diff options
Diffstat (limited to 'gnu/packages/patches')
19 files changed, 0 insertions, 1064 deletions
diff --git a/gnu/packages/patches/libxml2-CVE-2015-1819.patch b/gnu/packages/patches/libxml2-CVE-2015-1819.patch deleted file mode 100644 index 58461c73b2..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-1819.patch +++ /dev/null @@ -1,176 +0,0 @@ -From 213f1fe0d76d30eaed6e5853057defc43e6df2c9 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Tue, 14 Apr 2015 17:41:48 +0800 -Subject: [PATCH] CVE-2015-1819 Enforce the reader to run in constant memory - -One of the operation on the reader could resolve entities -leading to the classic expansion issue. Make sure the -buffer used for xmlreader operation is bounded. -Introduce a new allocation type for the buffers for this effect. ---- - buf.c | 43 ++++++++++++++++++++++++++++++++++++++++++- - include/libxml/tree.h | 3 ++- - xmlreader.c | 20 +++++++++++++++++++- - 3 files changed, 63 insertions(+), 3 deletions(-) - -diff --git a/buf.c b/buf.c -index 6efc7b6..07922ff 100644 ---- a/buf.c -+++ b/buf.c -@@ -27,6 +27,7 @@ - #include <libxml/tree.h> - #include <libxml/globals.h> - #include <libxml/tree.h> -+#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */ - #include "buf.h" - - #define WITH_BUFFER_COMPAT -@@ -299,7 +300,8 @@ xmlBufSetAllocationScheme(xmlBufPtr buf, - if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) || - (scheme == XML_BUFFER_ALLOC_EXACT) || - (scheme == XML_BUFFER_ALLOC_HYBRID) || -- (scheme == XML_BUFFER_ALLOC_IMMUTABLE)) { -+ (scheme == XML_BUFFER_ALLOC_IMMUTABLE) || -+ (scheme == XML_BUFFER_ALLOC_BOUNDED)) { - buf->alloc = scheme; - if (buf->buffer) - buf->buffer->alloc = scheme; -@@ -458,6 +460,18 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) { - size = buf->use + len + 100; - #endif - -+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { -+ /* -+ * Used to provide parsing limits -+ */ -+ if ((buf->use + len >= XML_MAX_TEXT_LENGTH) || -+ (buf->size >= XML_MAX_TEXT_LENGTH)) { -+ xmlBufMemoryError(buf, "buffer error: text too long\n"); -+ return(0); -+ } -+ if (size >= XML_MAX_TEXT_LENGTH) -+ size = XML_MAX_TEXT_LENGTH; -+ } - if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { - size_t start_buf = buf->content - buf->contentIO; - -@@ -739,6 +753,15 @@ xmlBufResize(xmlBufPtr buf, size_t size) - CHECK_COMPAT(buf) - - if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); -+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { -+ /* -+ * Used to provide parsing limits -+ */ -+ if (size >= XML_MAX_TEXT_LENGTH) { -+ xmlBufMemoryError(buf, "buffer error: text too long\n"); -+ return(0); -+ } -+ } - - /* Don't resize if we don't have to */ - if (size < buf->size) -@@ -867,6 +890,15 @@ xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { - - needSize = buf->use + len + 2; - if (needSize > buf->size){ -+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { -+ /* -+ * Used to provide parsing limits -+ */ -+ if (needSize >= XML_MAX_TEXT_LENGTH) { -+ xmlBufMemoryError(buf, "buffer error: text too long\n"); -+ return(-1); -+ } -+ } - if (!xmlBufResize(buf, needSize)){ - xmlBufMemoryError(buf, "growing buffer"); - return XML_ERR_NO_MEMORY; -@@ -938,6 +970,15 @@ xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) { - } - needSize = buf->use + len + 2; - if (needSize > buf->size){ -+ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { -+ /* -+ * Used to provide parsing limits -+ */ -+ if (needSize >= XML_MAX_TEXT_LENGTH) { -+ xmlBufMemoryError(buf, "buffer error: text too long\n"); -+ return(-1); -+ } -+ } - if (!xmlBufResize(buf, needSize)){ - xmlBufMemoryError(buf, "growing buffer"); - return XML_ERR_NO_MEMORY; -diff --git a/include/libxml/tree.h b/include/libxml/tree.h -index 2f90717..4a9b3bc 100644 ---- a/include/libxml/tree.h -+++ b/include/libxml/tree.h -@@ -76,7 +76,8 @@ typedef enum { - XML_BUFFER_ALLOC_EXACT, /* grow only to the minimal size */ - XML_BUFFER_ALLOC_IMMUTABLE, /* immutable buffer */ - XML_BUFFER_ALLOC_IO, /* special allocation scheme used for I/O */ -- XML_BUFFER_ALLOC_HYBRID /* exact up to a threshold, and doubleit thereafter */ -+ XML_BUFFER_ALLOC_HYBRID, /* exact up to a threshold, and doubleit thereafter */ -+ XML_BUFFER_ALLOC_BOUNDED /* limit the upper size of the buffer */ - } xmlBufferAllocationScheme; - - /** -diff --git a/xmlreader.c b/xmlreader.c -index f19e123..471e7e2 100644 ---- a/xmlreader.c -+++ b/xmlreader.c -@@ -2091,6 +2091,9 @@ xmlNewTextReader(xmlParserInputBufferPtr input, const char *URI) { - "xmlNewTextReader : malloc failed\n"); - return(NULL); - } -+ /* no operation on a reader should require a huge buffer */ -+ xmlBufSetAllocationScheme(ret->buffer, -+ XML_BUFFER_ALLOC_BOUNDED); - ret->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); - if (ret->sax == NULL) { - xmlBufFree(ret->buffer); -@@ -3616,6 +3619,7 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) { - return(((xmlNsPtr) node)->href); - case XML_ATTRIBUTE_NODE:{ - xmlAttrPtr attr = (xmlAttrPtr) node; -+ const xmlChar *ret; - - if ((attr->children != NULL) && - (attr->children->type == XML_TEXT_NODE) && -@@ -3629,10 +3633,21 @@ xmlTextReaderConstValue(xmlTextReaderPtr reader) { - "xmlTextReaderSetup : malloc failed\n"); - return (NULL); - } -+ xmlBufSetAllocationScheme(reader->buffer, -+ XML_BUFFER_ALLOC_BOUNDED); - } else - xmlBufEmpty(reader->buffer); - xmlBufGetNodeContent(reader->buffer, node); -- return(xmlBufContent(reader->buffer)); -+ ret = xmlBufContent(reader->buffer); -+ if (ret == NULL) { -+ /* error on the buffer best to reallocate */ -+ xmlBufFree(reader->buffer); -+ reader->buffer = xmlBufCreateSize(100); -+ xmlBufSetAllocationScheme(reader->buffer, -+ XML_BUFFER_ALLOC_BOUNDED); -+ ret = BAD_CAST ""; -+ } -+ return(ret); - } - break; - } -@@ -5131,6 +5146,9 @@ xmlTextReaderSetup(xmlTextReaderPtr reader, - "xmlTextReaderSetup : malloc failed\n"); - return (-1); - } -+ /* no operation on a reader should require a huge buffer */ -+ xmlBufSetAllocationScheme(reader->buffer, -+ XML_BUFFER_ALLOC_BOUNDED); - if (reader->sax == NULL) - reader->sax = (xmlSAXHandler *) xmlMalloc(sizeof(xmlSAXHandler)); - if (reader->sax == NULL) { --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-CVE-2015-7941-pt1.patch b/gnu/packages/patches/libxml2-CVE-2015-7941-pt1.patch deleted file mode 100644 index 4ca49039b2..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-7941-pt1.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Mon, 23 Feb 2015 11:17:35 +0800 -Subject: [PATCH] Stop parsing on entities boundaries errors - -For https://bugzilla.gnome.org/show_bug.cgi?id=744980 - -There are times, like on unterminated entities that it's preferable to -stop parsing, even if that means less error reporting. Entities are -feeding the parser on further processing, and if they are ill defined -then it's possible to get the parser to bug. Also do the same on -Conditional Sections if the input is broken, as the structure of -the document can't be guessed. ---- - parser.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/parser.c b/parser.c -index a8d1b67..bbe97eb 100644 ---- a/parser.c -+++ b/parser.c -@@ -5658,6 +5658,7 @@ xmlParseEntityDecl(xmlParserCtxtPtr ctxt) { - if (RAW != '>') { - xmlFatalErrMsgStr(ctxt, XML_ERR_ENTITY_NOT_FINISHED, - "xmlParseEntityDecl: entity %s not terminated\n", name); -+ xmlStopParser(ctxt); - } else { - if (input != ctxt->input) { - xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY, --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-CVE-2015-7941-pt2.patch b/gnu/packages/patches/libxml2-CVE-2015-7941-pt2.patch deleted file mode 100644 index 30563a46b6..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-7941-pt2.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Mon, 23 Feb 2015 11:29:20 +0800 -Subject: [PATCH] Cleanup conditional section error handling - -For https://bugzilla.gnome.org/show_bug.cgi?id=744980 - -The error handling of Conditional Section also need to be -straightened as the structure of the document can't be -guessed on a failure there and it's better to stop parsing -as further errors are likely to be irrelevant. ---- - parser.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/parser.c b/parser.c -index bbe97eb..fe603ac 100644 ---- a/parser.c -+++ b/parser.c -@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { - SKIP_BLANKS; - if (RAW != '[') { - xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); -+ xmlStopParser(ctxt); -+ return; - } else { - if (ctxt->input->id != id) { - xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, -@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { - SKIP_BLANKS; - if (RAW != '[') { - xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); -+ xmlStopParser(ctxt); -+ return; - } else { - if (ctxt->input->id != id) { - xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, -@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { - - } else { - xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL); -+ xmlStopParser(ctxt); -+ return; - } - - if (RAW == 0) --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-CVE-2015-7942-pt1.patch b/gnu/packages/patches/libxml2-CVE-2015-7942-pt1.patch deleted file mode 100644 index bd9077d7c4..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-7942-pt1.patch +++ /dev/null @@ -1,32 +0,0 @@ -From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 23 Oct 2015 19:02:28 +0800 -Subject: [PATCH] Another variation of overflow in Conditional sections - -Which happen after the previous fix to -https://bugzilla.gnome.org/show_bug.cgi?id=756456 - -But stopping the parser and exiting we didn't pop the intermediary entities -and doing the SKIP there applies on an input which may be too small ---- - parser.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index a65e4cc..b9217ff 100644 ---- a/parser.c -+++ b/parser.c -@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { - "All markup of the conditional section is not in the same entity\n", - NULL, NULL); - } -- SKIP(3); -+ if ((ctxt-> instate != XML_PARSER_EOF) && -+ ((ctxt->input->cur + 3) < ctxt->input->end)) -+ SKIP(3); - } - } - --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-CVE-2015-7942-pt2.patch b/gnu/packages/patches/libxml2-CVE-2015-7942-pt2.patch deleted file mode 100644 index 115d369ac3..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-7942-pt2.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Tue, 27 Oct 2015 10:53:44 +0800 -Subject: [PATCH] Fix an error in previous Conditional section patch - -an off by one mistake in the change, led to error on correct -document where the end of the included entity was exactly -the end of the conditional section, leading to regtest failure ---- - parser.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index b9217ff..d67b300 100644 ---- a/parser.c -+++ b/parser.c -@@ -6916,7 +6916,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { - NULL, NULL); - } - if ((ctxt-> instate != XML_PARSER_EOF) && -- ((ctxt->input->cur + 3) < ctxt->input->end)) -+ ((ctxt->input->cur + 3) <= ctxt->input->end)) - SKIP(3); - } - } --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-CVE-2015-8035.patch b/gnu/packages/patches/libxml2-CVE-2015-8035.patch deleted file mode 100644 index d29c96228e..0000000000 --- a/gnu/packages/patches/libxml2-CVE-2015-8035.patch +++ /dev/null @@ -1,31 +0,0 @@ -From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Tue, 3 Nov 2015 15:31:25 +0800 -Subject: [PATCH] CVE-2015-8035 Fix XZ compression support loop - -For https://bugzilla.gnome.org/show_bug.cgi?id=757466 -DoS when parsing specially crafted XML document if XZ support -is compiled in (which wasn't the case for 2.9.2 and master since -Nov 2013, fixed in next commit !) ---- - xzlib.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/xzlib.c b/xzlib.c -index 0dcb9f4..1fab546 100644 ---- a/xzlib.c -+++ b/xzlib.c -@@ -581,6 +581,10 @@ xz_decomp(xz_statep state) - xz_error(state, LZMA_DATA_ERROR, "compressed data error"); - return -1; - } -+ if (ret == LZMA_PROG_ERROR) { -+ xz_error(state, LZMA_PROG_ERROR, "compression error"); -+ return -1; -+ } - } while (strm->avail_out && ret != LZMA_STREAM_END); - - /* update available output and crc check value */ --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-737840.patch b/gnu/packages/patches/libxml2-bug-737840.patch deleted file mode 100644 index 2a2d62c583..0000000000 --- a/gnu/packages/patches/libxml2-bug-737840.patch +++ /dev/null @@ -1,88 +0,0 @@ -From ef709ce2f7b792d5fb69ed142796d743fb1eb388 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Thu, 10 Sep 2015 19:41:41 +0800 -Subject: [PATCH] Fix the spurious ID already defined error - -For https://bugzilla.gnome.org/show_bug.cgi?id=737840 -the fix for 724903 introduced a regression on external entities carrying -IDs, revert that patch in part and add a specific test to avoid readding it ---- - result/valid/737840.xml | 10 ++++++++++ - result/valid/737840.xml.err | 0 - result/valid/737840.xml.err.rdr | 0 - test/valid/737840.xml | 10 ++++++++++ - test/valid/dtds/737840.ent | 1 + - valid.c | 6 ++++-- - 6 files changed, 25 insertions(+), 2 deletions(-) - create mode 100644 result/valid/737840.xml - create mode 100644 result/valid/737840.xml.err - create mode 100644 result/valid/737840.xml.err.rdr - create mode 100644 test/valid/737840.xml - create mode 100644 test/valid/dtds/737840.ent - -diff --git a/result/valid/737840.xml b/result/valid/737840.xml -new file mode 100644 -index 0000000..433c6d6 ---- /dev/null -+++ b/result/valid/737840.xml -@@ -0,0 +1,10 @@ -+<?xml version="1.0"?> -+<!DOCTYPE root [ -+<!ELEMENT root (elem)> -+<!ELEMENT elem (#PCDATA)> -+<!ATTLIST elem id ID #IMPLIED> -+<!ENTITY target SYSTEM "dtds/737840.ent"> -+]> -+<root> -+ ⌖ -+</root> -diff --git a/result/valid/737840.xml.err b/result/valid/737840.xml.err -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/valid/737840.xml.err.rdr b/result/valid/737840.xml.err.rdr -new file mode 100644 -index 0000000..e69de29 -diff --git a/test/valid/737840.xml b/test/valid/737840.xml -new file mode 100644 -index 0000000..2d27b73 ---- /dev/null -+++ b/test/valid/737840.xml -@@ -0,0 +1,10 @@ -+<!DOCTYPE root [ -+<!ELEMENT root (elem)> -+<!ELEMENT elem (#PCDATA)> -+<!ATTLIST elem id ID #IMPLIED> -+<!ENTITY target SYSTEM "dtds/737840.ent"> -+]> -+ -+<root> -+ ⌖ -+</root> -diff --git a/test/valid/dtds/737840.ent b/test/valid/dtds/737840.ent -new file mode 100644 -index 0000000..e972132 ---- /dev/null -+++ b/test/valid/dtds/737840.ent -@@ -0,0 +1 @@ -+<elem id="id0"/> -\ No newline at end of file -diff --git a/valid.c b/valid.c -index 409aa81..45a3f70 100644 ---- a/valid.c -+++ b/valid.c -@@ -2634,8 +2634,10 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, - /* - * The id is already defined in this DTD. - */ -- xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED, -- "ID %s already defined\n", value, NULL, NULL); -+ if (ctxt != NULL) { -+ xmlErrValidNode(ctxt, attr->parent, XML_DTD_ID_REDEFINED, -+ "ID %s already defined\n", value, NULL, NULL); -+ } - #endif /* LIBXML_VALID_ENABLED */ - xmlFreeID(ret); - return(NULL); --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-738805.patch b/gnu/packages/patches/libxml2-bug-738805.patch deleted file mode 100644 index 16163bb941..0000000000 --- a/gnu/packages/patches/libxml2-bug-738805.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 72a46a519ce7326d9a00f0b6a7f2a8e958cd1675 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Thu, 23 Oct 2014 11:35:36 +0800 -Subject: [PATCH] Fix missing entities after CVE-2014-3660 fix - -For https://bugzilla.gnome.org/show_bug.cgi?id=738805 - -The fix for CVE-2014-3660 introduced a regression in some case -where entity substitution is required and the entity is used -first in anotther entity referenced from an attribute value ---- - parser.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index 67c9dfd..a8d1b67 100644 ---- a/parser.c -+++ b/parser.c -@@ -7235,7 +7235,8 @@ xmlParseReference(xmlParserCtxtPtr ctxt) { - * far more secure as the parser will only process data coming from - * the document entity by default. - */ -- if ((ent->checked == 0) && -+ if (((ent->checked == 0) || -+ ((ent->children == NULL) && (ctxt->options & XML_PARSE_NOENT))) && - ((ent->etype != XML_EXTERNAL_GENERAL_PARSED_ENTITY) || - (ctxt->options & (XML_PARSE_NOENT | XML_PARSE_DTDVALID)))) { - unsigned long oldnbent = ctxt->nbentities; --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-746048.patch b/gnu/packages/patches/libxml2-bug-746048.patch deleted file mode 100644 index 450b8d3ab3..0000000000 --- a/gnu/packages/patches/libxml2-bug-746048.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e724879d964d774df9b7969fc846605aa1bac54c Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 30 Oct 2015 21:14:55 +0800 -Subject: [PATCH] Fix parsing short unclosed comment uninitialized access - -For https://bugzilla.gnome.org/show_bug.cgi?id=746048 -The HTML parser was too optimistic when processing comments and -didn't check for the end of the stream on the first 2 characters ---- - HTMLparser.c | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/HTMLparser.c b/HTMLparser.c -index 19c10c3..bdf7807 100644 ---- a/HTMLparser.c -+++ b/HTMLparser.c -@@ -3264,12 +3264,17 @@ htmlParseComment(htmlParserCtxtPtr ctxt) { - ctxt->instate = state; - return; - } -+ len = 0; -+ buf[len] = 0; - q = CUR_CHAR(ql); -+ if (!IS_CHAR(q)) -+ goto unfinished; - NEXTL(ql); - r = CUR_CHAR(rl); -+ if (!IS_CHAR(r)) -+ goto unfinished; - NEXTL(rl); - cur = CUR_CHAR(l); -- len = 0; - while (IS_CHAR(cur) && - ((cur != '>') || - (r != '-') || (q != '-'))) { -@@ -3300,18 +3305,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) { - } - } - buf[len] = 0; -- if (!IS_CHAR(cur)) { -- htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, -- "Comment not terminated \n<!--%.50s\n", buf, NULL); -- xmlFree(buf); -- } else { -+ if (IS_CHAR(cur)) { - NEXT; - if ((ctxt->sax != NULL) && (ctxt->sax->comment != NULL) && - (!ctxt->disableSAX)) - ctxt->sax->comment(ctxt->userData, buf); - xmlFree(buf); -+ ctxt->instate = state; -+ return; - } -- ctxt->instate = state; -+ -+unfinished: -+ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, -+ "Comment not terminated \n<!--%.50s\n", buf, NULL); -+ xmlFree(buf); - } - - /** --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-747437.patch b/gnu/packages/patches/libxml2-bug-747437.patch deleted file mode 100644 index ea2ef0ff53..0000000000 --- a/gnu/packages/patches/libxml2-bug-747437.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 8985cde70901c62d3f0f04da225e73b7344a52d7 Mon Sep 17 00:00:00 2001 -From: Martin von Gagern <Martin.vGagern@gmx.net> -Date: Mon, 13 Apr 2015 16:32:14 +0800 -Subject: [PATCH] xmlMemUsed is not thread-safe - -For https://bugzilla.gnome.org/show_bug.cgi?id=747437 -just use the mutex to protect access to those variables ---- - xmlmemory.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/xmlmemory.c b/xmlmemory.c -index a3dc737..f24fd6d 100644 ---- a/xmlmemory.c -+++ b/xmlmemory.c -@@ -554,7 +554,12 @@ xmlMemoryStrdup(const char *str) { - - int - xmlMemUsed(void) { -- return(debugMemSize); -+ int res; -+ -+ xmlMutexLock(xmlMemMutex); -+ res = debugMemSize; -+ xmlMutexUnlock(xmlMemMutex); -+ return(res); - } - - /** -@@ -567,7 +572,12 @@ xmlMemUsed(void) { - - int - xmlMemBlocks(void) { -- return(debugMemBlocks); -+ int res; -+ -+ xmlMutexLock(xmlMemMutex); -+ res = debugMemBlocks; -+ xmlMutexUnlock(xmlMemMutex); -+ return(res); - } - - #ifdef MEM_LIST --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-751603.patch b/gnu/packages/patches/libxml2-bug-751603.patch deleted file mode 100644 index f27767f6b5..0000000000 --- a/gnu/packages/patches/libxml2-bug-751603.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9aa37588ee78a06ca1379a9d9356eab16686099c Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Mon, 29 Jun 2015 09:08:25 +0800 -Subject: [PATCH] Do not process encoding values if the declaration if broken - -For https://bugzilla.gnome.org/show_bug.cgi?id=751603 - -If the string is not properly terminated do not try to convert -to the given encoding. ---- - parser.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/parser.c b/parser.c -index fe603ac..a3a9568 100644 ---- a/parser.c -+++ b/parser.c -@@ -10404,6 +10404,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { - encoding = xmlParseEncName(ctxt); - if (RAW != '"') { - xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL); -+ xmlFree((xmlChar *) encoding); -+ return(NULL); - } else - NEXT; - } else if (RAW == '\''){ -@@ -10411,6 +10413,8 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { - encoding = xmlParseEncName(ctxt); - if (RAW != '\'') { - xmlFatalErr(ctxt, XML_ERR_STRING_NOT_CLOSED, NULL); -+ xmlFree((xmlChar *) encoding); -+ return(NULL); - } else - NEXT; - } else { --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-751631.patch b/gnu/packages/patches/libxml2-bug-751631.patch deleted file mode 100644 index 33344e35d2..0000000000 --- a/gnu/packages/patches/libxml2-bug-751631.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 709a952110e98621c9b78c4f26462a9d8333102e Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Mon, 29 Jun 2015 16:10:26 +0800 -Subject: [PATCH] Fail parsing early on if encoding conversion failed - -For https://bugzilla.gnome.org/show_bug.cgi?id=751631 - -If we fail conversing the current input stream while -processing the encoding declaration of the XMLDecl -then it's safer to just abort there and not try to -report further errors. ---- - parser.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/parser.c b/parser.c -index a3a9568..0edd53b 100644 ---- a/parser.c -+++ b/parser.c -@@ -10471,7 +10471,11 @@ xmlParseEncodingDecl(xmlParserCtxtPtr ctxt) { - - handler = xmlFindCharEncodingHandler((const char *) encoding); - if (handler != NULL) { -- xmlSwitchToEncoding(ctxt, handler); -+ if (xmlSwitchToEncoding(ctxt, handler) < 0) { -+ /* failed to convert */ -+ ctxt->errNo = XML_ERR_UNSUPPORTED_ENCODING; -+ return(NULL); -+ } - } else { - xmlFatalErrMsgStr(ctxt, XML_ERR_UNSUPPORTED_ENCODING, - "Unsupported encoding %s\n", encoding); --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-754946.patch b/gnu/packages/patches/libxml2-bug-754946.patch deleted file mode 100644 index 3b9223efe5..0000000000 --- a/gnu/packages/patches/libxml2-bug-754946.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 51f02b0a03ea1fa6c65b3f9fd88cf60fb5803783 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Tue, 15 Sep 2015 16:50:32 +0800 -Subject: [PATCH] Fix a bug on name parsing at the end of current input buffer - -For https://bugzilla.gnome.org/show_bug.cgi?id=754946 - -When hitting the end of the current input buffer while parsing -a name we could end up loosing the beginning of the name, which -led to various issues. ---- - parser.c | 29 ++++++++++++++++++++--------- - result/errors/754946.xml | 0 - result/errors/754946.xml.err | 16 ++++++++++++++++ - result/errors/754946.xml.str | 4 ++++ - test/errors/754946.xml | 1 + - 5 files changed, 41 insertions(+), 9 deletions(-) - create mode 100644 result/errors/754946.xml - create mode 100644 result/errors/754946.xml.err - create mode 100644 result/errors/754946.xml.str - create mode 100644 test/errors/754946.xml - -diff --git a/parser.c b/parser.c -index 0edd53b..fd29a39 100644 ---- a/parser.c -+++ b/parser.c -@@ -3491,7 +3491,14 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - c = CUR_CHAR(l); - if (c == 0) { - count = 0; -+ /* -+ * when shrinking to extend the buffer we really need to preserve -+ * the part of the name we already parsed. Hence rolling back -+ * by current lenght. -+ */ -+ ctxt->input->cur -= l; - GROW; -+ ctxt->input->cur += l; - if (ctxt->instate == XML_PARSER_EOF) - return(NULL); - end = ctxt->input->cur; -@@ -3523,7 +3530,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { - - static const xmlChar * - xmlParseNCName(xmlParserCtxtPtr ctxt) { -- const xmlChar *in; -+ const xmlChar *in, *e; - const xmlChar *ret; - int count = 0; - -@@ -3535,16 +3542,19 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { - * Accelerator for simple ASCII names - */ - in = ctxt->input->cur; -- if (((*in >= 0x61) && (*in <= 0x7A)) || -- ((*in >= 0x41) && (*in <= 0x5A)) || -- (*in == '_')) { -+ e = ctxt->input->end; -+ if ((((*in >= 0x61) && (*in <= 0x7A)) || -+ ((*in >= 0x41) && (*in <= 0x5A)) || -+ (*in == '_')) && (in < e)) { - in++; -- while (((*in >= 0x61) && (*in <= 0x7A)) || -- ((*in >= 0x41) && (*in <= 0x5A)) || -- ((*in >= 0x30) && (*in <= 0x39)) || -- (*in == '_') || (*in == '-') || -- (*in == '.')) -+ while ((((*in >= 0x61) && (*in <= 0x7A)) || -+ ((*in >= 0x41) && (*in <= 0x5A)) || -+ ((*in >= 0x30) && (*in <= 0x39)) || -+ (*in == '_') || (*in == '-') || -+ (*in == '.')) && (in < e)) - in++; -+ if (in >= e) -+ goto complex; - if ((*in > 0) && (*in < 0x80)) { - count = in - ctxt->input->cur; - if ((count > XML_MAX_NAME_LENGTH) && -@@ -3562,6 +3572,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { - return(ret); - } - } -+complex: - return(xmlParseNCNameComplex(ctxt)); - } - -diff --git a/result/errors/754946.xml b/result/errors/754946.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err -new file mode 100644 -index 0000000..423dff5 ---- /dev/null -+++ b/result/errors/754946.xml.err -@@ -0,0 +1,16 @@ -+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration -+ -+ %SYSTEM; -+ ^ -+Entity: line 1: -+A<lbbbbbbbbbbbbbbbbbbb_ -+^ -+Entity: line 1: parser error : DOCTYPE improperly terminated -+ %SYSTEM; -+ ^ -+Entity: line 1: -+A<lbbbbbbbbbbbbbbbbbbb_ -+^ -+./test/errors/754946.xml:1: parser error : Extra content at the end of the document -+<!DOCTYPEA[<!ENTITY % -+ ^ -diff --git a/result/errors/754946.xml.str b/result/errors/754946.xml.str -new file mode 100644 -index 0000000..3b748cc ---- /dev/null -+++ b/result/errors/754946.xml.str -@@ -0,0 +1,4 @@ -+./test/errors/754946.xml:1: parser error : Extra content at the end of the document -+<!DOCTYPEA[<!ENTITY % -+ ^ -+./test/errors/754946.xml : failed to parse -diff --git a/test/errors/754946.xml b/test/errors/754946.xml -new file mode 100644 -index 0000000..6b5f9b0 ---- /dev/null -+++ b/test/errors/754946.xml -@@ -0,0 +1 @@ -+<!DOCTYPEA[<!ENTITY % SYSTEM "A<lbbbbbbbbbbbbbbbbbbb_" >%SYSTEM;<![ -\ No newline at end of file --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-754947.patch b/gnu/packages/patches/libxml2-bug-754947.patch deleted file mode 100644 index 5edbc5fcc1..0000000000 --- a/gnu/packages/patches/libxml2-bug-754947.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 4a5d80aded1da94cd55294e7207109712201b75b Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 18 Sep 2015 15:06:46 +0800 -Subject: [PATCH] Fix a bug in CData error handling in the push parser - -For https://bugzilla.gnome.org/show_bug.cgi?id=754947 - -The checking function was returning incorrect args in some cases -Adds the test to teh reg suite and fix one of the existing test output ---- - parser.c | 6 +++--- - result/errors/754947.xml | 0 - result/errors/754947.xml.err | 7 +++++++ - result/errors/754947.xml.str | 5 +++++ - result/errors/cdata.xml.str | 4 ++-- - test/errors/754947.xml | 1 + - 6 files changed, 18 insertions(+), 5 deletions(-) - create mode 100644 result/errors/754947.xml - create mode 100644 result/errors/754947.xml.err - create mode 100644 result/errors/754947.xml.str - create mode 100644 test/errors/754947.xml - -diff --git a/parser.c b/parser.c -index fd29a39..f1724a9 100644 ---- a/parser.c -+++ b/parser.c -@@ -11192,7 +11192,7 @@ xmlCheckCdataPush(const xmlChar *utf, int len) { - else - return(-ix); - } else if ((c & 0xe0) == 0xc0) {/* 2-byte code, starts with 110 */ -- if (ix + 2 > len) return(ix); -+ if (ix + 2 > len) return(-ix); - if ((utf[ix+1] & 0xc0 ) != 0x80) - return(-ix); - codepoint = (utf[ix] & 0x1f) << 6; -@@ -11201,7 +11201,7 @@ xmlCheckCdataPush(const xmlChar *utf, int len) { - return(-ix); - ix += 2; - } else if ((c & 0xf0) == 0xe0) {/* 3-byte code, starts with 1110 */ -- if (ix + 3 > len) return(ix); -+ if (ix + 3 > len) return(-ix); - if (((utf[ix+1] & 0xc0) != 0x80) || - ((utf[ix+2] & 0xc0) != 0x80)) - return(-ix); -@@ -11212,7 +11212,7 @@ xmlCheckCdataPush(const xmlChar *utf, int len) { - return(-ix); - ix += 3; - } else if ((c & 0xf8) == 0xf0) {/* 4-byte code, starts with 11110 */ -- if (ix + 4 > len) return(ix); -+ if (ix + 4 > len) return(-ix); - if (((utf[ix+1] & 0xc0) != 0x80) || - ((utf[ix+2] & 0xc0) != 0x80) || - ((utf[ix+3] & 0xc0) != 0x80)) -diff --git a/result/errors/754947.xml b/result/errors/754947.xml -new file mode 100644 -index 0000000..e69de29 -diff --git a/result/errors/754947.xml.err b/result/errors/754947.xml.err -new file mode 100644 -index 0000000..f45cb5a ---- /dev/null -+++ b/result/errors/754947.xml.err -@@ -0,0 +1,7 @@ -+./test/errors/754947.xml:1: parser error : Input is not proper UTF-8, indicate encoding ! -+Bytes: 0xEE 0x5D 0x5D 0x3E -+<d><![CDATA[0000000000000î]]> -+ ^ -+./test/errors/754947.xml:1: parser error : Premature end of data in tag d line 1 -+<d><![CDATA[0000000000000î]]> -+ ^ -diff --git a/result/errors/754947.xml.str b/result/errors/754947.xml.str -new file mode 100644 -index 0000000..4d2f52e ---- /dev/null -+++ b/result/errors/754947.xml.str -@@ -0,0 +1,5 @@ -+./test/errors/754947.xml:1: parser error : Input is not proper UTF-8, indicate encoding ! -+Bytes: 0xEE 0x5D 0x5D 0x3E -+<d><![CDATA[0000000000000î]]> -+ ^ -+./test/errors/754947.xml : failed to parse -diff --git a/result/errors/cdata.xml.str b/result/errors/cdata.xml.str -index e043441..cf83d2b 100644 ---- a/result/errors/cdata.xml.str -+++ b/result/errors/cdata.xml.str -@@ -1,5 +1,5 @@ - ./test/errors/cdata.xml:2: parser error : Input is not proper UTF-8, indicate encoding ! --Bytes: 0x5B 0x43 0xE1 0x72 -+Bytes: 0xE1 0x72 0x5D 0x5D - <A><![CDATA[Cár]]></A> -- ^ -+ ^ - ./test/errors/cdata.xml : failed to parse -diff --git a/test/errors/754947.xml b/test/errors/754947.xml -new file mode 100644 -index 0000000..bd9997e ---- /dev/null -+++ b/test/errors/754947.xml -@@ -0,0 +1 @@ -+<d><![CDATA[0000000000000î]]> -\ No newline at end of file --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-bug-755857.patch b/gnu/packages/patches/libxml2-bug-755857.patch deleted file mode 100644 index 3f1efd3806..0000000000 --- a/gnu/packages/patches/libxml2-bug-755857.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cf77e60515045bdd66f2c59c69a06e603b470eae Mon Sep 17 00:00:00 2001 -From: Gaurav Gupta <g.gupta@samsung.com> -Date: Wed, 30 Sep 2015 14:46:29 +0200 -Subject: [PATCH] Add missing Null check in xmlParseExternalEntityPrivate - -For https://bugzilla.gnome.org/show_bug.cgi?id=755857 - -a case where we check for NULL but not everywhere ---- - parser.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/parser.c b/parser.c -index f1724a9..a65e4cc 100644 ---- a/parser.c -+++ b/parser.c -@@ -13367,7 +13367,7 @@ xmlParseExternalEntityPrivate(xmlDocPtr doc, xmlParserCtxtPtr oldctxt, - /* - * Also record the size of the entity parsed - */ -- if (ctxt->input != NULL) { -+ if (ctxt->input != NULL && oldctxt != NULL) { - oldctxt->sizeentities += ctxt->input->consumed; - oldctxt->sizeentities += (ctxt->input->cur - ctxt->input->base); - } -@@ -13379,9 +13379,11 @@ xmlParseExternalEntityPrivate(xmlDocPtr doc, xmlParserCtxtPtr oldctxt, - - if (sax != NULL) - ctxt->sax = oldsax; -- oldctxt->node_seq.maximum = ctxt->node_seq.maximum; -- oldctxt->node_seq.length = ctxt->node_seq.length; -- oldctxt->node_seq.buffer = ctxt->node_seq.buffer; -+ if (oldctxt != NULL) { -+ oldctxt->node_seq.maximum = ctxt->node_seq.maximum; -+ oldctxt->node_seq.length = ctxt->node_seq.length; -+ oldctxt->node_seq.buffer = ctxt->node_seq.buffer; -+ } - ctxt->node_seq.maximum = 0; - ctxt->node_seq.length = 0; - ctxt->node_seq.buffer = NULL; --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-fix-catalog-corruption.patch b/gnu/packages/patches/libxml2-fix-catalog-corruption.patch deleted file mode 100644 index b75ee300d3..0000000000 --- a/gnu/packages/patches/libxml2-fix-catalog-corruption.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f65128f38289d77ff322d63aef2858cc0a819c34 Mon Sep 17 00:00:00 2001 -From: Daniel Veillard <veillard@redhat.com> -Date: Fri, 17 Oct 2014 17:13:41 +0800 -Subject: [PATCH] Revert "Missing initialization for the catalog module" - -This reverts commit 054c716ea1bf001544127a4ab4f4346d1b9947e7. -As this break xmlcatalog command -https://bugzilla.redhat.com/show_bug.cgi?id=1153753 ---- - parser.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/parser.c b/parser.c -index 1d93967..67c9dfd 100644 ---- a/parser.c -+++ b/parser.c -@@ -14830,9 +14830,6 @@ xmlInitParser(void) { - #ifdef LIBXML_XPATH_ENABLED - xmlXPathInit(); - #endif --#ifdef LIBXML_CATALOG_ENABLED -- xmlInitializeCatalog(); --#endif - xmlParserInitialized = 1; - #ifdef LIBXML_THREAD_ENABLED - } --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-id-attrs-in-xmlSetTreeDoc.patch b/gnu/packages/patches/libxml2-id-attrs-in-xmlSetTreeDoc.patch deleted file mode 100644 index a87f79bf84..0000000000 --- a/gnu/packages/patches/libxml2-id-attrs-in-xmlSetTreeDoc.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f54d6a929af2a570396f0595a0e29064c908c12e Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Fri, 19 Dec 2014 00:08:35 +0100 -Subject: [PATCH] Account for ID attributes in xmlSetTreeDoc - ---- - tree.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/tree.c b/tree.c -index 6ec9223..c6323b4 100644 ---- a/tree.c -+++ b/tree.c -@@ -2799,8 +2799,19 @@ xmlSetTreeDoc(xmlNodePtr tree, xmlDocPtr doc) { - if(tree->type == XML_ELEMENT_NODE) { - prop = tree->properties; - while (prop != NULL) { -+ if (prop->atype == XML_ATTRIBUTE_ID) { -+ xmlRemoveID(tree->doc, prop); -+ } -+ - prop->doc = doc; - xmlSetListDoc(prop->children, doc); -+ -+ if (xmlIsID(doc, tree, prop)) { -+ xmlChar *idVal = xmlNodeListGetString(doc, prop->children, -+ 1); -+ xmlAddID(NULL, doc, idVal, prop); -+ } -+ - prop = prop->next; - } - } --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-node-sort-order-pt1.patch b/gnu/packages/patches/libxml2-node-sort-order-pt1.patch deleted file mode 100644 index 181a0727ec..0000000000 --- a/gnu/packages/patches/libxml2-node-sort-order-pt1.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ba58f23c60862f2158b457f4d30031761bf4dde1 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sun, 8 Mar 2015 16:44:11 +0100 -Subject: [PATCH] Fix order of root nodes - -Make sure root nodes are sorted before other nodes. ---- - xpath.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/xpath.c b/xpath.c -index ffd2a48..e9f5bf9 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -361,13 +361,13 @@ turtle_comparison: - /* - * compute depth to root - */ -- for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) { -+ for (depth2 = 0, cur = node2; cur != NULL; cur = cur->parent) { - if (cur == node1) - return(1); - depth2++; - } - root = cur; -- for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) { -+ for (depth1 = 0, cur = node1; cur != NULL; cur = cur->parent) { - if (cur == node2) - return(-1); - depth1++; --- -2.6.3 - diff --git a/gnu/packages/patches/libxml2-node-sort-order-pt2.patch b/gnu/packages/patches/libxml2-node-sort-order-pt2.patch deleted file mode 100644 index d0077137fb..0000000000 --- a/gnu/packages/patches/libxml2-node-sort-order-pt2.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3eaedba1b64180668fdab7ad2eba549586017bf3 Mon Sep 17 00:00:00 2001 -From: Nick Wellnhofer <wellnhofer@aevum.de> -Date: Sat, 11 Jul 2015 14:27:34 +0200 -Subject: [PATCH] Fix previous change to node sort order - -Commit ba58f23 broke comparison of nodes from different documents. -Thanks to Olli Pottonen for the report. ---- - xpath.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/xpath.c b/xpath.c -index e9f5bf9..935fcff 100644 ---- a/xpath.c -+++ b/xpath.c -@@ -361,14 +361,14 @@ turtle_comparison: - /* - * compute depth to root - */ -- for (depth2 = 0, cur = node2; cur != NULL; cur = cur->parent) { -- if (cur == node1) -+ for (depth2 = 0, cur = node2; cur->parent != NULL; cur = cur->parent) { -+ if (cur->parent == node1) - return(1); - depth2++; - } - root = cur; -- for (depth1 = 0, cur = node1; cur != NULL; cur = cur->parent) { -- if (cur == node2) -+ for (depth1 = 0, cur = node1; cur->parent != NULL; cur = cur->parent) { -+ if (cur->parent == node2) - return(-1); - depth1++; - } --- -2.6.3 - |