IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Otherwise malicious LZMA compressed files could consume large amounts
of memory when decompressed.
According to the xz man page, files compressed with `xz -9` currently
require 65 MB to decompress, so set the limit to 100 MB.
Should fix bug 786696.
For https://bugzilla.gnome.org/show_bug.cgi?id=757466
DoS when parsing specially crafted XML document if XZ support
is compiled in (which wasn't the case for 2.9.2 and master since
Nov 2013, fixed in next commit !)
For https://bugzilla.gnome.org/show_bug.cgi?id=712528
Related to https://bugzilla.redhat.com/show_bug.cgi?id=877567
There is a bug in xzlib.c which causes certain compressed XML files to fail to
load correctly. The code in xz_decomp which attempts to verify the checksum
and length of the expanded data fails if the checksum or length at the end of
the file crosses a 1024 byte boundary. It calls gz_next4 to get those two
values. This function uses the stream state in state->zstrm, but calls
xz_avail which uses the state->strm stream info. This causes gz_next4 to
signal a premature EOF if the data it is fetching crosses a 1024 byte boundary.
The switch to xzlib had for consequence that the compression
level of the input was not gathered anymore in ctxt->input->buf,
then the parser compression flags was left to -1 and propagated
to the resulting document.
Fix the I/O layer to get compression detection in xzlib,
then carry it in the input buffer and the resulting document
This should fix
https://lsbbugs.linuxfoundation.org/show_bug.cgi?id=3456
The freeing function wasn't called due to a bogus #ifdef surrounding
value. Also switch the code to use the normal libxml2 allocation and
freeing routines.
- fix inclusion of the separated file
- use namespaced name for the 4 non-static routines
- add padding after external structures included in-situ
- add new requirement to spec file
- general cleanup of code
