Fri May 25 23:29:36 UTC 201813.1

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack13.1.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.

4 files changed, 187 insertions, 0 deletions

diff --git a/patches/source/libxml2/libxml.CVE-2011-3102.diff b/patches/source/libxml2/libxml.CVE-2011-3102.diff
new file mode 100644
index 00000000..4f6a92cb
--- /dev/null
+++ b/patches/source/libxml2/libxml.CVE-2011-3102.diff
@@ -0,0 +1,39 @@
+From d8e1faeaa99c7a7c07af01c1c72de352eb590a3e Mon Sep 17 00:00:00 2001
+From: Jüri Aedla <asd@ut.ee>
+Date: Mon, 07 May 2012 07:06:56 +0000
+Subject: Fix an off by one pointer access
+
+getting out of the range of memory allocated for xpointer decoding
+---
+diff --git a/xpointer.c b/xpointer.c
+index 37afa3a..0b463dd 100644
+--- a/xpointer.c
++++ b/xpointer.c
+@@ -1007,21 +1007,14 @@ xmlXPtrEvalXPtrPart(xmlXPathParserContextPtr ctxt, xmlChar *name) {
+ 		NEXT;
+ 		break;
+ 	    }
+-	    *cur++ = CUR;
+ 	} else if (CUR == '(') {
+ 	    level++;
+-	    *cur++ = CUR;
+ 	} else if (CUR == '^') {
+-	    NEXT;
+-	    if ((CUR == ')') || (CUR == '(') || (CUR == '^')) {
+-		*cur++ = CUR;
+-	    } else {
+-		*cur++ = '^';
+-		*cur++ = CUR;
+-	    }
+-	} else {
+-	    *cur++ = CUR;
++            if ((NXT(1) == ')') || (NXT(1) == '(') || (NXT(1) == '^')) {
++                NEXT;
++            }
+ 	}
++        *cur++ = CUR;
+ 	NEXT;
+     }
+     *cur = 0;
+--
+cgit v0.9.0.2
diff --git a/patches/source/libxml2/libxml2.CVE-2012-5134.diff b/patches/source/libxml2/libxml2.CVE-2012-5134.diff
new file mode 100644
index 00000000..70905aaa
--- /dev/null
+++ b/patches/source/libxml2/libxml2.CVE-2012-5134.diff
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+         goto error;
+ 
+     if ((in_space) && (normalize)) {
+-        while (buf[len - 1] == 0x20) len--;
++        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+     }
+     buf[len] = 0;
+     if (RAW == '<') {
+--
+cgit v0.9.0.2
diff --git a/patches/source/libxml2/libxml2.SlackBuild b/patches/source/libxml2/libxml2.SlackBuild
new file mode 100755
index 00000000..848a085f
--- /dev/null
+++ b/patches/source/libxml2/libxml2.SlackBuild
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+# Copyright 2008, 2009  Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+VERSION=2.7.6
+BUILD=${BUILD:-3_slack13.1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) export ARCH=i486 ;;
+    arm*) export ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+       *) export ARCH=$( uname -m ) ;;
+  esac
+fi
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-libxml2
+rm -rf $PKG
+mkdir -p $TMP $PKG
+
+cd $TMP
+rm -rf libxml2-$VERSION
+tar xvf $CWD/libxml2-$VERSION.tar.?z* || exit 1
+cd libxml2-$VERSION
+chown -R root:root .
+find . \
+  \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+  -exec chmod 755 {} \; -o \
+  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+  -exec chmod 644 {} \;
+
+zcat $CWD/libxml.CVE-2011-3102.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/libxml2.CVE-2012-5134.diff.gz | patch -p1 --verbose || exit 1
+
+CFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --mandir=/usr/man \
+  --build=$ARCH-slackware-linux 
+
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+#echo
+#echo "Only the python bindings in /usr/lib/python__/site-packages/ should"
+#echo "be kept... toss the other stuff"
+#echo
+
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+mv $PKG/usr/share/doc $PKG/usr
+mv $PKG/usr/doc/libxml2-python-$VERSION $PKG/usr/doc/libxml2-$VERSION
+cp -a \
+  AUTHORS COPYING* INSTALL NEWS README \
+  $PKG/usr/doc/libxml2-$VERSION
+find $PKG/usr/doc/libxml2-$VERSION -type f | xargs chmod 644
+
+gzip -9 $PKG/usr/man/man?/*.?
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+# Be sure to clobber any .pyc files that might have been generated so that
+# the new .py files will be used instead of the already compiled copies
+cat << EOF > $PKG/install/doinst.sh
+rm -f /usr/lib${LIBDIRSUFFIX}/python26/site-packages/libxml2.pyc
+rm -f /usr/lib${LIBDIRSUFFIX}/python26/site-packages/drv_libxml2.pyc
+EOF
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/libxml2-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/patches/source/libxml2/slack-desc b/patches/source/libxml2/slack-desc
new file mode 100644
index 00000000..dfbc38dc
--- /dev/null
+++ b/patches/source/libxml2/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in.  You must make
+# exactly 11 lines for the formatting to be correct.  It's also customary to
+# leave one space after the ':'.
+
+       |-----handy-ruler------------------------------------------------------|
+libxml2: libxml2 (XML parser library)
+libxml2:
+libxml2: Libxml2 is the XML C parser library and toolkit.  XML itself is a
+libxml2: metalanguage to design markup languages  -- i.e. a text language where
+libxml2: structures are added to the content using extra "markup" information
+libxml2: enclosed between angle brackets.  HTML is the most well-known markup
+libxml2: language.  Though the library is written in C, a variety of language
+libxml2: bindings make it available in other environments.
+libxml2:
+libxml2:
+libxml2: