--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxml2/patches/13.CVE-2011-3905.patch Fri Feb 17 05:23:58 2012 -0800
@@ -0,0 +1,66 @@
+This patch copied/pasted from this link:
+http://git.gnome.org/browse/libxml2/patch/?id=77404b8b69bc122d12231807abf1a837d121b551
+----------------------------------------------------------------------
+From 77404b8b69bc122d12231807abf1a837d121b551 Mon Sep 17 00:00:00 2001
+From: Chris Evans <[email protected]>
+Date: Wed, 14 Dec 2011 08:18:25 +0000
+Subject: Make sure the parser returns when getting a Stop order
+
+patch backported from chromiun bug fixes, assuming author is Chris
+---
+diff --git a/parser.c b/parser.c
+index 21d7aa3..4e5dcb9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ (ctxt->sax->processingInstruction != NULL))
+ ctxt->sax->processingInstruction(ctxt->userData,
+ target, NULL);
+- ctxt->instate = state;
++ if (ctxt->instate != XML_PARSER_EOF)
++ ctxt->instate = state;
+ return;
+ }
+ buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
+@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ } else {
+ xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
+ }
+- ctxt->instate = state;
++ if (ctxt->instate != XML_PARSER_EOF)
++ ctxt->instate = state;
+ }
+ }
+
+@@ -9589,6 +9591,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
+ else
+ name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++ if (ctxt->instate == XML_PARSER_EOF)
++ return;
+ if (name == NULL) {
+ spacePop(ctxt);
+ return;
+@@ -10975,6 +10979,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ else
+ name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++ if (ctxt->instate == XML_PARSER_EOF)
++ goto done;
+ if (name == NULL) {
+ spacePop(ctxt);
+ ctxt->instate = XML_PARSER_EOF;
+@@ -11161,7 +11167,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ else
+ xmlParseEndTag1(ctxt, 0);
+ #endif /* LIBXML_SAX1_ENABLED */
+- if (ctxt->nameNr == 0) {
++ if (ctxt->instate == XML_PARSER_EOF) {
++ /* Nothing */
++ } else if (ctxt->nameNr == 0) {
+ ctxt->instate = XML_PARSER_EPILOG;
+ } else {
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+cgit v0.9.0.2
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/libxml2/patches/14.CVE-2011-3919.patch Fri Feb 17 05:23:58 2012 -0800
@@ -0,0 +1,25 @@
+This patch copied/pasted from this link:
+http://git.gnome.org/browse/libxml2/patch/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
+----------------------------------------------------------------------
+From 5bd3c061823a8499b27422aee04ea20aae24f03e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <[email protected]>
+Date: Fri, 16 Dec 2011 10:53:35 +0000
+Subject: Fix an allocation error when copying entities
+
+---
+diff --git a/parser.c b/parser.c
+index 4e5dcb9..c55e41d 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
+
+ buffer[nbchars++] = '&';
+ if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
+- growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
++ growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
+ }
+ for (;i > 0;i--)
+ buffer[nbchars++] = *cur++;
+--
+cgit v0.9.0.2
+