*** misc/libxml2-2.6.31/configure	Fri Jan 11 09:01:56 2008
--- misc/build/libxml2-2.6.31/configure	Thu Mar 27 14:09:56 2008
***************
*** 3463,3477 ****
    CFLAGS=$ac_save_CFLAGS
  elif test $ac_cv_prog_cc_g = yes; then
    if test "$GCC" = yes; then
!     CFLAGS="-g -O2"
    else
!     CFLAGS="-g"
    fi
  else
    if test "$GCC" = yes; then
!     CFLAGS="-O2"
    else
!     CFLAGS=
    fi
  fi
  { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
--- 3463,3477 ----
    CFLAGS=$ac_save_CFLAGS
  elif test $ac_cv_prog_cc_g = yes; then
    if test "$GCC" = yes; then
!     CFLAGS="$ADDCFLAGS -g -O2"
    else
!     CFLAGS="$ADDCFLAGS -g"
    fi
  else
    if test "$GCC" = yes; then
!     CFLAGS="$ADDCFLAGS -O2"
    else
!     CFLAGS="$ADDCFLAGS"
    fi
  fi
  { echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
***************
*** 26207,26215 ****
  
  { echo "$as_me:$LINENO: checking for library containing setsockopt" >&5
  echo $ECHO_N "checking for library containing setsockopt... $ECHO_C" >&6; }
! if test "${ac_cv_search_setsockopt+set}" = set; then
!   echo $ECHO_N "(cached) $ECHO_C" >&6
! else
    ac_func_search_save_LIBS=$LIBS
  cat >conftest.$ac_ext <<_ACEOF
  /* confdefs.h.  */
--- 26207,26215 ----
  
  { echo "$as_me:$LINENO: checking for library containing setsockopt" >&5
  echo $ECHO_N "checking for library containing setsockopt... $ECHO_C" >&6; }
! #if test "${ac_cv_search_setsockopt+set}" = set; then
! #  echo $ECHO_N "(cached) $ECHO_C" >&6
! #else
    ac_func_search_save_LIBS=$LIBS
  cat >conftest.$ac_ext <<_ACEOF
  /* confdefs.h.  */
***************
*** 26279,26285 ****
  fi
  rm conftest.$ac_ext
  LIBS=$ac_func_search_save_LIBS
! fi
  { echo "$as_me:$LINENO: result: $ac_cv_search_setsockopt" >&5
  echo "${ECHO_T}$ac_cv_search_setsockopt" >&6; }
  ac_res=$ac_cv_search_setsockopt
--- 26279,26285 ----
  fi
  rm conftest.$ac_ext
  LIBS=$ac_func_search_save_LIBS
! #fi
  { echo "$as_me:$LINENO: result: $ac_cv_search_setsockopt" >&5
  echo "${ECHO_T}$ac_cv_search_setsockopt" >&6; }
  ac_res=$ac_cv_search_setsockopt
*** misc/libxml2-2.6.31/ltmain.sh	Wed Aug 29 14:28:46 2007
--- misc/build/libxml2-2.6.31/ltmain.sh	Thu Mar 27 13:54:03 2008
***************
*** 3311,3318 ****
  	  ;;
  
  	freebsd-elf)
! 	  major=".$current"
! 	  versuffix=".$current";
  	  ;;
  
  	irix | nonstopux)
--- 3311,3318 ----
  	  ;;
  
  	freebsd-elf)
! 	  major=.`expr $current - $age`
! 	  versuffix=".$major.$age.$revision";
  	  ;;
  
  	irix | nonstopux)
*** misc/libxml2-2.6.31/xml2-config.in	Fri Jan 11 08:22:32 2008
--- misc/build/libxml2-2.6.31/xml2-config.in	Wed Apr  2 11:56:17 2008
***************
*** 1,10 ****
  #! /bin/sh
  
! prefix=@prefix@
! exec_prefix=@exec_prefix@
! includedir=@includedir@
! libdir=@libdir@
  
  usage()
  {
      cat <<EOF
--- 1,15 ----
  #! /bin/sh
  
! #prefix=@prefix@
! #exec_prefix=@exec_prefix@
! #includedir=@includedir@
! #libdir=@libdir@
  
+ prefix=${SOLARVERSION}/${INPATH}
+ exec_prefix=${SOLARVERSION}/${INPATH}
+ includedir=${SOLARVERSION}/${INPATH}/inc${UPDMINOREXT}/external
+ libdir=${SOLARVERSION}/${INPATH}/lib${UPDMINOREXT}
+ 
  usage()
  {
      cat <<EOF
***************
*** 67,73 ****
  	;;
  
      --cflags)
!        	echo @XML_INCLUDEDIR@ @XML_CFLAGS@
         	;;
  
      --libtool-libs)
--- 72,79 ----
  	;;
  
      --cflags)
!         echo -I${includedir}
! #       	echo @XML_INCLUDEDIR@ @XML_CFLAGS@
         	;;
  
      --libtool-libs)
***************
*** 82,100 ****
         	;;
  
      --libs)
!         if [ "`uname`" = "Linux" ]
! 	then
! 	    if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
! 	    then
! 		echo @XML_LIBS@ 
! 	    else
! 		echo @XML_LIBDIR@ @XML_LIBS@ 
! 	    fi
! 	else
! 	    echo @XML_LIBDIR@ @XML_LIBS@ @WIN32_EXTRA_LIBADD@
! 	fi
         	;;
  
      *)
  	usage
  	exit 1
--- 88,111 ----
         	;;
  
      --libs)
!         echo -L${libdir} ${LIBXML2LIB} -lm
! #        if [ "`uname`" = "Linux" ]
! #	then
! #	    if [ "@XML_LIBDIR@" = "-L/usr/lib" -o "@XML_LIBDIR@" = "-L/usr/lib64" ]
! #	    then
! #		echo @XML_LIBS@ 
! #	    else
! #		echo @XML_LIBDIR@ @XML_LIBS@ 
! #	    fi
! #	else
! #	    echo @XML_LIBDIR@ @XML_LIBS@ @WIN32_EXTRA_LIBADD@
! #	fi
         	;;
  
+     print) # ugly configure hack
+         exit 0
+         ;;
+  
      *)
  	usage
  	exit 1
*** misc/libxml2-2.6.31/include/win32config.h	Wed Apr 18 09:51:54 2007
--- misc/build/libxml2-2.6.31/include/win32config.h	Mon Mar 31 19:09:09 2008
***************
*** 92,98 ****
--- 92,100 ----
  #if defined(_MSC_VER)
  #define mkdir(p,m) _mkdir(p)
  #define snprintf _snprintf
+ #if _MSC_VER < 1500
  #define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
+ #endif
  #elif defined(__MINGW32__)
  #define mkdir(p,m) _mkdir(p)
  #endif
*** misc/libxml2-2.6.31/include/wsockcompat.h	Wed Jan  3 14:07:30 2007
--- misc/build/libxml2-2.6.31/include/wsockcompat.h	Thu Apr  3 10:15:50 2008
***************
*** 21,26 ****
--- 21,27 ----
  
  /* Check if ws2tcpip.h is a recent version which provides getaddrinfo() */
  #if defined(GetAddrInfo)
+ #include <wspiapi.h>
  #define HAVE_GETADDRINFO
  #endif
  #endif
*** misc/libxml2-2.6.31/include/libxml/xmlversion.h	Fri Jan 11 10:11:19 2008
--- misc/build/libxml2-2.6.31/include/libxml/xmlversion.h	Thu Mar 27 13:54:03 2008
***************
*** 264,270 ****
   *
   * Whether iconv support is available
   */
! #if 1
  #define LIBXML_ICONV_ENABLED
  #endif
  
--- 264,270 ----
   *
   * Whether iconv support is available
   */
! #if 0
  #define LIBXML_ICONV_ENABLED
  #endif
  
***************
*** 282,288 ****
   *
   * Whether Debugging module is configured in
   */
! #if 1
  #define LIBXML_DEBUG_ENABLED
  #endif
  
--- 282,288 ----
   *
   * Whether Debugging module is configured in
   */
! #if 0
  #define LIBXML_DEBUG_ENABLED
  #endif
  
***************
*** 291,297 ****
   *
   * Whether the memory debugging is configured in
   */
! #if 1
  #define DEBUG_MEMORY_LOCATION
  #endif
  
--- 291,297 ----
   *
   * Whether the memory debugging is configured in
   */
! #if 0
  #define DEBUG_MEMORY_LOCATION
  #endif
  
***************
*** 300,306 ****
   *
   * Whether the runtime debugging is configured in
   */
! #if 1
  #define LIBXML_DEBUG_RUNTIME
  #endif
  
--- 300,306 ----
   *
   * Whether the runtime debugging is configured in
   */
! #if 0
  #define LIBXML_DEBUG_RUNTIME
  #endif
  
diff -r -cN misc/libxml2-2.6.31/changelog misc/build/libxml2-2.6.31/changelog
*** misc/libxml2-2.6.31/changelog
--- misc/build/libxml2-2.6.31/changelog
***************
*** 0 ****
--- 1,10 ----
+ libxml2 (2.6.32.dfsg-5+lenny1) stable-security; urgency=high
+ 
+   * Non-maintainer upload by the Security Team.
+   * Fix multiple use-after-free flaws when parsing notation and
+     enumeration attribute types (CVE-2009-2416).
+   * Fix stack overflow when parsing root XML document element DTD
+     definition (CVE-2009-2414).
+ 
+  -- Nico Golde <nion@debian.org>  Thu, 06 Aug 2009 13:04:00 +0000
+ 
diff -r -cN misc/libxml2-2.6.31/parser.c misc/build/libxml2-2.6.31/parser.c
*** misc/libxml2-2.6.31/parser.c
--- misc/build/libxml2-2.6.31/parser.c
***************
*** 4752,4761 ****
  	if (name == NULL) {
  	    xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
  			   "Name expected in NOTATION declaration\n");
! 	    return(ret);
  	}
  	cur = xmlCreateEnumeration(name);
! 	if (cur == NULL) return(ret);
  	if (last == NULL) ret = last = cur;
  	else {
  	    last->next = cur;
--- 4752,4766 ----
  	if (name == NULL) {
  	    xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
  			   "Name expected in NOTATION declaration\n");
! 	    xmlFreeEnumeration(ret);
! 	    return(NULL);
  	}
  	cur = xmlCreateEnumeration(name);
!         if (cur == NULL) {
!              xmlFreeEnumeration(ret);
!              return(NULL);
!          }
! 
  	if (last == NULL) ret = last = cur;
  	else {
  	    last->next = cur;
***************
*** 4765,4773 ****
      } while (RAW == '|');
      if (RAW != ')') {
  	xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
! 	if ((last != NULL) && (last != ret))
! 	    xmlFreeEnumeration(last);
! 	return(ret);
      }
      NEXT;
      return(ret);
--- 4770,4777 ----
      } while (RAW == '|');
      if (RAW != ')') {
  	xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
!         xmlFreeEnumeration(ret);
!         return(NULL);
      }
      NEXT;
      return(ret);
***************
*** 4808,4814 ****
  	}
  	cur = xmlCreateEnumeration(name);
  	xmlFree(name);
! 	if (cur == NULL) return(ret);
  	if (last == NULL) ret = last = cur;
  	else {
  	    last->next = cur;
--- 4812,4822 ----
  	}
  	cur = xmlCreateEnumeration(name);
  	xmlFree(name);
!         if (cur == NULL) {
!              xmlFreeEnumeration(ret);
!              return(NULL);
!          }
! 
  	if (last == NULL) ret = last = cur;
  	else {
  	    last->next = cur;
***************
*** 5206,5211 ****
--- 5214,5226 ----
      const xmlChar *elem;
      xmlChar type = 0;
  
+     if (ctxt->depth > 128) {
+         xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
+                 "xmlParseElementChildrenContentDecl : depth %d too deep\n",
+                           ctxt->depth);
+        return(NULL);
+     }
+ 
      SKIP_BLANKS;
      GROW;
      if (RAW == '(') {
***************
*** 5214,5220 ****
--- 5229,5237 ----
          /* Recurse on first child */
  	NEXT;
  	SKIP_BLANKS;
+ 	ctxt->depth++;
          cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ 	ctxt->depth--;
  	SKIP_BLANKS;
  	GROW;
      } else {
***************
*** 5344,5350 ****
--- 5361,5369 ----
  	    /* Recurse on second child */
  	    NEXT;
  	    SKIP_BLANKS;
+ 	    ctxt->depth++;
  	    last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ 	    ctxt->depth--;
  	    SKIP_BLANKS;
  	} else {
  	    elem = xmlParseName(ctxt);