numbers.c
-@@ -1090,7 +1090,8 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
- }
-
- /* We have finished the integer part, now work on fraction */
-- if (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) {
-+ if ( (*the_format != 0) &&
-+ (xsltUTF8Charcmp(the_format, self->decimalPoint) == 0) ) {
- format_info.add_decimal = TRUE;
- the_format += xsltUTF8Size(the_format); /* Skip over the decimal */
- }
---
-2.10.2
-
diff --git a/gnu/packages/patches/pcre-CVE-2017-7186.patch b/gnu/packages/patches/pcre-CVE-2017-7186.patch
deleted file mode 100644
index d23aa10374..0000000000
--- a/gnu/packages/patches/pcre-CVE-2017-7186.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Patch for <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
-from <https://vcs.pcre.org/pcre?view=revision&revision=1688>.
-
---- trunk/pcre_internal.h 2016/05/21 13:34:44 1649
-+++ trunk/pcre_internal.h 2017/02/24 17:30:30 1688
-@@ -2772,6 +2772,9 @@
- extern const pcre_uint16 PRIV(ucd_stage2)[];
- extern const pcre_uint32 PRIV(ucp_gentype)[];
- extern const pcre_uint32 PRIV(ucp_gbtable)[];
-+#ifdef COMPILE_PCRE32
-+extern const ucd_record PRIV(dummy_ucd_record)[];
-+#endif
- #ifdef SUPPORT_JIT
- extern const int PRIV(ucp_typerange)[];
- #endif
-@@ -2780,9 +2783,15 @@
- /* UCD access macros */
-
- #define UCD_BLOCK_SIZE 128
--#define GET_UCD(ch) (PRIV(ucd_records) + \
-+#define REAL_GET_UCD(ch) (PRIV(ucd_records) + \
- PRIV(ucd_stage2)[PRIV(ucd_stage1)[(int)(ch) / UCD_BLOCK_SIZE] * \
- UCD_BLOCK_SIZE + (int)(ch) % UCD_BLOCK_SIZE])
-+
-+#ifdef COMPILE_PCRE32
-+#define GET_UCD(ch) ((ch > 0x10ffff)? PRIV(dummy_ucd_record) : REAL_GET_UCD(ch))
-+#else
-+#define GET_UCD(ch) REAL_GET_UCD(ch)
-+#endif
-
- #define UCD_CHARTYPE(ch) GET_UCD(ch)->chartype
- #define UCD_SCRIPT(ch) GET_UCD(ch)->script
-
---- trunk/pcre_ucd.c 2014/06/19 07:51:39 1490
-+++ trunk/pcre_ucd.c 2017/02/24 17:30:30 1688
-@@ -38,6 +38,20 @@
- const pcre_uint32 PRIV(ucd_caseless_sets)[] = {0};
- #else
-
-+/* If the 32-bit library is run in non-32-bit mode, character values
-+greater than 0x10ffff may be encountered. For these we set up a
-+special record. */
-+
-+#ifdef COMPILE_PCRE32
-+const ucd_record PRIV(dummy_ucd_record)[] = {{
-+ ucp_Common, /* script */
-+ ucp_Cn, /* type unassigned */
-+ ucp_gbOther, /* grapheme break property */
-+ 0, /* case set */
-+ 0, /* other case */
-+ }};
-+#endif
-+
- /* When recompiling tables with a new Unicode version, please check the
- types in this structure definition from pcre_internal.h (the actual
- field names will be different):
generated by cgit v1.2.3 (git 2.45.2) at 2025-06-20 14:07:09 +0000